Home » Viren, Trojaner & Malware Forum » DIEmWin ??? Virus? » Themenansicht

DIEmWin ??? Virus?
#0
23.09.2007, 13:05
Ratze
Member

Beiträge: 26
#1 Hallo Team, habe folgendes Problem. Ich kann manchmal meinen Arbeitsplatz, eigene Dateien etc. nicht öffnen, beim runterfahren wird dann gesagt, dass der Prozess DIEmWin.exe ein Problem hat. Ist das Trojaner oder Virus?

Hier die Logfiles:
Hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 12:56:49, on 23.09.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Programme\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Softex\OmniPass\Omniserv.exe
C:\Programme\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
C:\Programme\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Programme\Fingerprint Sensor\ATSwpNav.exe
C:\Programme\Launch Manager\LaunchAp.exe
C:\Programme\Launch Manager\HotkeyApp.exe
C:\Programme\Launch Manager\OSD.exe
C:\Programme\Launch Manager\Wbutton.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Programme\Softex\OmniPass\scureapp.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\CameraFixer.exe
C:\WINDOWS\tsnp325.exe
C:\WINDOWS\vsnp325.exe
C:\Programme\Windows Media Player\WMPNSCFG.exe
C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\RAMASST.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Programme\QIP\qip.exe
C:\Programme\Winamp\winamp.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Dokumente und Einstellungen\Max\Eigene Dateien\Virusbekämpfung\HJT1991.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.aldi.com/
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Programme\BitComet\tools\BitCometBHO_1.1.7.4.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATSwpNav] "C:\Programme\Fingerprint Sensor\ATSwpNav" -run
O4 - HKLM\..\Run: [LaunchAp] "C:\Programme\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [HotkeyApp] "C:\Programme\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Programme\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Programme\Launch Manager\OSD.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Programme\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [OmniPass] C:\Programme\Softex\OmniPass\scureapp.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [CameraFixer] C:\WINDOWS\CameraFixer.exe
O4 - HKLM\..\Run: [tsnpstd325] C:\WINDOWS\tsnp325.exe
O4 - HKLM\..\Run: [snp325] C:\WINDOWS\vsnp325.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Programme\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Programme\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Programme\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Senden an &Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Programme\BitComet\tools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://diemelwiesel.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1126091180221
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: OPXPGina - C:\Programme\Softex\OmniPass\opxpgina.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programme\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: NBService - Nero AG - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Programme\Softex\OmniPass\Omniserv.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - Unknown owner - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe (file missing)
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

Combofix:
Max - 07-09-23 12:58:47,25 Service Pack 2
ComboFix 06.11.27 - Running from: "C:\Dokumente und Einstellungen\Max\Eigene Dateien\Virusbek„mpfung"

((((((((((((((((((((((((((((((( Files Created from 2007-08-23 to 2007-09-23 ))))))))))))))))))))))))))))))))))


2007-09-22 12:31 <DIR> d-------- C:\Programme\Kodak
2007-09-21 13:50 144,384 --a------ C:\WINDOWS\system32\miccyhook.dll
2007-09-16 13:54 <DIR> d--h----- C:\WINDOWS\PIF
2007-08-26 13:52 <DIR> d-------- C:\Dokumente und Einstellungen\Max\Anwendungsdaten\.BitTornado
2007-08-25 10:19 <DIR> d-------- C:\Downloads


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-09-23 12:34 -------- d-------- C:\Programme\Mozilla Thunderbird
2007-09-21 16:54 -------- d-------- C:\Programme\AntiVir PersonalEdition Classic
2007-09-20 13:55 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-09-19 21:10 -------- d-------- C:\Programme\Mozilla Firefox
2007-09-19 21:09 -------- d-------- C:\Programme\Java
2007-09-10 18:26 -------- d--h----- C:\Programme\InstallShield Installation Information
2007-09-10 17:54 62016 --a------ C:\WINDOWS\system32\drivers\avipbb.sys
2007-09-07 20:18 -------- d-------- C:\Programme\klicktel
2007-09-07 19:00 -------- d-------- C:\Programme\Steam
2007-09-03 19:31 -------- d-------- C:\Programme\Spybot - Search & Destroy
2007-08-26 13:52 -------- d-------- C:\Dokumente und Einstellungen\Max\Anwendungsdaten\.BitTornado
2007-08-25 10:48 -------- d-------- C:\Programme\BitComet
2007-08-25 10:19 2560 --a------ C:\WINDOWS\system32\BitCometRes.dll
2007-08-15 14:01 -------- d-------- C:\Programme\Internet Explorer
2007-08-13 18:56 -------- d-------- C:\Programme\Edision Toolbox v1.0
2007-08-03 12:15 -------- d-------- C:\Dokumente und Einstellungen\Max\Anwendungsdaten\Screaming Bee
2007-08-03 12:13 -------- d-------- C:\Programme\Gemeinsame Dateien\Screaming Bee
2007-08-03 12:13 -------- d-------- C:\Programme\Gemeinsame Dateien
2007-08-03 10:38 -------- d-------- C:\Programme\WinRAR
2007-08-03 10:29 -------- d-------- C:\Programme\Gemeinsame Dateien\Real
2007-08-03 10:29 -------- d-------- C:\Dokumente und Einstellungen\Max\Anwendungsdaten\Real
2007-08-01 18:39 -------- d-------- C:\Programme\UltraMixer
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-25 11:49 -------- d-------- C:\Programme\Gemeinsame Dateien\aol
2007-07-18 14:42 60416 --------- C:\WINDOWS\system32\tzchange.exe
2007-06-27 16:05 52224 --a------ C:\WINDOWS\system32\msfeedsbs.dll
2007-06-27 16:05 459264 --a------ C:\WINDOWS\system32\msfeeds.dll
2007-06-27 16:05 232960 --a------ C:\WINDOWS\system32\webcheck.dll
2007-06-27 16:05 105984 --a------ C:\WINDOWS\system32\url.dll
2007-06-27 16:05 102400 --a------ C:\WINDOWS\system32\occache.dll
2007-06-27 16:04 6058496 --a------ C:\WINDOWS\system32\ieframe.dll
2007-06-27 16:04 44544 --a------ C:\WINDOWS\system32\iernonce.dll
2007-06-27 16:04 384512 --a------ C:\WINDOWS\system32\iedkcs32.dll
2007-06-27 16:04 383488 --a------ C:\WINDOWS\system32\ieapfltr.dll
2007-06-27 16:04 267776 --a------ C:\WINDOWS\system32\iertutil.dll
2007-06-27 16:04 230400 --a------ C:\WINDOWS\system32\ieaksie.dll
2007-06-27 16:04 153088 --a------ C:\WINDOWS\system32\ieakeng.dll
2007-06-27 16:04 124928 --a------ C:\WINDOWS\system32\advpack.dll
2007-06-27 10:27 63488 --a------ C:\WINDOWS\system32\ie4uinit.exe
2007-06-27 10:27 13824 --a------ C:\WINDOWS\system32\ieudinit.exe
2007-06-27 09:00 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2007-06-26 08:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-25 14:07 86088 --a------ C:\Dokumente und Einstellungen\Max\Anwendungsdaten\GDIPFONTCACHEV1.DAT


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"WMPNSCFG"="C:\\Programme\\Windows Media Player\\WMPNSCFG.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe"
"AGRSMMSG"="AGRSMMSG.exe"
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"ATSwpNav"="\"C:\\Programme\\Fingerprint Sensor\\ATSwpNav\" -run"
"LaunchAp"="\"C:\\Programme\\Launch Manager\\LaunchAp.exe\""
"HotkeyApp"="\"C:\\Programme\\Launch Manager\\HotkeyApp.exe\""
"CtrlVol"="\"C:\\Programme\\Launch Manager\\CtrlVol.exe\""
"LMgrOSD"="\"C:\\Programme\\Launch Manager\\OSD.exe\""
"Wbutton"="\"C:\\Programme\\Launch Manager\\Wbutton.exe\""
"NeroFilterCheck"="C:\\Programme\\Gemeinsame Dateien\\Ahead\\Lib\\NeroCheck.exe"
"avgnt"="\"C:\\Programme\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"
"SynTPEnh"="C:\\Programme\\Synaptics\\SynTP\\SynTPEnh.exe"
"OmniPass"="C:\\Programme\\Softex\\OmniPass\\scureapp.exe"
"AtiPTA"="atiptaxx.exe"
"ATICCC"="\"C:\\Programme\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime"
"Alcmtr"="ALCMTR.EXE"
"RTHDCPL"="RTHDCPL.EXE"
"CameraFixer"="C:\\WINDOWS\\CameraFixer.exe"
"tsnpstd325"="C:\\WINDOWS\\tsnp325.exe"
"snp325"="C:\\WINDOWS\\vsnp325.exe"
"Adobe Reader Speed Launcher"="\"C:\\Programme\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\""
"MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
@=""

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"AOL Fast Start"="\"C:\\Programme\\AOL 9.0 VR\\AOL.EXE\" -b"
"WMPNSCFG"="C:\\Programme\\Windows Media Player\\WMPNSCFG.exe"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Programme\\Gemeinsame Dateien\\Ahead\\Lib\\NMBgMonitor.exe\""
"Steam"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime"
"WinampAgent"="C:\\Programme\\Winamp\\winampa.exe"
"RealTray"="C:\\Programme\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER"
"AOLDialer"="C:\\Programme\\Gemeinsame Dateien\\AOL\\ACS\\AOLDial.exe"
"MMTray"="\"C:\\Programme\\Musicmatch\\Musicmatch Jukebox\\mm_tray.exe\""
"mmtask"="\"C:\\Programme\\Musicmatch\\Musicmatch Jukebox\\mmtask.exe\""
"HostManager"="C:\\Programme\\Gemeinsame Dateien\\AOL\\1167421955\\ee\\AOLSoftware.exe"
"!AVG Anti-Spyware"="\"C:\\Programme\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="avgas"
"hkey"="HKLM"
"command"="\"C:\\Programme\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AzMixerSel"
"hkey"="HKLM"
"command"="C:\\Programme\\Realtek\\InstallShield\\AzMixerSel.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ICQLite"
"hkey"="HKLM"
"command"="\"C:\\Programme\\ICQLite\\ICQLite.exe\" -minimize"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Programme\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PCMService"
"hkey"="HKLM"
"command"="\"C:\\Programme\\Home Cinema\\PowerCinema\\PCMService.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhonostarTimer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ps_timer"
"hkey"="HKCU"
"command"="C:\\Programme\\phonostar\\ps_timer.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PDVDServ"
"hkey"="HKLM"
"command"="\"C:\\Programme\\Home Cinema\\PowerDVD\\PDVDServ.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TeaTimer"
"hkey"="HKCU"
"command"="C:\\Programme\\Spybot - Search & Destroy\\TeaTimer.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="steam"
"hkey"="HKCU"
"command"="\"c:\\programme\\steam\\steam.exe\" -silent"
"inimapping"="0"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\1-Klick-Wartung.job

Completion time: 07-09-23 13:00:05.64
C:\ComboFix.txt ... 07-09-23 13:00
C:\ComboFix2.txt ... 07-04-24 14:06

datfind:
Datentr„ger in Laufwerk C: ist BOOT
Volumeseriennummer: 2C4D-987C

Verzeichnis von C:\WINDOWS\system32

21.09.2007 13:55 144.384 miccyhook.dll
20.09.2007 13:55 98.304 CmdLineExt.dll
19.09.2007 21:09 5.156 jupdate-1.6.0_02-b06.log
16.09.2007 10:58 1.158 wpa.dbl
01.09.2007 16:56 664 d3d9caps.dat
29.08.2007 20:38 249.852 TZLog.log
25.08.2007 10:19 2.560 BitCometRes.dll
03.08.2007 06:34 16.789.464 MRT.exe
30.07.2007 19:20 30.040 wuaucpl.cpl.mui
30.07.2007 19:20 30.040 wuapi.dll.mui
30.07.2007 19:19 1.712.984 wuaueng.dll
30.07.2007 19:19 549.720 wuapi.dll
30.07.2007 19:19 325.976 wucltui.dll
30.07.2007 19:19 203.096 wuweb.dll
30.07.2007 19:19 216.408 wuaucpl.cpl
30.07.2007 19:19 92.504 cdm.dll
30.07.2007 19:19 53.080 wuauclt.exe
30.07.2007 19:19 43.352 wups2.dll
30.07.2007 19:18 34.136 wucltui.dll.mui
30.07.2007 19:18 33.624 wups.dll
30.07.2007 19:18 20.824 wuaueng.dll.mui
19.07.2007 08:56 3.583.488 mshtml.dll
18.07.2007 14:42 60.416 tzchange.exe
15.07.2007 22:30 63.350 perfc009.dat
15.07.2007 22:30 402.740 perfh009.dat
15.07.2007 22:30 417.556 perfh007.dat
15.07.2007 22:30 76.264 perfc007.dat
15.07.2007 22:30 933.198 PerfStringBackup.INI
12.07.2007 02:22 139.264 javaws.exe
12.07.2007 02:22 69.632 javacpl.cpl
12.07.2007 01:22 135.168 javaw.exe
12.07.2007 01:22 135.168 java.exe
27.06.2007 16:05 823.808 wininet.dll
27.06.2007 16:05 232.960 webcheck.dll
27.06.2007 16:05 1.152.000 urlmon.dll
27.06.2007 16:05 102.400 occache.dll
27.06.2007 16:05 671.232 mstime.dll
27.06.2007 16:05 105.984 url.dll
27.06.2007 16:05 193.024 msrating.dll
27.06.2007 16:05 477.696 mshtmled.dll
27.06.2007 16:05 459.264 msfeeds.dll
27.06.2007 16:05 52.224 msfeedsbs.dll
27.06.2007 16:05 27.648 jsproxy.dll
27.06.2007 16:05 1.824.256 inetcpl.cpl
27.06.2007 16:04 267.776 iertutil.dll
27.06.2007 16:04 6.058.496 ieframe.dll
27.06.2007 16:04 44.544 iernonce.dll
27.06.2007 16:04 384.512 iedkcs32.dll
27.06.2007 16:04 383.488 ieapfltr.dll
27.06.2007 16:04 230.400 ieaksie.dll
27.06.2007 16:04 132.608 extmgr.dll
27.06.2007 16:04 153.088 ieakeng.dll
27.06.2007 16:04 124.928 advpack.dll
27.06.2007 10:27 13.824 ieudinit.exe
27.06.2007 10:27 63.488 ie4uinit.exe
27.06.2007 09:00 161.792 ieakui.dll
26.06.2007 08:08 1.104.896 msxml3.dll
21.06.2007 14:42 103.720 AOLDial.dll
19.06.2007 15:31 282.112 gdi32.dll
15.06.2007 16:40 270.192 FNTCACHE.DAT
11.06.2007 23:51 10.834.944 wmp.dll
31.05.2007 08:45 4.816 divxsm.tlb
31.05.2007 08:45 524.288 DivXsm.exe
31.05.2007 08:44 823.296 divx_xx07.dll
31.05.2007 08:44 823.296 divx_xx0c.dll
31.05.2007 08:44 802.816 divx_xx11.dll
31.05.2007 08:44 740.442 DivX.dll
31.05.2007 08:44 638.976 divxdec.ax
17.05.2007 13:28 549.376 oleaut32.dll
16.05.2007 17:11 683.520 inetcomm.dll
08.05.2007 15:03 1.275.392 msxml4.dll

Vielen Dank!

Max
Seitenanfang Seitenende
24.09.2007, 08:48
Chris4You
Member
Avatar Chris4You

Beiträge: 694
#2 Hi,

die Logs sehen eigentlich gut aus...
Der Fehler wird wohl des öftern in Verbindung mit der Grafik gebracht..

atiptaxx.exe (432) DIEmWin
most likely something to shutdown the gfx card process

eventuell HW-Fehler

Chris
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:
Seite(n): 1