werde smitfraud nicht los

Z

zaicn

New member
hallo,
habe seit einigen tagen immer wieder smitfraud-c in den suchergebnissen von spybot. ausserdem bei der windows anmeldung 2 fehlermeldungen.

spybot bericht:

--- Report generated: 2007-06-23 19:05 ---

Smitfraud-C.KooWo: Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\directoutput\AYimcnGuAR==

Smitfraud-C.KooWo: Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\directoutput\d2WvAHAtZXd=

Smitfraud-C.KooWo: Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\directoutput\R29udIW0AYKKAB==

Smitfraud-C.KooWo: Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\directoutput\R29vAmWxAHG0AWSqcXV=

Smitfraud-C.KooWo: Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\directoutput\S3WqAB==

Smitfraud-C.KooWo: Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\directoutput\SHG5VHWzbX9lMx==SHG5RXO0VH9qcoSKcnSmfD0=

Smitfraud-C.KooWo: Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\directoutput\SHG5VHWzbX9lMx==SHG5RXO0VH9qcoSKcnSmfD1kc25n

Smitfraud-C.KooWo: Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\directoutput\SHG5VHWzbX9lMx==SHG5RXO0VH9qcoSKcnSmfD1qcnqmZ3Si

Smitfraud-C.KooWo: Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\directoutput\SHG5VHWzbX9lMx==SHG5RXO0VH9qcoSKcnSmfD1zeX4=

Smitfraud-C.KooWo: Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\directoutput\SHG5VHWzbX9lMx==SHG5V3SidoSVbX1mMR==

Smitfraud-C.KooWo: Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\directoutput\SHG5VHWzbX9lMx==SHG5V3SidoSVbX1mMXmvbnWkeHF=

Smitfraud-C.KooWo: Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\directoutput\SHG5VHWzbX9lMx==SHG5V3SidoSVbX1mMXOwcnZ=

Smitfraud-C.KooWo: Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\directoutput\SHG5VHWzbX9lMx==SHG5V3SidoSVbX1mMYK1ch==

Smitfraud-C.KooWo: Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\directoutput\SHG5VHWzbX9lMx==SHG5VHWzbX9lMR==

Smitfraud-C.KooWo: Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\directoutput\SHG5VHWzbX9lMx==SHG5VHWzbX9lMXmvbnWkeHF=

Smitfraud-C.KooWo: Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\directoutput\SHG5VHWzbX9lMx==SHG5VHWzbX9lMXOwcnZ=

Smitfraud-C.KooWo: Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\directoutput\SHG5VHWzbX9lMx==SHG5VHWzbX9lMYK1ch==

Smitfraud-C.KooWo: Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\directoutput\SHG5VHWzbX9lMx==SHG5VHWzbX9lR291coRu

Smitfraud-C.KooWo: Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\directoutput\SHG5VHWzbX9lMx==SHG5VHWzbX9lR291coRubX5rAXO0ZR==

Smitfraud-C.KooWo: Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\directoutput\SHG5VHWzbX9lMx==SHG5VHWzbX9lR291coRudoWv

Smitfraud-C.KooWo: Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\directoutput\SHG5VHWzbX9lMx==SHG5VHWzbX9lR291coRuZ29vAh==

Smitfraud-C.KooWo: Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\directoutput\SHG5VHWzbX9lMx==SHG5VHWzbX9lRXO0UoWuMR==

Smitfraud-C.KooWo: Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\directoutput\SHG5VHWzbX9lMx==SHG5VHWzbX9lRXO0UoWuMXmvbnWkeHF=

Smitfraud-C.KooWo: Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\directoutput\SHG5VHWzbX9lMx==SHG5VHWzbX9lRXO0UoWuMXOwcnZ=

Smitfraud-C.KooWo: Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\directoutput\SHG5VHWzbX9lMx==SHG5VHWzbX9lRXO0UoWuMYK1ch==

Smitfraud-C.KooWo: Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\directoutput\SHG5VHWzbX9lMx==SHG5VHWzbX9lTX5lAYhu

Smitfraud-C.KooWo: Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\directoutput\SHG5VHWzbX9lMx==SHG5VHWzbX9lTX5lAYhubX5rAXO0ZR==

Smitfraud-C.KooWo: Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\directoutput\SHG5VHWzbX9lMx==SHG5VHWzbX9lTX5lAYhudoWv

Smitfraud-C.KooWo: Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\directoutput\SHG5VHWzbX9lMx==SHG5VHWzbX9lTX5lAYhuZ29vAh==

Smitfraud-C.KooWo: Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\directoutput\SHG5VHWzbX9lMx==SHG5VnWndnWabGOmdnmicD0=

Smitfraud-C.KooWo: Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\directoutput\SHG5VHWzbX9lMx==SHG5VnWndnWabGOmdnmicD1kc25n

Smitfraud-C.KooWo: Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\directoutput\SHG5VHWzbX9lMx==SHG5VnWndnWabGOmdnmicD1qcnqmZ3Si

Smitfraud-C.KooWo: Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\directoutput\SHG5VHWzbX9lMx==SHG5VnWndnWabGOmdnmicD1zeX4=

Smitfraud-C.KooWo: Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\directoutput\V2OwdnVwcHW2AXx=

Smitfraud-C.KooWo: Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\directoutput\V2OwdnVwd3CwdoSa

Smitfraud-C.KooWo: Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\directoutput\V2OwdnVwd3SwZ2t=

Smitfraud-C.KooWo: Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\directoutput\V3SidoSVbX1mMx==Snmzd3SUeHGzeB==

Smitfraud-C.KooWo: Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\directoutput\WHizAXGlTXR=

Smitfraud-C.KooWo: Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\directoutput\Z29vAn5icXV=

Smitfraud-C.KooWo: Library (File, nothing done)
C:\WINDOWS\system32\advport.dll

Adviva: Tracking cookie (Firefox: default) (Cookie, nothing done)


Avenue A, Inc.: Tracking cookie (Firefox: default) (Cookie, nothing done)


CasaleMedia: Tracking cookie (Firefox: default) (Cookie, nothing done)


DoubleClick: Tracking cookie (Firefox: default) (Cookie, nothing done)


MediaPlex: Tracking cookie (Firefox: default) (Cookie, nothing done)


Statcounter: Tracking cookie (Firefox: default) (Cookie, nothing done)


Tradedoubler: Tracking cookie (Firefox: default) (Cookie, nothing done)


Tradedoubler: Tracking cookie (Firefox: default) (Cookie, nothing done)


Zedo: Tracking cookie (Firefox: default) (Cookie, nothing done)


Zedo: Tracking cookie (Firefox: default) (Cookie, nothing done)


Zedo: Tracking cookie (Firefox: default) (Cookie, nothing done)


Zedo: Tracking cookie (Firefox: default) (Cookie, nothing done)


Zedo: Tracking cookie (Firefox: default) (Cookie, nothing done)


WebTrends live: Tracking cookie (Firefox: default) (Cookie, nothing done)



--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2007-06-04 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2007-05-23 advcheck.dll (1.5.3.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2007-01-02 Tools.dll (2.0.1.0)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2007-06-20 Includes\Cookies.sbi (*)
2007-05-30 Includes\Dialer.sbi (*)
2007-06-20 Includes\DialerC.sbi (*)
2007-06-20 Includes\Hijackers.sbi (*)
2007-06-20 Includes\HijackersC.sbi (*)
2007-06-20 Includes\Keyloggers.sbi (*)
2007-06-20 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2007-06-20 Includes\Malware.sbi (*)
2007-06-20 Includes\MalwareC.sbi (*)
2007-03-21 Includes\PUPS.sbi (*)
2007-06-20 Includes\PUPSC.sbi (*)
2007-06-20 Includes\Revision.sbi (*)
2007-05-30 Includes\Security.sbi (*)
2007-06-20 Includes\SecurityC.sbi (*)
2007-06-20 Includes\Spybots.sbi (*)
2007-06-20 Includes\SpybotsC.sbi (*)
2005-02-17 Includes\Tracks.uti
2007-06-20 Includes\Trojans.sbi (*)
2007-06-20 Includes\TrojansC.sbi (*)
2007-06-06 Plugins\TCPIPAddress.dll

hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 19:09:13, on 2007-6-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
E:\Program Files\a-squared Free\a2service.exe
C:\WINDOWS\Explorer.EXE
E:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\SYSTEM32\RUNDLLFOROUR.EXE
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
E:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
E:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
E:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
E:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Documents and Settings\帕斯卡\My Documents\hijackthis\HijackThis.exe

R3 - URLSearchHook: SrchspHook Class - {22F86F33-9CBB-49a8-BB12-CDBE51B4C294} - C:\Progra~1\OCINS\srchsp.dll
O2 - BHO: LpkHlpr Class - {00C104F7-0F5C-470C-ABCF-A5B2E70752F1} - C:\WINDOWS\system32\wpphlp.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Norton-Symbolleiste anzeigen - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [Microsoft Pinyin IME Migration] C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE /INSTALL
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [WinPatrol] E:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Yahoo! Widget Engine.lnk = E:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
O8 - Extra context menu item: 上传到QQ网络硬盘 - E:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 使用 LeechGet 下载 - file://E:\Program Files\LeechGet 2006\\AddUrl.html
O8 - Extra context menu item: 使用 LeechGet 分析 - file://E:\Program Files\LeechGet 2006\\Parser.html
O8 - Extra context menu item: 使用 LeechGet 精灵下载 - file://E:\Program Files\LeechGet 2006\\Wizard.html
O8 - Extra context menu item: 导出到 Microsoft Excel(&X) - res://E:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: 添加到QQ自定义面板 - E:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - E:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - E:\Program Files\Tencent\QQ\SendMMS.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java 控制台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.microsoft.com/
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/german/partner/de/kavwebscan_unicode.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1180886218742
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1182396030543
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - E:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - E:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatisches LiveUpdate - Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: iPod 服务 (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Kennwortpr黤ung (ISPwdSvc) - Symantec Corporation - E:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
 
habe auch bereits SDFIX versucht, hier der log:

SDFix: Version 1.88

Run by Administrator on ??? 2007-06-23 at 18:26

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:






Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Below files will be copied to Backups folder then removed:


Could Not Remove C:\WINDOWS\SYSTEM32\XDTSB.DLL


Removing Temp Files...

ADS Check:

Checking C:\WINDOWS
C:\WINDOWS
No streams found.

Checking C:\WINDOWS\system32
C:\WINDOWS\system32
No streams found.

Checking C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
No streams found.

Checking C:\WINDOWS\system32\ntoskrnl.exe
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"E:\\Program Files\\SmartFTP Client\\SmartFTP.exe"="E:\\Program Files\\SmartFTP Client\\SmartFTP.exe:*:Enabled:SmartFTP Client 2.5"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"E:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="E:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"E:\\Program Files\\iTunes\\iTunes.exe"="E:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\PPStream\\PPStream.exe"="C:\\Program Files\\PPStream\\PPStream.exe:*:Enabled:PPStream"
"E:\\Program Files\\PPStream\\PPStream.exe"="E:\\Program Files\\PPStream\\PPStream.exe:*:Enabled:PPStream"
"C:\\WINDOWS\\system32\\Rundll32.exe \"C:\\WINDOWS\\system32\\cdnprh.dll\",Start"="C:\\WINDOWS\\system32\\Rundll32.exe \"C:\\WINDOWS\\system32\\cdnprh.dll\",Start:*:Enabled:cdnprh.dll\",Start"
"D:\\Programme\\VoipStunt.com\\VoipStunt\\VoipStunt.exe"="D:\\Programme\\VoipStunt.com\\VoipStunt\\VoipStunt.exe:*:Enabled:VoipStunt"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files:
---------------
C:\WINDOWS\SYSTEM32\XDTSB.DLL Found


Listing Files with Hidden Attributes:

C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\09cb817dc3540e715f6f79d4a0adf6be\BIT2.tmp
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\a9249f2df726d61bfbeb238f06c3308f\BIT8.tmp

Listing User Accounts:


Administrator ASPNET Guest
HelpAssistant SUPPORT_388945a0 帕斯卡


Finished
...........
jene XDTSB.DLL verursacht eine der bereits erwaehnten fehlermeldungen bei der anmeldung.
bitte um hilfe, danke
 
habe combofix drueberlaufen lassen, danach auch nochmals sdfix, und nun wurden beide dateien (gprlza11.dll und xdtsb.dll) endlich geloescht, sodass beim systemstart keine fehlermeldung mehr erscheint. combofix war wohl die loesung,danke.
 
Gut, aber das Combofix log waere trotzdem noch wichtig, um andere InfeKtionen ausschliessen zu koennen.
 
ComboFix Report:

"Administrator" - 2007-06-24 10:53:52 - ComboFix 07-06-23.5 - Service Pack 2 NTFS [SAFE MODE]


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\ALLUSE~1\APPLIC~1.\microsoft\iehelper
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\microsoft\iehelper\ma888.exe
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\microsoft\iehelper\setup2.exe
C:\WINDOWS\51ditu.ini
C:\WINDOWS\f2.exe
C:\WINDOWS\system\dvl
C:\WINDOWS\system\lvl
C:\WINDOWS\system32\drivers\dblapdrv.sys
C:\WINDOWS\system32\drivers\fwqka.sys
C:\WINDOWS\system32\drivers\gprlza11.sys
C:\WINDOWS\system32\drivers\msqmx.sys
C:\WINDOWS\system32\gprlza11.dll
C:\WINDOWS\system32\iexp_log.txt
C:\WINDOWS\system32\jsuse.dll
C:\WINDOWS\system32\msxml3a.dll
C:\WINDOWS\system32\score.txt
C:\WINDOWS\system32\wbem\hxrpt.dll
C:\WINDOWS\system32\wbem\ocmor.dll


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_FWQKA
-------\LEGACY_GPRLZA11
-------\LEGACY_MSQMX
-------\cdnprot
-------\fwqka
-------\gprlza11


((((((((((((((((((((((((( Files Created from 2007-05-24 to 2007-06-24 )))))))))))))))))))))))))))))))


2007-06-24 10:10 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-23 21:00 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
2007-06-23 18:28 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Talkback
2007-06-23 17:36 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-06-23 17:35 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-06-22 12:56 27,136 --a------ C:\WINDOWS\system32\wpphlp.dll
2007-06-22 12:56 <DIR> d-------- C:\pebuilder313
2007-06-22 12:32 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-06-21 20:43 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-06-21 20:41 28,672 --a------ C:\WINDOWS\system32\drivers\CO_Mon.sys
2007-06-21 20:41 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-06-21 20:01 1,089,529 --a------ C:\ComboFix.exe
2007-06-21 19:29 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-06-21 11:58 <DIR> d-------- C:\Program Files\MSXML 6.0
2007-06-16 09:58 6,144 --a------ C:\WINDOWS\system32\cdnprh.dll
2007-06-16 09:58 <DIR> d-------- C:\Program Files\OCINS
2007-06-14 22:00 0 --a------ C:\WINDOWS\mozver.dat
2007-06-14 21:29 1,572,864 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-06-14 21:29 <DIR> dr------- C:\DOCUME~1\ADMINI~1\「开始」菜单
2007-06-14 21:29 <DIR> d-------- C:\DOCUME~1\ADMINI~1\桌面
2007-06-14 20:54 78,848 --a------ C:\WINDOWS\system32\Dec.exe
2007-06-12 17:16 519 --a------ C:\WINDOWS\system32\cid_store.dat
2007-06-09 17:43 <DIR> d-------- C:\Program Files\iPod
2007-06-05 22:19 <DIR> d-------- C:\Program Files\MSBuild
2007-06-05 22:08 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2007-06-05 22:05 <DIR> d-------- C:\Program Files\Reference Assemblies
2007-06-05 22:03 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2007-06-05 21:58 <DIR> d-------- C:\WINDOWS\network diagnostic
2007-06-05 18:09 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-06-05 15:39 208,248 --a------ C:\WINDOWS\system32\muweb.dll
2007-06-05 15:17 <DIR> d-------- C:\Program Files\Microsoft Works
2007-06-05 15:05 <DIR> d-------- C:\Program Files\Microsoft.NET
2007-06-05 13:07 <DIR> d-------- C:\WINDOWS\SHELLNEW
2007-06-05 12:48 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
2007-06-04 20:07 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2007-06-04 20:07 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2007-06-04 20:06 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2007-06-04 20:06 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2007-06-04 20:06 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2007-06-04 20:06 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
2007-06-04 20:06 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
2007-06-04 20:06 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys
2007-06-04 20:05 51,712 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2007-06-04 20:05 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-06-04 19:59 585,824 --a------ C:\WINDOWS\system32\drivers\lvcm.sys
2007-06-04 19:59 53,248 -ra------ C:\WINDOWS\system32\InstMed.exe
2007-06-04 19:59 372,736 --a------ C:\WINDOWS\system32\LVUI2RC.dll
2007-06-04 19:59 22,016 --a------ C:\WINDOWS\system32\drivers\LVUSBSta.sys
2007-06-04 19:59 204,800 --a------ C:\WINDOWS\system32\LVUI2.dll
2007-06-04 19:59 204,800 --a------ C:\WINDOWS\system32\lvcodec2.dll
2007-06-04 19:59 106,496 --a------ C:\WINDOWS\system32\lvcoinst.dll
2007-06-04 19:59 1,206,272 --a------ C:\WINDOWS\system32\drivers\lvsvf2.sys
2007-06-04 19:58 <DIR> d-------- C:\Program Files\Common Files\Logitech
2007-06-04 19:47 <DIR> d-------- C:\Program Files\Windows Live
2007-06-04 19:41 306,688 --a------ C:\WINDOWS\IsUn0804.exe
2007-06-04 19:25 <DIR> d--h----- C:\WINDOWS\PIF
2007-06-04 19:12 <DIR> d-------- C:\Program Files\Common Files\LogiShrd
2007-06-04 18:59 <DIR> d-------- C:\Program Files\Logitech
2007-06-04 18:37 5,504 --------- C:\WINDOWS\system32\drivers\imagedrv.sys
2007-06-04 18:37 125,184 --------- C:\WINDOWS\system32\drivers\imagesrv.sys
2007-06-04 18:35 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2007-06-04 18:35 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2007-06-04 18:35 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2007-06-04 18:35 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2007-06-04 18:35 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2007-06-04 18:35 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2007-06-04 18:35 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-06-04 18:31 175,104 --a------ C:\WINDOWS\system32\lame_enc.dll
2007-06-04 15:18 9,344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2007-06-04 15:17 8,320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-06-04 15:14 6,272 --a------ C:\WINDOWS\system32\drivers\AWRTPD.sys
2007-06-04 13:48 <DIR> d-------- C:\WINDOWS\system32\zh-cn
2007-06-04 05:29 <DIR> d-------- C:\DRIVERS
2007-06-04 05:23 <DIR> d--hs---- C:\System Volume Information
2007-06-04 05:16 <DIR> dr-hsc--- C:\WINDOWS\system32\dllcache
2007-06-04 05:16 <DIR> dr--s---- C:\WINDOWS\Fonts
2007-06-04 05:16 <DIR> dr------- C:\WINDOWS\Web
2007-06-04 05:16 <DIR> d--h----- C:\WINDOWS\inf
2007-06-04 05:16 <DIR> d-------- C:\WINDOWS\WinSxS
2007-06-04 05:16 <DIR> d-------- C:\WINDOWS\twain_32
2007-06-04 05:16 <DIR> d-------- C:\WINDOWS\system32\wins
2007-06-04 05:16 <DIR> d-------- C:\WINDOWS\system32\wbem
2007-06-04 05:16 <DIR> d-------- C:\WINDOWS\system32\usmt
2007-06-04 05:16 <DIR> d-------- C:\WINDOWS\system32\spool
2007-06-04 05:16 <DIR> d-------- C:\WINDOWS\system32\ShellExt
2007-06-04 05:16 <DIR> d-------- C:\WINDOWS\system32\Setup
2007-06-04 05:16 <DIR> d-------- C:\WINDOWS\system32\ras
2007-06-04 05:16 <DIR> d-------- C:\WINDOWS\system32\oobe
2007-06-04 05:16 <DIR> d-------- C:\WINDOWS\system32\npp
2007-06-04 05:16 <DIR> d-------- C:\WINDOWS\system32\mui
2007-06-04 05:16 <DIR> d-------- C:\WINDOWS\system32\inetsrv
2007-06-04 05:16 <DIR> d-------- C:\WINDOWS\system32\IME
2007-06-04 05:16 <DIR> d-------- C:\WINDOWS\system32\icsxml
2007-06-04 05:16 <DIR> d-------- C:\WINDOWS\system32\ias
2007-06-04 05:16 <DIR> d-------- C:\WINDOWS\system32\export
2007-06-04 05:16 <DIR> d-------- C:\WINDOWS\system32\drivers\etc
2007-06-04 05:16 <DIR> d-------- C:\WINDOWS\system32\drivers\disdn
2007-06-04 05:16 <DIR> d-------- C:\WINDOWS\system32\drivers
2007-06-04 05:16 <DIR> d-------- C:\WINDOWS\system32\dhcp
2007-06-04 05:16 <DIR> d-------- C:\WINDOWS\system32\config


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-22 08:08:31 321,916 ----a-w C:\WINDOWS\system32\prfh0804.dat
2007-06-22 08:08:31 107,534 ----a-w C:\WINDOWS\system32\prfc0804.dat
2007-04-25 14:21:06 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:14 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 15:54:26 28,672 ----a-w C:\WINDOWS\system32\cwebpage.dll
2007-04-16 15:54:26 106,496 ----a-w C:\WINDOWS\system32\SysTdSvr.dll
2007-04-16 14:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-13 07:19:52 7,680 ----a-w C:\WINDOWS\system32\lsdelete.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{1E8A6170-7264-4D0F-BEAE-D42A53123C75}=C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll [2006-09-06 05:18]
{53707962-6F74-2D53-2644-206D7942484F}=E:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=E:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 20:33]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Pinyin IME Migration"="C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.exe" [2006-10-26 14:53]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 22:59]
"WinPatrol"="E:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [2007-04-20 01:33]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 20:00]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"=01000000
"NoRecentDocsMenu"=01000000
"NoSMMyDocs"=01000000
"NoSMMyPictures"=01000000
"NoNetworkConnections"=01000000
"NoSharedDocuments"=01000000

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"E:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]
Ati2mdxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AtiPTA]
atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMSCMIG40W]
C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40W\IMSCMIG.EXE /SetPreload /Log

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"E:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jiajiasr]
E:\Program Files\jiajia\jj4\jiajiasr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
"E:\Program Files\CyberLink\PowerDVD\Language\Language.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
"C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
"E:\Program Files\Logitech\QuickCam10.exe" /hide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck]
"E:\Program Files\Norton Internet Security\osCheck.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"E:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TpdSysSvr]
C:\WINDOWS\system32\\Rundll32.exe "C:\WINDOWS\system32\\nsvlua91.dll",DllCanUnloadNow

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector v2]
C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - netsvcs
License

*Newly Created Service* - COMHOST

Contents of the 'Scheduled Tasks' folder
2007-06-04 14:09:15 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-06-22 12:01:53 C:\WINDOWS\tasks\Norton Internet Security - Vollst?ndige Systemprüfung ausführen - 帕斯卡.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-24 11:00:38
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\DATEING]
"ImagePath"="C:\WINDOWS\SYSTEM32\RUNDLLFOROUR.EXE C:\WINDOWS\SYSTEM32\WBEM\HXRPT.DLL,DllRegisterServer 1087"

Completion time: 2007-06-24 11:03:13 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-06-24 11:02

--- E O F ---
 
meine windows-version ist in zh-cn.

Complete scanning result of "Dec.exe", received in VirusTotal at 06.25.2007, 06:12:20 (CET).

Antivirus Version Update Result
AhnLab-V3 2007.6.21.1 06.22.2007 no virus found
AntiVir 7.4.0.34 06.24.2007 no virus found
Authentium 4.93.8 06.22.2007 no virus found
Avast 4.7.997.0 06.24.2007 no virus found
AVG 7.5.0.476 06.24.2007 no virus found
BitDefender 7.2 06.25.2007 no virus found
CAT-QuickHeal 9.00 06.23.2007 no virus found
ClamAV devel-20070416 06.24.2007 no virus found
DrWeb 4.33 06.25.2007 no virus found
eSafe 7.0.15.0 06.24.2007 suspicious Trojan/Worm
eTrust-Vet 30.8.3736 06.22.2007 no virus found
Ewido 4.0 06.24.2007 no virus found
FileAdvisor 1 06.25.2007 no virus found
Fortinet 2.91.0.0 06.25.2007 no virus found
F-Prot 4.3.2.48 06.22.2007 no virus found
F-Secure 6.70.13030.0 06.25.2007 no virus found
Ikarus T3.1.1.8 06.24.2007 no virus found
Kaspersky 4.0.2.24 06.25.2007 no virus found
McAfee 5059 06.22.2007 no virus found
Microsoft 1.2701 06.23.2007 no virus found
Norman 5.80.02 06.22.2007 no virus found
Panda 9.0.0.4 06.24.2007 no virus found
Sophos 4.19.0 06.24.2007 no virus found
Sunbelt 2.2.907.0 06.21.2007 no virus found
Symantec 10 06.25.2007 no virus found
TheHacker 6.1.6.137 06.22.2007 no virus found
VBA32 3.12.0.2 06.23.2007 no virus found
VirusBuster 4.3.23:9 06.24.2007 no virus found
Webwasher-Gateway 6.0.1 06.22.2007 no virus found

Aditional Information
File size: 78848 bytes
MD5: a1ed56aa8fca4f425c38931959832092
SHA1: bb81e214134b13b61545b390ad21d5d3c81e3470
packers: UPX
packers: UPX
packers: UPX
__________________________________________________________
Complete scanning result of "cdnprh.dll", received in VirusTotal at 06.25.2007, 06:22:11 (CET).

Antivirus Version Update Result
AhnLab-V3 2007.6.21.1 06.22.2007 no virus found
AntiVir 7.4.0.34 06.24.2007 TR/Agent.6144.92
Authentium 4.93.8 06.22.2007 Possibly a new variant of W32/Downloader-Sml-based!Maximus
Avast 4.7.997.0 06.24.2007 no virus found
AVG 7.5.0.476 06.24.2007 no virus found
BitDefender 7.2 06.25.2007 Generic.Malware.dld!!.47BE3747
CAT-QuickHeal 9.00 06.23.2007 no virus found
ClamAV devel-20070416 06.24.2007 no virus found
DrWeb 4.33 06.25.2007 DLOADER.Trojan
eSafe 7.0.15.0 06.24.2007 no virus found
eTrust-Vet 30.8.3736 06.22.2007 no virus found
Ewido 4.0 06.24.2007 no virus found
FileAdvisor 1 06.25.2007 no virus found
Fortinet 2.91.0.0 06.25.2007 no virus found
F-Prot 4.3.2.48 06.22.2007 W32/Downloader-Sml-based!Maximus
F-Secure 6.70.13030.0 06.25.2007 no virus found
Ikarus T3.1.1.8 06.24.2007 Win32.SuspectCrc
Kaspersky 4.0.2.24 06.25.2007 no virus found
McAfee 5059 06.22.2007 no virus found
Microsoft 1.2701 06.23.2007 no virus found
NOD32v2 2350 06.24.2007 no virus found
Norman 5.80.02 06.22.2007 no virus found
Panda 9.0.0.4 06.24.2007 Suspicious file
Prevx1 V2 06.25.2007 no virus found
Sophos 4.19.0 06.24.2007 no virus found
Sunbelt 2.2.907.0 06.21.2007 no virus found
Symantec 10 06.25.2007 no virus found
TheHacker 6.1.6.137 06.22.2007 no virus found
VBA32 3.12.0.2 06.23.2007 no virus found
VirusBuster 4.3.23:9 06.24.2007 no virus found
Webwasher-Gateway 6.0.1 06.22.2007 Trojan.Agent.6144.92

Aditional Information
File size: 6144 bytes
MD5: 1f068e927ea091ec7fb3c48f5bd6e8e9
SHA1: 6b69c6554aae950f620953514cdf82fc315f2798
 
zaicn said:
meine windows-version ist in zh-cn.
Click to expand...

Das erklaert einiges. :)

Complete scanning result of "Dec.exe",
Complete scanning result of "cdnprh.dll",
Click to expand...

Loesche obige Dateien, bzw verschiebe die EXE Datei ersteinmal, falls sie doch noch irgendwofuer benoetigt wird.

Zur Kontrolle kannst du noch einen Scan mit Drweb Cureit machen: http://freedrweb.com/?lng=de
Achte auf das, was Drweb findet. Im Zweifelsfalle Dinge umbenennen lassen, anstatt zu loeschen!
Sowie mit Ewido Micro: http://downloads.ewido.net/ewido_micro.exe

Beide brauchen keine Installation und loeschen sich mehr oder minder wieder von selber
 
You must log in or register to reply here.
Back
Top