Trojaner-Board
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Werde unbekannten Virus nicht los (https://www.trojaner-board.de/77484-unbekannten-virus-los.html)

Maring 15.09.2009 18:46
"BDRegion"=C:\Program Files\Cyberlink\Shared Files\brs.exe [2007-11-16 91432]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2007-10-28 72736]
"LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2007-10-11 62760]
"Google EULA Launcher"=c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe [2008-05-28 20480]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"funkyemoticons"=C:\Program Files\FunkyEmoticons\FunkyEmoticons.exe [2009-08-18 283360]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-09-10 420176]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-21 1233920]
"Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe [2008-02-26 443968]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883840]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2009-09-02 25623336]
"Uniblue RegistryBooster 2"=c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe []
"Uniblue RegistryBooster 2009"=c:\program files\uniblue\registrybooster\StartRegistryBooster.exe []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"!BearShareFFPage"=C:\Program Files\BearShare Applications\BearShare\FFPage.exe [2009-02-17 24576]
"UniblueRegistryBooster"=C:\Program Files\Uniblue\RegistryBooster 2009\launcher.exe delay 20000 []

C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OSD.lnk - C:\Users\User\AppData\Roaming\Microsoft\Installer\{73289228-1853-4623-982A-EB17FF0270CA}\_4D3FC276DECE661B01DFEC.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2009-09-15 17:59:10 ----D---- C:\rsit
2009-09-15 17:59:10 ----D---- C:\Program Files\trend micro
2009-09-15 17:57:12 ----D---- C:\Users\User\AppData\Roaming\Malwarebytes
2009-09-15 17:57:05 ----D---- C:\ProgramData\Malwarebytes
2009-09-15 17:57:04 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-09-15 17:50:51 ----D---- C:\Program Files\Common Files\PC Tools
2009-09-15 17:50:46 ----D---- C:\Users\User\AppData\Roaming\PC Tools
2009-09-15 17:50:46 ----D---- C:\ProgramData\PC Tools
2009-09-15 17:50:46 ----D---- C:\Program Files\Spyware Doctor
2009-09-15 17:50:34 ----AD---- C:\ProgramData\TEMP
2009-09-15 01:18:28 ----D---- C:\ProgramData\Avira
2009-09-15 01:18:28 ----D---- C:\Program Files\Avira
2009-09-15 00:54:38 ----D---- C:\Program Files\QUAD Utilities
2009-09-15 00:46:13 ----D---- C:\Users\User\AppData\Roaming\Registry Booster
2009-09-15 00:35:37 ----D---- C:\Users\User\AppData\Roaming\Uniblue
2009-09-12 20:42:18 ----A---- C:\Windows\system32\jscript.dll
2009-09-11 21:56:24 ----A---- C:\Windows\system32\occache.dll
2009-09-11 21:56:24 ----A---- C:\Windows\system32\msfeeds.dll
2009-09-11 21:56:24 ----A---- C:\Windows\system32\jsproxy.dll
2009-09-11 21:56:24 ----A---- C:\Windows\system32\iepeers.dll
2009-09-11 21:56:23 ----A---- C:\Windows\system32\wininet.dll
2009-09-11 21:56:23 ----A---- C:\Windows\system32\msfeedssync.exe
2009-09-11 21:56:23 ----A---- C:\Windows\system32\msfeedsbs.dll
2009-09-11 21:56:23 ----A---- C:\Windows\system32\ieui.dll
2009-09-11 21:56:23 ----A---- C:\Windows\system32\iesetup.dll
2009-09-11 21:56:23 ----A---- C:\Windows\system32\iertutil.dll
2009-09-11 21:56:23 ----A---- C:\Windows\system32\iernonce.dll
2009-09-11 21:56:23 ----A---- C:\Windows\system32\ie4uinit.exe
2009-09-11 21:56:22 ----A---- C:\Windows\system32\urlmon.dll
2009-09-11 21:56:22 ----A---- C:\Windows\system32\ieUnatt.exe
2009-09-11 21:56:22 ----A---- C:\Windows\system32\iesysprep.dll
2009-09-11 21:56:22 ----A---- C:\Windows\system32\iedkcs32.dll
2009-09-11 21:56:21 ----A---- C:\Windows\system32\mshtml.dll
2009-09-11 21:56:21 ----A---- C:\Windows\system32\ieframe.dll
2009-09-11 21:55:02 ----A---- C:\Windows\system32\msls31.dll
2009-09-11 21:55:02 ----A---- C:\Windows\system32\mshtmler.dll
2009-09-11 21:55:02 ----A---- C:\Windows\system32\mshtmled.dll
2009-09-11 21:55:02 ----A---- C:\Windows\system32\imgutil.dll
2009-09-11 21:55:02 ----A---- C:\Windows\system32\ieakeng.dll
2009-09-11 21:55:02 ----A---- C:\Windows\system32\icardie.dll
2009-09-11 21:55:02 ----A---- C:\Windows\system32\corpol.dll
2009-09-11 21:55:02 ----A---- C:\Windows\system32\admparse.dll
2009-09-11 21:55:01 ----A---- C:\Windows\system32\msrating.dll
2009-09-11 21:55:01 ----A---- C:\Windows\system32\licmgr10.dll
2009-09-11 21:55:01 ----A---- C:\Windows\system32\inseng.dll
2009-09-11 21:55:01 ----A---- C:\Windows\system32\ieaksie.dll
2009-09-11 21:55:01 ----A---- C:\Windows\system32\dxtrans.dll
2009-09-11 21:55:01 ----A---- C:\Windows\system32\dxtmsft.dll
2009-09-11 21:55:00 ----A---- C:\Windows\system32\WinFXDocObj.exe
2009-09-11 21:55:00 ----A---- C:\Windows\system32\wextract.exe
2009-09-11 21:55:00 ----A---- C:\Windows\system32\webcheck.dll
2009-09-11 21:55:00 ----A---- C:\Windows\system32\pngfilt.dll
2009-09-11 21:55:00 ----A---- C:\Windows\system32\mstime.dll
2009-09-11 21:55:00 ----A---- C:\Windows\system32\ieapfltr.dll
2009-09-11 21:55:00 ----A---- C:\Windows\system32\ieakui.dll
2009-09-11 21:55:00 ----A---- C:\Windows\system32\advpack.dll
2009-09-11 21:54:59 ----A---- C:\Windows\system32\vbscript.dll
2009-09-11 21:54:59 ----A---- C:\Windows\system32\url.dll
2009-09-11 21:54:58 ----A---- C:\Windows\system32\SetIEInstalledDate.exe
2009-09-11 21:54:58 ----A---- C:\Windows\system32\SetDepNx.exe
2009-09-11 21:54:58 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2009-09-11 21:54:58 ----A---- C:\Windows\system32\PDMSetup.exe
2009-09-11 21:54:58 ----A---- C:\Windows\system32\mshta.exe
2009-09-11 21:54:58 ----A---- C:\Windows\system32\iexpress.exe
2009-09-09 12:35:06 ----D---- C:\Users\User\AppData\Roaming\FunkyEmoticons
2009-09-09 12:34:22 ----D---- C:\Program Files\FunkyEmoticons
2009-09-09 10:40:36 ----A---- C:\Windows\system32\TCPSVCS.EXE
2009-09-09 10:40:36 ----A---- C:\Windows\system32\ROUTE.EXE
2009-09-09 10:40:36 ----A---- C:\Windows\system32\NETSTAT.EXE
2009-09-09 10:40:36 ----A---- C:\Windows\system32\netiohlp.dll
2009-09-09 10:40:36 ----A---- C:\Windows\system32\MRINFO.EXE
2009-09-09 10:40:36 ----A---- C:\Windows\system32\HOSTNAME.EXE
2009-09-09 10:40:36 ----A---- C:\Windows\system32\finger.exe
2009-09-09 10:40:36 ----A---- C:\Windows\system32\ARP.EXE
2009-09-09 10:40:35 ----A---- C:\Windows\system32\netevent.dll
2009-09-09 10:40:24 ----A---- C:\Windows\system32\wlansvc.dll
2009-09-09 10:40:24 ----A---- C:\Windows\system32\wlansec.dll
2009-09-09 10:40:24 ----A---- C:\Windows\system32\wlanmsm.dll
2009-09-09 10:40:24 ----A---- C:\Windows\system32\L2SecHC.dll
2009-09-09 10:40:17 ----A---- C:\Windows\system32\WMVCORE.DLL
2009-09-09 10:40:17 ----A---- C:\Windows\system32\mf.dll
2009-09-05 21:12:32 ----D---- C:\Program Files\epson
2009-09-05 20:54:41 ----D---- C:\ProgramData\EPSON
2009-09-05 20:54:18 ----A---- C:\Windows\system32\E_DCINST.DLL
2009-09-05 20:54:16 ----A---- C:\Windows\system32\E_FLBCEE.DLL
2009-09-05 20:54:15 ----A---- C:\Windows\system32\E_FD4BCEE.DLL
2009-09-05 20:52:46 ----A---- C:\Windows\system32\escwiad.dll
2009-09-04 21:26:35 ----D---- C:\Program Files\divx
2009-09-04 18:47:59 ----D---- C:\Program Files\Common Files\Skype
2009-09-04 18:47:58 ----RD---- C:\Program Files\Skype
2009-09-04 18:47:55 ----D---- C:\ProgramData\Skype
2009-09-03 15:32:10 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2009-09-03 15:32:10 ----A---- C:\Windows\system32\Apphlpdm.dll
2009-09-01 10:16:18 ----A---- C:\Windows\system32\tzres.dll
2009-09-01 10:02:53 ----A---- C:\Windows\system32\msshooks.dll
2009-09-01 10:02:53 ----A---- C:\Windows\system32\msscb.dll
2009-09-01 10:02:52 ----A---- C:\Windows\system32\wsepno.dll
2009-09-01 10:02:52 ----A---- C:\Windows\system32\thawbrkr.dll
2009-09-01 10:02:52 ----A---- C:\Windows\system32\srchadmin.dll
2009-09-01 10:02:52 ----A---- C:\Windows\system32\SearchFilterHost.exe
2009-09-01 10:02:52 ----A---- C:\Windows\system32\rtffilt.dll
2009-09-01 10:02:52 ----A---- C:\Windows\system32\propsys.dll
2009-09-01 10:02:52 ----A---- C:\Windows\system32\propdefs.dll
2009-09-01 10:02:52 ----A---- C:\Windows\system32\offfilt.dll
2009-09-01 10:02:52 ----A---- C:\Windows\system32\msstrc.dll
2009-09-01 10:02:52 ----A---- C:\Windows\system32\mssprxy.dll
2009-09-01 10:02:52 ----A---- C:\Windows\system32\mssitlb.dll
2009-09-01 10:02:52 ----A---- C:\Windows\system32\msshsq.dll
2009-09-01 10:02:52 ----A---- C:\Windows\system32\mimefilt.dll
2009-09-01 10:02:52 ----A---- C:\Windows\system32\korwbrkr.dll
2009-09-01 10:02:51 ----A---- C:\Windows\system32\xmlfilter.dll
2009-09-01 10:02:51 ----A---- C:\Windows\system32\tquery.dll
2009-09-01 10:02:51 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2009-09-01 10:02:51 ----A---- C:\Windows\system32\SearchIndexer.exe
2009-09-01 10:02:51 ----A---- C:\Windows\system32\nlhtml.dll
2009-09-01 10:02:51 ----A---- C:\Windows\system32\mssvp.dll
2009-09-01 10:02:51 ----A---- C:\Windows\system32\mssrch.dll
2009-09-01 10:02:51 ----A---- C:\Windows\system32\mssphtb.dll
2009-09-01 10:02:51 ----A---- C:\Windows\system32\mssph.dll
2009-09-01 10:02:51 ----A---- C:\Windows\system32\msscntrs.dll
2009-09-01 10:02:51 ----A---- C:\Windows\system32\chtbrkr.dll
2009-09-01 10:02:51 ----A---- C:\Windows\system32\chsbrkr.dll
2009-09-01 09:43:32 ----A---- C:\Windows\system32\infocardapi.dll
2009-09-01 09:43:31 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-09-01 09:43:30 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2009-09-01 09:43:30 ----A---- C:\Windows\system32\icardres.dll
2009-09-01 09:43:30 ----A---- C:\Windows\system32\icardagt.exe
2009-09-01 09:43:28 ----A---- C:\Windows\system32\PresentationNative_v0300.dll
2009-09-01 09:43:27 ----A---- C:\Windows\system32\PresentationHost.exe
2009-09-01 09:38:13 ----A---- C:\Windows\system32\dfshim.dll
2009-09-01 09:38:12 ----A---- C:\Windows\system32\mscoree.dll
2009-09-01 09:38:11 ----A---- C:\Windows\system32\netfxperf.dll
2009-09-01 09:38:06 ----A---- C:\Windows\system32\mscorier.dll
2009-09-01 09:38:04 ----A---- C:\Windows\system32\mscories.dll
2009-09-01 09:37:11 ----D---- C:\Program Files\MSXML 4.0
2009-08-31 22:42:41 ----A---- C:\Windows\system32\EncDec.dll
2009-08-31 22:42:39 ----A---- C:\Windows\system32\psisdecd.dll
2009-08-31 22:42:30 ----A---- C:\Windows\system32\NlsLexicons0007.dll
2009-08-31 22:42:27 ----A---- C:\Windows\system32\NlsLexicons0009.dll
2009-08-31 22:42:19 ----A---- C:\Windows\system32\NaturalLanguage6.dll
2009-08-31 22:38:26 ----D---- C:\Program Files\Camtech
2009-08-31 22:38:26 ----A---- C:\Windows\system32\zip32.dll
2009-08-31 22:38:26 ----A---- C:\Windows\system32\Unzip32.dll
2009-08-31 22:08:19 ----D---- C:\Program Files\BearShare Applications
2009-08-31 20:52:41 ----D---- C:\desktop
2009-08-31 20:38:19 ----A---- C:\Windows\system32\wdigest.dll
2009-08-31 20:38:19 ----A---- C:\Windows\system32\secur32.dll
2009-08-31 20:38:19 ----A---- C:\Windows\system32\schannel.dll
2009-08-31 20:38:19 ----A---- C:\Windows\system32\msv1_0.dll
2009-08-31 20:38:19 ----A---- C:\Windows\system32\lsass.exe
2009-08-31 20:38:19 ----A---- C:\Windows\system32\lsasrv.dll
2009-08-31 20:38:19 ----A---- C:\Windows\system32\kerberos.dll
2009-08-31 20:37:37 ----A---- C:\Windows\system32\kernel32.dll
2009-08-31 20:37:37 ----A---- C:\Windows\system32\apilogen.dll
2009-08-31 20:37:37 ----A---- C:\Windows\system32\amxread.dll
2009-08-31 20:37:14 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2009-08-31 20:37:14 ----A---- C:\Windows\system32\WindowsCodecs.dll
2009-08-31 20:37:14 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2009-08-31 20:36:45 ----A---- C:\Windows\system32\IPSECSVC.DLL
2009-08-31 20:36:41 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2009-08-31 20:36:33 ----A---- C:\Windows\system32\t2embed.dll
2009-08-31 20:36:33 ----A---- C:\Windows\system32\fontsub.dll
2009-08-31 20:36:33 ----A---- C:\Windows\system32\dciman32.dll
2009-08-31 20:36:33 ----A---- C:\Windows\system32\atmfd.dll
2009-08-31 20:36:24 ----A---- C:\Windows\system32\winhttp.dll
2009-08-31 20:36:21 ----A---- C:\Windows\system32\atl.dll
2009-08-31 20:36:14 ----A---- C:\Windows\system32\gdi32.dll
2009-08-31 20:36:04 ----A---- C:\Windows\system32\xolehlp.dll
2009-08-31 20:36:04 ----A---- C:\Windows\system32\msdtcprx.dll
2009-08-31 20:36:01 ----A---- C:\Windows\system32\wkssvc.dll
2009-08-31 20:35:54 ----A---- C:\Windows\system32\mstscax.dll
2009-08-31 20:35:47 ----A---- C:\Windows\system32\es.dll
2009-08-31 20:34:49 ----A---- C:\Windows\system32\wmpeffects.dll
2009-08-31 20:34:47 ----A---- C:\Windows\system32\msxml3.dll
2009-08-31 20:34:45 ----A---- C:\Windows\system32\netapi32.dll
2009-08-31 20:34:42 ----A---- C:\Windows\system32\shell32.dll
2009-08-31 20:34:18 ----A---- C:\Windows\system32\localspl.dll
2009-08-31 20:34:07 ----A---- C:\Windows\system32\avifil32.dll
2009-08-31 20:33:58 ----A---- C:\Windows\explorer.exe
2009-08-31 20:33:52 ----A---- C:\Windows\system32\sdohlp.dll
2009-08-31 20:33:52 ----A---- C:\Windows\system32\rpcss.dll
2009-08-31 20:33:52 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2009-08-31 20:33:52 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2009-08-31 20:33:52 ----A---- C:\Windows\system32\ntoskrnl.exe
2009-08-31 20:33:52 ----A---- C:\Windows\system32\ntkrnlpa.exe
2009-08-31 20:33:52 ----A---- C:\Windows\system32\iasrecst.dll
2009-08-31 20:33:52 ----A---- C:\Windows\system32\iashost.exe
2009-08-31 20:33:52 ----A---- C:\Windows\system32\iasdatastore.dll
2009-08-31 20:33:52 ----A---- C:\Windows\system32\iasads.dll
2009-08-31 12:18:46 ----A---- C:\Windows\system32\wersvc.dll
2009-08-31 12:18:46 ----A---- C:\Windows\system32\Faultrep.dll
2009-08-31 12:18:45 ----A---- C:\Windows\system32\win32spl.dll
2009-08-31 12:18:44 ----A---- C:\Windows\system32\emdmgmt.dll
2009-08-31 12:18:44 ----A---- C:\Windows\system32\dataclen.dll
2009-08-31 12:18:44 ----A---- C:\Windows\system32\cdd.dll
2009-08-31 12:18:41 ----A---- C:\Windows\system32\wmpdxm.dll
2009-08-31 12:18:41 ----A---- C:\Windows\system32\wmp.dll
2009-08-31 12:18:40 ----A---- C:\Windows\system32\spwmp.dll
2009-08-31 12:18:40 ----A---- C:\Windows\system32\dxmasf.dll
2009-08-31 12:18:39 ----A---- C:\Windows\system32\wmploc.DLL
2009-08-31 12:17:38 ----A---- C:\Windows\system32\WMNetMgr.dll
2009-08-31 12:17:38 ----A---- C:\Windows\system32\logagent.exe
2009-08-31 12:16:58 ----A---- C:\Windows\system32\wshext.dll
2009-08-31 12:16:58 ----A---- C:\Windows\system32\wscript.exe
2009-08-31 12:16:58 ----A---- C:\Windows\system32\scrrun.dll
2009-08-31 12:16:58 ----A---- C:\Windows\system32\scrobj.dll
2009-08-31 12:16:58 ----A---- C:\Windows\system32\cscript.exe
2009-08-31 12:16:57 ----A---- C:\Windows\system32\inetcomm.dll
2009-08-31 12:16:55 ----A---- C:\Windows\system32\connect.dll
2009-08-31 12:16:54 ----A---- C:\Windows\system32\rpcrt4.dll
2009-08-31 12:04:44 ----A---- C:\Windows\system32\msxml6.dll
2009-08-31 12:01:30 ----D---- C:\Program Files\Microsoft
2009-08-31 12:01:15 ----D---- C:\Program Files\DVDVideoSoft
2009-08-31 12:01:15 ----D---- C:\Program Files\Common Files\DVDVideoSoft
2009-08-31 12:01:06 ----D---- C:\Program Files\Windows Live SkyDrive
2009-08-31 12:00:44 ----D---- C:\Program Files\Windows Live
2009-08-31 11:58:21 ----D---- C:\Program Files\Common Files\Windows Live
2009-08-31 11:52:36 ----D---- C:\Users\User\AppData\Roaming\Mozilla
2009-08-31 11:52:24 ----D---- C:\Program Files\Mozilla Firefox
2009-08-31 11:44:36 ----A---- C:\Windows\system32\wups2.dll
2009-08-31 11:44:36 ----A---- C:\Windows\system32\wucltux.dll
2009-08-31 11:44:36 ----A---- C:\Windows\system32\wuaueng.dll
2009-08-31 11:44:36 ----A---- C:\Windows\system32\wuauclt.exe
2009-08-31 11:44:25 ----A---- C:\Windows\system32\wups.dll
2009-08-31 11:44:25 ----A---- C:\Windows\system32\wudriver.dll
2009-08-31 11:44:25 ----A---- C:\Windows\system32\wuapi.dll
2009-08-31 11:44:19 ----A---- C:\Windows\system32\wuwebv.dll
2009-08-31 11:44:19 ----A---- C:\Windows\system32\wuapp.exe
2009-08-29 09:51:06 ----SHD---- C:\Windows\ftpcache
2009-08-26 23:27:39 ----D---- C:\Users\User\AppData\Roaming\Adobe
2009-08-25 23:20:01 ----D---- C:\Users\User\AppData\Roaming\CyberLink
2009-08-25 23:19:50 ----D---- C:\Users\User\AppData\Roaming\Google
2009-08-25 20:34:23 ----D---- C:\Users\User\AppData\Roaming\Macromedia
2009-08-20 18:22:49 ----D---- C:\ProgramData\HDBR31

Maring 15.09.2009 18:48
======List of files/folders modified in the last 1 months======

2009-09-15 19:42:41 ----D---- C:\Windows\Temp
2009-09-15 18:12:50 ----D---- C:\Windows\System32
2009-09-15 18:12:50 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-09-15 18:12:49 ----D---- C:\Windows\inf
2009-09-15 18:07:35 ----RSD---- C:\Windows\assembly
2009-09-15 18:07:23 ----D---- C:\Windows\system32\drivers
2009-09-15 18:06:19 ----D---- C:\Program Files\Norman
2009-09-15 18:06:10 ----HD---- C:\ProgramData
2009-09-15 17:59:10 ----RD---- C:\Program Files
2009-09-15 17:50:51 ----D---- C:\Program Files\Common Files
2009-09-15 16:28:46 ----SHD---- C:\Windows\Installer
2009-09-15 01:18:42 ----SD---- C:\Windows\Downloaded Program Files
2009-09-15 01:16:56 ----SHD---- C:\System Volume Information
2009-09-15 01:16:31 ----D---- C:\Windows\winsxs
2009-09-15 01:15:51 ----D---- C:\Program Files\Common Files\microsoft shared
2009-09-15 01:04:52 ----SD---- C:\ProgramData\Microsoft
2009-09-15 00:54:45 ----D---- C:\Windows
2009-09-15 00:54:40 ----D---- C:\Windows\system32\Tasks
2009-09-14 01:19:02 ----D---- C:\Windows\system32\catroot2
2009-09-13 03:16:24 ----D---- C:\ProgramData\Microsoft Help
2009-09-12 20:42:01 ----D---- C:\Windows\system32\catroot
2009-09-11 22:32:58 ----D---- C:\Windows\rescache
2009-09-11 22:15:22 ----D---- C:\Windows\system32\migration
2009-09-11 22:15:22 ----D---- C:\Windows\system32\de-DE
2009-09-11 22:15:22 ----D---- C:\Program Files\Internet Explorer
2009-09-11 22:15:21 ----D---- C:\Windows\system32\en-US
2009-09-11 22:15:21 ----D---- C:\Windows\PolicyDefinitions
2009-09-11 21:57:58 ----D---- C:\Windows\Debug
2009-09-11 21:52:15 ----RSD---- C:\Windows\Fonts
2009-09-11 17:15:04 ----D---- C:\Windows\Prefetch
2009-09-11 03:04:01 ----D---- C:\Program Files\Windows Mail
2009-09-10 20:31:36 ----D---- C:\Windows\ehome
2009-09-08 20:40:14 ----D---- C:\Big Fish Games
2009-09-05 20:53:11 ----D---- C:\Windows\twain_32
2009-09-04 23:06:53 ----D---- C:\Windows\AppPatch
2009-09-04 19:29:50 ----D---- C:\Windows\Microsoft.NET
2009-09-01 10:18:32 ----D---- C:\Windows\system32\wbem
2009-09-01 10:18:31 ----D---- C:\Windows\system32\manifeststore
2009-09-01 10:18:30 ----D---- C:\Program Files\Windows Media Player
2009-09-01 10:18:28 ----D---- C:\Windows\system32\XPSViewer
2009-09-01 10:12:56 ----D---- C:\Program Files\Microsoft Works
2009-09-01 09:37:00 ----D---- C:\Windows\SoftwareDistribution
2009-08-31 21:17:25 ----D---- C:\Program Files\Common Files\Adobe
2009-08-31 21:17:22 ----D---- C:\ProgramData\Adobe
2009-08-31 21:17:18 ----D---- C:\Program Files\Adobe
2009-08-31 12:02:30 ----SD---- C:\Users\User\AppData\Roaming\Microsoft
2009-08-28 14:38:22 ----A---- C:\Windows\system32\mrt.exe
2009-08-28 09:37:25 ----SHD---- C:\$Recycle.Bin
2009-08-28 09:36:54 ----RD---- C:\Users
2009-08-28 09:34:22 ----D---- C:\Windows\system32\WDI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [2009-02-13 11608]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 NGS;Norman General Security Driver; \??\c:\program files\norman\ngs\bin\ngs.sys [2009-02-11 22712]
R1 NPROSEC;Norman Security driver; \??\C:\Program Files\Norman\Ngs\Bin\nprosec.sys [2009-04-21 53816]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B}; \??\C:\Program Files\CyberLink\PowerDVD\000.fcl [2007-11-03 41456]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2009-07-28 55656]
R2 Ndiskio;Ndiskio; \??\C:\Program Files\Norman\Nse\bin\NDISKIO.SYS [2007-01-02 20448]
R3 CmBatt;Treiber für Microsoft-ACPI-Kontrollmethodenkompatible Batterie; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208]
R3 GpdDevDPort;GpdDevDPort; \??\C:\Windows\system32\directport.sys [2007-11-21 7168]
R3 GpdKbFilter;GpdKbFilter; \??\C:\Windows\system32\kbfiltr.sys [2008-03-31 8192]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-04-25 2126688]
R3 NETw5v32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows Vista 32-Bit; C:\Windows\system32\DRIVERS\NETw5v32.sys [2008-05-01 3660800]
R3 NvcMFlt;NvcMFlt; C:\Windows\system32\DRIVERS\nvcv32mf.sys [2009-01-22 19512]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-05-23 7494976]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-12-28 104448]
S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 usbaudio;USB-Audiotreiber (WDM); C:\Windows\system32\drivers\usbaudio.sys [2008-01-21 73088]
S3 usbscan;USB-Scannertreiber; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328]
S3 usbvideo;USB-Videogerät (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 ahcix86s;ahcix86s; C:\Windows\system32\drivers\ahcix86s.sys [2007-12-19 170000]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 iaStor;Intel AHCI Controller; C:\Windows\system32\drivers\iastor.sys [2007-09-30 308248]
S4 JRAID;JRAID; C:\Windows\system32\drivers\jraid.sys [2008-04-03 76688]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2008-01-21 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]
R2 eLoggerSvc6;Norman eLogger service 6; C:\Program Files\Norman\Npm\Bin\Elogsvc.exe [2007-11-21 150584]
R2 FSCLBaseUpdaterService;FSCLBaseUpdaterService; C:\Program Files\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe [2007-06-04 65536]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-04-29 877864]
R2 Norman ZANDA;Norman ZANDA; C:\Program Files\Norman\Npm\Bin\Zanda.exe [2009-02-25 408696]
R2 NPROSECSVC;Norman Security service; C:\Program Files\Norman\Ngs\Bin\Nprosec.exe [2009-02-25 121912]
R2 NVOY;Norman Resource Provider; C:\Program Files\Norman\npm\bin\nvoy.exe [2009-01-20 126008]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-05-23 196608]
R2 OsdService;OSD Service; C:\Program Files\OEM\OSD_1.12\OsdService.exe [2008-02-22 94208]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [2006-12-19 81920]
R2 TestHandler;Fujitsu Siemens Computers Diagnostic Testhandler; C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe [2008-04-25 303104]
R3 Norman NJeeves;Norman NJeeves; C:\Program Files\Norman\Npm\bin\NJEEVES.EXE [2009-04-17 274392]
R3 NPC;Norman Parental Control; C:\Program Files\Norman\npc\bin\npcsvc32.exe [2008-04-17 416880]
R3 nsesvc;Norman Scanner Engine Service; C:\Program Files\Norman\Nse\bin\NSESVC.EXE [2009-05-19 310328]
R3 NUAA;Norman User Activity Agent; C:\Program Files\Norman\npc\bin\nuaa.exe [2009-03-24 121912]
R3 nvcoas;Norman Virus Control on-access component; C:\Program Files\Norman\Nvc\bin\nvcoas.exe [2009-04-28 195640]
R3 Scheduler;Norman Scheduler Service; C:\Program Files\Norman\Npm\Bin\scheduler.exe [2009-03-17 130104]
S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2009-05-22 29744]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-22 138168]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-02-28 529704]
S3 NVCScheduler;Norman Virus Control Scheduler; C:\Program Files\Norman\Npm\bin\NVCSCHED.EXE []
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2009-01-07 348752]
S3 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2009-07-22 1097096]

-----------------EOF-----------------

john.doe 15.09.2009 18:56
:o Da ist aber Einiges im Argen.

1.) Deinstalliere:
  • Google Toolbar for Internet Explorer
  • Windows Live Anmelde-Assistent
  • Norman Security Suite
  • Adobe Reader 8.1.3 - Deutsch
  • BearShare
  • MediaBar 2.0
  • Google Desktop (es sei denn, er wurde freiwillig installiert)
  • Favorit
  • Spyware Doctor 6.1
2.) Installiere (Toolbars immer abwählen, Haken weg):3.) Poste ein neues HJT-Log.

ciao, andreas

Maring 15.09.2009 19:16
also bis auf "Favorit" konnte ich alles deinstallieren (weis auch nicht wieso "Favorit" nicht ging)

Logfile of HijackThis v1.99.1
Scan saved at 20:15:04, on 15.09.2009
Platform: Unknown Windows (WinNT 6.00.1905 SP1)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\CyberLink\Shared Files\brs.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Google\Google EULA\GoogleEULALauncher.exe
C:\Program Files\FunkyEmoticons\FunkyEmoticons.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATICEE.EXE
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Jana Maring Inday\AppData\Local\Temp\Temp2_hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.explorerstartpage.com/wspage.php?ver=v8notr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O1 - Hosts: ::1 localhost
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: (no name) - {ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a} - (no file)
O3 - Toolbar: Foxit Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [FSCRecovery] c:\Program Files\Fujitsu Siemens Computers\Fujitsu Siemens Computers Recovery\FSCRecoveryReminder.exe
O4 - HKLM\..\Run: [NPCTray] C:\Program Files\Norman\npc\bin\npc_tray.exe /LOAD
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe IE PA
O4 - HKLM\..\Run: [funkyemoticons] C:\Program Files\FunkyEmoticons\FunkyEmoticons.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [EPSON Stylus DX8400 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE /FU "C:\Windows\TEMP\E_S390A.tmp" /EF "HKCU"
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International
O13 - Gopher Prefix:
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E84708E0-B0D5-4420-887F-696F04AB8761}: NameServer = 213.191.92.87 62.109.123.6
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: FSCLBaseUpdaterService - Unknown owner - C:\Program Files\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe
O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: OSD Service (OsdService) - TODO: <????> - C:\Program Files\OEM\OSD_1.12\OsdService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

Maring 15.09.2009 19:18
hätte nicht gedacht dass ich so viele Fehler habe :)

danke ;)

john.doe 15.09.2009 19:30
Zitat:
also bis auf "Favorit" konnte ich alles deinstallieren (weis auch nicht wieso "Favorit" nicht ging)
Im HJT-Log ist zwar nichts mehr zu sehen, aber arbeite sicherheitshalber diese Anleitung ab => http://www.trojaner-board.de/69713-e...navipromo.html (nur der letzte Schritt)

Hinweis an Vista-Benutzer: Alle Programme mit Mausklick rechts => Ausführen als Administrator starten.

1.) Deinstalliere die Foxit-Toolbar.

2.) Schreibe einhundertmal an die Tafel: Ich werde keine Toolbars mehr installieren! :aufsmaul:

3.) Lade dir die aktuelle HJT-Version.

4.) Wische die Tafel wieder ab und schreibe einhundertmal: Ich werde nie wieder mit veralteten Programmversionen arbeiten! :aufsmaul:

5.) Norman | Uninstall Norman Virus Control

6.) Starte HJT => Do a system scan only => Markiere:
Code:
Alle R0, R1, O2, O3, O9 und O16-Einträge
O4 - HKLM\..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe IE PA
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
=> Fix checked => Starte den Rechner neu => Poste ein neues HJT-Log

ciao, andreas

Maring 15.09.2009 19:54
okay ich habs 100 mal (insgesamt 200 mal ^^) auf die tafel geschrieben und mir hinter die ohren geschrieben :) undgemerkt ;)

hab rechner neu gestartet und das ist das ergebnis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:51:16, on 15.09.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\CyberLink\Shared Files\brs.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Google\Google EULA\GoogleEULALauncher.exe
C:\Program Files\FunkyEmoticons\FunkyEmoticons.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATICEE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Jana Maring Inday\Downloads\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: (no name) - {ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [FSCRecovery] c:\Program Files\Fujitsu Siemens Computers\Fujitsu Siemens Computers Recovery\FSCRecoveryReminder.exe
O4 - HKLM\..\Run: [NPCTray] C:\Program Files\Norman\npc\bin\npc_tray.exe /LOAD
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe IE PA
O4 - HKLM\..\Run: [funkyemoticons] C:\Program Files\FunkyEmoticons\FunkyEmoticons.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [EPSON Stylus DX8400 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE /FU "C:\Windows\TEMP\E_S390A.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [fsc-reg] C:\ProgramData\fsc-reg\fscreg.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E84708E0-B0D5-4420-887F-696F04AB8761}: NameServer = 213.191.92.87 62.109.123.6
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: FSCLBaseUpdaterService - Unknown owner - C:\Program Files\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: OSD Service (OsdService) - TODO: <????> - C:\Program Files\OEM\OSD_1.12\OsdService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe

--
End of file - 5781 bytes


ist das besser ??? bitte nicht schimpfen :) ^^

john.doe 15.09.2009 20:05
Zitat:
ist das besser ??? bitte nicht schimpfen
Viel besser. http://www.cosgan.de/images/smilie/liebe/n020.gif

Vista ist toll. :)

1.) http://www.trojaner-board.de/72647-b...ktivieren.html

2.) Systemwiederherstellung deaktivieren

3.) Mausklick rechts auf HJT => Ausführen als Administrator => Do a system scan only => Markiere:
Code:
Alle R0, R1, O2, O3, O9 und O16-Einträge
O4 - HKLM\..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe IE PA
O4 - HKUS\S-1-5-18\..\Run: [fsc-reg] C:\ProgramData\fsc-reg\fscreg.exe (User 'SYSTEM')
=> Fix checked => Neustart => Neues HJT-Log posten.

4.) Aktiviere die Systemwiederherstellung.

5.) Aktiviere die Benutzerkontensteuerung.

ciao, andreas

Maring 15.09.2009 20:24
das freut mich dass ich keine schimpfe kriege ^^

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:23:27, on 15.09.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\CyberLink\Shared Files\brs.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Google\Google EULA\GoogleEULALauncher.exe
C:\Program Files\FunkyEmoticons\FunkyEmoticons.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATICEE.EXE
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Jana Maring Inday\Downloads\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: (no name) - {ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [FSCRecovery] c:\Program Files\Fujitsu Siemens Computers\Fujitsu Siemens Computers Recovery\FSCRecoveryReminder.exe
O4 - HKLM\..\Run: [NPCTray] C:\Program Files\Norman\npc\bin\npc_tray.exe /LOAD
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe IE PA
O4 - HKLM\..\Run: [funkyemoticons] C:\Program Files\FunkyEmoticons\FunkyEmoticons.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [EPSON Stylus DX8400 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE /FU "C:\Windows\TEMP\E_S390A.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [fsc-reg] C:\ProgramData\fsc-reg\fscreg.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E84708E0-B0D5-4420-887F-696F04AB8761}: NameServer = 213.191.92.87 62.109.123.6
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: FSCLBaseUpdaterService - Unknown owner - C:\Program Files\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: OSD Service (OsdService) - TODO: <????> - C:\Program Files\OEM\OSD_1.12\OsdService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe

--
End of file - 5832 bytes

john.doe 15.09.2009 20:33
Jetzt darfst du mit mir schimpfen. Ich habe da etwas übersehen, das recht neu zu sein scheint. Bitte deinstalliere noch:
  • Funky Emoticons

Bitte in Zukunft vorsichtiger mit Downloads und Installationen sein. Grundsätzlich davon ausgehen, dass alles schädlich sein kann, dass du dir lädtst.

Start => Ausführen => cmd [Strg][Shift][Enter]
Code:
sc stop gusvc [Enter]
sc delete gusvc [Enter]
exit [Enter]
Du bist entlassen. :)

ciao, andreas

Maring 15.09.2009 21:10
okay ich merks mir... aber meine schwester ist auch schuld... ^^
ne ne ich nehm alles auf mich ^^

vielen vielen vielen lieben dank dir !!!!!!
;)

grüße maring


Alle Zeitangaben in WEZ +1. Es ist jetzt 11:03 Uhr.
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131