| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Sites öffnen sich von alleinWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
| |
12.07.2009, 19:35
| #1 |
| |  Sites öffnen sich von allein hi, ich habe das Problem, dass sich immer wieder sites von allein öffnen. Ich benutze Firefox und die sites öffnen wenn ich im internet surfe von allein und haben keine URL leiste. Mein internet ist seit kurzem auch sehr langsam geworden (auf 10%), aber das könnte evtl. auch an etwas anderem liegen. Ich benutze einen Router. Hier schonmal mein HJT logfile: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:35:44, on 11.07.2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Users\***\AppData\Local\iggcokw.exe C:\Windows\system32\taskeng.exe C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe C:\Program Files\ASUS\AASP\1.00.67\aaCenter.exe C:\Windows\system32\taskeng.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\conime.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [Skytel] Skytel.exe O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe" O4 - HKLM\..\Run: [QFan Help] "C:\Program Files\ASUS\AI Suite\QFan3\QFanHelp.exe" O4 - HKLM\..\Run: [Cpu Level Up help] C:\Program Files\ASUS\AI Suite\CpuLevelUpHelp.exe O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [iggcokw] "c:\users\***\appdata\local\iggcokw.exe" iggcokw O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe O8 - Extra context menu item: Alles mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dlall.htm O8 - Extra context menu item: Auswahl mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: Datei mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dllink.htm O8 - Extra context menu item: Videos mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dlfvideo.htm O13 - Gopher Prefix: O18 - Protocol: bw+0 - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bw+0s - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bw-0 - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bw-0s - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bw00 - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bw00s - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bw10 - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bw10s - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bw20 - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bw20s - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bw30 - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bw30s - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bw40 - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bw40s - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bw50 - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bw50s - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bw60 - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bw60s - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bw70 - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bw70s - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bw80 - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bw80s - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bw90 - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bw90s - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bwa0 - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bwa0s - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bwb0 - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bwb0s - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bwc0 - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bwc0s - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bwd0 - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bwd0s - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bwe0 - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bwe0s - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bwf0 - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bwf0s - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (file missing) O18 - Protocol: bwg0 - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bwg0s - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bwh0 - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bwh0s - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bwi0 - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bwi0s - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bwj0 - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bwj0s - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bwk0 - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bwk0s - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bwl0 - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bwl0s - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bwm0 - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bwm0s - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bwn0 - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bwn0s - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bwo0 - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bwo0s - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bwp0 - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bwp0s - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bwq0 - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bwq0s - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bwr0 - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bwr0s - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bws0 - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bws0s - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bwt0 - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bwt0s - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bwu0 - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bwu0s - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bwv0 - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bwv0s - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bww0 - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bww0s - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bwx0 - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bwx0s - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bwy0 - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bwy0s - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bwz0 - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bwz0s - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: offline-8876480 - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing) -- End of file - 19279 bytes Ich sehe momentan meinen Desktophintergrund nicht, aber das gibt sich wahrscheinlich, wenn ich neustarte... Mfg Jektor |
|
13.07.2009, 18:58
| #2 |
| /// Helfer-Team    | Sites öffnen sich von allein Hallo Jektor
__________________ - Die Anweisungen bitte gründlich lesen und immer streng einhalten, da ich die Reihenfolge nach bestimmten Kriterien vorbereitet habe: 1. Versteckte- und Systemdateien sichtbar machen: - Klicke unter Start auf Arbeitsplatz. - Klicke im Menü Extras auf Ordneroptionen. - Dateien und Ordner/Erweiterungen bei bekannten Dateitypen ausblenden --> Haken entfernen - Geschützte und Systemdateien ausblenden --> Haken entfernen - Versteckte Dateien und Ordner/Alle Dateien und Ordner anzeigen --> Haken setzen. - Bei "Geschützte Systemdateien ausblenden" darf kein Häkchen sein und "Alle Dateien und Ordner anzeigen" muss aktiviert sein. 2. Ich würde gerne noch all deine installierten Programme sehen: Lade dir das Tool CCleaner herunter installieren ("Füge CCleaner Yahoo! Toolbar hinzu" abwählen)-> starten-> unter Options settings-> "german" einstellen dann klick auf "Extra (um die installierten Programme auch anzuzeigen)-> weiter auf "Als Textdatei speichern..." wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein 3. Gehe auf die virustotal-Seite und Lass folgende Datei prüfen: - Klicke auf "Durchsuchen" - Suche die Datei auf deinem Rechner--> Doppelklick auf die zu prüfende Datei (oder kopiere den Inhalt ab aus der Codebox) Code:
ATTFilter C:\Users\***\AppData\Local\iggcokw.exe
- das Ergebnis wie Du es bekommst da reinkoperen (inklusive Dateigröße und Name, MD5 und SHA1): 4.
am besten nutze den Code-Tags für deinen Post: vor dein log schreibst du:[code] hier kommt dein logfile rein dahinter:[/code] gruß Coverflow |
|
17.07.2009, 16:21
| #3 |
| | Sites öffnen sich von allein Also:
__________________-Danke erstmal für die Mühe die datei iggcokw.exe gibt es bei mir nicht mehr - vllt von AntiVir genervt? dafür ist aber eine andere datei aufgetreten: ceuskus.exe ich habe jetzt einfach mal die schritte für diese datei ausgeführt (Antivir nervt auch schon die ganze zeit!!) Die .txt datei: Code:
ATTFilter Ad-Aware Lavasoft 21.01.2009 29,3MB
Adobe Flash Player 10 Plugin Adobe Systems Incorporated 14.07.2009
Adobe Flash Player ActiveX Adobe Systems Incorporated 30.03.2009
Adobe Reader 9.1.2 - Deutsch Adobe Systems Incorporated 18.06.2009 158,1MB
AI Suite 21.01.2009 42,9MB
Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver Atheros Communications Inc. 21.01.2009 2,93MB
ATI Catalyst Install Manager ATI Technologies, Inc. 21.01.2009 13,7MB
Avira AntiVir Personal - Free Antivirus Avira GmbH 29.06.2009 67,9MB
CCleaner (remove only) Piriform 16.07.2009 2,55MB
CloneCD SlySoft 22.01.2009 5,20MB
CloneDVD2 Elaborate Bytes 22.01.2009 8,69MB
Compatibility Pack für 2007 Office System Microsoft Corporation 21.01.2009 56,2MB
EPU-4 Engine 21.01.2009 6,90MB
Favorit 18.05.2009
Finale 2006 28.03.2009 265,3MB
foobar2000 v0.9.6.1 Peter Pawlowski 21.01.2009 6,74MB
Fraps (remove only) 22.01.2009 6,11MB
Free Download Manager 3.0 FreeDownloadManager.ORG 18.05.2009 17,9MB
Free M4a to MP3 Converter 6.0 ManiacTools.com 02.03.2009 3,46MB
Google Earth Google 22.01.2009 25,3MB
Google Updater Google Inc. 23.03.2009 3,59MB
Hamachi 1.0.3.0 21.01.2009 0,84MB
HijackThis 2.0.2 TrendMicro 10.07.2009 0,40MB
IrfanView (remove only) 21.01.2009 1,57MB
Java(TM) 6 Update 13 Sun Microsystems, Inc. 22.01.2009 94,4MB
LogonStudio Vista 21.01.2009 3,26MB
Magic ISO Maker v5.5 (build 0273) 21.01.2009 2,98MB
MagicDisc 2.7.105 21.01.2009
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft Corporation 07.02.2009 37,0MB
Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 06.02.2009 37,0MB
Microsoft Games for Windows - LIVE Redistributable Microsoft Corporation 06.04.2009 28,3MB
Microsoft Office PowerPoint Viewer 2007 (German) Microsoft Corporation 21.01.2009 51,0MB
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 06.04.2009 0,41MB
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Corporation 03.06.2009 2,06MB
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 29.06.2009 0,58MB
Microsoft Works Microsoft Corporation 21.01.2009 378,0MB
Mozilla Firefox (3.0.11) Mozilla 12.06.2009 24,9MB
OpenAL 26.01.2009 0,77MB
OpenOffice.org 3.1 OpenOffice.org 08.05.2009 351,7MB
Pando Media Booster Pando Networks Inc. 12.06.2009 6,69MB
PC Probe II 21.01.2009 25,3MB
Pcsx2 0.9.6 Pcsx2 Team 06.04.2009 19,3MB
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 21.01.2009 22,1MB
Skype™ 4.0 Skype Technologies S.A. 28.06.2009 32,3MB
Spelling Dictionaries Support For Adobe Reader 9 Adobe Systems Incorporated 18.06.2009 29,7MB
Spybot - Search & Destroy Safer Networking Limited 10.07.2009 56,4MB
TeamSpeak 2 RC2 Dominating Bytes Design 21.01.2009
Uniblue RegistryBooster 2 Uniblue 22.01.2009 11,6MB
Uniblue SpeedUpMyPC 3 Uniblue 22.01.2009 18,0MB
UseNeXT Aviteo Ltd 24.05.2009 4,39MB
VLC media player 0.9.9 VideoLAN Team 18.06.2009 49,9MB
WinAVI Video Converter ZJ Computing, Inc. 22.01.2009 18,7MB
Windows Live Anmelde-Assistent Microsoft Corporation 21.01.2009 1,94MB
Windows Live Essentials Microsoft Corporation 21.01.2009 44,0MB
Windows Live-Uploadtool Microsoft Corporation 21.01.2009 0,22MB
WinRAR 21.01.2009 3,73MB
Code:
ATTFilter Antivirus Version letzte aktualisierung Ergebnis
a-squared 4.5.0.24 2009.07.17 -
AhnLab-V3 5.0.0.2 2009.07.17 -
AntiVir 7.9.0.220 2009.07.17 ADSPY/AdSpy.Gen
Antiy-AVL 2.0.3.7 2009.07.17 -
Authentium 5.1.2.4 2009.07.17 -
Avast 4.8.1335.0 2009.07.16 -
AVG 8.5.0.387 2009.07.17 -
BitDefender 7.2 2009.07.17 -
CAT-QuickHeal 10.00 2009.07.17 -
ClamAV 0.94.1 2009.07.17 -
Comodo 1680 2009.07.17 -
DrWeb 5.0.0.12182 2009.07.17 -
eSafe 7.0.17.0 2009.07.16 -
eTrust-Vet 31.6.6622 2009.07.17 -
F-Prot 4.4.4.56 2009.07.17 -
F-Secure 8.0.14470.0 2009.07.17 -
Fortinet 3.120.0.0 2009.07.17 -
GData 19 2009.07.17 -
Ikarus T3.1.1.64.0 2009.07.17 -
Jiangmin 11.0.800 2009.07.17 -
K7AntiVirus 7.10.794 2009.07.16 -
Kaspersky 7.0.0.125 2009.07.17 -
McAfee 5678 2009.07.16 -
McAfee+Artemis 5678 2009.07.16 -
McAfee-GW-Edition 6.8.5 2009.07.17 Ad-Spyware.AdSpy.Gen
Microsoft 1.4803 2009.07.17 -
NOD32 4254 2009.07.17 -
Norman 6.01.09 2009.07.17 -
nProtect 2009.1.8.0 2009.07.17 -
Panda 10.0.0.14 2009.07.16 -
PCTools 4.4.2.0 2009.07.17 -
Prevx 3.0 2009.07.17 -
Rising 21.38.44.00 2009.07.17 -
Sophos 4.43.0 2009.07.17 -
Sunbelt 3.2.1858.2 2009.07.17 -
Symantec 1.4.4.12 2009.07.17 -
TheHacker 6.3.4.3.369 2009.07.16 -
TrendMicro 8.950.0.1094 2009.07.17 -
VBA32 3.12.10.8 2009.07.16 -
ViRobot 2009.7.17.1841 2009.07.17 -
VirusBuster 4.6.5.0 2009.07.16 -
weitere Informationen
File size: 238080 bytes
MD5...: 11211fed127d6873ae9b7b4c707e02d5
SHA1..: 20a913ed30226067e78f1a567f836aeba50133fc
SHA256: 427a8b8192e2663de4148a65eb3de818e12fe5084390939ad945e05c37e19286
ssdeep: 6144:FkX0104bQyR9GR/Vq8GINeqE7Dvh0G6eCnYbW:C67bS/BLVm7hwnYbW
PEiD..: Armadillo v1.71
TrID..: File type identification
Win64 Executable Generic (59.6%)
Win32 Executable MS Visual C++ (generic) (26.2%)
Win32 Executable Generic (5.9%)
Win32 Dynamic Link Library (generic) (5.2%)
Generic Win/DOS Executable (1.3%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x2525
timedatestamp.....: 0x44d5b291 (Sun Aug 06 09:12:49 2006)
machinetype.......: 0x14c (I386)
( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x671a 0x6800 6.69 4a096052609869b90485d8e20acb3f49
.rdata 0x8000 0xcc4 0xe00 5.08 725fbe2d53c5aa9ee0708ca4c2037dbf
.data 0x9000 0x32abc 0x32400 7.21 0f36ce1c839604d8f74b41b4a46ba310
.rsrc 0x3c000 0x2c8 0x400 2.38 5d5a0442bda9d8ff6fa28cb1a2ff2aa4
( 1 imports )
> KERNEL32.dll: VirtualAlloc, GetCommandLineA, GetSystemInfo, SetProcessWorkingSetSize, GetTimeFormatW, WinExec, GetDateFormatW, GetStdHandle, FindResourceW, GetEnvironmentVariableA, GetSystemDirectoryA, WaitForMultipleObjects, TlsSetValue, IsDBCSLeadByte, GetFileAttributesExW, MoveFileA, GetTempFileNameW, DeleteFileA, LocalAlloc, WriteProfileStringA, GetComputerNameA, CreateTimerQueueTimer, UnhandledExceptionFilter, GetModuleFileNameA, GetModuleHandleA, GetStartupInfoA, GetVersion, ExitProcess, GetProcAddress, GetCurrentThreadId, TlsAlloc, SetLastError, TlsGetValue, GetLastError, RtlUnwind, TerminateProcess, GetCurrentProcess, HeapAlloc, GetCPInfo, GetACP, GetOEMCP, FreeEnvironmentStringsA, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStrings, GetEnvironmentStringsW, SetHandleCount, GetFileType, GetVersionExA, HeapDestroy, HeapCreate, VirtualFree, HeapFree, WriteFile, InterlockedDecrement, InterlockedIncrement, InitializeCriticalSection, EnterCriticalSection, LeaveCriticalSection, HeapReAlloc, MultiByteToWideChar, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW, LoadLibraryA
( 0 exports )
PDFiD.: -
RDS...: NSRL Reference Data Set
-
Geändert von Jektor (17.07.2009 um 16:30 Uhr) |
|
17.07.2009, 16:26
| #4 |
| | Sites öffnen sich von allein also dann hier das ergebnis von navilog1.exe: Code:
ATTFilter Fix Navipromo version 4.0.1 begonnen am 17.07.2009 17:01:15,03
!!! Achtung, dieser Abschnitt kann legitime Dateien und Programme auflisten!!!
!!! Posten sie diesen Bericht im Forum, um ihn auswerten zu lassen !!!
Programm ausgefuehrt in: C:\Program Files\navilog1
Zuletzt von IL-MAFIOSO aktualisiert am 14.07.2009 um 14h00
Microsoft® Windows Vista™ Home Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz )
BIOS : BIOS Date: 08/26/08 13:43:41 Ver: 08.00.14
USER : *** ( Administrator )
BOOT : Normal boot
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:127 Go (Free:23 Go)
D:\ (CD or DVD)
E:\ (Local Disk) - NTFS - Total:104 Go (Free:35 Go)
F:\ (Local Disk) - NTFS - Total:698 Go (Free:118 Go)
Suche Im normalen Modus ausgefuehrt
Bereinigung beim Neustart des Rechners durchgefuehrt.
C:\Windows\prefetch\GARENA.EXE-7065975D.pf entfernt!
Fehlgeschlagen Kopie C:\Users\***\AppData\Local\ceuskus.exe in den Ordner Backupnavi
C:\Users\***\AppData\Local\ceuskus.exe Nein entfernt!
C:\Users\***\AppData\Local\ceuskus.dat entfernt!
C:\Users\***\AppData\Local\ceuskus_nav.dat entfernt!
C:\Users\***\AppData\Local\ceuskus_navps.dat entfernt!
Bereinigung in C:\Windows\Temp ausgefuehrt!
Bereinigung in C:\Users\***\AppData\Local\Temp ausgefuehrt!
*** Sicherung der Registry im Ordner Safebackup ***
Sicherung der Registry erfolgreich abgeschlossen!
*** Bereingung der Registry ***
Registry Bereinigung Ok
*** Scan beendet 17.07.2009 17:25:23,57 ***
|
|
17.07.2009, 17:51
| #5 |
| /// Helfer-Team | Sites öffnen sich von allein hi 1. Navilog kannst Du entfernen 2. - Lade dir RSIT - http://filepony.de/download-rsit/: - an einen Ort deiner Wahl und führe die rsit.exe aus - wird "Hijackthis" auch von RSIT installiert und ausgeführt - RSIT erstellt 2 Logfiles (C:\rsit\log.txt und C:\rsit\info.txt) mit erweiterten Infos von deinem System - diese beide bitte komplett hier posten |
|
17.07.2009, 22:55
| #6 |
| | Sites öffnen sich von allein info.txt Code:
ATTFilter info.txt logfile of random's system information tool 1.06 2009-07-17 23:46:14
======Uninstall list======
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 9.1.2 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A91000000001}
AI Suite-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{310BC5E2-31AF-49BB-904D-E71EB93645DC}\setup.exe" -l0x7
Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver-->"C:\Program Files\InstallShield Installation Information\{3108C217-BE83-42E4-AE9E-A56A2A92E549}\Setup.exe" -runfromtemp -l0x0007 -removeonly
ATI AVIVO Codecs-->MsiExec.exe /I{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
Burnout(TM) Paradise The Ultimate Box-->MsiExec.exe /X{9A996B6A-846E-4A89-B9C4-17546B7BE49F}
Catalyst Control Center - Branding-->MsiExec.exe /I{FA3A247D-437A-455E-A88F-7EB6E5F9E799}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
CloneCD-->"C:\Program Files\SlySoft\CloneCD\ccd-uninst.exe" /D="C:\Program Files\SlySoft\CloneCD"
CloneDVD2-->"C:\Program Files\Elaborate Bytes\CloneDVD2\CloneDVD2-uninst.exe" /D="C:\Program Files\Elaborate Bytes\CloneDVD2"
Compatibility Pack für 2007 Office System-->MsiExec.exe /X{90120000-0020-0407-0000-0000000FF1CE}
EA Download Manager-->E:\GAMES\EADM\Uninstall.exe
eMule-->"C:\Program Files\eMule\Uninstall.exe"
EPU-4 Engine-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8F66047B-1AF3-40D9-80D7-106E2EDC2C2A}\setup.exe" -l0x7
Favorit-->c:\users\***\appdata\local\mwgww.bat
Finale 2006-->C:\Windows\unvise32.exe C:\Program Files\Finale 2006\uninstal.log
foobar2000 v0.9.6.1-->"C:\Program Files\foobar2000\uninstall.exe" _?=C:\Program Files\foobar2000
Fraps (remove only)-->"C:\Fraps\uninstall.exe"
Free Download Manager 3.0-->C:\Program Files\Free Download Manager\uninst.exe
Free M4a to MP3 Converter 6.0-->"C:\Program Files\Free M4a to MP3 Converter\unins000.exe"
Garena-->C:\Program Files\Garena\uninst.exe
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
GRID-->"C:\Program Files\InstallShield Installation Information\{5A0B7BA5-4682-4273-81C2-69B17E649103}\setup.exe" -runfromtemp -l0x0007 -removeonly
GTR Evolution-->"C:\Program Files\SimBin\GTR Evolution Offline\Uninstall\unins000.exe"
Hamachi 1.0.3.0-->C:\Program Files\Hamachi\uninstall.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
LimeWire 4.18.8-->"C:\Program Files\LimeWire\uninstall.exe"
LogonStudio Vista-->C:\PROGRA~2\Stardock\OBJECT~1\LOGONS~1\UNWISE.EXE C:\PROGRA~2\Stardock\OBJECT~1\LOGONS~1\INSTALL.LOG
Magic ISO Maker v5.5 (build 0273)-->C:\PROGRA~2\MagicISO\UNWISE.EXE C:\PROGRA~2\MagicISO\INSTALL.LOG
MagicDisc 2.7.105-->C:\PROGRA~2\MAGICD~1\UNWISE.EXE C:\PROGRA~2\MAGICD~1\INSTALL.LOG
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - deu\setup.exe
Microsoft .NET Framework 3.5 Language Pack SP1 - deu-->MsiExec.exe /I{052FDD78-A6EA-3187-8386-C82F4CA3A929}
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}
Microsoft Office PowerPoint Viewer 2007 (German)-->MsiExec.exe /X{95120000-00AF-0407-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Works-->MsiExec.exe /I{39D0E034-1042-4905-BECB-5502909FCB7C}
Mozilla Firefox (3.0.11)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
NCsoft Launcher-->C:\Program Files\InstallShield Installation Information\{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}\setup.exe -runfromtemp -l0x0007 -removeonly
OpenAL-->"C:\Program Files\OpenAL\OalinstGridRelease.exe" /U
OpenOffice.org 3.1-->MsiExec.exe /I{D765F1CE-5AE5-4C47-B134-AE58AC474740}
Pando Media Booster-->C:\Program Files\Pando Networks\Media Booster\uninst.exe
PC Probe II-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F7338FA3-DAB5-49B2-900D-0AFB5760C166}\setup.exe" -l0x7
Pcsx2 0.9.6-->MsiExec.exe /I{0E2B767B-EA6A-489B-BF83-8083FE1DB661}
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m -nrg2709
Skype™ 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}
Spelling Dictionaries Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-900000000004}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak2_RC2\unins000.exe"
TOU-->C:\Program Files\TOU\uninstall.exe
Uniblue RegistryBooster 2-->"C:\Program Files\Uniblue\RegistryBooster 2\unins000.exe"
Uniblue SpeedUpMyPC 3-->"C:\Program Files\Uniblue\SpeedUpMyPC 3\unins000.exe"
Update Service-->C:\Program Files\Sony Ericsson\Update Service\uninst.exe
UseNeXT-->"C:\Program Files\UseNeXT\unins000.exe"
VLC media player 0.9.9-->C:\Program Files\VideoLAN X\VLC\uninstall.exe
Warcraft III-->C:\Windows\War3Unin.exe C:\Windows\War3Unin.dat
Watchtower Library 2008 - Deutsch-->C:\Program Files\Watchtower\Watchtower Library 2008\X\uninst.exe
WinAVI Video Converter-->"C:\Program Files\WinAVI Video Converter\unins000.exe"
Windows Live Anmelde-Assistent-->MsiExec.exe /I{B5BCBD49-202F-4238-8398-D83D423A48B4}
Windows Live Call-->MsiExec.exe /I{835686C5-8650-49EB-8CA0-4528B4035495}
Windows Live Communications Platform-->MsiExec.exe /I{F69E83CF-B440-43F8-89E6-6EA80712109B}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{DF5F687F-8018-4542-9F98-7084E9022917}
Windows Live Messenger-->MsiExec.exe /X{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}
Windows Live-Uploadtool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
WinRAR-->C:\Program Files\WinRAR\uninstall.exe
=====HijackThis Backups=====
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) [2009-07-11]
======Security center information======
AS: Spybot - Search and Destroy (disabled)
AS: Windows-Defender
======System event log======
Computer Name: The-Pwner
Event Code: 7036
Message: Dienst "WinHTTP-Web Proxy Auto-Discovery-Dienst" befindet sich jetzt im Status "Beendet".
Record Number: 64113
Source Name: Service Control Manager
Time Written: 20090717213941.000000-000
Event Type: Informationen
User:
Computer Name: The-Pwner
Event Code: 1103
Message: Dem Computer wurde erfolgreich eine Netzwerkadresse zugeteilt. Eine Verbindung mit anderen Computern kann nun hergestellt werden.
Record Number: 64114
Source Name: Microsoft-Windows-Dhcp-Client
Time Written: 20090717214056.000000-000
Event Type: Informationen
User:
Computer Name: The-Pwner
Event Code: 1103
Message: Dem Computer wurde erfolgreich eine Netzwerkadresse zugeteilt. Eine Verbindung mit anderen Computern kann nun hergestellt werden.
Record Number: 64115
Source Name: Microsoft-Windows-Dhcp-Client
Time Written: 20090717214303.000000-000
Event Type: Informationen
User:
Computer Name: The-Pwner
Event Code: 1103
Message: Dem Computer wurde erfolgreich eine Netzwerkadresse zugeteilt. Eine Verbindung mit anderen Computern kann nun hergestellt werden.
Record Number: 64116
Source Name: Microsoft-Windows-Dhcp-Client
Time Written: 20090717214510.000000-000
Event Type: Informationen
User:
Computer Name: The-Pwner
Event Code: 7036
Message: Dienst "Anwendungsinformationen" befindet sich jetzt im Status "Ausgeführt".
Record Number: 64117
Source Name: Service Control Manager
Time Written: 20090717214559.000000-000
Event Type: Informationen
User:
=====Application event log=====
Computer Name: The-Pwner
Event Code: 1
Message: Der Zertifikatdiensteclient wurde erfolgreich gestartet.
Record Number: 10603
Source Name: Microsoft-Windows-CertificateServicesClient
Time Written: 20090717200245.201500-000
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM
Computer Name: The-Pwner
Event Code: 0
Message:
Record Number: 10604
Source Name: gusvc
Time Written: 20090717200404.000000-000
Event Type: Informationen
User:
Computer Name: The-Pwner
Event Code: 0
Message:
Record Number: 10605
Source Name: gusvc
Time Written: 20090717200505.000000-000
Event Type: Informationen
User:
Computer Name: The-Pwner
Event Code: 1001
Message: Die Leistungsindikatoren für den Dienst WmiApRpl (WmiApRpl) wurden entfernt. Die Daten enthalten die neuen Werte der Registrierungseinträge "Last Counter" und "Last Help".
Record Number: 10606
Source Name: Microsoft-Windows-LoadPerf
Time Written: 20090717200742.000000-000
Event Type: Informationen
User:
Computer Name: The-Pwner
Event Code: 1000
Message: Die Leistungsindikatoren für den Dienst WmiApRpl (WmiApRpl) wurden erfolgreich geladen. Die Eintragsdaten im Datenbereich enthalten die neuen Indexwerte, die diesem Dienst zugeordnet sind.
Record Number: 10607
Source Name: Microsoft-Windows-LoadPerf
Time Written: 20090717200742.000000-000
Event Type: Informationen
User:
=====Security event log=====
Computer Name: The-Pwner
Event Code: 5038
Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen.
Dateiname: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 18988
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090717214610.294100-000
Event Type: Überwachung gescheitert
User:
Computer Name: The-Pwner
Event Code: 5038
Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen.
Dateiname: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 18989
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090717214610.322100-000
Event Type: Überwachung gescheitert
User:
Computer Name: The-Pwner
Event Code: 5038
Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen.
Dateiname: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 18990
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090717214610.348100-000
Event Type: Überwachung gescheitert
User:
Computer Name: The-Pwner
Event Code: 5038
Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen.
Dateiname: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 18991
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090717214610.375100-000
Event Type: Überwachung gescheitert
User:
Computer Name: The-Pwner
Event Code: 5038
Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen.
Dateiname: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 18992
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090717214610.401100-000
Event Type: Überwachung gescheitert
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 10, GenuineIntel
"PROCESSOR_REVISION"=170a
"NUMBER_OF_PROCESSORS"=2
-----------------EOF-----------------
|
|
17.07.2009, 22:57
| #7 |
| | Sites öffnen sich von allein log.txt Code:
ATTFilter Logfile of random's system information tool 1.06 (written by random/random) Run by *** at 2009-07-17 23:46:05 Microsoft® Windows Vista™ Home Premium Service Pack 1 System drive C: has 22 GB (17%) free of 131 GB Total RAM: 3070 MB (65% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:46:10, on 17.07.2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\RtHDVCpl.exe C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\Windows\ehome\ehmsas.exe C:\Windows\system32\taskeng.exe C:\Program Files\ASUS\AASP\1.00.67\aaCenter.exe C:\Windows\system32\taskeng.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\foobar2000\foobar2000.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\***\Downloads\RSIT.exe C:\Program Files\Trend Micro\HijackThis\***.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [Skytel] Skytel.exe O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe" O4 - HKLM\..\Run: [QFan Help] "C:\Program Files\ASUS\AI Suite\QFan3\QFanHelp.exe" O4 - HKLM\..\Run: [Cpu Level Up help] C:\Program Files\ASUS\AI Suite\CpuLevelUpHelp.exe O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe O8 - Extra context menu item: Alles mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dlall.htm O8 - Extra context menu item: Auswahl mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: Datei mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dllink.htm O8 - Extra context menu item: Videos mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dlfvideo.htm O13 - Gopher Prefix: O18 - Protocol: bw+0 - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bw+0s - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bw-0 - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bw-0s - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bw00 - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bw00s - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bw10 - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bw10s - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bw20 - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bw20s - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bw30 - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bw30s - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bw40 - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bw40s - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bw50 - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bw50s - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bw60 - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bw60s - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bw70 - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bw70s - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bw80 - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bw80s - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bw90 - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bw90s - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bwa0 - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bwa0s - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bwb0 - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bwb0s - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bwc0 - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bwc0s - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bwd0 - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bwd0s - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bwe0 - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bwe0s - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bwf0 - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bwf0s - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (file missing) O18 - Protocol: bwg0 - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bwg0s - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bwh0 - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bwh0s - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bwi0 - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bwi0s - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bwj0 - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bwj0s - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bwk0 - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bwk0s - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bwl0 - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bwl0s - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bwm0 - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bwm0s - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bwn0 - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bwn0s - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bwo0 - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bwo0s - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bwp0 - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bwp0s - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bwq0 - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bwq0s - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bwr0 - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bwr0s - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bws0 - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bws0s - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bwt0 - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bwt0s - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bwu0 - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bwu0s - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bwv0 - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bwv0s - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bww0 - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bww0s - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bwx0 - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bwx0s - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bwy0 - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bwy0s - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bwz0 - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: bwz0s - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: offline-8876480 - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing) O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing) O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- End of file - 19059 bytes |
|
17.07.2009, 22:59
| #8 |
| | Sites öffnen sich von allein 2ter teil, weil es sonst 7000 zeichen zu viel wären :/ Code:
ATTFilter
======Scheduled tasks folder======
C:\Windows\tasks\Google Software Updater.job
C:\Windows\tasks\Uniblue SpeedUpMyPC Nag.job
C:\Windows\tasks\Uniblue SpeedUpMyPC.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Anmelde-Hilfsprogramm - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2008-11-18 408952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-03-24 668656]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}]
FDMIECookiesBHO Class - C:\Program Files\Free Download Manager\iefdm2.dll [2009-02-27 98304]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-07-16 6253088]
"Skytel"=C:\Windows\Skytel.exe [2008-07-16 1833504]
"Ai Nap"=C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe [2008-05-26 1423360]
"QFan Help"=C:\Program Files\ASUS\AI Suite\QFan3\QFanHelp.exe [2008-05-06 594432]
"Cpu Level Up help"=C:\Program Files\ASUS\AI Suite\CpuLevelUpHelp.exe [2007-11-30 881152]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-08-29 61440]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-09 148888]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-19 1233920]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
"PlayNC Launcher"= []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe [2005-05-19 57344]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OpenOffice.org 3.1.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"C:\Program Files\NCsoft\Exteel (US)\System\Exteel.exe"="C:\Program Files\NCsoft\Exteel (US)\System\Exteel.exe:*:Enabled:Exteel"
"E:\GAMES\Combar Arms\Combat Arms\CombatArms.exe"="E:\GAMES\Combar Arms\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
"E:\GAMES\Combar Arms\Combat Arms\Engine.exe"="E:\GAMES\Combar Arms\Combat Arms\Engine.exe:*Enabled:Engine.exe"
"E:\GAMES\Combar Arms\Combat Arms EU\CombatArms.exe"="E:\GAMES\Combar Arms\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe"
"E:\GAMES\Combar Arms\Combat Arms EU\Engine.exe"="E:\GAMES\Combar Arms\Combat Arms EU\Engine.exe:*Enabled:Engine.exe"
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 months======
2009-07-17 23:46:05 ----D---- C:\rsit
2009-07-17 18:00:09 ----A---- C:\Windows\system32\WdfCoInstaller01007.dll
2009-07-17 17:54:59 ----D---- C:\Program Files\Sony Ericsson
2009-07-17 17:01:15 ----A---- C:\cleannavi.txt
2009-07-17 17:00:21 ----D---- C:\Program Files\Navilog1
2009-07-17 16:43:53 ----D---- C:\Program Files\CCleaner
2009-07-15 11:03:00 ----A---- C:\Windows\system32\t2embed.dll
2009-07-15 11:03:00 ----A---- C:\Windows\system32\fontsub.dll
2009-07-15 11:03:00 ----A---- C:\Windows\system32\dciman32.dll
2009-07-15 11:03:00 ----A---- C:\Windows\system32\atmfd.dll
2009-07-13 11:32:52 ----A---- C:\Windows\ntbtlog.txt
2009-07-11 22:57:19 ----D---- C:\ProgramData\Spybot - Search & Destroy
2009-07-11 22:57:19 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-07-11 22:37:18 ----D---- C:\32788R22FWJFW
2009-07-11 22:35:30 ----D---- C:\Program Files\Trend Micro
2009-06-30 11:34:37 ----D---- C:\ProgramData\Avira
2009-06-30 11:34:37 ----D---- C:\Program Files\Avira
2009-06-29 14:54:01 ----D---- C:\Program Files\Common Files\Skype
2009-06-19 16:44:35 ----D---- C:\Users\***\AppData\Roaming\vlc
2009-06-19 16:44:04 ----D---- C:\Program Files\VideoLAN X
======List of files/folders modified in the last 1 months======
2009-07-17 23:46:07 ----D---- C:\Windows\Temp
2009-07-17 22:22:07 ----D---- C:\Users\***\AppData\Roaming\LimeWire
2009-07-17 22:07:42 ----D---- C:\Windows\System32
2009-07-17 22:07:42 ----D---- C:\Windows\inf
2009-07-17 22:07:42 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-07-17 22:04:14 ----D---- C:\Windows\Tasks
2009-07-17 22:02:36 ----D---- C:\Windows
2009-07-17 18:12:43 ----D---- C:\Users\***\AppData\Roaming\App Launcher Gadget
2009-07-17 18:11:10 ----D---- C:\Windows\system32\drivers
2009-07-17 18:00:22 ----D---- C:\Windows\system32\catroot2
2009-07-17 18:00:22 ----D---- C:\Windows\system32\catroot
2009-07-17 18:00:13 ----SHD---- C:\System Volume Information
2009-07-17 17:54:59 ----RD---- C:\Program Files
2009-07-17 17:24:34 ----D---- C:\Windows\Prefetch
2009-07-17 17:08:26 ----D---- C:\Windows\winsxs
2009-07-17 16:42:55 ----D---- C:\ProgramData\Google Updater
2009-07-16 10:03:36 ----D---- C:\Program Files\Windows Mail
2009-07-15 14:47:36 ----D---- C:\Users\***\AppData\Roaming\foobar2000
2009-07-15 12:46:29 ----D---- C:\Program Files\Warcraft GX
2009-07-15 10:58:06 ----D---- C:\Program Files\Garena
2009-07-13 11:36:10 ----D---- C:\Program Files\Mozilla Firefox
2009-07-11 22:57:19 ----HD---- C:\ProgramData
2009-07-07 17:18:48 ----D---- C:\Users\***\AppData\Roaming\Skype
2009-07-07 17:15:13 ----D---- C:\Users\***\AppData\Roaming\skypePM
2009-07-07 17:10:56 ----A---- C:\Windows\system32\mrt.exe
2009-06-30 11:58:07 ----D---- C:\Program Files\Free Download Manager
2009-06-30 11:28:55 ----D---- C:\Windows\system32\WDI
2009-06-30 11:26:36 ----SHD---- C:\Windows\Installer
2009-06-29 18:39:27 ----D---- C:\Windows\Minidump
2009-06-29 14:54:13 ----D---- C:\Windows\system32\Tasks
2009-06-29 14:54:01 ----RD---- C:\Program Files\Skype
2009-06-29 14:54:01 ----D---- C:\ProgramData\Skype
2009-06-29 14:54:01 ----D---- C:\Program Files\Common Files
2009-06-26 22:34:57 ----D---- C:\Users\***\AppData\Roaming\Audacity
2009-06-26 22:26:20 ----D---- C:\Users\***\AppData\Roaming\Hamachi
2009-06-26 14:47:28 ----AD---- C:\ProgramData\TEMP
2009-06-26 14:47:05 ----D---- C:\Fraps
2009-06-24 19:09:35 ----D---- C:\Program Files\Internet Explorer
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AsIO;AsIO; C:\Windows\system32\drivers\AsIO.sys [2007-12-17 12400]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [2009-02-13 11608]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2009-03-24 55640]
R2 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2006-04-22 8064]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2008-10-04 3977728]
R3 ElbyCDFL;ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [2005-05-03 27392]
R3 ElbyDelay;ElbyDelay; C:\Windows\System32\Drivers\ElbyDelay.sys [2005-04-12 4608]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-01-22 25280]
R3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-07-16 2156312]
R3 L1E;NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1E60x86.sys [2008-07-22 47616]
R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\Windows\system32\DRIVERS\mcdbus.sys [2008-07-28 116736]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2006-10-18 7680]
R3 SaiH0BE8;SaiH0BE8; C:\Windows\system32\DRIVERS\SaiH0BE8.sys [2007-08-20 136192]
R3 SaiL0BE8;SaiL0BE8; C:\Windows\system32\DRIVERS\SaiL0BE8.sys [2007-08-20 15616]
R3 SaiU0BE8;SaiU0BE8; C:\Windows\system32\DRIVERS\SaiU0BE8.sys [2007-08-20 28544]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S3 a9pg0280;a9pg0280; C:\Windows\system32\drivers\a9pg0280.sys []
S3 catchme;catchme; \??\C:\Users\***\AppData\Local\Temp\catchme.sys []
S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 EagleNT;EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys []
S3 FETNDIS;VIA Rhine-Familie--Fast-Ethernet-Adaptertreiberdienst; C:\Windows\system32\DRIVERS\fetnd5.sys [2006-11-02 45568]
S3 GarenaPEngine;GarenaPEngine; \??\C:\Users\***\AppData\Local\Temp\KNKDDC0.tmp []
S3 ggflt;SEMC USB Flash Driver Filter; C:\Windows\system32\DRIVERS\ggflt.sys [2009-07-17 13224]
S3 ggsemc;SEMC USB Flash Driver; C:\Windows\system32\DRIVERS\ggsemc.sys [2009-07-17 25512]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2008-10-04 3977728]
S3 SaiMini;SaiMini; C:\Windows\system32\DRIVERS\SaiMini.sys [2007-08-20 14080]
S3 SaiNtBus;SaiNtBus; C:\Windows\system32\drivers\SaiBus.sys [2007-08-20 35072]
S3 usbaudio;USB-Audiotreiber (WDM); C:\Windows\system32\drivers\usbaudio.sys [2008-01-19 73088]
S3 usbscan;USB-Scannertreiber; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-10 611664]
R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-05-11 185089]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2008-10-04 704512]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-24 183280]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 npggsvc;nProtect GameGuard Service; C:\Windows\system32\GameMon.des [2009-02-19 2769658]
S3 usprserv;User Privilege Service; C:\Windows\System32\svchost.exe [2008-01-19 21504]
-----------------EOF-----------------
|
|
17.07.2009, 23:55
| #9 |
| /// Helfer-Team | Sites öffnen sich von allein hi 1. Der Logitech Desktop Manager belastet das System eigentlich sehr, ich würde das abschalten.(Falls noch vorhanden) Logitech Quickcam webcam... Logitech sofware (Logitech Desktop-Messenger) → HijackThis starten und alle 018 Einträge Code:
ATTFilter O18 - Protocol: bw.. - {113C7097-2718-49D1-8142-F13F0852D970} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
2. - den Quarantäne Ordner überall leeren - Antivirus bzw Anti-Spy-Programm usw 3. alle Anwendungen schließen → Ordner für temporäre Dateien bitte leeren lösche nur den Inhalt der Ordner, nicht die Ordner selbst! - Dateien, die noch in Benutzung sind,nicht löschbar. c:\windows\temp - anschließend den Papierkorb leeren 4. reinige dein System mit Ccleaner:
5. Den kompletten Rechner zu überprüfen (Systemprüfung ohne Säuberung) mit Kaspersky Online - Scanner - wähle "My Computer" aus: im Internet Explorer: - "Extras→ Internetoptionen→ Sicherheit": - alles auf Standardstufe stellen - Active X erlauben - speichere die Ergebnis als *.txt Datei und poste das Logfile des Scans |
|
18.07.2009, 17:00
| #10 |
| | Sites öffnen sich von allein wenn ich mit HJT fixe und neustarte und wieder scanne hat sich nix geändert Code:
ATTFilter --------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Saturday, July 18, 2009
Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Saturday, July 18, 2009 10:57:24
Records in database: 2487429
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
A:\
C:\
D:\
E:\
Scan statistics:
Files scanned: 190081
Threat name: 1
Infected objects: 2
Suspicious objects: 0
Duration of the scan: 04:17:44
File name / Threat name / Threats count
C:\Users\***\Downloads\ALT\wwwhack-1.946.zip Infected: HackTool.Win32.WwwHack.a 2
The selected area was scanned.
|
|
19.07.2009, 19:44
| #11 |
| /// Helfer-Team | Sites öffnen sich von allein hi 1. wiederhole es im abgesicherten Modus [F8] oder [F5] 2. - Scanne noch dein Sytem mit mindestens 3 Onlinescanner : - Einstellungen Internet Explorer: Extras → Internetoptionen → Sicherheit → Stufe anpassen: alles auf Standardstufe stellen - Active X erlauben - nach jedem Scanvorgang starte dein system neu auf - speichere und poste das Logfile des Scans - die Ergebnisse als*.txt Datei speichern Code:
ATTFilter bitdefender emsisoft f-secure |
|
| Themen zu Sites öffnen sich von allein |
| ad-aware, adobe, antivir, antivir guard, avg, avira, bho, cpu, defender, desktop, firefox, free download, google, hijack, hijackthis, immer wieder, internet, internet explorer, langsam, logfile, mozilla, plug-in, problem, rundll, sehr langsam, software, system, vista, windows |
Hybrid-Darstellung
