|
PC verseucht mit Viren, PC startet unerwünscht neu Hallo Ihr, ich hoffe ihr könnt mir helfen. ich habe wenn gleich sogar mehrere Probleme, dass ich vermute, dass mein System ziemlich stark angegriffen wurde. und zwar werde ich bei google suche meist auf eine Seite gelenkt, auf der sich ein Virus befindet bzw. Werbung für Glücksspiel etc. Habe mit meinem Antivir professionell schon einige Systemprüfungen im abgesicherten Modus gemacht. Leider ist es mir nicht möglich mit anderen weiteren Virenscannprogrammen meinen PC zu scannen, da nach der Installation ein kleines Fenster 3 x 3 cm erscheint ohne anklickbare Möglichkeiten. Ab und zu schaltet sich mein PC auch von alleine neu, auch bei einer Systemprüfung im normalen Modus. Ich habe zum Einstieg schon einmal meinen Hijack Log vorbereitet: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:43:21, on 22.07.2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Avira\AntiVir Desktop\sched.exe C:\Programme\Avira\AntiVir Desktop\avguard.exe C:\Programme\Avira\AntiVir Desktop\avmailc.exe C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\Fast.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\taskmgr.exe C:\Programme\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\Dokumente und Einstellungen\xxxxxx\Desktop\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = h**p://google.icq.com/search/search_frame.php R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = ht*p://www.xx-xxxxxxx.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.plus.de/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SmartAds browser enhancer kvokbgnl - {2DB79541-9A81-4F96-A151-D56B93119937} - C:\WINDOWS\system32\kvokbgnl.dll O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - (no file) O2 - BHO: MessengerUpdate - {5948A52A-BA3A-49A8-BCAF-D578502BDA9D} - C:\Dokumente und Einstellungen\xxxxxxx\Anwendungsdaten\Messenger\Drivers\MsgUpdate.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: du-little browser enhancer - {C6E31EB8-D613-1C9E-161A-F76D2CFB1FAA} - C:\WINDOWS\system32\wjlcnwmxfseqdzfr.dll (file missing) O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Programme\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O4 - HKLM\..\Run: [HitmanPro35] "C:\Programme\Hitman Pro 3.5\HitmanPro35.exe" /scan:boot O4 - HKCU\..\Run: [updateMgr] C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Cognac] C:\DOKUME~1\xxxxx\LOKALE~1\Temp\4F.tmp.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Senden an &Bluetooth - C:\Programme\Bluetooth\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Bluetooth\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Bluetooth\Bluetooth Software\btsendto_ie.htm O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyGaming.Net\PartyPokerNet\RunPF.exe O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyGaming.Net\PartyPokerNet\RunPF.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O14 - IERESET.INF: START_PAGE_URL=**tp://www.plus.de/ O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - h**p://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1094228586484 O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} - ***p://updates.lifescapeinc.com/installers/pinstall/pinstall.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - h**p://arcade.icq.com/carlo/zuma/popcaploader_v5.cab O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - h***p://locator1.cdn.imagesrvr.com/sites/winfixer.com/www/pages/scanner_de/WinFixer2005ScannerInstallDE.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: sockspy.dll,C:\DOKUME~1\xxxxxx\LOKALE~1\Temp\101722501747mmx.dll O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avmailc.exe O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE O24 - Desktop Component 0: (no name) - http://grafik-de.maedhros.com/g/bg.gif -- End of file - 5822 bytes :heulen: |
Hallo, lass mal Malwarebytes bitte im Fullscan laufen. Das Log bitte hierher, das Malwarebytes erstellt nach dem Lauf. |
habe es versucht zu installieren, leider ist das nicht möglich. habe die datei von der Seite "Für alle Hilfesuchenden! ..." versucht zu downloaden. den cc cleaner konnte ich installieren und habe diesen die Fehler auch beheben lassen |
Versuche es indem du die exe Datei auf gaga.com umbenennst, alternativ versuch es indem du sie auf iexplore.exe umbenennst. |
das installieren hat schon mal funktioniert. nur das öffnen geht nicht =/ |
Was passiert wenn du es versuchst zu öffnen? Nichts, Fehlermeldung? Beschreibe mal bitte genauer :) |
also wenn ich es öffne passiert im Grunde gar nix ;D man kann zwar durch die Sanduhr erkennen, dass er was tuen möchte. es scheint mir aber so, dass es irgendwie geblockt wird. möglicherweise durch den Virus. Auch im abgesicherten Modus funktioniert das öffnen nicht. Weiterhin habe ich halt das Gefühl, dass mein PC irgendwie fremdgesteuert wird, ab und zu poppt nach der google suche ein weiteres google fenster auf. eine systemprüfung mit antivir funktioniert ebenfalls nur im abgesicherten modus. Im normalen Modus stürzt der PC ab |
|
Hier das Logfile: :) GMER 1.0.15.14972 - http://www.gmer.net Rootkit scan 2009-07-22 21:55:13 Windows 5.1.2600 Service Pack 2 ---- System - GMER 1.0.15 ---- INT 0x62 ? 82FDDBF8 INT 0x73 ? 82DDCBF8 INT 0x73 ? 82DDCBF8 INT 0x73 ? 82DDCBF8 INT 0x73 ? 82DDCBF8 INT 0x73 ? 82DDCBF8 INT 0x73 ? 82DDCBF8 INT 0x82 ? 82FDDBF8 Code 82C2B738 ZwEnumerateKey Code 82C3AA30 ZwFlushInstructionCache Code 82C43116 IofCallDriver Code 82B7B876 IofCompleteRequest Code 82C45095 ZwSaveKey Code 82D9DB35 ZwSaveKeyEx ---- Kernel code sections - GMER 1.0.15 ---- .text ntoskrnl.exe!ZwSaveKey 804DD6E8 5 Bytes JMP 82C4509A .text ntoskrnl.exe!ZwSaveKeyEx 804DD6FC 5 Bytes JMP 82D9DB3A .text ntoskrnl.exe!IofCallDriver 804E37C5 5 Bytes JMP 82C4311B .text ntoskrnl.exe!IofCompleteRequest 804E3BF6 5 Bytes JMP 82B7B87B PAGE ntoskrnl.exe!ZwEnumerateKey 8056EF30 5 Bytes JMP 82C2B73C PAGE ntoskrnl.exe!ZwFlushInstructionCache 80576A6A 5 Bytes JMP 82C3AA34 ? spms.sys Das System kann die angegebene Datei nicht finden. ! .text USBPORT.SYS!DllUnload F837462C 5 Bytes JMP 82DDC1D8 ---- User code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\winlogon.exe[360] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 007B000A .text C:\WINDOWS\system32\winlogon.exe[360] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 007C000A .text C:\WINDOWS\system32\services.exe[404] ntdll.dll!LdrLoadDll 7C925CBB 3 Bytes JMP 0093000A .text C:\WINDOWS\system32\services.exe[404] ntdll.dll!LdrLoadDll + 4 7C925CBF 1 Byte [84] .text C:\WINDOWS\system32\services.exe[404] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 0094000A .text C:\WINDOWS\system32\lsass.exe[416] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 0092000A .text C:\WINDOWS\system32\lsass.exe[416] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 0096000A .text C:\WINDOWS\system32\notepad.exe[1224] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 00BA000A .text C:\WINDOWS\system32\notepad.exe[1224] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 00BB000A .text C:\WINDOWS\Explorer.EXE[1364] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 00C3000A .text C:\WINDOWS\Explorer.EXE[1364] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 00C4000A .text C:\Dokumente und Einstellungen\Administrator\Desktop\7wi4iy0w.exe[1428] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 00C5000A .text C:\Dokumente und Einstellungen\Administrator\Desktop\7wi4iy0w.exe[1428] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 00C6000A ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 82F722D8 IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F8646C4C] spms.sys IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F8646CA0] spms.sys IAT \SystemRoot\System32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 82DDC2D8 IAT \SystemRoot\System32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F8625E9C] spms.sys ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 82F6E1F8 Device \FileSystem\Ntfs \Ntfs 82E1D6B8 Device \FileSystem\Fastfat \FatCdrom 82ACB500 Device \FileSystem\Fastfat \FatCdrom 82B04470 Device \Driver\sptd \Device\4060554424 spms.sys Device \Driver\usbuhci \Device\USBPDO-0 82DDB1F8 Device \Driver\usbuhci \Device\USBPDO-1 82DDB1F8 Device \Driver\usbuhci \Device\USBPDO-2 82DDB1F8 Device \Driver\usbuhci \Device\USBPDO-3 82DDB1F8 Device \Driver\usbehci \Device\USBPDO-4 82DAE1F8 Device \Driver\Ftdisk \Device\HarddiskVolume1 82F701F8 Device \Driver\usbstor \Device\00000071 82B221F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{636A9FFA-628E-4605-A978-42AF3063FCB9} 82B51500 Device \Driver\Ftdisk \Device\HarddiskVolume2 82F701F8 Device \FileSystem\Rdbss \Device\FsWrap 82EEF160 Device \Driver\atapi \Device\Ide\IdePort0 82CB3688 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 82CB3688 Device \Driver\atapi \Device\Ide\IdePort1 82CB3688 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c 82CB3688 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 82CB3688 Device \Driver\usbstor \Device\00000073 82B221F8 Device \Driver\Ftdisk \Device\HarddiskVolume4 82F701F8 Device \Driver\usbstor \Device\00000074 82B221F8 Device \Driver\usbstor \Device\00000075 82B221F8 Device \Driver\usbstor \Device\00000076 82B221F8 Device \Driver\usbstor \Device\00000077 82B221F8 Device \Driver\NetBT \Device\NetBt_Wins_Export 82B51500 Device \Driver\usbstor \Device\00000078 82B221F8 Device \Driver\NetBT \Device\NetbiosSmb 82B51500 Device \Driver\PCI_PNP6924 \Device\0000004d spms.sys Device \FileSystem\Srv \Device\LanmanServer 8299BBB8 Device \Driver\usbuhci \Device\USBFDO-0 82DDB1F8 Device \Driver\usbuhci \Device\USBFDO-1 82DDB1F8 Device \Driver\usbuhci \Device\USBFDO-2 82DDB1F8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 82B291F8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 82DE5160 Device \Driver\usbuhci \Device\USBFDO-3 82DDB1F8 Device \FileSystem\MRxSmb \Device\LanmanRedirector 82B291F8 Device \FileSystem\MRxSmb \Device\LanmanRedirector 82DE5160 Device \FileSystem\Npfs \Device\NamedPipe 82B4DAB0 Device \Driver\Ftdisk \Device\FtControl 82F701F8 Device \Driver\usbehci \Device\USBFDO-4 82DAE1F8 Device \FileSystem\Msfs \Device\Mailslot 82B56680 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 82DE0F00 Device \Driver\ageco31m \Device\Scsi\ageco31m1Port3Path0Target0Lun0 82B68B58 Device \Driver\ageco31m \Device\Scsi\ageco31m1 82B68B58 Device \Driver\d347prt \Device\Scsi\d347prt1 82DE0F00 Device \FileSystem\Fastfat \Fat 82ACB500 Device \FileSystem\Fastfat \Fat 82B04470 Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer 82B553F0 Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer 82B553F0 Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer 82B553F0 Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer 82B553F0 Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer 82B553F0 Device \FileSystem\Cdfs \Cdfs 82A601F8 ---- Modules - GMER 1.0.15 ---- Module _________ F855F000-F8577000 (98304 bytes) ---- Processes - GMER 1.0.15 ---- Library \\?\globalroot\systemroot\system32\UACjcpbwaidmnapjbewv.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [560] 0x029B0000 ---- Disk sectors - GMER 1.0.15 ---- Disk \Device\Harddisk0\DR0 sector 01: copy of MBR Disk \Device\Harddisk0\DR0 sector 02: copy of MBR Disk \Device\Harddisk0\DR0 sector 03: copy of MBR Disk \Device\Harddisk0\DR0 sector 04: copy of MBR Disk \Device\Harddisk0\DR0 sector 05: copy of MBR Disk \Device\Harddisk0\DR0 sector 06: copy of MBR Disk \Device\Harddisk0\DR0 sector 07: copy of MBR Disk \Device\Harddisk0\DR0 sector 08: copy of MBR Disk \Device\Harddisk0\DR0 sector 09: copy of MBR Disk \Device\Harddisk0\DR0 sector 10: copy of MBR Disk \Device\Harddisk0\DR0 sector 11: copy of MBR Disk \Device\Harddisk0\DR0 sector 12: copy of MBR Disk \Device\Harddisk0\DR0 sector 13: copy of MBR Disk \Device\Harddisk0\DR0 sector 14: copy of MBR Disk \Device\Harddisk0\DR0 sector 15: copy of MBR Disk \Device\Harddisk0\DR0 sector 16: copy of MBR Disk \Device\Harddisk0\DR0 sector 17: copy of MBR Disk \Device\Harddisk0\DR0 sector 18: copy of MBR Disk \Device\Harddisk0\DR0 sector 19: copy of MBR Disk \Device\Harddisk0\DR0 sector 20: copy of MBR Disk \Device\Harddisk0\DR0 sector 21: copy of MBR Disk \Device\Harddisk0\DR0 sector 22: copy of MBR Disk \Device\Harddisk0\DR0 sector 23: copy of MBR Disk \Device\Harddisk0\DR0 sector 24: copy of MBR Disk \Device\Harddisk0\DR0 sector 25: copy of MBR Disk \Device\Harddisk0\DR0 sector 26: copy of MBR Disk \Device\Harddisk0\DR0 sector 27: copy of MBR Disk \Device\Harddisk0\DR0 sector 28: copy of MBR Disk \Device\Harddisk0\DR0 sector 29: copy of MBR Disk \Device\Harddisk0\DR0 sector 30: copy of MBR Disk \Device\Harddisk0\DR0 sector 31: copy of MBR Disk \Device\Harddisk0\DR0 sector 32: copy of MBR Disk \Device\Harddisk0\DR0 sector 33: copy of MBR Disk \Device\Harddisk0\DR0 sector 34: copy of MBR Disk \Device\Harddisk0\DR0 sector 35: copy of MBR Disk \Device\Harddisk0\DR0 sector 36: copy of MBR Disk \Device\Harddisk0\DR0 sector 37: copy of MBR Disk \Device\Harddisk0\DR0 sector 38: copy of MBR Disk \Device\Harddisk0\DR0 sector 39: copy of MBR Disk \Device\Harddisk0\DR0 sector 40: copy of MBR Disk \Device\Harddisk0\DR0 sector 41: copy of MBR Disk \Device\Harddisk0\DR0 sector 42: copy of MBR Disk \Device\Harddisk0\DR0 sector 43: copy of MBR Disk \Device\Harddisk0\DR0 sector 44: copy of MBR Disk \Device\Harddisk0\DR0 sector 45: copy of MBR Disk \Device\Harddisk0\DR0 sector 46: copy of MBR Disk \Device\Harddisk0\DR0 sector 47: copy of MBR Disk \Device\Harddisk0\DR0 sector 48: copy of MBR Disk \Device\Harddisk0\DR0 sector 49: copy of MBR Disk \Device\Harddisk0\DR0 sector 50: copy of MBR Disk \Device\Harddisk0\DR0 sector 51: copy of MBR Disk \Device\Harddisk0\DR0 sector 52: copy of MBR Disk \Device\Harddisk0\DR0 sector 53: copy of MBR Disk \Device\Harddisk0\DR0 sector 54: copy of MBR Disk \Device\Harddisk0\DR0 sector 55: copy of MBR Disk \Device\Harddisk0\DR0 sector 56: copy of MBR Disk \Device\Harddisk0\DR0 sector 57: copy of MBR Disk \Device\Harddisk0\DR0 sector 58: copy of MBR Disk \Device\Harddisk0\DR0 sector 59: copy of MBR Disk \Device\Harddisk0\DR0 sector 60: copy of MBR Disk \Device\Harddisk0\DR0 sector 61: copy of MBR Disk \Device\Harddisk0\DR0 sector 62: rootkit-like behavior; copy of MBR Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior; copy of MBR ---- EOF - GMER 1.0.15 ---- |
Lade dir aber zuvor RSIt und poste die beiden Logs die es erstellt hier herin. Lade dir DANN erst Download Trojan Remover Das Programm ist im Gegensatz zu den sonst hier eingesetzten Programmen keine Freeware, kann aber 30 Tage lang kostenlos genutzt werden. Das Log bekommst du über Menüzeile: File => View Logfile. Poste es hier. |
okay habe ich, was ist wenn der sich meldet bezüglich einem "treffer" einfach löschen? |
Poste erstmal die RSIT Logfile hier her. Danach lass Trojan Remover laufen - falls er sich meldet, löschen. |
sooo hier einmal die info.txt info.txt logfile of random's system information tool 1.06 2009-07-22 22:14:59 ======Uninstall list====== -->C:\Programme\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL -->C:\Programme\Gemeinsame Dateien\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 -->C:\WINDOWS\IsUn0407.exe -fC:\WINDOWS\orun32.isu -->C:\WINDOWS\UNNeroVision.exe /UNINSTALL -->C:\WINDOWS\UNNMP.exe /UNINSTALL -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Reader 7.1.0 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A71000000002} Apple Mobile Device Support-->MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543} Apple Software Update-->MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4} Avira AntiVir Professional-->C:\Programme\Avira\AntiVir Desktop\setup.exe /REMOVE AVM FRITZ!DSL-->MsiExec.exe /X{2457326B-C110-40C3-89B0-889CC913871A} Bluetooth Software-->MsiExec.exe /X{3F4EC965-28EF-45C3-B063-04B25D4E9679} CCleaner (remove only)-->"C:\Programme\CCleaner\uninst.exe" Cheating-Death 4.33.4-->C:\Programme\Cheating-Death\UninstCD.exe C-Media WDM Audio Driver-->C:\WINDOWS\system32\cmirmdrv.exe Creatix V.9X DSP Data Fax Modem-->rundll32 CtxSCci.dll,iSMUninstallation "Creatix V.9X DSP Data Fax Modem" DAEMON Tools-->MsiExec.exe /I{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0} Derive 6-->C:\Programme\TI Education\Derive 6\unwise.exe C:\PROGRA~1\TIEDUC~1\DERIVE~1\INSTALL.LOG DivX Codec-->C:\Programme\DivX\DivXCodecUninstall.exe /CODEC DivX Player-->C:\Programme\DivX\DivXPlayerUninstall.exe /PLAYER DivX Web Player-->C:\Programme\DivX\DivXWebPlayerUninstall.exe /PLUGIN EPSON CardMonitor-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{109D28C7-FB38-483A-9C91-001CB59E2699}\setup.exe" uninst EPSON PhotoQuicker3.2-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{B2EFE303-A594-11D5-95EB-005004BC1C65}\setup.exe" uninst EPSON PhotoStarter3.0-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{5983C895-DDA4-45D9-A8D1-877D5DE7693E}\setup.exe" uninst EPSON PRINT Image Framer Tool1.1-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{37D67C45-8484-4398-B5C1-3CAE19FDDF22}\setup.exe" anything EPSON-Drucker-Software-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R Free Video to Mp3 Converter version 3.1-->"C:\Programme\DVDVideoSoft\Free Video to Mp3 Converter\unins000.exe" FreeDoko 0.7.1-->C:\Programme\FreeDoko\uninst.exe FRITZ!Box-->C:\Programme\FRITZ!Box\install.exe -d FUSSBALL MANAGER 07-->C:\Programme\EA SPORTS\FUSSBALL MANAGER 07\EAUninstall.exe GLtron version 0.70-->C:\Programme\GLtron\unins000.exe Google Earth-->MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72} Hamachi 1.0.3.0-->C:\Programme\Hamachi\uninstall.exe HighMAT-Erweiterung für den Microsoft Windows XP-Assistenten zum Schreiben von CDs-->MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F} HijackThis 2.0.2-->"C:\Dokumente und Einstellungen\marcel\Desktop\HijackThis.exe" /uninstall Hitman Pro 3.5-->"C:\Programme\Hitman Pro 3.5\HitmanPro35.exe" /uninstall HLSW v1.1.6-->"C:\Programme\HLSW\unins000.exe" Hotfix für Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" HP DeskJet 710C Serie (nur entfernen)-->C:\Programme\HP DeskJet 710C Series\hpfiui.exe -c -vdivid=HPF -vpnum=13 -vproduct=710C -huninstall ICQ 5.1-->C:\Programme\ICQLite\ICQLiteUninstall.EXE Informationen über Ihren PC-->MsiExec.exe /I{3D1A6B70-3E02-49BC-88B0-916C80274632} InstallRTC-->MsiExec.exe /X{200F584F-848D-4B6B-B1A1-C74D735F18A4} iTunes-->MsiExec.exe /I{80FD852F-5AAC-4129-B931-06AAFFA43138} J2SE Runtime Environment 5.0 Update 10-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100} Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010} Macromedia Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~2\Install.log Malwarebytes' Anti-Malware-->"C:\Programme\Malwarebytes' Anti-Malware\unins000.exe" Medion Flash XL 2.0-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{EA1CB7AC-E221-4822-A789-0ADB051DC498}\Setup.exe" -l0x9 -wUninst Microsoft .NET Framework 1.1 German Language Pack-->MsiExec.exe /X{E78BFA60-5393-4C38-82AB-E8019E464EB4} Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp" Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft AutoRoute v11.0-->MsiExec.exe /I{8704D51E-25B7-4F23-81E7-AA4F54790220} Microsoft Data Access Components KB870669-->C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf Microsoft Encarta Enzyklopädie 2004-->MsiExec.exe /I{04440044-9149-45C6-A806-F2BF9CFCE762} Microsoft Office 2000 Disc 2-->MsiExec.exe /I{00040407-78E1-11D2-B60F-006097C998E7} Microsoft Office 2000 Professional-->MsiExec.exe /I{00010407-78E1-11D2-B60F-006097C998E7} Microsoft Picture It! Foto Premium 9-->C:\WINDOWS\System32\msiexec.exe /i {DBA8B9E1-C6FF-4624-9598-73D3B41A0903} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475} Microsoft Windows-Journal-Viewer-->MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA7} Microsoft Word 2002-->MsiExec.exe /I{911B0407-6000-11D3-8CFE-0050048383C9} mIRC-->"C:\mIRC\mirc.exe" -uninstall Mobility-->C:\WINDOWS\IsUn0407.exe -fC:\Programme\Glamus\Mobility\Uninst.isu Mozilla Firefox (3.0.12)-->C:\Programme\Mozilla Firefox\uninstall\helper.exe MSRSD v4.8.1-->"C:\Programme\MajorShare\unins000.exe" MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} Multimedia Keyboard Driver Ver1.0 (KB-0108)-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{FF262740-C85A-11D5-BBEC-00D0B740900A}\Setup.exe" Nero Suite-->C:\Programme\Gemeinsame Dateien\Ahead\Uninstall\setup.exe /uninstall NVIDIA Drivers-->C:\WINDOWS\System32\nvudisp.exe UninstallGUI OpenOffice.org 2.4-->MsiExec.exe /I{CCD90636-D97D-4130-A44A-3AD4E63B9220} Pack Vista Inspirat 1.1-->C:\WINDOWS\BricoPacks\Vista Inspirat\Remove.exe PartyPokerNet-->"C:\Programme\PartyGaming.Net\PartyPokerNet\Uninstall.exe" "C:\Programme\PartyGaming.Net\PartyPokerNet\install.log" PC Connectivity Solution-->MsiExec.exe /I{AB2347E4-153B-4194-AA3B-97C0A662B369} phonostar-Player Version 1.52.5-->C:\Programme\phonostar\unins000.exe PowerCinema 3.0-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\setup.exe" -uninstall PowerDVD-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall PowerProducer-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall Powertoys For Windows XP-->MsiExec.exe /I{6C31E111-96BB-4ADC-9C81-E6D3EEDDD8D3} QuickTime-->MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067} RealPlayer-->C:\Programme\Gemeinsame Dateien\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 RON Too1 Du-little-->C:\WINDOWS\system32\vvredheopz.exe Setup-Start von Microsoft Works 2004-->C:\Programme\Microsoft Works Suite 2004\Setup\Launcher.exe /ARP G:\ Shockwave-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log Sicherheitsupdate für Step by Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe" Sicherheitsupdate für Step by Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe" Sicherheitsupdate für Windows Media Encoder (KB954156)-->"C:\WINDOWS\$NtUninstallKB954156_WM9L$\spuninst\spuninst.exe" Sicherheitsupdate für Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe" Sicherheitsupdate für Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe" Sicherheitsupdate für Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe" Sicherheitsupdate für Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe" Sicherheitsupdate für Windows Media Player 9 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP9$\spuninst\spuninst.exe" |
der zweite Teil der info.txt Sicherheitsupdate für Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB921398)-->"C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB921883)-->"C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB922616)-->"C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB938127)-->"C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB944338)-->"C:\WINDOWS\$NtUninstallKB944338$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB944533)-->"C:\WINDOWS\$NtUninstallKB944533$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB947864)-->"C:\WINDOWS\$NtUninstallKB947864$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB963027)-->"C:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB969897)-->"C:\WINDOWS\$NtUninstallKB969897$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe" Skype™ 3.6-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82} SmartAds browser enhancer-->"C:\Programme\Smart-Ads-Solutions\SmartAds\1.0.27.0\uninstall.exe" SmartSound Quicktracks Plugin-->C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E} SopCast 2.0.4-->C:\Programme\SopCast\uninst.exe Streamripper Plugin 1.62.2 (Remove only)-->C:\Programme\Winamp\streamripper_uninstall.exe TeamSpeak 2 RC2-->C:\Programme\Teamspeak2_RC2\unins000.exe Trojan Remover 6.7.9-->"C:\Programme\Trojan Remover\unins000.exe" TVUPlayer 2.3.7.1-->C:\Programme\TVUPlayer\uninst.exe Uninstall 1.0.0.1-->"C:\Programme\Gemeinsame Dateien\DVDVideoSoft\unins000.exe" Update für Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe" Update für Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe" Update für Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe" Update für Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe" Update für Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe" Update für Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe" Update für Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe" Update für Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe" Update für Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe" Update für Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe" Update für Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe" Update für Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe" Update für Windows XP (KB942840)-->"C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.exe" Update für Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe" Update für Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe" Update für Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe" VeohTV BETA-->C:\Programme\InstallShield Installation Information\{0405E51E-9582-4207-8F38-AC44201D3808}\setup.exe -runfromtemp -l0x0409 VideoLAN VLC media player 0.8.4a-->C:\Programme\VideoLAN\VLC\uninstall.exe Winamp-->"C:\Programme\Winamp\UninstWA.exe" Windows Driver Package - Nokia (WUDFRd) WPD (11/03/2006 6.82.26.2)-->C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS\System32\DRVSTORE\pccswpddri_6B630EE2E66584353C6CD8683D447072872F34D8\pccswpddriver.inf Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe" Windows Live Messenger-->MsiExec.exe /I{279DB581-239C-4E13-97F8-0F48E40BE75C} Windows Media Encoder 9-Reihe-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E} Windows Media Encoder 9-Reihe-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E} Windows Media Format Runtime-->"C:\Programme\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Player plug-in-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{C2995B6B-9EBE-4744-BA36-23883A47F065}\setup.exe" Windows XP Service Pack 2-->C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe Windows XP-Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe Windows XP-Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe Windows XP-Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe Windows XP-Hotfix - KB885884-->C:\WINDOWS\$NtUninstallKB885884$\spuninst\spuninst.exe Windows XP-Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe Windows XP-Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe Windows XP-Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe Windows XP-Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe" Windows XP-Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe Windows-Sicherungsprogramm-->MsiExec.exe /I{76EFFC7C-17A6-479D-9E47-8E658C1695AE} WinRAR Archivierer-->C:\Programme\WinRAR\uninstall.exe wiwo.de iSaver-->C:\Programme\InstallShield Installation Information\{E863D42A-2365-4EC6-9BE6-8912964BBE5F}\Setup.exe X10 Hardware(TM)-->C:\WINDOWS\UNWISE.EXE C:\PROGRA~1\X10HAR~1\Install.log ======Hosts File====== 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com ======Security center information====== AV: AntiVir Desktop (disabled) (outdated) ======System event log====== Computer Name: xxxxxxxxxxxx Event Code: 7035 Message: Der Steuerbefehl "starten" wurde erfolgreich an den Dienst "SSDP-Suchdienst" gesendet. Record Number: 440896 Source Name: Service Control Manager Time Written: 20090610173141.000000+120 Event Type: Informationen User: NT-AUTORITÄT\SYSTEM Computer Name: MARCEL Event Code: 7036 Message: Dienst "IMAPI-CD-Brenn-COM-Dienste" befindet sich jetzt im Status "Ausgeführt". Record Number: 440895 Source Name: Service Control Manager Time Written: 20090610173139.000000+120 Event Type: Informationen User: Computer Name: xxxxxxxxxx Event Code: 7035 Message: Der Steuerbefehl "starten" wurde erfolgreich an den Dienst "IMAPI-CD-Brenn-COM-Dienste" gesendet. Record Number: 440894 Source Name: Service Control Manager Time Written: 20090610173139.000000+120 Event Type: Informationen User: NT-AUTORITÄT\SYSTEM Computer Name: xxxxxxxxxx Event Code: 7036 Message: Dienst "Kompatibilität für schnelle Benutzerumschaltung" befindet sich jetzt im Status "Ausgeführt". Record Number: 440893 Source Name: Service Control Manager Time Written: 20090610173130.000000+120 Event Type: Informationen User: Computer Name: xxxxxxxxxxx Event Code: 7035 Message: Der Steuerbefehl "starten" wurde erfolgreich an den Dienst "Kompatibilität für schnelle Benutzerumschaltung" gesendet. Record Number: 440892 Source Name: Service Control Manager Time Written: 20090610173130.000000+120 Event Type: Informationen User: NT-AUTORITÄT\SYSTEM =====Application event log===== Computer Name: xxxxxx Event Code: 1000 Message: Die Leistungsindikatoren für den Dienst WmiApRpl (WmiApRpl) wurden geladen. Die Daten enthalten die dem Dienst zugeordneten neuen Indexwerte. Record Number: 2974 Source Name: LoadPerf Time Written: 20080415150047.000000+120 Event Type: Informationen User: Computer Name: xxxxxxxxxxx Event Code: 1001 Message: Die Leistungsindikatoren für den Dienst WmiApRpl (WmiApRpl) wurden entfernt. Die Daten enthalten die neuen Werte der Registrierungseinträge Last Counter und Last Help. Record Number: 2973 Source Name: LoadPerf Time Written: 20080415150047.000000+120 Event Type: Informationen User: Computer Name: xxxxxxxxxxx Event Code: 1800 Message: Der Windows-Sicherheitscenterdienst wurde gestartet. Record Number: 2972 Source Name: SecurityCenter Time Written: 20080415145644.000000+120 Event Type: Informationen User: Computer Name: xxxxxxxxxxx Event Code: 1 Message: Record Number: 2971 Source Name: Bonjour Service Time Written: 20080415145635.000000+120 Event Type: Informationen User: Computer Name: xxxxxx Event Code: 0 Message: Record Number: 2970 Source Name: btwdins Time Written: 20080415145634.000000+120 Event Type: Informationen User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=C:\Programme\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Programme\Gemeinsame Dateien\Ulead Systems\MPEG;C:\Programme\QuickTime\QTSystem\ "windir"=%SystemRoot% "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=15 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 12 Stepping 0, AuthenticAMD "PROCESSOR_REVISION"=0c00 "NUMBER_OF_PROCESSORS"=1 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "FP_NO_HOST_CHECK"=NO "CLASSPATH"=.;C:\Programme\Java\jre1.6.0_01\lib\ext\QTJava.zip "QTJAVA"=C:\Programme\Java\jre1.6.0_01\lib\ext\QTJava.zip "SAFEBOOT_OPTION"=NETWORK -----------------EOF----------------- |
log.txt 1. Teil Logfile of random's system information tool 1.06 (written by random/random) Run by Administrator at 2009-07-22 22:13:25 Microsoft Windows XP Home Edition Service Pack 2 System drive C: has 29 GB (38%) free of 76 GB Total RAM: 511 MB (67% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:14:57, on 22.07.2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Safe mode with network support Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\notepad.exe C:\Dokumente und Einstellungen\Administrator\Desktop\RSIT.exe C:\Dokumente und Einstellungen\xxxxx\Desktop\Administrator.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://www.plus.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://www.plus.de/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = h**p://www.bitdefender.com/scan8/ie.html O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SmartAds browser enhancer kvokbgnl - {2DB79541-9A81-4F96-A151-D56B93119937} - C:\WINDOWS\system32\kvokbgnl.dll O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - (no file) O2 - BHO: MessengerUpdate - {5948A52A-BA3A-49A8-BCAF-D578502BDA9D} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {C6E31EB8-D613-1C9E-161A-F76D2CFB1FAA} - (no file) O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Programme\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O4 - HKLM\..\Run: [HitmanPro35] "C:\Programme\Hitman Pro 3.5\HitmanPro35.exe" /scan:boot O4 - HKLM\..\Run: [TrojanScanner] C:\Programme\Trojan Remover\Trjscan.exe /boot O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\npjpi160_01.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\npjpi160_01.dll O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Bluetooth\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Bluetooth\Bluetooth Software\btsendto_ie.htm O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyGaming.Net\PartyPokerNet\RunPF.exe O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyGaming.Net\PartyPokerNet\RunPF.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O14 - IERESET.INF: START_PAGE_URL=h**p://www.plus.de/ O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - h**p://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1094228586484 O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} - h**p://updates.lifescapeinc.com/installers/pinstall/pinstall.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - h**p://arcade.icq.com/carlo/zuma/popcaploader_v5.cab O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - h**p://locator1.cdn.imagesrvr.com/sites/winfixer.com/www/pages/scanner_de/WinFixer2005ScannerInstallDE.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: sockspy.dll,C:\DOKUME~1\marcel\LOKALE~1\Temp\101722501747mmx.dll O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avmailc.exe O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE -- End of file - 5113 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job C:\WINDOWS\tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Adobe PDF Reader Link Helper - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB79541-9A81-4F96-A151-D56B93119937}] adHlpr Object - C:\WINDOWS\system32\kvokbgnl.dll [2009-06-01 325120] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{500BCA15-57A7-4eaf-8143-8C619470B13D}] XML Class [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5948A52A-BA3A-49A8-BCAF-D578502BDA9D}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 501400] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C6E31EB8-D613-1C9E-161A-F76D2CFB1FAA}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {D0943516-5076-4020-A3B5-AEFAF26AB263} - Veoh Browser Plug-in - C:\Programme\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll [2008-04-01 352256] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "HitmanPro35"=C:\Programme\Hitman Pro 3.5\HitmanPro35.exe [2009-07-20 4519672] "TrojanScanner"=C:\Programme\Trojan Remover\Trjscan.exe [2009-06-01 1059720] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Malwarebytes' Anti-Malware"=C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe [2009-07-13 414992] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce] "FlashPlayerUpdate"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe [2008-03-25 218496] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey] C:\WINDOWS\mHotkey.exe [2002-07-23 477184] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CoolSwitch] C:\WINDOWS\System32\taskswitch.exe [2001-10-19 45632] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033] C:\Programme\D-Tools\daemon.exe [2004-08-22 81920] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dit] C:\WINDOWS\Dit.exe [2004-04-02 86016] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FastUser] C:\WINDOWS\System32\fast.exe [2001-10-19 49216] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iSaverCtrl] C:\Programme\iSaver\iSaverCtrl.exe [2008-10-09 1171968] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MeMe] C:\Programme\MeMe\MeMe.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mvgddxuhwzwgeesa] C:\WINDOWS\System32\regsvr32.exe [2004-08-04 12288] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll [2004-07-12 4112384] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] nwiz.exe /install [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Programme\QuickTime\qttask.exe [2008-02-01 385024] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run] hpfsched [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe [2007-05-15 185784] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VC8Player] C:\Programme\Virtual CD v8\System\VC8Play.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader - Schnellstart.lnk] C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE [2008-04-23 29696] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^microsoft office.lnk] C:\PROGRA~1\MI1933~1\Office\OSA9.EXE [1999-02-17 65588] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^marcel^Startmenü^Programme^Autostart^Eurobarre.lnk] C:\PROGRA~1\EUROBA~1\eb.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "x10nets"=3 "usnjsvc"=3 "sopidkc"=2 "ServiceLayer"=3 "NVSvc"=2 "MDM"=2 "LogWatch"=2 "iPod Service"=3 "IGDCTRL"=2 "IDriverT"=3 "EPSONStatusAgent2"=2 "de_serv"=3 "CA_LIC_SRVR"=3 "CA_LIC_CLNT"=3 "btwdins"=2 "Bonjour Service"=2 "Apple Mobile Device"=2 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLS"="sockspy.dll,C:\DOKUME~1\marcel\LOKALE~1\Temp\101722501747mmx.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro35] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro35.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Programme\Messenger\msmsgs.exe"="C:\Programme\Messenger\msmsgs.exe:*:Enabled:Windows Messenger" "C:\Programme\ICQLite\ICQLite.exe"="C:\Programme\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite" "C:\Programme\Bonjour\mDNSResponder.exe"="C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour" "C:\Programme\iTunes\iTunes.exe"="C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes" "C:\Programme\MSN Messenger\msnmsgr.exe"="C:\Programme\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\Programme\MSN Messenger\livecall.exe"="C:\Programme\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\Programme\Java\jre1.6.0_01\bin\javaw.exe"="C:\Programme\Java\jre1.6.0_01\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary" "C:\Programme\Skype\Phone\Skype.exe"="C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype" "C:\mIRC\mirc.exe"="C:\mIRC\mirc.exe:*:Enabled:mIRC" "C:\Programme\Veoh Networks\Veoh\VeohClient.exe"="C:\Programme\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client" "C:\Programme\TVUPlayer\TVUPlayer.exe"="C:\Programme\TVUPlayer\TVUPlayer.exe:*:Enabled:TVU Player Component" "F:\fsetup.exe"="F:\fsetup.exe:*:Enabled:AVM FSetup Application" "C:\Programme\FRITZ!DSL\IGDCTRL.EXE"="C:\Programme\FRITZ!DSL\IGDCTRL.EXE:*:Enabled:AVM FRITZ!DSL - igdctrl.exe" "C:\Programme\FRITZ!DSL\FBOXUPD.EXE"="C:\Programme\FRITZ!DSL\FBOXUPD.EXE:*:Enabled:AVM FRITZ!DSL - fboxupd.exe" "C:\Programme\FRITZ!DSL\WebwaIgd.exe"="C:\Programme\FRITZ!DSL\WebwaIgd.exe:*:Enabled:AVM FRITZ!DSL - webwaigd.exe" "C:\Programme\SopCast\adv\SopAdver.exe"="C:\Programme\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver" "C:\Programme\SopCast\SopCast.exe"="C:\Programme\SopCast\SopCast.exe:*:Enabled:SopCast Main Application" "C:\Dokumente und Einstellungen\marcel\Desktop\AOE2\empires2.EXE"="C:\Dokumente und Einstellungen\marcel\Desktop\AOE2\empires2.EXE:*:Enabled:Age of Empires II" "C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper" "C:\Programme\Mozilla Firefox\firefox.exe"="C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox" "C:\Programme\Electronic Arts\EADM\Core.exe"="C:\Programme\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Programme\MSN Messenger\msnmsgr.exe"="C:\Programme\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\Programme\MSN Messenger\livecall.exe"="C:\Programme\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" ======File associations====== .js - edit - .js - open - ======List of files/folders created in the last 1 months====== 2009-07-22 22:13:25 ----D---- C:\rsit 2009-07-22 22:09:10 ----A---- C:\WINDOWS\system32\ztvunrar36.dll 2009-07-22 22:09:10 ----A---- C:\WINDOWS\system32\ztvunace26.dll 2009-07-22 22:09:10 ----A---- C:\WINDOWS\system32\ztvcabinet.dll 2009-07-22 22:09:10 ----A---- C:\WINDOWS\system32\unacev2.dll 2009-07-22 22:09:09 ----A---- C:\WINDOWS\system32\UNRAR3.dll 2009-07-22 22:09:08 ----D---- C:\Programme\Trojan Remover 2009-07-22 22:09:08 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Simply Super Software 2009-07-22 22:09:08 ----D---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Simply Super Software 2009-07-22 21:31:34 ----A---- C:\WINDOWS\ntbtlog.txt 2009-07-22 21:24:46 ----D---- C:\Programme\Malwarebytes' Anti-Malware 2009-07-22 21:24:46 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes 2009-07-22 18:50:35 ----D---- C:\Programme\CCleaner 2009-07-22 18:11:56 ----SHD---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{55A29068-F2CE-456C-9148-C869879E2357} 2009-07-20 18:28:57 ----D---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla 2009-07-20 17:37:27 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Hitman Pro 2009-07-20 17:37:26 ----D---- C:\Programme\Hitman Pro 3.5 2009-07-20 17:28:30 ----A---- C:\WINDOWS\irc.txt 2009-07-19 19:20:17 ----D---- C:\Programme\Avira 2009-07-19 19:20:17 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira 2009-07-19 16:46:34 ----D---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\DivX 2009-07-18 14:06:14 ----D---- C:\Programme\Gemeinsame Dateien\BitDefender 2009-07-18 13:30:00 ----ASH---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\desktop.ini 2009-07-18 13:29:52 ----SD---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Microsoft 2009-07-18 13:29:52 ----D---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Macromedia 2009-07-18 13:29:52 ----D---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Identities 2009-07-18 13:29:52 ----D---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Help 2009-07-18 13:29:52 ----D---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\CyberLink 2009-07-18 13:29:52 ----D---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\AdobeUM 2009-07-18 13:29:52 ----D---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Adobe 2009-07-18 13:23:56 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab Setup Files 2009-07-17 18:36:29 ----D---- C:\Programme\Smart-Ads-Solutions 2009-07-17 16:59:41 ----A---- C:\WINDOWS\system32\vvredheopz.exe 2009-07-17 16:19:41 ----D---- C:\WINDOWS\system32\LogFiles 2009-07-15 23:07:49 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$ 2009-07-15 23:07:42 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$ 2009-07-15 23:05:41 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$ |
log.txt 2. Teil: ======List of files/folders modified in the last 1 months====== 2009-07-22 22:09:10 ----D---- C:\WINDOWS\system32 2009-07-22 22:09:08 ----RD---- C:\Programme 2009-07-22 21:55:22 ----D---- C:\Programme\Mozilla Firefox 2009-07-22 21:32:48 ----D---- C:\WINDOWS\Temp 2009-07-22 21:31:47 ----D---- C:\WINDOWS 2009-07-22 21:29:43 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-07-22 21:24:48 ----D---- C:\WINDOWS\system32\drivers 2009-07-22 20:51:13 ----D---- C:\WINDOWS\Prefetch 2009-07-22 18:52:21 ----D---- C:\WINDOWS\Debug 2009-07-22 18:52:20 ----D---- C:\WINDOWS\Minidump 2009-07-22 18:04:21 ----D---- C:\WINDOWS\system32\CatRoot2 2009-07-22 18:04:16 ----A---- C:\WINDOWS\ModemLog_Creatix V.9X DSP Data Fax Modem.txt 2009-07-20 00:17:21 ----SD---- C:\WINDOWS\Tasks 2009-07-19 22:31:11 ----RASH---- C:\boot.ini 2009-07-19 22:31:11 ----A---- C:\WINDOWS\win.ini 2009-07-19 22:31:11 ----A---- C:\WINDOWS\system.ini 2009-07-19 20:26:09 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy 2009-07-19 20:24:20 ----D---- C:\Programme\Electronic Arts 2009-07-19 20:24:11 ----D---- C:\Config.Msi 2009-07-19 20:24:06 ----SHD---- C:\WINDOWS\Installer 2009-07-19 20:23:17 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Electronic Arts 2009-07-19 19:21:04 ----HD---- C:\WINDOWS\inf 2009-07-19 19:13:58 ----D---- C:\WINDOWS\WinSxS 2009-07-19 16:46:27 ----A---- C:\WINDOWS\NeroDigital.ini 2009-07-18 15:52:24 ----SHD---- C:\RECYCLER 2009-07-18 14:22:51 ----D---- C:\teen 2009-07-18 14:06:14 ----D---- C:\Programme\Gemeinsame Dateien 2009-07-18 13:29:50 ----D---- C:\Dokumente und Einstellungen 2009-07-15 23:07:49 ----D---- C:\WINDOWS\$hf_mig$ 2009-07-15 23:07:44 ----RSHDC---- C:\WINDOWS\system32\dllcache 2009-07-12 20:32:09 ----A---- C:\crashAddress.txt 2009-07-07 17:10:56 ----A---- C:\WINDOWS\system32\MRT.exe ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 WS2IFSL;Windows Socket 2.0 Non-IFS-Dienstanbieter-Unterstützungsumgebung; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-08-29 12032] R3 CardReaderFilter;Card Reader Filter; \??\C:\WINDOWS\system32\Drivers\USBCRFT.SYS [] R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664] R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-12-05 10368] R3 RT61;Linksys Wireless-G PCI Adapter Driver(RT61); C:\WINDOWS\system32\DRIVERS\RT61.sys [2006-12-12 356096] R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-04 26624] R3 usbhub;Microsoft USB-Standardhubtreiber; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600] R3 usbstor;USB-Massenspeichertreiber; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-04 26496] R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-04 20480] S1 AmdK8;AMD Athlon64-Prozessortreiber; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [2004-05-08 38912] S1 avgio;avgio; \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys [] S1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-07-19 96104] S1 mitetrqjibcoprxi;mitetrqjibcoprxi; C:\WINDOWS\system32\drivers\mitetrqjibcoprxi.sys [] S1 ssmdrv;ssmdrv; C:\WINDOWS\System32\DRIVERS\ssmdrv.sys [2009-07-19 28520] S2 atksgt;atksgt; C:\WINDOWS\System32\DRIVERS\atksgt.sys [2006-11-12 271360] S2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-07-19 55640] S2 BTSERIAL;Bluetooth Serial Driver; \??\C:\WINDOWS\System32\drivers\btserial.sys [] S2 BTSLBCSP;Bluetooth Port Client Driver; \??\C:\WINDOWS\System32\drivers\btslbcsp.sys [] S2 lirsgt;lirsgt; C:\WINDOWS\System32\DRIVERS\lirsgt.sys [2006-11-12 18048] S2 NwlnkIpx;NWLink IPX/SPX/NetBIOS-kompatibles Transportprotokoll; C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [2004-08-04 88448] S2 NwlnkNb;NWLink-NetBIOS; C:\WINDOWS\System32\DRIVERS\nwlnknb.sys [2002-08-29 63232] S2 NwlnkSpx;NWLink SPX/SPXII-Protokoll; C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [2002-08-29 55936] S3 ageco31m;ageco31m; C:\WINDOWS\system32\drivers\ageco31m.sys [] S3 Arp1394;1394-ARP-Clientprotokoll; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-04 60800] S3 BTDriver;Virtueller Bluetooth-Kommunikationstreiber; C:\WINDOWS\System32\DRIVERS\btport.sys [2004-11-29 30299] S3 BTKRNL;Bluetooth-Bus-Enumerator; C:\WINDOWS\System32\DRIVERS\btkrnl.sys [2004-11-29 1337850] S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2004-11-29 55320] S3 Cap7134;MEDION (7134) WDM Video Capture; C:\WINDOWS\System32\DRIVERS\Cap7134.sys [2003-06-05 350752] S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2004-08-04 17024] S3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2004-04-23 818496] S3 cxvafakj;cxvafakj; \??\C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\cxvafakj.sys [] S3 EL90XBC;3Com EtherLink XL 90XB/C-Adaptertreiber; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [2001-08-17 66591] S3 EPUSBSTOR;EPSON USB Storage Driver; C:\WINDOWS\System32\DRIVERS\epusbsto.sys [2001-09-10 17976] S3 FETNDIS;VIA PCI 10/100-MBit/s-Fast Ethernetadapter-NT-Treiber; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [2001-08-17 27165] S3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\System32\DRIVERS\fetnd5b.sys [2004-04-15 42496] S3 GTNDIS5;GTNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\GTNDIS5.SYS [] S3 hamachi;Hamachi Network Interface; C:\WINDOWS\System32\DRIVERS\hamachi.sys [2008-01-20 25280] S3 hitmanpro35;Hitman Pro 3.5 Support Driver; \??\C:\WINDOWS\system32\drivers\hitmanpro35.sys [] S3 Intels51;Creatix V.9X DSP Data Fax Modem; C:\WINDOWS\System32\DRIVERS\CtxS51.sys [2004-03-12 845092] S3 ms_mpu401;Microsoft MPU-401 MIDI UART-Treiber; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-04 5504] S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2004-08-04 85376] S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2004-08-04 10880] S3 NIC1394;1394-Netzwerktreiber; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-04 61824] S3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-07-12 2459968] S3 PhTVTune;MEDION TV-TUNER 7134 MK2/3; C:\WINDOWS\System32\DRIVERS\PhTVTune.sys [2003-06-12 24704] S3 PortlUSB;PortlUSB; C:\WINDOWS\System32\DRIVERS\MS-5530.sys [2004-06-24 7552] S3 PRISM_A00;CREATIX 802.11g Driver; C:\WINDOWS\System32\DRIVERS\PRISMA00.sys [2004-01-16 380736] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2004-08-04 11136] S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2004-08-04 15360] S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-02-18 30464] S3 usbewt;usbewt; \??\C:\WINDOWS\system32\usbewt.sys [] S3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2004-08-04 25856] S3 usbscan;USB-Scannertreiber; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2004-08-04 15104] S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328] S3 X10UIF;%DESCRIPTION%; C:\WINDOWS\System32\Drivers\x10uif.sys [2001-11-14 10761] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== S2 6to4;6to4; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336] S2 AntiVirMailService;Avira AntiVir MailGuard; C:\Programme\Avira\AntiVir Desktop\avmailc.exe [2009-07-19 194817] S2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Programme\Avira\AntiVir Desktop\sched.exe [2009-07-19 108289] S2 AntiVirService;Avira AntiVir Guard; C:\Programme\Avira\AntiVir Desktop\avguard.exe [2009-07-19 185089] S2 AntiVirWebService;Avira AntiVir WebGuard; C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE [2009-07-19 434945] S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-04 268800] S2 InteractiveLogon;InteractiveLogon; C:\WINDOWS\System32\Fast.exe [2001-10-19 49216] S2 msncache;msncache; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336] S2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\System32\wdfmgr.exe [2004-08-11 38912] S3 aspnet_state;ASP.NET-Statusdienst; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768] S4 Apple Mobile Device;Apple Mobile Device; C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-02-18 110592] S4 Bonjour Service;Bonjour-Dienst; C:\Programme\Bonjour\mDNSResponder.exe [2007-07-24 229376] S4 btwdins;Bluetooth Service; C:\Programme\Bluetooth\Bluetooth Software\bin\btwdins.exe [2004-11-29 254007] S4 CA_LIC_CLNT;CA-Lizenz-Client; C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe [2002-09-20 77824] S4 CA_LIC_SRVR;CA-Lizenzserver; C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe [2002-09-20 77824] S4 de_serv;AVM FRITZ!web Routing Service; C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe [] S4 EPSONStatusAgent2;EPSON Printer Status Agent2; C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\SAgent2.exe [2001-10-25 90112] S4 IDriverT;InstallDriver Table Manager; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632] S4 IGDCTRL;AVM IGD CTRL Service; C:\Programme\FRITZ!DSL\IGDCTRL.EXE [2007-09-04 87344] S4 iPod Service;iPod-Dienst; C:\Programme\iPod\bin\iPodService.exe [2008-02-19 504104] S4 LogWatch;Ereignisprotokoll-Überwachung; C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe [2002-09-20 53248] S4 MDM;Machine Debug Manager; C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe [2003-06-20 322120] S4 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\System32\nvsvc32.exe [2004-07-12 114755] S4 ServiceLayer;ServiceLayer; C:\Programme\PC Connectivity Solution\ServiceLayer.exe [2006-11-06 210432] S4 sopidkc;sopidkc Service; C:\WINDOWS\system32\sopidkc.exe [] S4 usnjsvc;Messenger USN Journal Reader-Service für freigegebene Ordner; C:\Programme\MSN Messenger\usnsvc.exe [2007-01-19 97136] S4 x10nets;X10 Device Network Service; C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe [2001-11-12 20480] -----------------EOF----------------- |
und das Logfile vom Trojaner Remover Teil 1: ***** NORMAL SCAN FOR ACTIVE MALWARE ***** Trojan Remover Ver 6.7.9.2584. For information, email support@simplysup.com [Unregistered version] Scan started at: 22:30:26 22 Jul 2009 Using Database v7350 Operating System: Windows XP Home Edition (SP2) [Build: 5.1.2600] File System: NTFS UserData directory: C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Simply Super Software\Trojan Remover\ Database directory: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Simply Super Software\Trojan Remover\Data\ Logfile directory: C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Simply Super Software\Trojan Remover Logfiles\ Program directory: C:\Programme\Trojan Remover\ Running with Administrator privileges ************************************************************ PC appears to be in SAFE MODE with Network Support. ************************************************************ ************************************************************ 22:30:26: ----- SCANNING FOR ROOTKIT SERVICES ----- No hidden Services were detected. ************************************************************ 22:30:26: Scanning -----WINDOWS REGISTRY----- -------------------- Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon This key's "Shell" value calls the following program(s): Key value: [Explorer.exe] File: Explorer.exe C:\WINDOWS\Explorer.exe 1036288 bytes Created: 21.11.2006 23:30 Modified: 13.06.2007 15:21 Company: Microsoft Corporation ---------- This key's "Userinit" value calls the following program(s): Key value: [C:\WINDOWS\system32\userinit.exe,] File: C:\WINDOWS\system32\userinit.exe C:\WINDOWS\system32\userinit.exe 25088 bytes Created: 03.09.2004 13:58 Modified: 04.08.2004 09:58 Company: Microsoft Corporation ---------- This key's "System" value appears to be blank ---------- This key's "UIHost" value calls the following program: Key value: [logonui.exe] File: logonui.exe C:\WINDOWS\system32\logonui.exe 515072 bytes Created: 21.11.2006 23:31 Modified: 04.08.2004 09:57 Company: Microsoft Corporation ---------- -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows -------------------- Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Value Name: load -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Value Name: HitmanPro35 Value Data: "C:\Programme\Hitman Pro 3.5\HitmanPro35.exe" /scan:boot C:\Programme\Hitman Pro 3.5\HitmanPro35.exe 4519672 bytes Created: 20.07.2009 17:37 Modified: 20.07.2009 17:37 Company: SurfRight B.V. -------------------- Value Name: TrojanScanner Value Data: C:\Programme\Trojan Remover\Trjscan.exe /boot C:\Programme\Trojan Remover\Trjscan.exe 1059720 bytes Created: 22.07.2009 22:09 Modified: 01.06.2009 17:06 Company: Simply Super Software -------------------- -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce Value Name: Malwarebytes' Anti-Malware Value Data: C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe 414992 bytes Created: 22.07.2009 21:24 Modified: 13.07.2009 13:36 Company: Malwarebytes Corporation -------------------- -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices This Registry Key appears to be empty -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce This Registry Key appears to be empty -------------------- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run This Registry Key appears to be empty -------------------- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce Value Name: FlashPlayerUpdate Value Data: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe 218496 bytes Created: 25.03.2008 05:21 Modified: 25.03.2008 05:21 Company: Adobe Systems, Inc. -------------------- ************************************************************ 22:30:27: Scanning -----SHELLEXECUTEHOOKS----- ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972} File: shell32.dll - this file is expected and has been left in place ---------- ************************************************************ 22:30:27: Scanning -----HIDDEN REGISTRY ENTRIES----- Taskdir check completed ---------- HKLM\Software\Microsoft\Windows\CurrentVersion\Run - key empty or not accessible HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices - key empty or not accessible HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad - key empty or not accessible HKCU\Software\Microsoft\Windows\CurrentVersion\Run - key empty or not accessible No Hidden File-loading Registry Entries found ---------- ************************************************************ 22:30:27: Scanning -----ACTIVE SCREENSAVER----- No active ScreenSaver found to scan. ************************************************************ 22:30:27: Scanning ----- REGISTRY ACTIVE SETUP KEYS ----- ************************************************************ 22:30:27: Scanning ----- SERVICEDLL REGISTRY KEYS ----- Key: 6to4 Path: C:\WINDOWS\system32\6to4v32.dll C:\WINDOWS\system32\6to4v32.dll - [file not found to scan] -------------------- Key: AppMgmt %SystemRoot%\System32\appmgmts.dll - file is globally excluded (file cannot be found) -------------------- Key: HidServ %SystemRoot%\System32\hidserv.dll - file is globally excluded (file cannot be found) -------------------- Key: msncache Path: C:\WINDOWS\system32\msncache.dll C:\WINDOWS\system32\msncache.dll - has a *known* Malware filename: INFO.STEALER C:\WINDOWS\system32\msncache.dll - this registry value has been removed [file not found to scan] C:\WINDOWS\system32\msncache.dll - unable to take ownership/change permissions C:\WINDOWS\system32\msncache.dll - marked for renaming when the PC is restarted (if it exists) -------------------- ************************************************************ 22:30:33: Scanning ----- SERVICES REGISTRY KEYS ----- Key: AmdK8 ImagePath: System32\DRIVERS\AmdK8.sys C:\WINDOWS\System32\DRIVERS\AmdK8.sys 38912 bytes Created: 03.09.2004 14:56 Modified: 08.05.2004 10:22 Company: Microsoft Corporation ---------- Key: AntiVirMailService ImagePath: "C:\Programme\Avira\AntiVir Desktop\avmailc.exe" C:\Programme\Avira\AntiVir Desktop\avmailc.exe 194817 bytes Created: 19.07.2009 19:20 Modified: 19.07.2009 20:42 Company: Avira GmbH ---------- Key: AntiVirSchedulerService ImagePath: "C:\Programme\Avira\AntiVir Desktop\sched.exe" C:\Programme\Avira\AntiVir Desktop\sched.exe 108289 bytes Created: 19.07.2009 19:20 Modified: 19.07.2009 20:42 Company: Avira GmbH ---------- Key: AntiVirService ImagePath: "C:\Programme\Avira\AntiVir Desktop\avguard.exe" C:\Programme\Avira\AntiVir Desktop\avguard.exe 185089 bytes Created: 19.07.2009 19:20 Modified: 19.07.2009 20:42 Company: Avira GmbH ---------- Key: AntiVirWebService ImagePath: "C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE" C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE 434945 bytes Created: 19.07.2009 19:20 Modified: 19.07.2009 20:42 Company: Avira GmbH ---------- Key: Apple Mobile Device ImagePath: "C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe" C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 110592 bytes Created: 18.02.2008 12:16 Modified: 18.02.2008 12:16 Company: Apple, Inc. ---------- Key: atksgt ImagePath: System32\DRIVERS\atksgt.sys C:\WINDOWS\System32\DRIVERS\atksgt.sys 271360 bytes Created: 12.11.2006 16:49 Modified: 12.11.2006 16:49 Company: [no info] ---------- Key: avgio ImagePath: \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys C:\Programme\Avira\AntiVir Desktop\avgio.sys 11608 bytes Created: 19.07.2009 19:20 Modified: 13.02.2009 11:35 Company: Avira GmbH ---------- Key: Bonjour Service ImagePath: C:\Programme\Bonjour\mDNSResponder.exe C:\Programme\Bonjour\mDNSResponder.exe 229376 bytes Created: 24.07.2007 16:17 Modified: 24.07.2007 16:17 Company: Apple Inc. ---------- Key: BTSERIAL ImagePath: \??\C:\WINDOWS\System32\drivers\btserial.sys C:\WINDOWS\System32\drivers\btserial.sys 23271 bytes Created: 29.11.2004 20:34 Modified: 29.11.2004 20:34 Company: Broadcom Corporation. ---------- Key: BTSLBCSP ImagePath: \??\C:\WINDOWS\System32\drivers\btslbcsp.sys C:\WINDOWS\System32\drivers\btslbcsp.sys 222876 bytes Created: 29.11.2004 20:34 Modified: 29.11.2004 20:34 Company: Broadcom Corporation. ---------- Key: btwdins ImagePath: C:\Programme\Bluetooth\Bluetooth Software\bin\btwdins.exe C:\Programme\Bluetooth\Bluetooth Software\bin\btwdins.exe 254007 bytes Created: 29.11.2004 20:50 Modified: 29.11.2004 20:50 Company: Broadcom Corporation. ---------- Key: Cap7134 ImagePath: System32\DRIVERS\Cap7134.sys C:\WINDOWS\System32\DRIVERS\Cap7134.sys 350752 bytes Created: 03.09.2004 15:06 Modified: 05.06.2003 09:04 Company: Philips Semiconductors ---------- Key: CardReaderFilter ImagePath: \??\C:\WINDOWS\system32\Drivers\USBCRFT.SYS C:\WINDOWS\system32\Drivers\USBCRFT.SYS 13440 bytes Created: 03.09.2004 15:54 Modified: 19.07.2009 20:54 Company: ICSI Technology Ltd. ---------- Key: CA_LIC_CLNT ImagePath: C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe 77824 bytes Created: 20.09.2002 16:27 Modified: 20.09.2002 16:27 Company: Computer Associates ---------- Key: CA_LIC_SRVR ImagePath: C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe 77824 bytes Created: 20.09.2002 16:41 Modified: 20.09.2002 16:41 Company: Computer Associates ---------- Key: cmuda ImagePath: system32\drivers\cmuda.sys C:\WINDOWS\system32\drivers\cmuda.sys 818496 bytes Created: 03.09.2004 15:04 Modified: 23.04.2004 15:14 Company: C-Media Inc ---------- Key: d347bus ImagePath: System32\DRIVERS\d347bus.sys C:\WINDOWS\System32\DRIVERS\d347bus.sys 155136 bytes Created: 11.10.2005 21:05 Modified: 22.08.2004 16:31 Company: ---------- Key: d347prt ImagePath: System32\Drivers\d347prt.sys C:\WINDOWS\System32\Drivers\d347prt.sys 5248 bytes Created: 11.10.2005 21:05 Modified: 22.08.2004 16:31 Company: ---------- Key: de_serv ImagePath: C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe - [file not found to scan] ---------- Key: EPSONStatusAgent2 ImagePath: C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\SAgent2.exe C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\SAgent2.exe 90112 bytes Created: 06.05.2007 15:46 Modified: 25.10.2001 02:02 Company: SEIKO EPSON CORPORATION ---------- Key: EPUSBSTOR ImagePath: System32\DRIVERS\epusbsto.sys C:\WINDOWS\System32\DRIVERS\epusbsto.sys 17976 bytes Created: 10.09.2001 01:00 Modified: 10.09.2001 01:00 Company: SEIKO EPSON CORPORATION ---------- Key: FETNDISB ImagePath: System32\DRIVERS\fetnd5b.sys C:\WINDOWS\System32\DRIVERS\fetnd5b.sys 42496 bytes Created: 10.08.2004 17:05 Modified: 15.04.2004 10:57 Company: VIA Technologies, Inc. ---------- Key: hamachi ImagePath: System32\DRIVERS\hamachi.sys C:\WINDOWS\System32\DRIVERS\hamachi.sys 25280 bytes Created: 15.05.2007 01:55 Modified: 20.01.2008 17:23 Company: LogMeIn, Inc. ---------- Key: hitmanpro35 ImagePath: \??\C:\WINDOWS\system32\drivers\hitmanpro35.sys C:\WINDOWS\system32\drivers\hitmanpro35.sys 11904 bytes Created: 20.07.2009 17:37 Modified: 22.07.2009 18:04 Company: ---------- Key: IDriverT ImagePath: "C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe" C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe 69632 bytes Created: 04.04.2005 01:41 Modified: 04.04.2005 01:41 Company: Macrovision Corporation ---------- Key: IGDCTRL ImagePath: C:\Programme\FRITZ!DSL\IGDCTRL.EXE C:\Programme\FRITZ!DSL\IGDCTRL.EXE 87344 bytes Created: 04.09.2007 10:14 Modified: 04.09.2007 10:14 Company: AVM Berlin ---------- Key: Intels51 ImagePath: System32\DRIVERS\CtxS51.sys C:\WINDOWS\System32\DRIVERS\CtxS51.sys 845092 bytes Created: 03.09.2004 14:57 Modified: 12.03.2004 18:23 Company: Intel Corporation ---------- Key: InteractiveLogon ImagePath: C:\WINDOWS\System32\Fast.exe -service C:\WINDOWS\System32\Fast.exe 49216 bytes Created: 19.10.2001 12:14 Modified: 19.10.2001 12:14 Company: Microsoft Corporation ---------- Key: iPod Service ImagePath: C:\Programme\iPod\bin\iPodService.exe C:\Programme\iPod\bin\iPodService.exe 504104 bytes Created: 19.02.2008 14:10 Modified: 19.02.2008 14:10 Company: Apple Inc. ---------- Key: lirsgt ImagePath: System32\DRIVERS\lirsgt.sys C:\WINDOWS\System32\DRIVERS\lirsgt.sys 18048 bytes Created: 12.11.2006 16:49 Modified: 12.11.2006 16:49 Company: [no info] ---------- Key: LogWatch ImagePath: C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe 53248 bytes Created: 20.09.2002 16:29 Modified: 20.09.2002 16:29 Company: Computer Associates ---------- Key: MDM ImagePath: "C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe" C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe 322120 bytes Created: 20.06.2003 09:25 Modified: 20.06.2003 09:25 Company: Microsoft Corporation ---------- Key: mitetrqjibcoprxi ImagePath: \systemroot\system32\drivers\mitetrqjibcoprxi.sys C:\WINDOWS\system32\drivers\mitetrqjibcoprxi.sys - [file not found to scan] ---------- Key: NwlnkIpx ImagePath: System32\DRIVERS\nwlnkipx.sys C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys 88448 bytes Created: 03.09.2004 13:58 Modified: 04.08.2004 08:03 Company: Microsoft Corporation ---------- Key: NwlnkNb ImagePath: System32\DRIVERS\nwlnknb.sys C:\WINDOWS\System32\DRIVERS\nwlnknb.sys 63232 bytes Created: 03.09.2004 13:58 Modified: 29.08.2002 14:00 Company: Microsoft Corporation ---------- Key: NwlnkSpx ImagePath: System32\DRIVERS\nwlnkspx.sys C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys 55936 bytes Created: 03.09.2004 13:58 Modified: 29.08.2002 14:00 Company: Microsoft Corporation ---------- Key: PhTVTune ImagePath: System32\DRIVERS\PhTVTune.sys C:\WINDOWS\System32\DRIVERS\PhTVTune.sys 24704 bytes Created: 03.09.2004 15:06 Modified: 12.06.2003 09:47 Company: Philips Semiconductors ---------- Key: PortlUSB ImagePath: System32\DRIVERS\MS-5530.sys C:\WINDOWS\System32\DRIVERS\MS-5530.sys 7552 bytes Created: 25.12.2005 01:49 Modified: 24.06.2004 15:52 Company: PortalPlayer, Inc. ---------- Key: PRISM_A00 ImagePath: System32\DRIVERS\PRISMA00.sys C:\WINDOWS\System32\DRIVERS\PRISMA00.sys 380736 bytes Created: 03.09.2004 15:08 Modified: 16.01.2004 10:31 Company: ---------- Key: ServiceLayer ImagePath: "C:\Programme\PC Connectivity Solution\ServiceLayer.exe" C:\Programme\PC Connectivity Solution\ServiceLayer.exe 210432 bytes Created: 06.11.2006 15:21 Modified: 06.11.2006 15:21 Company: Nokia. ---------- Key: sopidkc ImagePath: C:\WINDOWS\system32\sopidkc.exe C:\WINDOWS\system32\sopidkc.exe - has a *known* Malware filename: TROJAN.AGENT C:\WINDOWS\system32\sopidkc.exe - this registry value has been removed [file not found to scan] C:\WINDOWS\system32\sopidkc.exe - process is either not running or could not be terminated C:\WINDOWS\system32\sopidkc.exe - unable to take ownership/change permissions C:\WINDOWS\system32\sopidkc.exe - marked for renaming when the PC is restarted (if it exists) ---------- Key: sptd ImagePath: System32\Drivers\sptd.sys - this file is globally excluded ---------- Key: SwPrv ImagePath: C:\WINDOWS\System32\dllhost.exe /Processid:{0D1AC3F3-FED8-407B-B56C-3CEC7AD960FB} C:\WINDOWS\System32\dllhost.exe 5120 bytes Created: 03.09.2004 13:57 Modified: 04.08.2004 09:57 Company: Microsoft Corporation ---------- Key: usbewt ImagePath: \??\C:\WINDOWS\system32\usbewt.sys C:\WINDOWS\system32\usbewt.sys 2304 bytes Created: 03.09.2004 13:58 Modified: 04.08.2004 09:57 Company: [no info] ---------- Key: usnjsvc ImagePath: "C:\Programme\MSN Messenger\usnsvc.exe" C:\Programme\MSN Messenger\usnsvc.exe 97136 bytes Created: 19.01.2007 12:54 Modified: 19.01.2007 12:54 Company: Microsoft Corporation ---------- Key: viaagp1 ImagePath: System32\DRIVERS\viaagp1.sys C:\WINDOWS\System32\DRIVERS\viaagp1.sys 27904 bytes Created: 02.07.2003 04:42 Modified: 02.07.2003 04:42 Company: VIA Technologies, Inc. ---------- Key: X10UIF ImagePath: System32\Drivers\x10uif.sys C:\WINDOWS\System32\Drivers\x10uif.sys 10761 bytes Created: 05.09.2004 18:51 Modified: 14.11.2001 18:07 Company: X10 Wireless Technology, Inc. ---------- Key: cxvafakj ImagePath: \??\C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\cxvafakj.sys C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\cxvafakj.sys - [file not found to scan] ---------- ************************************************************ 22:30:46: Scanning -----VXD ENTRIES----- Checking the following VxD entries: C:\WINDOWS\system32\JAVASUP.VXD 7315 bytes Created: 03.09.2004 18:36 Modified: 28.02.2003 16:54 Company: [no info] VxD Key = JAVASUP ---------- ---------- ************************************************************ 22:30:46: Scanning ----- WINLOGON\NOTIFY DLLS ----- ************************************************************ 22:30:47: Scanning ----- CONTEXTMENUHANDLERS ----- Key: ICQLiteMenu CLSID: {73B24247-042E-4EF5-ADC2-42F62E6FD654} Path: C:\Programme\ICQLite\ICQLiteShell.dll C:\Programme\ICQLite\ICQLiteShell.dll 57451 bytes Created: 07.08.2008 18:03 Modified: 07.05.2006 18:28 Company: ---------- Key: Shell Extension for Malware scanning CLSID: {45AC2688-0253-4ED8-97DE-B5370FA7D48A} Path: C:\Programme\Avira\AntiVir Desktop\shlext.dll C:\Programme\Avira\AntiVir Desktop\shlext.dll 286977 bytes Created: 19.07.2009 19:20 Modified: 19.07.2009 20:42 Company: Avira GmbH ---------- Key: WinRAR CLSID: {B41DB860-8EE4-11D2-9906-E49FADC173CA} Path: C:\Programme\WinRAR\rarext.dll C:\Programme\WinRAR\rarext.dll 125952 bytes Created: 11.10.2005 20:42 Modified: 31.07.2005 21:10 Company: [no info] ---------- ************************************************************ 22:30:47: Scanning ----- FOLDER\COLUMNHANDLERS ----- Key: {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} File: "C:\Programme\OpenOffice.org 2.4\program\shlxthdl.dll" C:\Programme\OpenOffice.org 2.4\program\shlxthdl.dll 339968 bytes Created: 21.01.2008 16:48 Modified: 21.01.2008 16:48 Company: Sun Microsystems, Inc. ---------- Key: {F9DB5320-233E-11D1-9F84-707F02C10627} File: C:\Programme\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll C:\Programme\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll 110592 bytes Created: 14.12.2004 02:20 Modified: 14.12.2004 02:20 Company: Adobe Systems, Inc. ---------- ************************************************************ 22:30:47: Scanning ----- BROWSER HELPER OBJECTS ----- Key: {2DB79541-9A81-4F96-A151-D56B93119937} BHO: C:\WINDOWS\system32\kvokbgnl.dll C:\WINDOWS\system32\kvokbgnl.dll 325120 bytes Created: 01.06.2009 06:37 Modified: 01.06.2009 06:37 Company: ---------- Key: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} BHO: C:\Programme\Java\jre1.6.0_01\bin\ssv.dll C:\Programme\Java\jre1.6.0_01\bin\ssv.dll 501400 bytes Created: 16.04.2007 15:42 Modified: 14.03.2007 03:43 Company: Sun Microsystems, Inc. ---------- ************************************************************ 22:30:47: Scanning ----- SHELLSERVICEOBJECTS ----- ************************************************************ 22:30:47: Scanning ----- SHAREDTASKSCHEDULER ENTRIES ----- ************************************************************ 22:30:47: Scanning ----- IMAGEFILE DEBUGGERS ----- No "Debugger" entries found. ************************************************************ 22:30:48: Scanning ----- APPINIT_DLLS ----- AppInitDLLs entry = [sockspy.dll,C:\DOKUME~1\marcel\LOKALE~1\Temp\101722501747mmx.dll] sockspy.dll - this reference will be removed [file not found to scan] ---------- C:\DOKUME~1\marcel\LOKALE~1\Temp\101722501747mmx.dll - this reference will be removed [file not found to scan] ---------- ************************************************************ 22:30:58: Scanning ----- SECURITY PROVIDER DLLS ----- ************************************************************ 22:30:58: Scanning ------ COMMON STARTUP GROUP ------ [C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart] The Common Startup Group attempts to load the following file(s) at boot time: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini -HS- 84 bytes Created: 31.03.2008 18:58 Modified: 03.09.2004 14:05 Company: [no info] C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini - no action taken on this file -------------------- ************************************************************ No User Startup Groups were located to check ************************************************************ 22:30:58: Scanning ----- SCHEDULED TASKS ----- Scheduled Tasks not scanned: running in SAFE mode so Task Scheduler service not running ************************************************************ 22:30:58: Scanning ----- SHELLICONOVERLAYIDENTIFIERS ----- ************************************************************ 22:30:58: Scanning ----- DEVICE DRIVER ENTRIES ----- Value: vidc.VP60 File: C:\WINDOWS\System32\vp6vfw.dll C:\WINDOWS\System32\vp6vfw.dll -R- 442368 bytes Created: 21.08.2005 15:43 Modified: 18.08.2004 10:34 Company: On2.com ---------- Value: vidc.VP61 File: C:\WINDOWS\System32\vp6vfw.dll C:\WINDOWS\System32\vp6vfw.dll - file already scanned ---------- Value: msacm.lhacm File: lhacm.acm C:\WINDOWS\system32\lhacm.acm 34064 bytes Created: 09.09.2005 20:50 Modified: 09.09.2005 20:50 Company: Microsoft Corporation ---------- Value: msacm.siren File: sirenacm.dll C:\WINDOWS\system32\sirenacm.dll 51056 bytes Created: 19.01.2007 12:53 Modified: 19.01.2007 12:53 Company: Microsoft Corp. ---------- ************************************************************ 22:31:00: ----- ADDITIONAL CHECKS ----- PE386 rootkit checks completed ---------- Winlogon registry rootkit checks completed ---------- Heuristic checks for hidden files/drivers completed ---------- Layered Service Provider entries checks completed ---------- ============================== Restrictive Windows Explorer Policies found in force on this computer: HKCU\Software\Microsoft\Internet Explorer\Download CheckExeSignatures - default policy reset RunInvalidSignatures - default policy reset All Policy Values listed have been removed or reset ============================== Windows Explorer Policies checks completed ---------- Checking autorun.inf in N:\ N:\autorun.inf -RH- 36 bytes Created: 17.07.2007 17:43 Modified: 17.10.2002 09:56 Company: [no info] ---------- -------------------- Desktop Wallpaper entry is blank ---------- Web Desktop Wallpaper entry is blank ---------- Checks for rogue DNS NameServers completed ---------- Checking for specific malicious files: C:\WINDOWS\system32\uacinit.dll - file appears to be stealthed from normal viewing C:\WINDOWS\system32\uacinit.dll - Trojan.Agent C:\WINDOWS\system32\uacinit.dll - file renamed to: C:\WINDOWS\system32\uacinit.dll.vir ---------- Additional checks completed ** |
und Trojan Remover Log Teil 2: ********************************************************** 22:31:19: Scanning ----- RUNNING PROCESSES ----- C:\WINDOWS\System32\smss.exe 50688 bytes Created: 03.09.2004 13:58 Modified: 04.08.2004 09:58 Company: Microsoft Corporation [1 loaded module] -------------------- C:\WINDOWS\system32\csrss.exe 6144 bytes Created: 03.09.2004 13:57 Modified: 04.08.2004 09:57 Company: Microsoft Corporation [11 loaded modules in total] -------------------- C:\WINDOWS\system32\winlogon.exe 507392 bytes Created: 03.09.2004 13:58 Modified: 04.08.2004 09:58 Company: Microsoft Corporation [58 loaded modules in total] -------------------- C:\WINDOWS\system32\services.exe 111104 bytes Created: 03.09.2004 13:58 Modified: 09.02.2009 12:04 Company: Microsoft Corporation [38 loaded modules in total] -------------------- C:\WINDOWS\system32\lsass.exe 13312 bytes Created: 03.09.2004 13:58 Modified: 04.08.2004 09:57 Company: Microsoft Corporation [50 loaded modules in total] -------------------- C:\WINDOWS\system32\svchost.exe 14336 bytes Created: 03.09.2004 13:58 Modified: 04.08.2004 09:58 Company: Microsoft Corporation [File appears to be locked by another process] [69 loaded modules in total] -------------------- C:\WINDOWS\system32\svchost.exe - file already scanned [48 loaded modules in total] -------------------- C:\WINDOWS\System32\svchost.exe - file already scanned [92 loaded modules in total] -------------------- C:\WINDOWS\System32\svchost.exe - file already scanned [39 loaded modules in total] -------------------- C:\WINDOWS\System32\svchost.exe - file already scanned [37 loaded modules in total] -------------------- C:\WINDOWS\Explorer.EXE - file already scanned [84 loaded modules in total] -------------------- C:\WINDOWS\system32\NOTEPAD.EXE 70144 bytes Created: 03.09.2004 13:58 Modified: 04.08.2004 09:58 Company: Microsoft Corporation [30 loaded modules in total] -------------------- C:\WINDOWS\system32\NOTEPAD.EXE - file already scanned [30 loaded modules in total] -------------------- C:\Programme\Mozilla Firefox\firefox.exe 307704 bytes Created: 29.03.2006 15:15 Modified: 22.07.2009 18:55 Company: Mozilla Corporation [67 loaded modules in total] -------------------- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Simply Super Software\Trojan Remover\sem2D.exe FileSize: 3015544 [This is a Trojan Remover component] [56 loaded modules in total] -------------------- ************************************************************ 22:31:45: Checking HOSTS file No malicious entries were found in the HOSTS file ************************************************************ 22:31:45: Scanning ------ %TEMP% DIRECTORY ------ C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\etilqs_pESDjPuRuOT7FnINBtLb appears to be in-use/locked ************************************************************ 22:31:45: Scanning ------ C:\WINDOWS\Temp DIRECTORY ------ ************************************************************ 22:31:49: Scanning ------ ROOT DIRECTORY ------ ************************************************************ 22:31:49: ------ Scan for other files to remove ------ C:\WINDOWS\system32\comsa32.sys has been deleted C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\tmpC.tmp has been deleted ---------- 2 malware-related files deleted (or marked for deletion) ************************************************************ === CHANGES WERE MADE TO THE WINDOWS REGISTRY === === ONE OR MORE FILES WERE RENAMED OR REMOVED === Scan completed at: 22:31:49 22 Jul 2009 Total Scan time: 00:01:23 ------------------------------------------------------------------------- One or more files could not be moved or renamed as requested. They may be in use by Windows, so Trojan Remover needs to restart the system in order to deal with these files. 22.07.2009 22:32:06: restart commenced ************************************************************ ***** NORMAL SCAN FOR ACTIVE MALWARE ***** Trojan Remover Ver 6.7.9.2584. For information, email support@simplysup.com [Unregistered version] Scan started at: 22:09:48 22 Jul 2009 Using Database v7350 Operating System: Windows XP Home Edition (SP2) [Build: 5.1.2600] File System: NTFS UserData directory: C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Simply Super Software\Trojan Remover\ Database directory: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Simply Super Software\Trojan Remover\Data\ Logfile directory: C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Simply Super Software\Trojan Remover Logfiles\ Program directory: C:\Programme\Trojan Remover\ Running with Administrator privileges ************************************************************ PC appears to be in SAFE MODE with Network Support. ************************************************************ ************************************************************ 22:09:49: ----- SCANNING FOR ROOTKIT SERVICES ----- No hidden Services were detected. ************************************************************ 22:09:49: Scanning -----WINDOWS REGISTRY----- -------------------- Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon This key's "Shell" value calls the following program(s): Key value: [Explorer.exe] File: Explorer.exe C:\WINDOWS\Explorer.exe 1036288 bytes Created: 21.11.2006 23:30 Modified: 13.06.2007 15:21 Company: Microsoft Corporation ---------- This key's "Userinit" value calls the following program(s): Key value: [C:\WINDOWS\system32\userinit.exe,] File: C:\WINDOWS\system32\userinit.exe C:\WINDOWS\system32\userinit.exe 25088 bytes Created: 03.09.2004 13:58 Modified: 04.08.2004 09:58 Company: Microsoft Corporation ---------- This key's "System" value appears to be blank ---------- This key's "UIHost" value calls the following program: Key value: [logonui.exe] File: logonui.exe C:\WINDOWS\system32\logonui.exe 515072 bytes Created: 21.11.2006 23:31 Modified: 04.08.2004 09:57 Company: Microsoft Corporation ---------- -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows -------------------- Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Value Name: load -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Value Name: HitmanPro35 Value Data: "C:\Programme\Hitman Pro 3.5\HitmanPro35.exe" /scan:boot C:\Programme\Hitman Pro 3.5\HitmanPro35.exe 4519672 bytes Created: 20.07.2009 17:37 Modified: 20.07.2009 17:37 Company: SurfRight B.V. -------------------- Value Name: TrojanScanner Value Data: C:\Programme\Trojan Remover\Trjscan.exe /boot C:\Programme\Trojan Remover\Trjscan.exe 1059720 bytes Created: 22.07.2009 22:09 Modified: 01.06.2009 17:06 Company: Simply Super Software -------------------- -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce Value Name: Malwarebytes' Anti-Malware Value Data: C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe 414992 bytes Created: 22.07.2009 21:24 Modified: 13.07.2009 13:36 Company: Malwarebytes Corporation -------------------- -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices This Registry Key appears to be empty -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce This Registry Key appears to be empty -------------------- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run This Registry Key appears to be empty -------------------- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce Value Name: FlashPlayerUpdate Value Data: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe 218496 bytes Created: 25.03.2008 05:21 Modified: 25.03.2008 05:21 Company: Adobe Systems, Inc. -------------------- ************************************************************ 22:09:50: Scanning -----SHELLEXECUTEHOOKS----- ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972} File: shell32.dll - this file is expected and has been left in place ---------- ************************************************************ 22:09:50: Scanning -----HIDDEN REGISTRY ENTRIES----- Taskdir check completed ---------- HKLM\Software\Microsoft\Windows\CurrentVersion\Run - key empty or not accessible HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices - key empty or not accessible HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad - key empty or not accessible HKCU\Software\Microsoft\Windows\CurrentVersion\Run - key empty or not accessible No Hidden File-loading Registry Entries found ---------- ************************************************************ 22:09:50: Scanning -----ACTIVE SCREENSAVER----- No active ScreenSaver found to scan. ************************************************************ 22:09:50: Scanning ----- REGISTRY ACTIVE SETUP KEYS ----- ************************************************************ 22:09:50: Scanning ----- SERVICEDLL REGISTRY KEYS ----- Key: 6to4 Path: C:\WINDOWS\system32\6to4v32.dll C:\WINDOWS\system32\6to4v32.dll - [file not found to scan] -------------------- Key: AppMgmt %SystemRoot%\System32\appmgmts.dll - file is globally excluded (file cannot be found) -------------------- Key: HidServ %SystemRoot%\System32\hidserv.dll - file is globally excluded (file cannot be found) -------------------- Key: msncache Path: C:\WINDOWS\system32\msncache.dll C:\WINDOWS\system32\msncache.dll - has a *known* Malware filename: INFO.STEALER C:\WINDOWS\system32\msncache.dll - no action taken on this file [file not found to scan] -------------------- ServiceDLL registry keys scan stopped at user request The Services registry keys were not scanned The VxD Entries were not scanned The Winlogon\Notify DLLs were not scanned The ContextMenuHandlers were not scanned The Browser Helper Objects were not scanned The ShellServiceObjects were not scanned The SharedTaskScheduler DLLs were not scanned The Imagefile Debuggers were not scanned The AppInit_DLLs were not scanned The Security Provider DLLs were not scanned The Global Startup Group was not scanned The User Startup Groups were not scanned The Scheduled Tasks were not scanned The ShellIconOverylayIdentifiers were not scanned The Device Drivers were not scanned Heuristic Scans were not carried out Running Processes were not scanned The HOSTS file was not checked The check on Explorer.exe was not carried out ************************************************************ === NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES === Scan completed at: 22:11:25 22 Jul 2009 Total Scan time: 00:01:36 ************************************************************ |
Anleitung Avenger (by swandog46) Lade dir das Tool Hopsassa und speichere es auf dem Desktop:
Code: Drivers to delete:
|
irgendwie hat das nicht funktioniert habe execute gedrückt nachdem ich das script eingefügt habe und dann neugestartet aber kein logfile da |
Versuche es nochmal, hast du von hand neugestartet? wenn Ja, lass es bitte Avenger erledigen. |
nee habe nicht von hand gestartet, hab das avenger machen lassen. habe auch zum zweiten mal das script so wie du es geschrieben hast reinkopiert und "execute" geklickt. avenger neustarten lassen, aber kein logfile |
dann such das Logfile unter C:\Avenger. |
habe ich bereits, aber leider kein logfile vorhanden |
Starte Hijackthis nochmal - do a system scan only - markiere (haken setzen) folgende Einträge: Zitat:
Was ist den diese Hitman Pro 3.5 exe? Wozu wird das benötigt? |
sry mein Fehler, war noch im abgesicherten Modus. Hier das Log aus Avenger: Logfile of The Avenger Version 2.0, (c) by Swandog46 http://swandog46.geekstogo.com Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. Hidden driver "a8tre1us" found! Could not open driver a8tre1us for rootkit scan. Error:c0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Rootkit scan completed. Warning: Invalid contents in ServiceGroupOrder key! There may be a driver loading earlier than Avenger! Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\cxvafakj" not found! Deletion of driver "cxvafakj" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Driver "sopidkc" deleted successfully. Driver "6to4" deleted successfully. Driver "msncache" deleted successfully. Driver "usbewt" deleted successfully. Driver "mitetrqjibcoprxi" deleted successfully. Completed script processing. ******************* Finished! Terminate. Logfile of The Avenger Version 2.0, (c) by Swandog46 http://swandog46.geekstogo.com Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. Hidden driver "ah6n6xg3" found! Could not open driver ah6n6xg3 for rootkit scan. Error:c0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Rootkit scan completed. Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\cxvafakj" not found! Deletion of driver "cxvafakj" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\sopidkc" not found! Deletion of driver "sopidkc" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\6to4" not found! Deletion of driver "6to4" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\msncache" not found! Deletion of driver "msncache" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\usbewt" not found! Deletion of driver "usbewt" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\mitetrqjibcoprxi" not found! Deletion of driver "mitetrqjibcoprxi" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Completed script processing. ******************* Finished! Terminate. Logfile of The Avenger Version 2.0, (c) by Swandog46 http://swandog46.geekstogo.com Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. Hidden driver "hfvg" found! Could not open driver hfvg for rootkit scan. Error:c0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Hidden driver "ah6n6xg3" found! Could not open driver ah6n6xg3 for rootkit scan. Error:c0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Rootkit scan completed. Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\cxvafakj" not found! Deletion of driver "cxvafakj" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\sopidkc" not found! Deletion of driver "sopidkc" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\6to4" not found! Deletion of driver "6to4" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\msncache" not found! Deletion of driver "msncache" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\usbewt" not found! Deletion of driver "usbewt" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\mitetrqjibcoprxi" not found! Deletion of driver "mitetrqjibcoprxi" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Completed script processing. ******************* Finished! Terminate. |
hitman pro ist ein antivirenprogramm, welches mehrere antispy und antivirenprogramme umfasst, diese downloaded und einzeln durchgeht. sollte es zumindest, aber funzt bei mir nicht. schon ein mal vielen Dank für deine Hilfe !!:daumenhoc |
sooo habe das was du da geschrieben hast fixiert, wobei ein Teil der Prozesse schon gar nicht mehr da war |
Zitat:
So weiter geht es - Suche den ordner Malwarebytes auf unter deinem Arbeitsplatz, benenne dort die exe Datei in 1234.com um und versuche Malwarebytes jetzt zum Laufen zu bringen. |
gut zum laufen bekommen. soll ich dort nen vollständigen suchlauf durchführen? |
Japp :) sollst du. |
denke den bericht dazu werde ich dann morgen posten ;) das scheint noch was länger zu dauern |
Ja :) lass dir ruhig Zeit und nimm dir Ruhe dabei :) |
das malware log Malwarebytes' Anti-Malware 1.39 Datenbank Version: 2421 Windows 5.1.2600 Service Pack 2 23.07.2009 17:28:35 mbam-log-2009-07-23 (17-28-24).txt Scan-Methode: Vollständiger Scan (C:\|D:\|E:\|N:\|) Durchsuchte Objekte: 226159 Laufzeit: 1 hour(s), 0 minute(s), 46 second(s) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 16 Infizierte Registrierungswerte: 11 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 7 Infizierte Dateien: 25 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CLASSES_ROOT\xml.xml (Trojan.FakeAlert) -> No action taken. HKEY_CLASSES_ROOT\xml.xml.1 (Trojan.FakeAlert) -> No action taken. HKEY_CLASSES_ROOT\Interface\{bbcc290a-5e32-4e54-80db-f0f3f3892444} (Trojan.BHO) -> No action taken. HKEY_CLASSES_ROOT\Typelib\{e3a14032-f6fc-426d-a024-bead613d5db3} (Trojan.BHO) -> No action taken. HKEY_CLASSES_ROOT\AppID\{d8c0508c-e235-4d9e-a27e-c8bb5f527dc9} (Trojan.BHO) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5948a52a-ba3a-49a8-bcaf-d578502bda9d} (Trojan.BHO) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{f919fbd3-a96b-4679-af26-f551439bb5fd} (Trojan.FakeAlert) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5948a52a-ba3a-49a8-bcaf-d578502bda9d} (Trojan.BHO) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Cognac (Rogue.Multiple) -> No action taken. HKEY_CLASSES_ROOT\AppID\MessengerUpdateProject.dll (Trojan.Agent) -> No action taken. HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> No action taken. HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Rootkit.Trace) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\ColdWare (Malware.Trace) -> No action taken. Infizierte Registrierungswerte: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\BuildW (Malware.Trace) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\FirstInstallFlag (Malware.Trace) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\guid (Malware.Trace) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\i (Malware.Trace) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mms (Malware.Trace) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mso (Malware.Trace) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\udso (Malware.Trace) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\uid (Malware.Trace) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Ulrn (Malware.Trace) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Update (Malware.Trace) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\UpdateNew (Malware.Trace) -> No action taken. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: C:\Dokumente und Einstellungen\cccccc\Anwendungsdaten\Messenger\Drivers (Trojan.Agent.M) -> No action taken. c:\dokumente und einstellungen\ccccccc\anwendungsdaten\messenger\Drivers\Aud32 (Trojan.Agent.M) -> No action taken. C:\Dokumente und Einstellungen\ccccccc\Anwendungsdaten\Messenger\Sys (Trojan.Agent.M) -> No action taken. C:\Dokumente und Einstellungen\cccccccc\Anwendungsdaten\PCenter (Rogue.PCenter) -> No action taken. c:\dokumente und einstellungen\cccccc\anwendungsdaten\PCenter\dbases (Rogue.PCenter) -> No action taken. c:\dokumente und einstellungen\ccccccl\anwendungsdaten\PCenter\keys (Rogue.PCenter) -> No action taken. c:\dokumente und einstellungen\ccccc\anwendungsdaten\PCenter\temp (Rogue.PCenter) -> No action taken. Infizierte Dateien: c:\dokumente und einstellungen\administrator\Desktop\Hopsassa.exe (Trojan.Agent) -> No action taken. c:\dokumente und einstellungen\ccccc\anwendungsdaten\messenger\Drivers\Aud32\msgutil83.dll (Adware.Agent) -> No action taken. c:\dokumente und einstellungen\cccccc\anwendungsdaten\messenger\Drivers\conf.sys (Trojan.Agent.M) -> No action taken. c:\dokumente und einstellungen\ccccccc\anwendungsdaten\messenger\Drivers\pub.dll (Trojan.Agent.M) -> No action taken. c:\dokumente und einstellungen\cccccccc\anwendungsdaten\messenger\Drivers\serial.sys (Trojan.Agent.M) -> No action taken. c:\dokumente und einstellungen\cccc\anwendungsdaten\messenger\Drivers\Aud32\smartasf27.exe (Trojan.Agent.M) -> No action taken. c:\dokumente und einstellungen\cccccc\anwendungsdaten\PCenter\dbases\cg.dat (Rogue.PCenter) -> No action taken. c:\dokumente und einstellungen\cccccc\anwendungsdaten\PCenter\dbases\mw.dat (Rogue.PCenter) -> No action taken. c:\dokumente und einstellungen\cccccc\anwendungsdaten\PCenter\dbases\rd.dat (Rogue.PCenter) -> No action taken. c:\dokumente und einstellungen\ccccccccc\anwendungsdaten\PCenter\dbases\sc.dat (Rogue.PCenter) -> No action taken. c:\dokumente und einstellungen\ccccccc\anwendungsdaten\PCenter\dbases\sm.dat (Rogue.PCenter) -> No action taken. c:\dokumente und einstellungen\marcel\anwendungsdaten\PCenter\dbases\sp.dat (Rogue.PCenter) -> No action taken. c:\dokumente und einstellungen\cccc\anwendungsdaten\PCenter\keys\cg.key (Rogue.PCenter) -> No action taken. c:\dokumente und einstellungen\cccccc\anwendungsdaten\PCenter\keys\rd.key (Rogue.PCenter) -> No action taken. c:\dokumente und einstellungen\marcel\anwendungsdaten\PCenter\keys\sc.key (Rogue.PCenter) -> No action taken. c:\dokumente und einstellungen\cccccc\anwendungsdaten\PCenter\keys\sp.key (Rogue.PCenter) -> No action taken. c:\dokumente und einstellungen\cccccccc\anwendungsdaten\PCenter\temp\settings.ini (Rogue.PCenter) -> No action taken. c:\dokumente und einstellungen\ccccccccc\anwendungsdaten\PCenter\temp\spfilter (Rogue.PCenter) -> No action taken. C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> No action taken. C:\WINDOWS\system32\FInstall.sys (Backdoor.Bot) -> No action taken. C:\WINDOWS\system32\wiwow64.exe (Backdoor.Bot) -> No action taken. c:\WINDOWS\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job (Trojan.FakeAlert) -> No action taken. C:\WINDOWS\Tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job (Trojan.Downloader) -> No action taken. C:\WINDOWS\system32\certstore.dat (Trojan.Agent) -> No action taken. C:\WINDOWS\system32\wiawow32.sys (Backdoor.Bot) -> No action taken. |
Hallo, wurde ja einiges nachgeladen, unter anderen auch mehrere Backdoors und einige andere Verseuchungen wie Rogues. Ich kann dir nur das sicherste Empfehlen, dies wäre eine neuinstallation deines Rechners. Gründe hierfür sind: 1. Die menge der Verseuchung 2. ausschlaggebend auch WAS auf deinem PC ist/war 3. Welche Arten von Verseuchungen Hier eine Erklärung zu einem Backdoor: Backdoor ? Wikipedia Das sicherste und auch schnellste wäre eine neuinstallation des PCs. Wie willst du es handhaben? Die Entscheidung liegt bei Dir. PS: entferne die Funde die Malwarebytes fand. |
Hey kann mir bitte jemand helfen? Ich habe keine Ahnung von Pcs. Mein PC startet auch unerwartet neu und ich hab online control und dass startet nicht mehr. Es kommt eine Fehlermeldung: Can't find DLL entry point Shell_NotifyIconA in shell32.dll Dann hab ich mit Hijack so ein Log dings gemacht: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:32:05, on 23.07.2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Programme\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\System32\nvraidservice.exe C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programme\Java\jre1.6.0_07\bin\jusched.exe C:\Programme\Avira\AntiVir Desktop\avgnt.exe C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Google\yifjx15914223.exe C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\WINDOWS\system32\ctfmon.exe C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe C:\Programme\Logitech\SetPoint\SetPoint.exe C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexStoreSvr.exe C:\Programme\Gemeinsame Dateien\Logitech\khalshared\KHALMNPR.EXE C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Programme\Avira\AntiVir Desktop\avguard.exe C:\WINDOWS\System32\wbem\unsecapp.exe C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Dokumente und Einstellungen\Besitzer\Desktop\HijackThis.exe R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.23.0\gears.dll (file missing) O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\System32\nvraidservice.exe O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\RunOnce: [PDUninstall] C:\DOKUME~1\Besitzer\LOKALE~1\Temp\mFrAspF1.bat O4 - HKCU\..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKCU\..\Run: [Steam] "c:\programme\steam\steam.exe" -silent O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Logitech SetPoint.lnk = ? O4 - Global Startup: OnlineControl.lnk = C:\Programme\OnlineControl\ocontrol.exe O8 - Extra context menu item: Easy-WebPrint - Drucken - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint - Vorschau - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.23.0\gears.dll (file missing) O9 - Extra 'Tools' menuitem: &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.23.0\gears.dll (file missing) O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1177171939046 O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin2.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{5AD8D164-26F3-46E1-8B5B-F92903497023}: NameServer = 85.255.112.125;85.255.112.5 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Programme\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: NBService - Nero AG - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe -- End of file - 8134 bytes Was soll ich nun tun? Bitte um Hilfe und verständliche Erklärung :) |
@Eilfele bitte einen eigenen Beitrag eröffnen (oben bei den jeweiligen Foren auf NEUES THEMA) sonst wirds verwirrend ;) |
Recht herzlichen dank Angel21. Ich hatte meinen Pc schon fast aufgegeben :D habe mein PC nun neu aufgesetzt. jetzt habe ich noch eine Frage. Ich glaube das der ganze Mist von der Sicherheitslücke von Adobe stammt. Wie riegel ich mich nun am besten dagegen ab, dass mir so etwas nicht noch einmal passiert. außerdem habe ich als standardeinstellung eTrust Antivirus auf meinem Computer vorinstalliert gehabt. das ist doch schon länger dann nicht mehr aktuell. macht es sinn das programm drauf zu lassen oder sollte ich lieber meine neue version antivir professionell aufzuspielen? Gruß |
Bitteschön keine Ursache :) Man hätte es zwar Bereinigen können, aber Neuaufsetzen ist in dem Fall das sicherste und Beste was man hätte machen können :) Wegen Adobe gibt es eine gute Alternative: Foxit Software - Foxit Reader 3.0 for Windows Spiele lieber die Antivir Professionel Version drauf, ist sicherer als eine alte eTrust Version. Falls noch Fragen sind, die dir einfallen könnten dann kannst du hier diese Fragen stellen, wenn du möchtest. |
danke ;) gibts sowas auch noch für den adobe flash player etwas was sicherer ist? |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 11:02 Uhr. |
Copyright ©2000-2025, Trojaner-Board