|
Psguard und MRU List Hallo, ich habe seit Sonntag ein Problem mit einem PC. Samstag lief er noch einwandfrei, aber seitdem komme ich nicht mehr ins Internet - er baut keine Verbindung zum WLAN-Router auf. Ad-aware findet immer 3 MRULists sowie hin und wieder Psguard (also auch wenn ich die Dateien entferne und Ad-ware direkt danach wieder starte). Meine Kenntnisse sind leider sehr überschaubar, deshalb bitte ich um eure Hilfe. Hier ist der Logfile dazu: Ad-Aware SE Build 1.06r1 Logfile Created on:Montag, 6. November 2006 17:48:21 Created with Ad-Aware SE Personal, free for private use. Using definitions file:SE1R130 06.11.2006 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» References detected during the scan: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Malware.Psguard(TAC index:7):1 total references MRU List(TAC index:0):3 total references »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Ad-Aware SE Settings =========================== Set : Search for negligible risk entries Set : Search for low-risk threats Set : Safe mode (always request confirmation) Set : Scan active processes Set : Scan registry Set : Deep-scan registry Set : Scan my IE Favorites for banned URLs Set : Scan within archives Set : Scan my Hosts file Extended Ad-Aware SE Settings =========================== Set : Unload recognized processes & modules during scan Set : Scan registry for all users instead of current user only Set : Always try to unload modules before deletion Set : Let Windows remove files in use at next reboot Set : Delete quarantined objects after restoring Set : Include basic Ad-Aware settings in log file Set : Include additional Ad-Aware settings in log file Set : Include reference summary in log file Set : Include alternate data stream details in log file Set : Play sound at scan completion if scan locates critical objects 06.11.06 17:48:21 - Scan started. (Full System Scan) MRU List Object Recognized! Location: : .DEFAULT\software\realnetworks\realplayer\6.0\preferences Description : list of recent skins in realplayer MRU List Object Recognized! Location: : .DEFAULT\software\realnetworks\realplayer\6.0\preferences Description : list of recent clips in realplayer MRU List Object Recognized! Location: : .DEFAULT\software\realnetworks\realplayer\6.0\preferences Description : last login time in realplayer Listing running processes »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» #:1 [KERNEL32.DLL] FilePath : C:\WINDOWS\SYSTEM\ ProcessID : 4293853941 Threads : 8 Priority : High FileVersion : 4.10.2222 ProductVersion : 4.10.2222 ProductName : Betriebssystem Microsoft(R) Windows(R) CompanyName : Microsoft Corporation FileDescription : Kernkomponente des Win32-Kernel InternalName : KERNEL32 LegalCopyright : Copyright (C) Microsoft Corp. 1991-1999 OriginalFilename : KERNEL32.DLL #:2 [MSGSRV32.EXE] FilePath : C:\WINDOWS\SYSTEM\ ProcessID : 4294951637 Threads : 1 Priority : Normal FileVersion : 4.10.2222 ProductVersion : 4.10.2222 ProductName : Betriebssystem Microsoft(R) Windows(R) CompanyName : Microsoft Corporation FileDescription : Windows 32-Bit-VxD-Meldungsserver InternalName : MSGSRV32 LegalCopyright : Copyright (C) Microsoft Corp. 1992-1998 OriginalFilename : MSGSRV32.EXE #:3 [MPREXE.EXE] FilePath : C:\WINDOWS\SYSTEM\ ProcessID : 4294954853 Threads : 1 Priority : Normal FileVersion : 4.10.1998 ProductVersion : 4.10.1998 ProductName : Microsoft(R) Windows(R) Operating System CompanyName : Microsoft Corporation FileDescription : WIN32 Network Interface Service Process InternalName : MPREXE LegalCopyright : Copyright (C) Microsoft Corp. 1993-1998 OriginalFilename : MPREXE.EXE #:4 [MSTASK.EXE] FilePath : C:\WINDOWS\SYSTEM\ ProcessID : 4292887349 Threads : 2 Priority : Normal FileVersion : 4.71.1972.1 ProductVersion : 4.71.1972.1 ProductName : Taskplaner für Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Taskplaner-Engine InternalName : TaskScheduler LegalCopyright : Copyright (C) Microsoft Corp. 2000 OriginalFilename : mstask.exe #:5 [mmtask.tsk] FilePath : C:\WINDOWS\SYSTEM\ ProcessID : 4294949037 Threads : 1 Priority : Normal FileVersion : 4.03.1998 ProductVersion : 4.03.1998 ProductName : Microsoft Windows CompanyName : Microsoft Corporation FileDescription : Multimedia background task support module InternalName : mmtask.tsk LegalCopyright : Copyright © Microsoft Corp. 1991-1998 OriginalFilename : mmtask.tsk #:6 [EXPLORER.EXE] FilePath : C:\WINDOWS\ ProcessID : 4292884585 Threads : 10 Priority : Normal FileVersion : 4.72.3110.1 ProductVersion : 4.72.3110.1 ProductName : Betriebssystem Microsoft(R) Windows NT(R) CompanyName : Microsoft Corporation FileDescription : Windows-Explorer InternalName : explorer LegalCopyright : Copyright (C) Microsoft Corp. 1981-1997 OriginalFilename : EXPLORER.EXE #:7 [TASKMON.EXE] FilePath : C:\WINDOWS\ ProcessID : 4292949605 Threads : 1 Priority : Normal FileVersion : 4.10.1998 ProductVersion : 4.10.1998 ProductName : Microsoft(R) Windows(R) Operating System CompanyName : Microsoft Corporation FileDescription : Task Monitor InternalName : TaskMon LegalCopyright : Copyright (C) Microsoft Corp. 1998 OriginalFilename : TASKMON.EXE #:8 [PDESK.EXE] FilePath : C:\WINDOWS\SYSTEM\PDESK\ ProcessID : 4292996009 Threads : 13 Priority : Normal FileVersion : 6.82.016 ProductVersion : 6.82.016 ProductName : Matrox PDesk CompanyName : Matrox Graphics Inc. FileDescription : PDesk InternalName : PDesk LegalCopyright : Copyright (c) 1996-2001 OriginalFilename : PDesk.exe #:9 [HPWUSCHD.EXE] FilePath : C:\PROGRAMME\HP\HP SOFTWARE UPDATE\ ProcessID : 4292989145 Threads : 1 Priority : Normal FileVersion : 1, 0, 0, 3 ProductVersion : 1, 0, 0, 3 ProductName : Hewlett-Packard hpwuSchd CompanyName : Hewlett-Packard FileDescription : hpwuSchd InternalName : hpwuSchd LegalCopyright : Copyright © 2003 OriginalFilename : hpwuSchd.exe #:10 [WINAMPA.EXE] FilePath : C:\PROGRAMME\WINAMP\ ProcessID : 4292980465 Threads : 1 Priority : Normal #:11 [REALSCHED.EXE] FilePath : C:\PROGRAMME\GEMEINSAME DATEIEN\REAL\UPDATE_OB\ ProcessID : 4292975465 Threads : 2 Priority : Normal FileVersion : 0.1.0.3510 ProductVersion : 0.1.0.3510 ProductName : RealPlayer (32-bit) CompanyName : RealNetworks, Inc. FileDescription : RealNetworks Scheduler InternalName : schedapp LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004 LegalTrademarks : RealAudio(tm) is a trademark of RealNetworks, Inc. OriginalFilename : realsched.exe #:12 [IGDCTRL.EXE] FilePath : C:\PROGRAMME\FRITZ!DSL\ ProcessID : 4292993825 Threads : 20 Priority : Normal FileVersion : 1.00.01.2004 ProductVersion : 1.00.01.2004 ProductName : AVM IGD Service CompanyName : AVM Berlin FileDescription : AVM IGD Service InternalName : igdctrl LegalCopyright : © AVM Berlin 2004-2005 OriginalFilename : igdctrl.exe #:13 [RUNDLL32.EXE] FilePath : C:\WINDOWS\ ProcessID : 4293033873 Threads : 3 Priority : Normal FileVersion : 4.10.1998 ProductVersion : 4.10.1998 ProductName : Betriebssystem Microsoft(R) Windows(R) CompanyName : Microsoft Corporation FileDescription : Eine DLL-Datei als Anwendung ausführen InternalName : rundll LegalCopyright : Copyright (C) Microsoft Corp. 1991-1998 OriginalFilename : RUNDLL.EXE #:14 [HPQTRA08.EXE] FilePath : C:\PROGRAMME\HP\DIGITAL IMAGING\BIN\ ProcessID : 4293065085 Threads : 1 Priority : Normal FileVersion : 5.35.0.035 ProductVersion : 005.035.000.035 ProductName : hp digital imaging - hp all-in-one series CompanyName : Hewlett-Packard Co. FileDescription : HP Digital Imaging Monitor (CUE) InternalName : HPQTRA00 LegalCopyright : Copyright (C) Hewlett-Packard Co. 1995-2001 OriginalFilename : HPQTRA00.EXE Comments : HP Digital Imaging Monitor (CUE) #:15 [WLANUTL.EXE] FilePath : C:\PROGRAMME\SITECOM WIRELESS LAN\ ProcessID : 4293052925 Threads : 2 Priority : Normal #:16 [HPOSTR05.EXE] FilePath : C:\PROGRAMME\HEWLETT-PACKARD\HP OFFICEJET T SERIES 9X\BIN\ ProcessID : 4293041521 Threads : 1 Priority : Normal FileVersion : 02.00.00 ProductVersion : A.07.01.05 ProductName : HP OfficeJet T Series CompanyName : Hewlett-Packard Co. FileDescription : Main Executable InternalName : HPOSTR05 LegalCopyright : Copyright © Hewlett-Packard Co. 1995-1999 OriginalFilename : HPOSTR05.EXE Comments : Main Executable #:17 [MFINDEXER.EXE] FilePath : C:\COREL\GRAPHICS8\PROGRAMS\ ProcessID : 4293067961 Threads : 2 Priority : Normal FileVersion : 8.369 ProductVersion : 8.369 ProductName : CorelDRAW (TM) CompanyName : Corel Corporation FileDescription : Utility which indexes Corel Media Folders InternalName : Corel Media Indexer LegalCopyright : Copyright © 1988-1998 Corel Corporation. LegalTrademarks : CorelDRAW (TM) OriginalFilename : MFIndexer.exe #:18 [HPOHID05.EXE] FilePath : C:\WINDOWS\SYSTEM\ ProcessID : 4293235417 Threads : 1 Priority : Normal FileVersion : 3.00.12 ProductVersion : A.07.01.05 ProductName : HP OfficeJet T Series CompanyName : Hewlett-Packard Co. FileDescription : OfficeJet Series 600 MLC/PML Daemon InternalName : HPOMLCH LegalCopyright : Copyright © Hewlett-Packard Co. 1995-1999 OriginalFilename : HPOMLCH.EXE Comments : MLC/PML Daemon #:19 [AD-AWARE.EXE] FilePath : C:\PROGRAMME\LAVASOFT\AD-AWARE SE PERSONAL\ ProcessID : 4293212981 Threads : 4 Priority : Normal FileVersion : 6.2.0.236 ProductVersion : SE 106 ProductName : Lavasoft Ad-Aware SE CompanyName : Lavasoft Sweden FileDescription : Ad-Aware SE Core application InternalName : Ad-Aware.exe LegalCopyright : Copyright © Lavasoft AB Sweden OriginalFilename : Ad-Aware.exe Comments : All Rights Reserved #:20 [SPOOL32.EXE] FilePath : C:\WINDOWS\SYSTEM\ ProcessID : 4198903657 Threads : 2 Priority : Normal FileVersion : 4.10.1998 ProductVersion : 4.10.1998 ProductName : Microsoft(R) Windows(R) Operating System CompanyName : Microsoft Corporation FileDescription : Spooler Sub System Process InternalName : spool32 LegalCopyright : Copyright (C) Microsoft Corp. 1994 - 1998 OriginalFilename : spool32.exe Memory scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 3 Started registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Malware.Psguard Object Recognized! Type : Regkey Data : TAC Rating : 7 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{357a87ed-3e5d-437d-b334-deb7eb4982a3} Registry Scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 1 Objects found so far: 4 Started deep registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Deep registry scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 4 Started Tracking Cookie scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Tracking cookie scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 4 Disk Scan Result for c:\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 4 Scanning Hosts file...... Hosts file location:"C:\WINDOWS\hosts". »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Hosts file scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» 0 entries scanned. New critical objects:0 Objects found so far: 4 Performing conditional scans... »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Conditional scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 4 17:56:49 Scan Complete Summary Of This Scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Total scanning time:00:08:27.510 Objects scanned:148218 Objects identified:1 Objects ignored:0 New critical objects:1 Es wäre superlieb, wenn mir ein netter Mensch hilfreich sein könnte. Vielen Dank! |
Hallo. Mit dem Report von Ad-Aware kann ich nicht viel anfangen, aber poste doch mal ein Hijacklog, Anleitung dazu in meiner Signatur verlinkt. Gruß Sunny |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 06:36 Uhr. |
Copyright ©2000-2025, Trojaner-Board