Trojaner-Board
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Werde unbekannten Virus nicht los (https://www.trojaner-board.de/77484-unbekannten-virus-los.html)

Maring 15.09.2009 18:46
"BDRegion"=C:\Program Files\Cyberlink\Shared Files\brs.exe [2007-11-16 91432]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2007-10-28 72736]
"LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2007-10-11 62760]
"Google EULA Launcher"=c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe [2008-05-28 20480]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"funkyemoticons"=C:\Program Files\FunkyEmoticons\FunkyEmoticons.exe [2009-08-18 283360]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-09-10 420176]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-21 1233920]
"Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe [2008-02-26 443968]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883840]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2009-09-02 25623336]
"Uniblue RegistryBooster 2"=c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe []
"Uniblue RegistryBooster 2009"=c:\program files\uniblue\registrybooster\StartRegistryBooster.exe []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"!BearShareFFPage"=C:\Program Files\BearShare Applications\BearShare\FFPage.exe [2009-02-17 24576]
"UniblueRegistryBooster"=C:\Program Files\Uniblue\RegistryBooster 2009\launcher.exe delay 20000 []

C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OSD.lnk - C:\Users\User\AppData\Roaming\Microsoft\Installer\{73289228-1853-4623-982A-EB17FF0270CA}\_4D3FC276DECE661B01DFEC.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2009-09-15 17:59:10 ----D---- C:\rsit
2009-09-15 17:59:10 ----D---- C:\Program Files\trend micro
2009-09-15 17:57:12 ----D---- C:\Users\User\AppData\Roaming\Malwarebytes
2009-09-15 17:57:05 ----D---- C:\ProgramData\Malwarebytes
2009-09-15 17:57:04 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-09-15 17:50:51 ----D---- C:\Program Files\Common Files\PC Tools
2009-09-15 17:50:46 ----D---- C:\Users\User\AppData\Roaming\PC Tools
2009-09-15 17:50:46 ----D---- C:\ProgramData\PC Tools
2009-09-15 17:50:46 ----D---- C:\Program Files\Spyware Doctor
2009-09-15 17:50:34 ----AD---- C:\ProgramData\TEMP
2009-09-15 01:18:28 ----D---- C:\ProgramData\Avira
2009-09-15 01:18:28 ----D---- C:\Program Files\Avira
2009-09-15 00:54:38 ----D---- C:\Program Files\QUAD Utilities
2009-09-15 00:46:13 ----D---- C:\Users\User\AppData\Roaming\Registry Booster
2009-09-15 00:35:37 ----D---- C:\Users\User\AppData\Roaming\Uniblue
2009-09-12 20:42:18 ----A---- C:\Windows\system32\jscript.dll
2009-09-11 21:56:24 ----A---- C:\Windows\system32\occache.dll
2009-09-11 21:56:24 ----A---- C:\Windows\system32\msfeeds.dll
2009-09-11 21:56:24 ----A---- C:\Windows\system32\jsproxy.dll
2009-09-11 21:56:24 ----A---- C:\Windows\system32\iepeers.dll
2009-09-11 21:56:23 ----A---- C:\Windows\system32\wininet.dll
2009-09-11 21:56:23 ----A---- C:\Windows\system32\msfeedssync.exe
2009-09-11 21:56:23 ----A---- C:\Windows\system32\msfeedsbs.dll
2009-09-11 21:56:23 ----A---- C:\Windows\system32\ieui.dll
2009-09-11 21:56:23 ----A---- C:\Windows\system32\iesetup.dll
2009-09-11 21:56:23 ----A---- C:\Windows\system32\iertutil.dll
2009-09-11 21:56:23 ----A---- C:\Windows\system32\iernonce.dll
2009-09-11 21:56:23 ----A---- C:\Windows\system32\ie4uinit.exe
2009-09-11 21:56:22 ----A---- C:\Windows\system32\urlmon.dll
2009-09-11 21:56:22 ----A---- C:\Windows\system32\ieUnatt.exe
2009-09-11 21:56:22 ----A---- C:\Windows\system32\iesysprep.dll
2009-09-11 21:56:22 ----A---- C:\Windows\system32\iedkcs32.dll
2009-09-11 21:56:21 ----A---- C:\Windows\system32\mshtml.dll
2009-09-11 21:56:21 ----A---- C:\Windows\system32\ieframe.dll
2009-09-11 21:55:02 ----A---- C:\Windows\system32\msls31.dll
2009-09-11 21:55:02 ----A---- C:\Windows\system32\mshtmler.dll
2009-09-11 21:55:02 ----A---- C:\Windows\system32\mshtmled.dll
2009-09-11 21:55:02 ----A---- C:\Windows\system32\imgutil.dll
2009-09-11 21:55:02 ----A---- C:\Windows\system32\ieakeng.dll
2009-09-11 21:55:02 ----A---- C:\Windows\system32\icardie.dll
2009-09-11 21:55:02 ----A---- C:\Windows\system32\corpol.dll
2009-09-11 21:55:02 ----A---- C:\Windows\system32\admparse.dll
2009-09-11 21:55:01 ----A---- C:\Windows\system32\msrating.dll
2009-09-11 21:55:01 ----A---- C:\Windows\system32\licmgr10.dll
2009-09-11 21:55:01 ----A---- C:\Windows\system32\inseng.dll
2009-09-11 21:55:01 ----A---- C:\Windows\system32\ieaksie.dll
2009-09-11 21:55:01 ----A---- C:\Windows\system32\dxtrans.dll
2009-09-11 21:55:01 ----A---- C:\Windows\system32\dxtmsft.dll
2009-09-11 21:55:00 ----A---- C:\Windows\system32\WinFXDocObj.exe
2009-09-11 21:55:00 ----A---- C:\Windows\system32\wextract.exe
2009-09-11 21:55:00 ----A---- C:\Windows\system32\webcheck.dll
2009-09-11 21:55:00 ----A---- C:\Windows\system32\pngfilt.dll
2009-09-11 21:55:00 ----A---- C:\Windows\system32\mstime.dll
2009-09-11 21:55:00 ----A---- C:\Windows\system32\ieapfltr.dll
2009-09-11 21:55:00 ----A---- C:\Windows\system32\ieakui.dll
2009-09-11 21:55:00 ----A---- C:\Windows\system32\advpack.dll
2009-09-11 21:54:59 ----A---- C:\Windows\system32\vbscript.dll
2009-09-11 21:54:59 ----A---- C:\Windows\system32\url.dll
2009-09-11 21:54:58 ----A---- C:\Windows\system32\SetIEInstalledDate.exe
2009-09-11 21:54:58 ----A---- C:\Windows\system32\SetDepNx.exe
2009-09-11 21:54:58 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2009-09-11 21:54:58 ----A---- C:\Windows\system32\PDMSetup.exe
2009-09-11 21:54:58 ----A---- C:\Windows\system32\mshta.exe
2009-09-11 21:54:58 ----A---- C:\Windows\system32\iexpress.exe
2009-09-09 12:35:06 ----D---- C:\Users\User\AppData\Roaming\FunkyEmoticons
2009-09-09 12:34:22 ----D---- C:\Program Files\FunkyEmoticons
2009-09-09 10:40:36 ----A---- C:\Windows\system32\TCPSVCS.EXE
2009-09-09 10:40:36 ----A---- C:\Windows\system32\ROUTE.EXE
2009-09-09 10:40:36 ----A---- C:\Windows\system32\NETSTAT.EXE
2009-09-09 10:40:36 ----A---- C:\Windows\system32\netiohlp.dll
2009-09-09 10:40:36 ----A---- C:\Windows\system32\MRINFO.EXE
2009-09-09 10:40:36 ----A---- C:\Windows\system32\HOSTNAME.EXE
2009-09-09 10:40:36 ----A---- C:\Windows\system32\finger.exe
2009-09-09 10:40:36 ----A---- C:\Windows\system32\ARP.EXE
2009-09-09 10:40:35 ----A---- C:\Windows\system32\netevent.dll
2009-09-09 10:40:24 ----A---- C:\Windows\system32\wlansvc.dll
2009-09-09 10:40:24 ----A---- C:\Windows\system32\wlansec.dll
2009-09-09 10:40:24 ----A---- C:\Windows\system32\wlanmsm.dll
2009-09-09 10:40:24 ----A---- C:\Windows\system32\L2SecHC.dll
2009-09-09 10:40:17 ----A---- C:\Windows\system32\WMVCORE.DLL
2009-09-09 10:40:17 ----A---- C:\Windows\system32\mf.dll
2009-09-05 21:12:32 ----D---- C:\Program Files\epson
2009-09-05 20:54:41 ----D---- C:\ProgramData\EPSON
2009-09-05 20:54:18 ----A---- C:\Windows\system32\E_DCINST.DLL
2009-09-05 20:54:16 ----A---- C:\Windows\system32\E_FLBCEE.DLL
2009-09-05 20:54:15 ----A---- C:\Windows\system32\E_FD4BCEE.DLL
2009-09-05 20:52:46 ----A---- C:\Windows\system32\escwiad.dll
2009-09-04 21:26:35 ----D---- C:\Program Files\divx
2009-09-04 18:47:59 ----D---- C:\Program Files\Common Files\Skype
2009-09-04 18:47:58 ----RD---- C:\Program Files\Skype
2009-09-04 18:47:55 ----D---- C:\ProgramData\Skype
2009-09-03 15:32:10 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2009-09-03 15:32:10 ----A---- C:\Windows\system32\Apphlpdm.dll
2009-09-01 10:16:18 ----A---- C:\Windows\system32\tzres.dll
2009-09-01 10:02:53 ----A---- C:\Windows\system32\msshooks.dll
2009-09-01 10:02:53 ----A---- C:\Windows\system32\msscb.dll
2009-09-01 10:02:52 ----A---- C:\Windows\system32\wsepno.dll
2009-09-01 10:02:52 ----A---- C:\Windows\system32\thawbrkr.dll
2009-09-01 10:02:52 ----A---- C:\Windows\system32\srchadmin.dll
2009-09-01 10:02:52 ----A---- C:\Windows\system32\SearchFilterHost.exe
2009-09-01 10:02:52 ----A---- C:\Windows\system32\rtffilt.dll
2009-09-01 10:02:52 ----A---- C:\Windows\system32\propsys.dll
2009-09-01 10:02:52 ----A---- C:\Windows\system32\propdefs.dll
2009-09-01 10:02:52 ----A---- C:\Windows\system32\offfilt.dll
2009-09-01 10:02:52 ----A---- C:\Windows\system32\msstrc.dll
2009-09-01 10:02:52 ----A---- C:\Windows\system32\mssprxy.dll
2009-09-01 10:02:52 ----A---- C:\Windows\system32\mssitlb.dll
2009-09-01 10:02:52 ----A---- C:\Windows\system32\msshsq.dll
2009-09-01 10:02:52 ----A---- C:\Windows\system32\mimefilt.dll
2009-09-01 10:02:52 ----A---- C:\Windows\system32\korwbrkr.dll
2009-09-01 10:02:51 ----A---- C:\Windows\system32\xmlfilter.dll
2009-09-01 10:02:51 ----A---- C:\Windows\system32\tquery.dll
2009-09-01 10:02:51 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2009-09-01 10:02:51 ----A---- C:\Windows\system32\SearchIndexer.exe
2009-09-01 10:02:51 ----A---- C:\Windows\system32\nlhtml.dll
2009-09-01 10:02:51 ----A---- C:\Windows\system32\mssvp.dll
2009-09-01 10:02:51 ----A---- C:\Windows\system32\mssrch.dll
2009-09-01 10:02:51 ----A---- C:\Windows\system32\mssphtb.dll
2009-09-01 10:02:51 ----A---- C:\Windows\system32\mssph.dll
2009-09-01 10:02:51 ----A---- C:\Windows\system32\msscntrs.dll
2009-09-01 10:02:51 ----A---- C:\Windows\system32\chtbrkr.dll
2009-09-01 10:02:51 ----A---- C:\Windows\system32\chsbrkr.dll
2009-09-01 09:43:32 ----A---- C:\Windows\system32\infocardapi.dll
2009-09-01 09:43:31 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-09-01 09:43:30 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2009-09-01 09:43:30 ----A---- C:\Windows\system32\icardres.dll
2009-09-01 09:43:30 ----A---- C:\Windows\system32\icardagt.exe
2009-09-01 09:43:28 ----A---- C:\Windows\system32\PresentationNative_v0300.dll
2009-09-01 09:43:27 ----A---- C:\Windows\system32\PresentationHost.exe
2009-09-01 09:38:13 ----A---- C:\Windows\system32\dfshim.dll
2009-09-01 09:38:12 ----A---- C:\Windows\system32\mscoree.dll
2009-09-01 09:38:11 ----A---- C:\Windows\system32\netfxperf.dll
2009-09-01 09:38:06 ----A---- C:\Windows\system32\mscorier.dll
2009-09-01 09:38:04 ----A---- C:\Windows\system32\mscories.dll
2009-09-01 09:37:11 ----D---- C:\Program Files\MSXML 4.0
2009-08-31 22:42:41 ----A---- C:\Windows\system32\EncDec.dll
2009-08-31 22:42:39 ----A---- C:\Windows\system32\psisdecd.dll
2009-08-31 22:42:30 ----A---- C:\Windows\system32\NlsLexicons0007.dll
2009-08-31 22:42:27 ----A---- C:\Windows\system32\NlsLexicons0009.dll
2009-08-31 22:42:19 ----A---- C:\Windows\system32\NaturalLanguage6.dll
2009-08-31 22:38:26 ----D---- C:\Program Files\Camtech
2009-08-31 22:38:26 ----A---- C:\Windows\system32\zip32.dll
2009-08-31 22:38:26 ----A---- C:\Windows\system32\Unzip32.dll
2009-08-31 22:08:19 ----D---- C:\Program Files\BearShare Applications
2009-08-31 20:52:41 ----D---- C:\desktop
2009-08-31 20:38:19 ----A---- C:\Windows\system32\wdigest.dll
2009-08-31 20:38:19 ----A---- C:\Windows\system32\secur32.dll
2009-08-31 20:38:19 ----A---- C:\Windows\system32\schannel.dll
2009-08-31 20:38:19 ----A---- C:\Windows\system32\msv1_0.dll
2009-08-31 20:38:19 ----A---- C:\Windows\system32\lsass.exe
2009-08-31 20:38:19 ----A---- C:\Windows\system32\lsasrv.dll
2009-08-31 20:38:19 ----A---- C:\Windows\system32\kerberos.dll
2009-08-31 20:37:37 ----A---- C:\Windows\system32\kernel32.dll
2009-08-31 20:37:37 ----A---- C:\Windows\system32\apilogen.dll
2009-08-31 20:37:37 ----A---- C:\Windows\system32\amxread.dll
2009-08-31 20:37:14 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2009-08-31 20:37:14 ----A---- C:\Windows\system32\WindowsCodecs.dll
2009-08-31 20:37:14 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2009-08-31 20:36:45 ----A---- C:\Windows\system32\IPSECSVC.DLL
2009-08-31 20:36:41 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2009-08-31 20:36:33 ----A---- C:\Windows\system32\t2embed.dll
2009-08-31 20:36:33 ----A---- C:\Windows\system32\fontsub.dll
2009-08-31 20:36:33 ----A---- C:\Windows\system32\dciman32.dll
2009-08-31 20:36:33 ----A---- C:\Windows\system32\atmfd.dll
2009-08-31 20:36:24 ----A---- C:\Windows\system32\winhttp.dll
2009-08-31 20:36:21 ----A---- C:\Windows\system32\atl.dll
2009-08-31 20:36:14 ----A---- C:\Windows\system32\gdi32.dll
2009-08-31 20:36:04 ----A---- C:\Windows\system32\xolehlp.dll
2009-08-31 20:36:04 ----A---- C:\Windows\system32\msdtcprx.dll
2009-08-31 20:36:01 ----A---- C:\Windows\system32\wkssvc.dll
2009-08-31 20:35:54 ----A---- C:\Windows\system32\mstscax.dll
2009-08-31 20:35:47 ----A---- C:\Windows\system32\es.dll
2009-08-31 20:34:49 ----A---- C:\Windows\system32\wmpeffects.dll
2009-08-31 20:34:47 ----A---- C:\Windows\system32\msxml3.dll
2009-08-31 20:34:45 ----A---- C:\Windows\system32\netapi32.dll
2009-08-31 20:34:42 ----A---- C:\Windows\system32\shell32.dll
2009-08-31 20:34:18 ----A---- C:\Windows\system32\localspl.dll
2009-08-31 20:34:07 ----A---- C:\Windows\system32\avifil32.dll
2009-08-31 20:33:58 ----A---- C:\Windows\explorer.exe
2009-08-31 20:33:52 ----A---- C:\Windows\system32\sdohlp.dll
2009-08-31 20:33:52 ----A---- C:\Windows\system32\rpcss.dll
2009-08-31 20:33:52 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2009-08-31 20:33:52 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2009-08-31 20:33:52 ----A---- C:\Windows\system32\ntoskrnl.exe
2009-08-31 20:33:52 ----A---- C:\Windows\system32\ntkrnlpa.exe
2009-08-31 20:33:52 ----A---- C:\Windows\system32\iasrecst.dll
2009-08-31 20:33:52 ----A---- C:\Windows\system32\iashost.exe
2009-08-31 20:33:52 ----A---- C:\Windows\system32\iasdatastore.dll
2009-08-31 20:33:52 ----A---- C:\Windows\system32\iasads.dll
2009-08-31 12:18:46 ----A---- C:\Windows\system32\wersvc.dll
2009-08-31 12:18:46 ----A---- C:\Windows\system32\Faultrep.dll
2009-08-31 12:18:45 ----A---- C:\Windows\system32\win32spl.dll
2009-08-31 12:18:44 ----A---- C:\Windows\system32\emdmgmt.dll
2009-08-31 12:18:44 ----A---- C:\Windows\system32\dataclen.dll
2009-08-31 12:18:44 ----A---- C:\Windows\system32\cdd.dll
2009-08-31 12:18:41 ----A---- C:\Windows\system32\wmpdxm.dll
2009-08-31 12:18:41 ----A---- C:\Windows\system32\wmp.dll
2009-08-31 12:18:40 ----A---- C:\Windows\system32\spwmp.dll
2009-08-31 12:18:40 ----A---- C:\Windows\system32\dxmasf.dll
2009-08-31 12:18:39 ----A---- C:\Windows\system32\wmploc.DLL
2009-08-31 12:17:38 ----A---- C:\Windows\system32\WMNetMgr.dll
2009-08-31 12:17:38 ----A---- C:\Windows\system32\logagent.exe
2009-08-31 12:16:58 ----A---- C:\Windows\system32\wshext.dll
2009-08-31 12:16:58 ----A---- C:\Windows\system32\wscript.exe
2009-08-31 12:16:58 ----A---- C:\Windows\system32\scrrun.dll
2009-08-31 12:16:58 ----A---- C:\Windows\system32\scrobj.dll
2009-08-31 12:16:58 ----A---- C:\Windows\system32\cscript.exe
2009-08-31 12:16:57 ----A---- C:\Windows\system32\inetcomm.dll
2009-08-31 12:16:55 ----A---- C:\Windows\system32\connect.dll
2009-08-31 12:16:54 ----A---- C:\Windows\system32\rpcrt4.dll
2009-08-31 12:04:44 ----A---- C:\Windows\system32\msxml6.dll
2009-08-31 12:01:30 ----D---- C:\Program Files\Microsoft
2009-08-31 12:01:15 ----D---- C:\Program Files\DVDVideoSoft
2009-08-31 12:01:15 ----D---- C:\Program Files\Common Files\DVDVideoSoft
2009-08-31 12:01:06 ----D---- C:\Program Files\Windows Live SkyDrive
2009-08-31 12:00:44 ----D---- C:\Program Files\Windows Live
2009-08-31 11:58:21 ----D---- C:\Program Files\Common Files\Windows Live
2009-08-31 11:52:36 ----D---- C:\Users\User\AppData\Roaming\Mozilla
2009-08-31 11:52:24 ----D---- C:\Program Files\Mozilla Firefox
2009-08-31 11:44:36 ----A---- C:\Windows\system32\wups2.dll
2009-08-31 11:44:36 ----A---- C:\Windows\system32\wucltux.dll
2009-08-31 11:44:36 ----A---- C:\Windows\system32\wuaueng.dll
2009-08-31 11:44:36 ----A---- C:\Windows\system32\wuauclt.exe
2009-08-31 11:44:25 ----A---- C:\Windows\system32\wups.dll
2009-08-31 11:44:25 ----A---- C:\Windows\system32\wudriver.dll
2009-08-31 11:44:25 ----A---- C:\Windows\system32\wuapi.dll
2009-08-31 11:44:19 ----A---- C:\Windows\system32\wuwebv.dll
2009-08-31 11:44:19 ----A---- C:\Windows\system32\wuapp.exe
2009-08-29 09:51:06 ----SHD---- C:\Windows\ftpcache
2009-08-26 23:27:39 ----D---- C:\Users\User\AppData\Roaming\Adobe
2009-08-25 23:20:01 ----D---- C:\Users\User\AppData\Roaming\CyberLink
2009-08-25 23:19:50 ----D---- C:\Users\User\AppData\Roaming\Google
2009-08-25 20:34:23 ----D---- C:\Users\User\AppData\Roaming\Macromedia
2009-08-20 18:22:49 ----D---- C:\ProgramData\HDBR31

Maring 15.09.2009 18:48
======List of files/folders modified in the last 1 months======

2009-09-15 19:42:41 ----D---- C:\Windows\Temp
2009-09-15 18:12:50 ----D---- C:\Windows\System32
2009-09-15 18:12:50 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-09-15 18:12:49 ----D---- C:\Windows\inf
2009-09-15 18:07:35 ----RSD---- C:\Windows\assembly
2009-09-15 18:07:23 ----D---- C:\Windows\system32\drivers
2009-09-15 18:06:19 ----D---- C:\Program Files\Norman
2009-09-15 18:06:10 ----HD---- C:\ProgramData
2009-09-15 17:59:10 ----RD---- C:\Program Files
2009-09-15 17:50:51 ----D---- C:\Program Files\Common Files
2009-09-15 16:28:46 ----SHD---- C:\Windows\Installer
2009-09-15 01:18:42 ----SD---- C:\Windows\Downloaded Program Files
2009-09-15 01:16:56 ----SHD---- C:\System Volume Information
2009-09-15 01:16:31 ----D---- C:\Windows\winsxs
2009-09-15 01:15:51 ----D---- C:\Program Files\Common Files\microsoft shared
2009-09-15 01:04:52 ----SD---- C:\ProgramData\Microsoft
2009-09-15 00:54:45 ----D---- C:\Windows
2009-09-15 00:54:40 ----D---- C:\Windows\system32\Tasks
2009-09-14 01:19:02 ----D---- C:\Windows\system32\catroot2
2009-09-13 03:16:24 ----D---- C:\ProgramData\Microsoft Help
2009-09-12 20:42:01 ----D---- C:\Windows\system32\catroot
2009-09-11 22:32:58 ----D---- C:\Windows\rescache
2009-09-11 22:15:22 ----D---- C:\Windows\system32\migration
2009-09-11 22:15:22 ----D---- C:\Windows\system32\de-DE
2009-09-11 22:15:22 ----D---- C:\Program Files\Internet Explorer
2009-09-11 22:15:21 ----D---- C:\Windows\system32\en-US
2009-09-11 22:15:21 ----D---- C:\Windows\PolicyDefinitions
2009-09-11 21:57:58 ----D---- C:\Windows\Debug
2009-09-11 21:52:15 ----RSD---- C:\Windows\Fonts
2009-09-11 17:15:04 ----D---- C:\Windows\Prefetch
2009-09-11 03:04:01 ----D---- C:\Program Files\Windows Mail
2009-09-10 20:31:36 ----D---- C:\Windows\ehome
2009-09-08 20:40:14 ----D---- C:\Big Fish Games
2009-09-05 20:53:11 ----D---- C:\Windows\twain_32
2009-09-04 23:06:53 ----D---- C:\Windows\AppPatch
2009-09-04 19:29:50 ----D---- C:\Windows\Microsoft.NET
2009-09-01 10:18:32 ----D---- C:\Windows\system32\wbem
2009-09-01 10:18:31 ----D---- C:\Windows\system32\manifeststore
2009-09-01 10:18:30 ----D---- C:\Program Files\Windows Media Player
2009-09-01 10:18:28 ----D---- C:\Windows\system32\XPSViewer
2009-09-01 10:12:56 ----D---- C:\Program Files\Microsoft Works
2009-09-01 09:37:00 ----D---- C:\Windows\SoftwareDistribution
2009-08-31 21:17:25 ----D---- C:\Program Files\Common Files\Adobe
2009-08-31 21:17:22 ----D---- C:\ProgramData\Adobe
2009-08-31 21:17:18 ----D---- C:\Program Files\Adobe
2009-08-31 12:02:30 ----SD---- C:\Users\User\AppData\Roaming\Microsoft
2009-08-28 14:38:22 ----A---- C:\Windows\system32\mrt.exe
2009-08-28 09:37:25 ----SHD---- C:\$Recycle.Bin
2009-08-28 09:36:54 ----RD---- C:\Users
2009-08-28 09:34:22 ----D---- C:\Windows\system32\WDI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [2009-02-13 11608]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 NGS;Norman General Security Driver; \??\c:\program files\norman\ngs\bin\ngs.sys [2009-02-11 22712]
R1 NPROSEC;Norman Security driver; \??\C:\Program Files\Norman\Ngs\Bin\nprosec.sys [2009-04-21 53816]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B}; \??\C:\Program Files\CyberLink\PowerDVD\000.fcl [2007-11-03 41456]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2009-07-28 55656]
R2 Ndiskio;Ndiskio; \??\C:\Program Files\Norman\Nse\bin\NDISKIO.SYS [2007-01-02 20448]
R3 CmBatt;Treiber für Microsoft-ACPI-Kontrollmethodenkompatible Batterie; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208]
R3 GpdDevDPort;GpdDevDPort; \??\C:\Windows\system32\directport.sys [2007-11-21 7168]
R3 GpdKbFilter;GpdKbFilter; \??\C:\Windows\system32\kbfiltr.sys [2008-03-31 8192]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-04-25 2126688]
R3 NETw5v32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows Vista 32-Bit; C:\Windows\system32\DRIVERS\NETw5v32.sys [2008-05-01 3660800]
R3 NvcMFlt;NvcMFlt; C:\Windows\system32\DRIVERS\nvcv32mf.sys [2009-01-22 19512]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-05-23 7494976]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-12-28 104448]
S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 usbaudio;USB-Audiotreiber (WDM); C:\Windows\system32\drivers\usbaudio.sys [2008-01-21 73088]
S3 usbscan;USB-Scannertreiber; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328]
S3 usbvideo;USB-Videogerät (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 ahcix86s;ahcix86s; C:\Windows\system32\drivers\ahcix86s.sys [2007-12-19 170000]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 iaStor;Intel AHCI Controller; C:\Windows\system32\drivers\iastor.sys [2007-09-30 308248]
S4 JRAID;JRAID; C:\Windows\system32\drivers\jraid.sys [2008-04-03 76688]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2008-01-21 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]
R2 eLoggerSvc6;Norman eLogger service 6; C:\Program Files\Norman\Npm\Bin\Elogsvc.exe [2007-11-21 150584]
R2 FSCLBaseUpdaterService;FSCLBaseUpdaterService; C:\Program Files\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe [2007-06-04 65536]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-04-29 877864]
R2 Norman ZANDA;Norman ZANDA; C:\Program Files\Norman\Npm\Bin\Zanda.exe [2009-02-25 408696]
R2 NPROSECSVC;Norman Security service; C:\Program Files\Norman\Ngs\Bin\Nprosec.exe [2009-02-25 121912]
R2 NVOY;Norman Resource Provider; C:\Program Files\Norman\npm\bin\nvoy.exe [2009-01-20 126008]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-05-23 196608]
R2 OsdService;OSD Service; C:\Program Files\OEM\OSD_1.12\OsdService.exe [2008-02-22 94208]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [2006-12-19 81920]
R2 TestHandler;Fujitsu Siemens Computers Diagnostic Testhandler; C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe [2008-04-25 303104]
R3 Norman NJeeves;Norman NJeeves; C:\Program Files\Norman\Npm\bin\NJEEVES.EXE [2009-04-17 274392]
R3 NPC;Norman Parental Control; C:\Program Files\Norman\npc\bin\npcsvc32.exe [2008-04-17 416880]
R3 nsesvc;Norman Scanner Engine Service; C:\Program Files\Norman\Nse\bin\NSESVC.EXE [2009-05-19 310328]
R3 NUAA;Norman User Activity Agent; C:\Program Files\Norman\npc\bin\nuaa.exe [2009-03-24 121912]
R3 nvcoas;Norman Virus Control on-access component; C:\Program Files\Norman\Nvc\bin\nvcoas.exe [2009-04-28 195640]
R3 Scheduler;Norman Scheduler Service; C:\Program Files\Norman\Npm\Bin\scheduler.exe [2009-03-17 130104]
S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2009-05-22 29744]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-22 138168]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-02-28 529704]
S3 NVCScheduler;Norman Virus Control Scheduler; C:\Program Files\Norman\Npm\bin\NVCSCHED.EXE []
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2009-01-07 348752]
S3 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2009-07-22 1097096]

-----------------EOF-----------------

john.doe 15.09.2009 18:56
:o Da ist aber Einiges im Argen.

1.) Deinstalliere:
  • Google Toolbar for Internet Explorer
  • Windows Live Anmelde-Assistent
  • Norman Security Suite
  • Adobe Reader 8.1.3 - Deutsch
  • BearShare
  • MediaBar 2.0
  • Google Desktop (es sei denn, er wurde freiwillig installiert)
  • Favorit
  • Spyware Doctor 6.1
2.) Installiere (Toolbars immer abwählen, Haken weg):3.) Poste ein neues HJT-Log.

ciao, andreas

Maring 15.09.2009 19:16
also bis auf "Favorit" konnte ich alles deinstallieren (weis auch nicht wieso "Favorit" nicht ging)

Logfile of HijackThis v1.99.1
Scan saved at 20:15:04, on 15.09.2009
Platform: Unknown Windows (WinNT 6.00.1905 SP1)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\CyberLink\Shared Files\brs.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Google\Google EULA\GoogleEULALauncher.exe
C:\Program Files\FunkyEmoticons\FunkyEmoticons.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATICEE.EXE
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Jana Maring Inday\AppData\Local\Temp\Temp2_hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.explorerstartpage.com/wspage.php?ver=v8notr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O1 - Hosts: ::1 localhost
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: (no name) - {ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a} - (no file)
O3 - Toolbar: Foxit Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [FSCRecovery] c:\Program Files\Fujitsu Siemens Computers\Fujitsu Siemens Computers Recovery\FSCRecoveryReminder.exe
O4 - HKLM\..\Run: [NPCTray] C:\Program Files\Norman\npc\bin\npc_tray.exe /LOAD
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe IE PA
O4 - HKLM\..\Run: [funkyemoticons] C:\Program Files\FunkyEmoticons\FunkyEmoticons.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [EPSON Stylus DX8400 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE /FU "C:\Windows\TEMP\E_S390A.tmp" /EF "HKCU"
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International
O13 - Gopher Prefix:
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E84708E0-B0D5-4420-887F-696F04AB8761}: NameServer = 213.191.92.87 62.109.123.6
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: FSCLBaseUpdaterService - Unknown owner - C:\Program Files\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe
O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: OSD Service (OsdService) - TODO: <????> - C:\Program Files\OEM\OSD_1.12\OsdService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

Maring 15.09.2009 19:18
hätte nicht gedacht dass ich so viele Fehler habe :)

danke ;)

john.doe 15.09.2009 19:30
Zitat:
also bis auf "Favorit" konnte ich alles deinstallieren (weis auch nicht wieso "Favorit" nicht ging)
Im HJT-Log ist zwar nichts mehr zu sehen, aber arbeite sicherheitshalber diese Anleitung ab => http://www.trojaner-board.de/69713-e...navipromo.html (nur der letzte Schritt)

Hinweis an Vista-Benutzer: Alle Programme mit Mausklick rechts => Ausführen als Administrator starten.

1.) Deinstalliere die Foxit-Toolbar.

2.) Schreibe einhundertmal an die Tafel: Ich werde keine Toolbars mehr installieren! :aufsmaul:

3.) Lade dir die aktuelle HJT-Version.

4.) Wische die Tafel wieder ab und schreibe einhundertmal: Ich werde nie wieder mit veralteten Programmversionen arbeiten! :aufsmaul:

5.) Norman | Uninstall Norman Virus Control

6.) Starte HJT => Do a system scan only => Markiere:
Code:
Alle R0, R1, O2, O3, O9 und O16-Einträge
O4 - HKLM\..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe IE PA
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
=> Fix checked => Starte den Rechner neu => Poste ein neues HJT-Log

ciao, andreas

Maring 15.09.2009 19:54
okay ich habs 100 mal (insgesamt 200 mal ^^) auf die tafel geschrieben und mir hinter die ohren geschrieben :) undgemerkt ;)

hab rechner neu gestartet und das ist das ergebnis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:51:16, on 15.09.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\CyberLink\Shared Files\brs.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Google\Google EULA\GoogleEULALauncher.exe
C:\Program Files\FunkyEmoticons\FunkyEmoticons.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATICEE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Jana Maring Inday\Downloads\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: (no name) - {ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [FSCRecovery] c:\Program Files\Fujitsu Siemens Computers\Fujitsu Siemens Computers Recovery\FSCRecoveryReminder.exe
O4 - HKLM\..\Run: [NPCTray] C:\Program Files\Norman\npc\bin\npc_tray.exe /LOAD
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe IE PA
O4 - HKLM\..\Run: [funkyemoticons] C:\Program Files\FunkyEmoticons\FunkyEmoticons.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [EPSON Stylus DX8400 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE /FU "C:\Windows\TEMP\E_S390A.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [fsc-reg] C:\ProgramData\fsc-reg\fscreg.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E84708E0-B0D5-4420-887F-696F04AB8761}: NameServer = 213.191.92.87 62.109.123.6
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: FSCLBaseUpdaterService - Unknown owner - C:\Program Files\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: OSD Service (OsdService) - TODO: <????> - C:\Program Files\OEM\OSD_1.12\OsdService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe

--
End of file - 5781 bytes


ist das besser ??? bitte nicht schimpfen :) ^^

john.doe 15.09.2009 20:05
Zitat:
ist das besser ??? bitte nicht schimpfen
Viel besser. http://www.cosgan.de/images/smilie/liebe/n020.gif

Vista ist toll. :)

1.) http://www.trojaner-board.de/72647-b...ktivieren.html

2.) Systemwiederherstellung deaktivieren

3.) Mausklick rechts auf HJT => Ausführen als Administrator => Do a system scan only => Markiere:
Code:
Alle R0, R1, O2, O3, O9 und O16-Einträge
O4 - HKLM\..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe IE PA
O4 - HKUS\S-1-5-18\..\Run: [fsc-reg] C:\ProgramData\fsc-reg\fscreg.exe (User 'SYSTEM')
=> Fix checked => Neustart => Neues HJT-Log posten.

4.) Aktiviere die Systemwiederherstellung.

5.) Aktiviere die Benutzerkontensteuerung.

ciao, andreas

Maring 15.09.2009 20:24
das freut mich dass ich keine schimpfe kriege ^^

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:23:27, on 15.09.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\CyberLink\Shared Files\brs.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Google\Google EULA\GoogleEULALauncher.exe
C:\Program Files\FunkyEmoticons\FunkyEmoticons.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATICEE.EXE
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Jana Maring Inday\Downloads\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: (no name) - {ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [FSCRecovery] c:\Program Files\Fujitsu Siemens Computers\Fujitsu Siemens Computers Recovery\FSCRecoveryReminder.exe
O4 - HKLM\..\Run: [NPCTray] C:\Program Files\Norman\npc\bin\npc_tray.exe /LOAD
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe IE PA
O4 - HKLM\..\Run: [funkyemoticons] C:\Program Files\FunkyEmoticons\FunkyEmoticons.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [EPSON Stylus DX8400 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE /FU "C:\Windows\TEMP\E_S390A.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [fsc-reg] C:\ProgramData\fsc-reg\fscreg.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E84708E0-B0D5-4420-887F-696F04AB8761}: NameServer = 213.191.92.87 62.109.123.6
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: FSCLBaseUpdaterService - Unknown owner - C:\Program Files\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: OSD Service (OsdService) - TODO: <????> - C:\Program Files\OEM\OSD_1.12\OsdService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe

--
End of file - 5832 bytes

john.doe 15.09.2009 20:33
Jetzt darfst du mit mir schimpfen. Ich habe da etwas übersehen, das recht neu zu sein scheint. Bitte deinstalliere noch:
  • Funky Emoticons

Bitte in Zukunft vorsichtiger mit Downloads und Installationen sein. Grundsätzlich davon ausgehen, dass alles schädlich sein kann, dass du dir lädtst.

Start => Ausführen => cmd [Strg][Shift][Enter]
Code:
sc stop gusvc [Enter]
sc delete gusvc [Enter]
exit [Enter]
Du bist entlassen. :)

ciao, andreas

Maring 15.09.2009 21:10
okay ich merks mir... aber meine schwester ist auch schuld... ^^
ne ne ich nehm alles auf mich ^^

vielen vielen vielen lieben dank dir !!!!!!
;)

grüße maring


Alle Zeitangaben in WEZ +1. Es ist jetzt 00:14 Uhr.
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2026, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58