politik-forum.eu

Tom Bombadil hat geschrieben:Mach mal einen Scan mit Malwarebytes Anti-Malware.

Tom Bombadil hat geschrieben:War keine Recovery-CD dabei? Oder ist keine solche auf einer anderen Partition zu finden?
Drück F8 beim Bootvorgang, da kommt ein Menü.

Der Bayer hat geschrieben:Schau doch mal unter C:\Windows\System32\drivers\etc\ in der Datei hosts ob da was drinsteht.

Von welchem Hersteller ist dein Notebook?

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

el loco hat geschrieben:@aloa und was macht diese software?

MoOderSo hat geschrieben:Du bist auch ganz sicher auf http://www.google.de und nicht auf qoogle.de oder goog1e.de oder sowas?

MoOderSo hat geschrieben:Werden denn unten die richtigen Adressen eingeblendet, wenn du mit der Maus über den Link fährst?

cosinus hat geschrieben:Moin el loco,

Mach doch mal bitte Logfiles mit RSIT:

Lade Random's System Information Tool (RSIT) herunter und speichere es auf Deinem Desktop.
Starte mit Doppelklick die RSIT.exe.
Klicke auf Continue, um die Nutzungsbedingungen zu akzeptieren.
Wenn Du HiJackThis nicht installiert hast, wird RSIT das für Dich herunterladen und installieren.
In dem Fall bitte auch die Nutzungsbedingungen von Trend Micro (http://de.trendmicro.com/de/home) für HJT akzeptieren "I accept".
Wenn Deine Firewall fragt, bitte RSIT erlauben, ins Netz zu gehen.
Der Scan startet automatisch, RSIT checkt nun einige wichtige System-Bereiche und produziert Logfiles als Analyse-Grundlage.
Wenn der Scan beendet ist, werden zwei Logfiles erstellt und in Deinem Editor geöffnet.
Bitte poste den Inhalt von C:\rsit\log.txt und C:\rsit\info.txt (diese Datei ist geöffnet aber minimiert) hier in den Thread, wieder mit Codetags umschlossen.

info.txt logfile of random's system information tool 1.05 2009-01-18 08:23:21

======Uninstall list======

-->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Windows\UNNeroBackItUp.exe /UNINSTALL
-->C:\Windows\UNNeroMediaHome.exe /UNINSTALL
-->C:\Windows\UNNeroShowTime.exe /UNINSTALL
-->C:\Windows\UNNeroVision.exe /UNINSTALL
-->C:\Windows\UNRecode.exe /UNINSTALL
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A81200000003}
Adobe Shockwave Player-->C:\Windows\System32\Macromed\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Macromed\SHOCKW~1\Install.log
AS Lernen-->MsiExec.exe /I{1686816B-367A-4EA6-9C20-F694A5511C13}
a-squared Anti-Malware 4.0-->"C:\Program Files\a-squared Anti-Malware\unins000.exe"
Atheros USB Wireless LAN-->MsiExec.exe /I{B094F9EC-1016-428C-902A-3FF72A5945C0}
Azureus-->C:\Program Files\Azureus\Uninstall.exe
Canon RAW Codec-->"C:\Program Files\Common Files\Canon\UIW\1.3.0.0\Uninst.exe" "C:\Program Files\Canon\RAWCodec120\CRCUnInstall.ini"
CIB pdf brewer 2.1.7a-->C:\Program Files\InstallShield Installation Information\{F0312AC6-988B-11DA-9C49-000476F770CC}\setup.exe -runfromtemp -l0x0007 anything -removeonly
ElsterFormular 2007/2008-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B480BD2A-F1BA-4FE6-8C8E-34C6111B72C9}\setup.exe" -l0x7 -removeonly
Free YouTube to Mp3 Converter version 3.1-->"C:\Program Files\DVDVideoSoft\Free YouTube to Mp3 Converter\unins000.exe"
Google SketchUp 6 Exporters-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EB459C2F-41CA-4222-B9CA-F8EBA40B8DAB}\setup.exe" -l0x7 -removeonly
Google SketchUp 6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98736A65-3C79-49EC-B7E9-A3C77774B0E6}\setup.exe" -l0x7 -removeonly
Google SketchUp LayOut 6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C12D609B-EB71-411B-82C3-9BE6D40435D7}\setup.exe" -l0x7 -removeonly
Google SketchUp Pro 6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{12E75B98-8463-4C1F-8DDA-F6CF31566A55}\setup.exe" -l0x7 -removeonly
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
ICQ6-->"C:\Program Files\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly
Intel(R) Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall
Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Java(TM) SE Runtime Environment 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
KaloMa 4.73-->"C:\Program Files\KaloMa\unins000.exe"
Lexware Info Service-->MsiExec.exe /I{BEDFB0D0-CA1E-4CBA-9664-B25A74019D0C}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB929729)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M929729\M929729Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Office XP Professional mit FrontPage-->MsiExec.exe /I{90280407-6000-11D3-8CFE-0050048383C9}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Works-->MsiExec.exe /I{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}
Motorola SM56 Data Fax Modem-->rundll32.exe sm56co6a.dll,SM56UnInstaller
Mozilla Thunderbird (2.0.0.19)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 Parser und SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
Multi-Card Reader & Flash Disk-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{83F3EED2-DDE2-4434-8FBE-9D2A1E7C2BC9}\SETUP.EXE" -l0x7 -wUninst
Nero 7 Essentials-->MsiExec.exe /X{81AB1374-098A-43CB-BE57-31CEB5EB1031}
Opera 9.63-->MsiExec.exe /X{1BC4026B-1957-4514-9058-2B542557F143}
PhotoFiltre-->"C:\Program Files\PhotoFiltre\Uninst.exe"
QuickSteuer DELUXE Wissens-Center 2008-->MsiExec.exe /X{07B64A55-B552-4F34-A904-DBFD810B752B}
Real Pool-->"C:\Program Files\GameTop.com\Real Pool\unins000.exe"
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista-->C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -l0x0007 -removeonly
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
Streamripper Plugin 1.62.2 (Remove only)-->C:\Program Files\Winamp\streamripper_uninstall.exe
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Uninstall 1.0.0.1-->"C:\Program Files\Common Files\DVDVideoSoft\unins000.exe"
VirtualCloneDrive-->"C:\Program Files\Elaborate Bytes\VirtualCloneDrive\vcd-uninst.exe" /D="C:\Program Files\Elaborate Bytes\VirtualCloneDrive"
Vista Codec Package-->MsiExec.exe /I{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}
VLC media player 0.9.8a-->C:\Program Files\VideoLAN\VLC\uninstall.exe
WinRAR-->C:\Program Files\WinRAR\uninstall.exe
WISO Steuer 2009-->C:\Program Files\InstallShield Installation Information\{00C58EBE-223E-4AB6-8AE9-38F27F4420BD}\Setup.exe -runfromtemp -l0x0007 -removeonly
X10 Hardware(TM)-->C:\Windows\UNWISE.EXE C:\PROGRA~1\X10HAR~1\Install.log

=====HijackThis Backups=====

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.wikipedia.org/wiki/Hauptseite
O4 - HKLM\..\Run: [LexwareInfoService] C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.medion.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:4001
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O1 - Hosts: ::1 localhost
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O4 - HKLM\..\Run: [Dit] Dit.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - Unknown owner - C:\Program Files\ALDI Foto Service Nord\Common\Database\bin\fbserver.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.46;85.255.112.210
O13 - Gopher Prefix:
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex ... 0-27-0.cab
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O18 - Protocol: haufereader - (no CLSID) - (no file)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O17 - HKLM\System\CS1\Services\Tcpip\..\{35FE57A5-398F-4E7F-A90E-529CD69C79B5}: NameServer = 85.255.114.46;85.255.112.210
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.46;85.255.112.210
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{B6018C7A-7D19-463E-9894-131CA4573029}: NameServer = 85.255.114.46;85.255.112.210
O17 - HKLM\System\CCS\Services\Tcpip\..\{35FE57A5-398F-4E7F-A90E-529CD69C79B5}: NameServer = 85.255.114.46;85.255.112.210

======Security center information======

AS: Windows-Defender (disabled) (outdated)

System event log

Computer Name: Imperatore-PC
Event Code: 1103
Message: Dem Computer wurde erfolgreich eine Netzwerkadresse zugeteilt. Eine Verbindung mit anderen Computern kann nun hergestellt werden.
Record Number: 109366
Source Name: Microsoft-Windows-Dhcp-Client
Time Written: 20090118070649.000000-000
Event Type: Informationen
User:

Computer Name: Imperatore-PC
Event Code: 1103
Message: Dem Computer wurde erfolgreich eine Netzwerkadresse zugeteilt. Eine Verbindung mit anderen Computern kann nun hergestellt werden.
Record Number: 109367
Source Name: Microsoft-Windows-Dhcp-Client
Time Written: 20090118070649.000000-000
Event Type: Informationen
User:

Computer Name: Imperatore-PC
Event Code: 16
Message: Verbindung nicht möglich: Es konnte keine Verbindung mit dem Dienst "Automatische Updates" hergestellt werden, daher können Updates nicht nach dem angegebenen Zeitplan heruntergeladen und installiert werden. Es wird weiterhin versucht, eine Verbindung herzustellen.
Record Number: 109368
Source Name: Microsoft-Windows-WindowsUpdateClient
Time Written: 20090118070714.927500-000
Event Type: Warnung
User: NT-AUTORITÄT\SYSTEM

Computer Name: Imperatore-PC
Event Code: 7036
Message: Dienst "Anwendungsinformationen" befindet sich jetzt im Status "Ausgeführt".
Record Number: 109369
Source Name: Service Control Manager
Time Written: 20090118072306.000000-000
Event Type: Informationen
User:

Computer Name: Imperatore-PC
Event Code: 7036
Message: Dienst "WinHTTP-Web Proxy Auto-Discovery-Dienst" befindet sich jetzt im Status "Beendet".
Record Number: 109370
Source Name: Service Control Manager
Time Written: 20090118072318.000000-000
Event Type: Informationen
User:

Application event log

Computer Name: Imperatore-PC
Event Code: 1
Message: Der Zertifikatdiensteclient wurde erfolgreich gestartet.
Record Number: 23525
Source Name: Microsoft-Windows-CertificateServicesClient
Time Written: 20090118070505.884300-000
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: Imperatore-PC
Event Code: 1
Message: Der Windows-Sicherheitscenterdienst wurde gestartet.
Record Number: 23526
Source Name: SecurityCenter
Time Written: 20090118070600.000000-000
Event Type: Informationen
User:

Computer Name: Imperatore-PC
Event Code: 1001
Message: Die Leistungsindikatoren für den Dienst WmiApRpl (WmiApRpl) wurden entfernt. Die Daten enthalten die neuen Werte der Registrierungseinträge "Last Counter" und "Last Help".
Record Number: 23527
Source Name: Microsoft-Windows-LoadPerf
Time Written: 20090118070952.000000-000
Event Type: Informationen
User:

Computer Name: Imperatore-PC
Event Code: 1000
Message: Die Leistungsindikatoren für den Dienst WmiApRpl (WmiApRpl) wurden erfolgreich geladen. Die Eintragsdaten im Datenbereich enthalten die neuen Indexwerte, die diesem Dienst zugeordnet sind.
Record Number: 23528
Source Name: Microsoft-Windows-LoadPerf
Time Written: 20090118070953.000000-000
Event Type: Informationen
User:

Computer Name: Imperatore-PC
Event Code: 5
Message: Unsupported service control request (see data below)
Record Number: 23529
Source Name: LightScribeService
Time Written: 20090118072320.000000-000
Event Type: Informationen
User:

Security event log

Computer Name: Imperatore-PC
Event Code: 5038
Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen.

Dateiname: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 44300
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090118072319.087300-000
Event Type: Überwachung gescheitert
User:

Computer Name: Imperatore-PC
Event Code: 5038
Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen.

Dateiname: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 44301
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090118072319.118500-000
Event Type: Überwachung gescheitert
User:

Computer Name: Imperatore-PC
Event Code: 5038
Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen.

Dateiname: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 44302
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090118072319.134100-000
Event Type: Überwachung gescheitert
User:

Computer Name: Imperatore-PC
Event Code: 5038
Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen.

Dateiname: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 44303
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090118072319.165300-000
Event Type: Überwachung gescheitert
User:

Computer Name: Imperatore-PC
Event Code: 5038
Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen.

Dateiname: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 44304
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090118072319.196500-000
Event Type: Überwachung gescheitert
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\CIB software GmbH\CIB pdf brewer;C:\Program Files\Haufe\iDesk\iDeskService\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 14 Stepping 8, GenuineIntel
"PROCESSOR_REVISION"=0e08
"NUMBER_OF_PROCESSORS"=2

-----------------EOF-----------------

Logfile of random's system information tool 1.05 (written by random/random)
Run by Imperatore at 2009-01-18 08:23:11
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 77 GB (79%) free of 97 GB
Total RAM: 2549 MB (66% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:23:19, on 18.01.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Imperatore\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Imperatore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETZWERKDIENST')
O17 - HKLM\System\CCS\Services\Tcpip\..\{35FE57A5-398F-4E7F-A90E-529CD69C79B5}: NameServer = 85.255.114.46;85.255.112.210
O17 - HKLM\System\CCS\Services\Tcpip\..\{B6018C7A-7D19-463E-9894-131CA4573029}: NameServer = 85.255.114.46;85.255.112.210
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.46;85.255.112.210
O17 - HKLM\System\CS1\Services\Tcpip\..\{35FE57A5-398F-4E7F-A90E-529CD69C79B5}: NameServer = 85.255.114.46;85.255.112.210
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: NameServer = 85.255.114.46;85.255.112.210
O17 - HKLM\System\CS4\Services\Tcpip\..\{35FE57A5-398F-4E7F-A90E-529CD69C79B5}: NameServer = 85.255.114.46;85.255.112.210
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.46;85.255.112.210
O18 - Protocol: haufereader - (no CLSID) - (no file)
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - Unknown owner - C:\Program Files\ALDI Foto Service Nord\Common\Database\bin\fbserver.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 3046 bytes

======Scheduled tasks folder======

C:\Windows\tasks\User_Feed_Synchronization-{0138F1D7-6AFF-4043-9359-9A670EDE3890}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"a-squared"=C:\Program Files\a-squared Anti-Malware\a2guard.exe [2008-10-04 2776720]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-11-22 815104]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2006-11-20 4018176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2008-02-11 204800]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{014ef835-dfbb-11dd-92cb-0016d3811ec5}]
shell\AutoRun\command - G:\LxSetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{783809e3-ccca-11db-bdf9-806e6f6e6963}]
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL D:\resycled\boot.com d:
shell\Open\command - D:\resycled\boot.com d:


======List of files/folders created in the last 1 months======

2009-01-18 08:23:11 ----D---- C:\rsit
2009-01-17 18:11:09 ----D---- C:\PerfLogs
2009-01-17 17:49:01 ----D---- C:\Program Files\a-squared Anti-Malware
2009-01-17 11:24:07 ----A---- C:\Windows\ntbtlog.txt
2009-01-17 11:20:48 ----D---- C:\Users\Imperatore\AppData\Roaming\Malwarebytes
2009-01-17 11:20:43 ----D---- C:\ProgramData\Malwarebytes
2009-01-17 11:20:43 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-01-11 19:05:53 ----D---- C:\Program Files\Trend Micro
2009-01-11 13:00:07 ----D---- C:\Users\Imperatore\AppData\Roaming\Haufe
2009-01-11 12:42:42 ----D---- C:\Users\Imperatore\AppData\Roaming\Lexware
2009-01-11 12:38:05 ----D---- C:\ProgramData\Lexware
2009-01-11 12:38:05 ----D---- C:\ProgramData\BTrieve
2009-01-11 12:36:00 ----D---- C:\ProgramData\Haufe
2009-01-11 12:33:59 ----D---- C:\Program Files\Common Files\Lexware
2009-01-11 11:19:46 ----D---- C:\Program Files\AS-Controlling
2009-01-11 11:19:40 ----D---- C:\Program Files\ASLernen
2009-01-10 19:16:09 ----D---- C:\ProgramData\Lavasoft
2009-01-10 19:16:09 ----D---- C:\Program Files\Lavasoft
2009-01-10 19:13:57 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-01-10 19:06:18 ----D---- C:\ProgramData\Spybot - Search & Destroy
2009-01-10 19:06:18 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-01-08 21:02:19 ----D---- C:\Users\Imperatore\AppData\Roaming\DivX
2009-01-08 21:01:24 ----D---- C:\Program Files\Common Files\PX Storage Engine
2009-01-08 21:01:10 ----D---- C:\Program Files\DivX
2009-01-08 20:13:56 ----D---- C:\Users\Imperatore\AppData\Roaming\vlc

======List of files/folders modified in the last 1 months======

2009-01-18 08:23:19 ----D---- C:\Windows\Prefetch
2009-01-18 08:23:14 ----D---- C:\Windows\Temp
2009-01-18 08:09:53 ----D---- C:\Windows\System32
2009-01-18 08:09:53 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-01-18 08:09:52 ----D---- C:\Windows\inf
2009-01-17 19:10:05 ----SHD---- C:\Windows\Installer
2009-01-17 19:10:01 ----D---- C:\Program Files\Opera
2009-01-17 19:09:54 ----D---- C:\Windows\system32\catroot2
2009-01-17 19:09:53 ----SHD---- C:\System Volume Information
2009-01-17 19:04:10 ----D---- C:\Windows\Logs
2009-01-17 18:35:10 ----D---- C:\Windows\winsxs
2009-01-17 18:31:41 ----D---- C:\Windows\Microsoft.NET
2009-01-17 18:31:38 ----RSD---- C:\Windows\assembly
2009-01-17 18:31:31 ----D---- C:\Windows\rescache
2009-01-17 18:24:45 ----D---- C:\Windows
2009-01-17 18:24:41 ----D---- C:\Windows\system32\catroot
2009-01-17 18:24:12 ----SHD---- C:\Boot
2009-01-17 18:23:43 ----ASH---- C:\Program Files\desktop.ini
2009-01-17 18:12:03 ----D---- C:\Program Files\Windows Sidebar
2009-01-17 18:12:03 ----D---- C:\Program Files\Windows Media Player
2009-01-17 18:12:03 ----D---- C:\Program Files\Windows Mail
2009-01-17 18:12:03 ----D---- C:\Program Files\Windows Collaboration
2009-01-17 18:12:03 ----D---- C:\Program Files\Windows Calendar
2009-01-17 18:12:03 ----D---- C:\Program Files\Movie Maker
2009-01-17 18:12:03 ----D---- C:\Program Files\Internet Explorer
2009-01-17 18:12:02 ----D---- C:\Program Files\Windows Photo Gallery
2009-01-17 18:12:02 ----D---- C:\Program Files\Windows Journal
2009-01-17 18:12:02 ----D---- C:\Program Files\Common Files\System
2009-01-17 18:12:01 ----D---- C:\Windows\servicing
2009-01-17 18:12:01 ----D---- C:\Windows\ehome
2009-01-17 18:12:01 ----D---- C:\Program Files\Windows Defender
2009-01-17 18:11:57 ----D---- C:\Windows\PolicyDefinitions
2009-01-17 18:11:57 ----D---- C:\Windows\MSAgent
2009-01-17 18:11:57 ----D---- C:\Windows\L2Schemas
2009-01-17 18:11:57 ----D---- C:\Windows\IME
2009-01-17 18:11:57 ----D---- C:\Windows\DigitalLocker
2009-01-17 18:11:56 ----D---- C:\Windows\system32\XPSViewer
2009-01-17 18:11:56 ----D---- C:\Windows\system32\ko-KR
2009-01-17 18:11:56 ----D---- C:\Windows\system32\en-US
2009-01-17 18:11:56 ----D---- C:\Windows\system32\de-DE
2009-01-17 18:11:56 ----D---- C:\Windows\system32\da-DK
2009-01-17 18:11:56 ----D---- C:\Windows\system32\com
2009-01-17 18:11:52 ----D---- C:\Windows\system32\it-IT
2009-01-17 18:11:52 ----D---- C:\Windows\system32\el-GR
2009-01-17 18:11:51 ----D---- C:\Windows\system32\sysprep
2009-01-17 18:11:51 ----D---- C:\Windows\system32\oobe
2009-01-17 18:11:51 ----D---- C:\Windows\system32\migration
2009-01-17 18:11:50 ----D---- C:\Windows\system32\sv-SE
2009-01-17 18:11:50 ----D---- C:\Windows\system32\SLUI
2009-01-17 18:11:50 ----D---- C:\Windows\system32\setup
2009-01-17 18:11:50 ----D---- C:\Windows\system32\ru-RU
2009-01-17 18:11:50 ----D---- C:\Windows\system32\pt-PT
2009-01-17 18:11:50 ----D---- C:\Windows\system32\ias
2009-01-17 18:11:50 ----D---- C:\Windows\system32\hu-HU
2009-01-17 18:11:50 ----D---- C:\Windows\system32\he-IL
2009-01-17 18:11:50 ----D---- C:\Windows\system32\fr-FR
2009-01-17 18:11:50 ----D---- C:\Windows\system32\fi-FI
2009-01-17 18:11:50 ----D---- C:\Windows\system32\cs-CZ
2009-01-17 18:11:50 ----D---- C:\Windows\system32\AdvancedInstallers
2009-01-17 18:11:49 ----D---- C:\Windows\system32\zh-TW
2009-01-17 18:11:49 ----D---- C:\Windows\system32\zh-CN
2009-01-17 18:11:49 ----D---- C:\Windows\system32\ro-RO
2009-01-17 18:11:49 ----D---- C:\Windows\system32\pl-PL
2009-01-17 18:11:49 ----D---- C:\Windows\system32\manifeststore
2009-01-17 18:11:49 ----D---- C:\Windows\system32\ja-JP
2009-01-17 18:11:49 ----D---- C:\Windows\system32\es-ES
2009-01-17 18:11:48 ----D---- C:\Windows\system32\drivers
2009-01-17 18:11:45 ----D---- C:\Windows\system32\wbem
2009-01-17 18:11:45 ----D---- C:\Windows\system32\tr-TR
2009-01-17 18:11:44 ----D---- C:\Windows\system32\nl-NL
2009-01-17 18:11:44 ----D---- C:\Windows\system32\nb-NO
2009-01-17 18:11:44 ----D---- C:\Windows\system32\ar-SA
2009-01-17 18:11:43 ----D---- C:\Windows\system32\migwiz
2009-01-17 18:11:42 ----D---- C:\Windows\system32\pt-BR
2009-01-17 18:11:17 ----RSD---- C:\Windows\Fonts
2009-01-17 18:11:17 ----D---- C:\Windows\AppPatch
2009-01-17 18:11:10 ----D---- C:\Windows\Boot
2009-01-17 18:11:09 ----D---- C:\Windows\system32\Boot
2009-01-17 17:59:58 ----A---- C:\Windows\system32\ifxcardm.dll
2009-01-17 17:59:56 ----A---- C:\Windows\system32\axaltocm.dll
2009-01-17 17:49:01 ----RD---- C:\Program Files
2009-01-17 11:20:43 ----HD---- C:\ProgramData
2009-01-16 16:35:41 ----D---- C:\Program Files\Mozilla Firefox
2009-01-16 16:35:40 ----D---- C:\Users\Imperatore\AppData\Roaming\Mozilla
2009-01-13 21:00:55 ----D---- C:\Users\Imperatore\AppData\Roaming\Azureus
2009-01-13 20:08:06 ----D---- C:\Program Files\Mozilla Thunderbird
2009-01-11 19:11:36 ----SD---- C:\Users\Imperatore\AppData\Roaming\Microsoft
2009-01-11 19:09:13 ----HD---- C:\Program Files\InstallShield Installation Information
2009-01-11 19:07:39 ----SD---- C:\Windows\Downloaded Program Files
2009-01-11 12:33:59 ----D---- C:\Program Files\Common Files
2009-01-11 12:04:27 ----D---- C:\Windows\system32\Tasks
2009-01-10 19:02:00 ----D---- C:\Program Files\Winamp
2009-01-10 18:59:12 ----DC---- C:\Windows\system32\DRVSTORE
2009-01-10 09:21:47 ----D---- C:\Program Files\WinRAR

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2008-07-21 24392]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2006-11-15 32256]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2006-11-15 43520]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2006-11-15 37376]
R3 athrusb;Atheros Wireless LAN USB device driver; C:\Windows\system32\DRIVERS\athrusb.sys [2007-01-08 449024]
R3 CmBatt;Treiber für Microsoft-ACPI-Kontrollmethodenkompatible Batterie; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-02-11 2302976]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2006-11-23 1652968]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2006-12-20 67072]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-19 88576]
R3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2006-10-09 981504]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2006-11-22 179896]
R3 VClone;VClone; C:\Windows\system32\DRIVERS\VClone.sys [2008-09-24 29184]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-19 11264]
R3 X10Hid;X10 Hid Device; C:\Windows\System32\Drivers\x10hid.sys [2006-11-17 13976]
R3 XUIF;X10 USB Wireless Transceiver; C:\Windows\System32\Drivers\x10ufx2.sys [2006-11-30 27416]
S1 Ndisprot.sys;Ndisprot.sys; C:\Windows\system32\drivers\Ndisprot.sys [2008-12-05 29184]
S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 FETNDIS;VIA Rhine-Familie--Fast-Ethernet-Adaptertreiberdienst; C:\Windows\system32\DRIVERS\fetnd5.sys [2006-11-02 45568]
S3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-02-11 2302976]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys [2009-01-14 38496]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 PhilCap;PhilCap service; C:\Windows\system32\DRIVERS\PhilCap.sys [2006-10-12 1053824]
S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 2028032]
S3 s117bus;Sony Ericsson Device 117 driver (WDM); C:\Windows\system32\DRIVERS\s117bus.sys [2007-06-25 82984]
S3 s117mdfl;Sony Ericsson Device 117 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\s117mdfl.sys [2007-06-25 14888]
S3 s117mdm;Sony Ericsson Device 117 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\s117mdm.sys [2007-06-25 108456]
S3 s117mgmt;Sony Ericsson Device 117 USB WMC Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\s117mgmt.sys [2007-06-25 100264]
S3 s117nd5;Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (NDIS); C:\Windows\system32\DRIVERS\s117nd5.sys [2007-06-25 22952]
S3 s117obex;Sony Ericsson Device 117 USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\s117obex.sys [2007-06-25 98344]
S3 s117unic;Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (WDM); C:\Windows\system32\DRIVERS\s117unic.sys [2007-06-25 98856]
S3 SANDRA;SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009\WNt500x86\Sandra.sys []
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-19 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 a2AntiMalware;a-squared Anti-Malware Service; C:\Program Files\a-squared Anti-Malware\a2service.exe [2008-10-04 418936]
R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-10 611664]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-10-19 61440]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]
R2 x10nets;X10 Device Network Service; C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe [2001-11-12 20480]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; C:\Program Files\ALDI Foto Service Nord\Common\Database\bin\fbserver.exe []
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S4 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-12-05 774144]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2006-12-23 262144]

-----------------EOF-----------------

O17 - HKLM\System\CCS\Services\Tcpip\..\{B6018C7A-7D19-463E-9894-131CA4573029}: NameServer = 85.255.114.46;85.255.112.210
O17 - HKLM\System\CCS\Services\Tcpip\..\{35FE57A5-398F-4E7F-A90E-529CD69C79B5}: NameServer = 85.255.114.46;85.255.112.210

inetnum: 85.255.112.0 - 85.255.127.255
netname: UkrTeleGroup
descr: UkrTeleGroup Ltd.
admin-c: UA481-RIPE
tech-c: UA481-RIPE
country: UA
org: ORG-UL25-RIPE
status: ASSIGNED PI "status:" definitions
mnt-by: RIPE-NCC-HM-PI-MNT
mnt-lower: RIPE-NCC-HM-PI-MNT
mnt-by: UKRTELE-MNT
mnt-routes: UKRTELE-MNT
mnt-domains: UKRTELE-MNT
source: RIPE # Filtered

organisation: ORG-UL25-RIPE
org-name: UkrTeleGroup Ltd.
org-type: LIR
address: UkrTeleGroup Ltd.
Mechnikova 58/5
65029 Odessa
Ukraine
phone: +380487311011
fax-no: +380487502499
mnt-ref: UKRTELE-MNT
mnt-ref: RIPE-NCC-HM-MNT
mnt-by: RIPE-NCC-HM-MNT
source: RIPE # Filtered

person: Andrew Sotov
address: Mechnikova 58/5 65029 Odessa
abuse-mailbox: [email protected]
phone: +380631508855
nic-hdl: UA481-RIPE
source: RIPE # Filtered

aloa5 hat geschrieben:P.S. Mit "fixen" ist das markieren und herauslöschen über Hijackthis gemeint. Hier herunterladen:
http://download.hijackthis.eu/HJTInstall.exe

Hijackthis erstellt auch auf Wunsch ein schönes Log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:23:19, on 18.01.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Imperatore\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Imperatore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETZWERKDIENST')
O17 - HKLM\System\CCS\Services\Tcpip\..\{35FE57A5-398F-4E7F-A90E-529CD69C79B5}: NameServer = 85.255.114.46;85.255.112.210
O17 - HKLM\System\CCS\Services\Tcpip\..\{B6018C7A-7D19-463E-9894-131CA4573029}: NameServer = 85.255.114.46;85.255.112.210
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.46;85.255.112.210
O17 - HKLM\System\CS1\Services\Tcpip\..\{35FE57A5-398F-4E7F-A90E-529CD69C79B5}: NameServer = 85.255.114.46;85.255.112.210
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: NameServer = 85.255.114.46;85.255.112.210
O17 - HKLM\System\CS4\Services\Tcpip\..\{35FE57A5-398F-4E7F-A90E-529CD69C79B5}: NameServer = 85.255.114.46;85.255.112.210
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.46;85.255.112.210
O18 - Protocol: haufereader - (no CLSID) - (no file)
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - Unknown owner - C:\Program Files\ALDI Foto Service Nord\Common\Database\bin\fbserver.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 3046 bytes

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:30:07, on 18.01.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{35FE57A5-398F-4E7F-A90E-529CD69C79B5}: NameServer = 85.255.114.46;85.255.112.210
O17 - HKLM\System\CCS\Services\Tcpip\..\{B6018C7A-7D19-463E-9894-131CA4573029}: NameServer = 85.255.114.46;85.255.112.210
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.46;85.255.112.210
O17 - HKLM\System\CS1\Services\Tcpip\..\{35FE57A5-398F-4E7F-A90E-529CD69C79B5}: NameServer = 85.255.114.46;85.255.112.210
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: NameServer = 85.255.114.46;85.255.112.210
O17 - HKLM\System\CS4\Services\Tcpip\..\{35FE57A5-398F-4E7F-A90E-529CD69C79B5}: NameServer = 85.255.114.46;85.255.112.210
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.46;85.255.112.210
O18 - Protocol: haufereader - (no CLSID) - (no file)
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - Unknown owner - C:\Program Files\ALDI Foto Service Nord\Common\Database\bin\fbserver.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 2663 bytes

el loco hat geschrieben:[alles beim alten]

el loco hat geschrieben: Es handelt sich um ein Medion MD 98200

cosinus hat geschrieben:Führ mal den Avenger nach dieser Anleitung aus => http://virus-protect.org/artikel/tools/avenger.html
Bitte diesen gecodeten Text ins weiße Feld kopieren:

Code: Alles auswählen

folders to delete:
D:\resycled

Rest nach Anleitung. Bitte auch nach dem vom Avenger herbeigeführten Reboot das Avenger-Logfile hier posten.

el loco hat geschrieben:Hast Du eine seriöse Downloadquelle für Avenger?

Danke für eure Mühen :!:

cosinus hat geschrieben:
Ist doch da verlinkt! => http://swandog46.geekstogo.com/avenger2/download.php

cosinus hat geschrieben:Führ mal den Avenger nach dieser Anleitung aus => http://virus-protect.org/artikel/tools/avenger.html
Bitte diesen gecodeten Text ins weiße Feld kopieren:

Code: Alles auswählen

folders to delete:
D:\resycled

Rest nach Anleitung. Bitte auch nach dem vom Avenger herbeigeführten Reboot das Avenger-Logfile hier posten.

ogfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: folder "D:\resycled" not found!
Deletion of folder "D:\resycled" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Completed script processing.

*******************

Finished! Terminate.