.::|||::. | 05.10.2007 14:16 | Seltsamer eScan-Log! Paranoia? Hi
Vorab: Ich hatte bisher noch nie Probleme (jetzt eig. auch nicht:)) mit Viren o.ä. und mein Kaspersky hat mich noch nie schützen müssen.
So, nun zu meinen "Problem":
Gestern habe ich mal einen eScan gemäss Anleitung durchgeführt und siehe da, es werden natürlich mehrere Viren gefunden. Aus Erfahrung kann ich einige ausschliessen, wegen den bekannten False-Positives von eScan.
Naja, ihr Pro's seht es euch an: Zitat:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Header
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
find.bat Version 2007.06.16.01
Microsoft Windows XP [Version 5.1.2600]
Bootmodus: NORMAL
eScan Version: 9.4.4
Sprache: English
Virus Database Date: 10/3/2007
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Infektionsmeldungen
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
System found infected with cydoor Spyware/Adware (libeay32_1-1-0_ddr.dll)! Action taken: No Action Taken.
System found infected with cydoor Spyware/Adware (ssleay32_1-1-0_ddr.dll)! Action taken: No Action Taken.
System found infected with cydoor Spyware/Adware (stlport_4_0_0_ddr.dll)! Action taken: No Action Taken.
System found infected with cydoor Spyware/Adware (xerces-c_1_40_0_ddr.dll)! Action taken: No Action Taken.
System found infected with cydoor Spyware/Adware (cfd.exe)! Action taken: No Action Taken.
System found infected with cydoor Spyware/Adware (cfd.exe)! Action taken: No Action Taken.
Object "grokster Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "gain.gator Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "gain.gator Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "gain.gator Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "NULLBYTE Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "grokster Spyware/Adware" found in File System! Action Taken: No Action Taken.
~~~~~~~~~~~ Dateien
~~~~~~~~~~~
~~~~ Infected files
~~~~~~~~~~~
File C:\DELL\drivers\R122161\HDAQFE\win2k3\jpn\qfe.exe infected by "Exe.Corrupted" Virus! Action Taken: No Action Taken.
File C:\DELL\drivers\R122161\HDAQFE\win2k3\us\qfe.exe infected by "Exe.Corrupted" Virus! Action Taken: No Action Taken.
File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecTaskMan\.q_13A40_q\HDAQFE\win2k3\jpn\qfe.exe infected by "Exe.Corrupted" Virus! Action Taken: No Action Taken.
File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecTaskMan\.q_13A40_q\HDAQFE\win2k3\us\qfe.exe infected by "Exe.Corrupted" Virus! Action Taken: No Action Taken.
File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecTaskMan\.q_13A40_q\HDAQFE\win2k_xp\us\qfe.exe infected by "Exe.Corrupted" Virus! Action Taken: No Action Taken.
~~~~~~~~~~~
~~~~ Tagged files
~~~~~~~~~~~
~~~~~~~~~~~
~~~~ Offending files
~~~~~~~~~~~
Offending file found: C:\WINDOWS\system32\libeay32_1-1-0_ddr.dll
Offending file found: C:\WINDOWS\system32\ssleay32_1-1-0_ddr.dll
Offending file found: C:\WINDOWS\system32\stlport_4_0_0_ddr.dll
Offending file found: C:\WINDOWS\system32\xerces-c_1_40_0_ddr.dll
~~~~~~~~~~~ Ordner
~~~~~~~~~~~
~~~~~~~~~~~ Registry
~~~~~~~~~~~
Offending Key found: HKLM\Software\magnet !!!
Offending Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\gator.com !!!
Offending Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\p3p\history\gator.com !!!
Offending Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\p3p\history\gator.com !!!
Offending Key found: HKCR\magnet !!!
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Diverses
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~ Prozesse und Module
~~~~~~~~~~~~~~~~~~~~~~
Invalid Entry DllName = appmgmts.dll (in key SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}). Deleting Registry Key {c6dc5466-785a-11d2-84d0-00c04fb169f7}...
~~~~~~~~~~~~~~~~~~~~~~ Scanfehler
~~~~~~~~~~~~~~~~~~~~~~
C:\MSOCache\All Users\{90120000-00A1-0407-0000-0000000FF1CE}-C\OnoteLR.cab not Scanned. Possibly password protected...
C:\Programme\Microsoft Office\Office12\1031\OneNoteMobile.CAB not Scanned. Possibly password protected...
C:\Programme\Nero\Nero 7\Nero Mobile\SetupNeroMobile.exe not Scanned. Possibly password protected...
~~~~~~~~~~~~~~~~~~~~~~ Hosts-Datei
~~~~~~~~~~~~~~~~~~~~~~
DataBasePath: %SystemRoot%\System32\drivers\etc
C:\WINDOWS\System32\drivers\etc\hosts :
C:\WINDOWS\System32\drivers\etc\hosts :
C:\WINDOWS\System32\drivers\etc\hosts :
C:\WINDOWS\System32\drivers\etc\hosts :
C:\WINDOWS\System32\drivers\etc\hosts :
C:\WINDOWS\System32\drivers\etc\hosts :
C:\WINDOWS\System32\drivers\etc\hosts :
C:\WINDOWS\System32\drivers\etc\hosts :
C:\WINDOWS\System32\drivers\etc\hosts :
C:\WINDOWS\System32\drivers\etc\hosts :
C:\WINDOWS\System32\drivers\etc\hosts :
C:\WINDOWS\System32\drivers\etc\hosts :255.255.255.255 broadcasthost
C:\WINDOWS\System32\drivers\etc\hosts :::1 localhost
C:\WINDOWS\System32\drivers\etc\hosts :
C:\WINDOWS\System32\drivers\etc\hosts :
C:\WINDOWS\System32\drivers\etc\hosts :
C:\WINDOWS\System32\drivers\etc\hosts :
C:\WINDOWS\System32\drivers\etc\hosts :
C:\WINDOWS\System32\drivers\etc\hosts :
C:\WINDOWS\System32\drivers\etc\hosts :
C:\WINDOWS\System32\drivers\etc\hosts : # mistyped URLs to search engines. They
C:\WINDOWS\System32\drivers\etc\hosts : # log all such errors.
C:\WINDOWS\System32\drivers\etc\hosts : # URLs to their site.
C:\WINDOWS\System32\drivers\etc\hosts :
C:\WINDOWS\System32\drivers\etc\hosts : # and potentially other sites.
C:\WINDOWS\System32\drivers\etc\hosts :
C:\WINDOWS\System32\drivers\etc\hosts : # up CSS on livejournal
C:\WINDOWS\System32\drivers\etc\hosts : # problems with NPR.org
C:\WINDOWS\System32\drivers\etc\hosts : # ads and track users across
C:\WINDOWS\System32\drivers\etc\hosts : # the com.com family of sites
C:\WINDOWS\System32\drivers\etc\hosts :
C:\WINDOWS\System32\drivers\etc\hosts :
C:\WINDOWS\System32\drivers\etc\hosts :
C:\WINDOWS\System32\drivers\etc\hosts :
C:\WINDOWS\System32\drivers\etc\hosts :
C:\WINDOWS\System32\drivers\etc\hosts :
C:\WINDOWS\System32\drivers\etc\hosts :
C:\WINDOWS\System32\drivers\etc\hosts :
C:\WINDOWS\System32\drivers\etc\hosts :
C:\WINDOWS\System32\drivers\etc\hosts :
C:\WINDOWS\System32\drivers\etc\hosts :
C:\WINDOWS\System32\drivers\etc\hosts :
C:\WINDOWS\System32\drivers\etc\hosts :
C:\WINDOWS\System32\drivers\etc\hosts :
C:\WINDOWS\System32\drivers\etc\hosts :
C:\WINDOWS\System32\drivers\etc\hosts : # and some distribute adware and spyware
C:\WINDOWS\System32\drivers\etc\hosts :
C:\WINDOWS\System32\drivers\etc\hosts : # message board spam and are unlikely to be real sites
C:\WINDOWS\System32\drivers\etc\hosts :
C:\WINDOWS\System32\drivers\etc\hosts :
C:\WINDOWS\System32\drivers\etc\hosts :
C:\WINDOWS\System32\drivers\etc\hosts :
C:\WINDOWS\System32\drivers\etc\hosts :
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Statistiken:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Total Critical Objects: 17
Total Disinfected Objects: 0
Total Objects Renamed: 0
Total Deleted Objects: 0
Total Errors: 44
Time Elapsed: 01:52:51
Total Objects Scanned: 67740
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan-Optionen
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Memory Check: Enabled
Registry Check: Enabled
System Folder Check: Enabled
System Area Check: Disabled
Services Check: Enabled
Drive Check: Disabled
All Drive Check :Enabled
All Drive Check :Enabled
Batchstart: 21:40:20.26
Batchende: 21:40:56.53
| Was mir auffällt sind die Hosts und die Offending Files, sowie die Datei qfe.exe, welche an mehreren Orten gefunden wurde.
Ich hab alle genannten Files mal bei VT auswerten lassen: Kein Fund! Code:
Datei libeay32_1-1-0_ddr.dll empfangen 2007.10.05 14:41:48 (CET)
Status: Laden ... Wartend Warten Überprüfung Beendet Nicht gefunden Gestoppt
Ergebnis: 0/32 (0%)
Antivirus Version letzte aktualisierung Ergebnis
AhnLab-V3 2007.10.5.2 2007.10.05 -
AntiVir 7.6.0.20 2007.10.05 -
Authentium 4.93.8 2007.10.05 -
Avast 4.7.1051.0 2007.10.05 -
AVG 7.5.0.488 2007.10.04 -
BitDefender 7.2 2007.10.05 -
CAT-QuickHeal 9.00 2007.10.05 -
ClamAV 0.91.2 2007.10.05 -
DrWeb 4.44.0.09170 2007.10.05 -
eSafe 7.0.15.0 2007.10.04 -
eTrust-Vet 31.2.5188 2007.10.05 -
Ewido 4.0 2007.10.05 -
FileAdvisor 1 2007.10.05 -
Fortinet 3.11.0.0 2007.10.05 -
F-Prot 4.3.2.48 2007.10.05 -
F-Secure 6.70.13030.0 2007.10.05 -
Ikarus T3.1.1.12 2007.10.05 -
Kaspersky 7.0.0.125 2007.10.05 -
McAfee 5134 2007.10.04 -
Microsoft 1.2803 2007.10.04 -
NOD32v2 2573 2007.10.05 -
Norman 5.80.02 2007.10.05 -
Panda 9.0.0.4 2007.10.05 -
Prevx1 V2 2007.10.05 -
Rising 19.43.40.00 2007.10.05 -
Sophos 4.22.0 2007.10.05 -
Sunbelt 2.2.907.0 2007.10.04 -
Symantec 10 2007.10.05 -
TheHacker 6.2.6.076 2007.10.03 -
VBA32 3.12.2.4 2007.10.05 -
VirusBuster 4.3.26:9 2007.10.04 -
Webwasher-Gateway 6.0.1 2007.10.05 -
weitere Informationen
File size: 663552 bytes
MD5: 42e007b152452d3a5603f62e24cbe347
SHA1: 3b9960168be9739d24edbe135b647d40de5c9f5e
____________________________________________________________________________________________________
Datei ssleay32_1-1-0_ddr.dll_ empfangen 2007.10.05 14:42:31 (CET)
Ergebnis: 0/32 (0%)
Antivirus Version letzte aktualisierung Ergebnis
AhnLab-V3 2007.10.5.2 2007.10.05 -
AntiVir 7.6.0.20 2007.10.05 -
Authentium 4.93.8 2007.10.05 -
Avast 4.7.1051.0 2007.10.05 -
AVG 7.5.0.488 2007.10.04 -
BitDefender 7.2 2007.10.05 -
CAT-QuickHeal 9.00 2007.10.05 -
ClamAV 0.91.2 2007.10.05 -
DrWeb 4.44.0.09170 2007.10.05 -
eSafe 7.0.15.0 2007.10.04 -
eTrust-Vet 31.2.5188 2007.10.05 -
Ewido 4.0 2007.10.05 -
FileAdvisor 1 2007.10.05 -
Fortinet 3.11.0.0 2007.10.05 -
F-Prot 4.3.2.48 2007.10.05 -
F-Secure 6.70.13030.0 2007.10.05 -
Ikarus T3.1.1.12 2007.10.05 -
Kaspersky 7.0.0.125 2007.10.05 -
McAfee 5134 2007.10.04 -
Microsoft 1.2803 2007.10.04 -
NOD32v2 2573 2007.10.05 -
Norman 5.80.02 2007.10.05 -
Panda 9.0.0.4 2007.10.05 -
Prevx1 V2 2007.10.05 -
Rising 19.43.40.00 2007.10.05 -
Sophos 4.22.0 2007.10.05 -
Sunbelt 2.2.907.0 2007.10.04 -
Symantec 10 2007.10.05 -
TheHacker 6.2.6.076 2007.10.03 -
VBA32 3.12.2.4 2007.10.05 -
VirusBuster 4.3.26:9 2007.10.04 -
Webwasher-Gateway 6.0.1 2007.10.05 -
weitere Informationen
File size: 159744 bytes
MD5: c1157b2908f4238bb0d9bfc639197e79
SHA1: 566713b295de4e88285c2128cb124fdc20b2818d
____________________________________________________________________________________________________
Datei stlport_4_0_0_ddr.dll_ empfangen 2007.10.05 14:43:04 (CET)
Status: Laden ... Wartend Warten Überprüfung Beendet Nicht gefunden Gestoppt
Ergebnis: 0/32 (0%)
Antivirus Version letzte aktualisierung Ergebnis
AhnLab-V3 2007.10.5.2 2007.10.05 -
AntiVir 7.6.0.20 2007.10.05 -
Authentium 4.93.8 2007.10.05 -
Avast 4.7.1051.0 2007.10.05 -
AVG 7.5.0.488 2007.10.04 -
BitDefender 7.2 2007.10.05 -
CAT-QuickHeal 9.00 2007.10.05 -
ClamAV 0.91.2 2007.10.05 -
DrWeb 4.44.0.09170 2007.10.05 -
eSafe 7.0.15.0 2007.10.04 -
eTrust-Vet 31.2.5188 2007.10.05 -
Ewido 4.0 2007.10.05 -
FileAdvisor 1 2007.10.05 -
Fortinet 3.11.0.0 2007.10.05 -
F-Prot 4.3.2.48 2007.10.05 -
F-Secure 6.70.13030.0 2007.10.05 -
Ikarus T3.1.1.12 2007.10.05 -
Kaspersky 7.0.0.125 2007.10.05 -
McAfee 5134 2007.10.04 -
Microsoft 1.2803 2007.10.04 -
NOD32v2 2573 2007.10.05 -
Norman 5.80.02 2007.10.05 -
Panda 9.0.0.4 2007.10.05 -
Prevx1 V2 2007.10.05 -
Rising 19.43.40.00 2007.10.05 -
Sophos 4.22.0 2007.10.05 -
Sunbelt 2.2.907.0 2007.10.04 -
Symantec 10 2007.10.05 -
TheHacker 6.2.6.076 2007.10.03 -
VBA32 3.12.2.4 2007.10.05 -
VirusBuster 4.3.26:9 2007.10.04 -
Webwasher-Gateway 6.0.1 2007.10.05 -
weitere Informationen
File size: 524377 bytes
MD5: 17d640daeb5144ed26ed3ee672c5f492
SHA1: 1c8ef0e682da52654309aa19b09a2493014dfda9
____________________________________________________________________________________________________
Datei xerces-c_1_40_0_ddr.dll_ empfangen 2007.10.05 14:47:56 (CET)
Status: Laden ... Wartend Warten Überprüfung Beendet Nicht gefunden Gestoppt
Ergebnis: 0/32 (0%)
Antivirus Version letzte aktualisierung Ergebnis
AhnLab-V3 2007.10.5.2 2007.10.05 -
AntiVir 7.6.0.20 2007.10.05 -
Authentium 4.93.8 2007.10.05 -
Avast 4.7.1051.0 2007.10.05 -
AVG 7.5.0.488 2007.10.04 -
BitDefender 7.2 2007.10.05 -
CAT-QuickHeal 9.00 2007.10.05 -
ClamAV 0.91.2 2007.10.05 -
DrWeb 4.44.0.09170 2007.10.05 -
eSafe 7.0.15.0 2007.10.04 -
eTrust-Vet 31.2.5188 2007.10.05 -
Ewido 4.0 2007.10.05 -
FileAdvisor 1 2007.10.05 -
Fortinet 3.11.0.0 2007.10.05 -
F-Prot 4.3.2.48 2007.10.05 -
F-Secure 6.70.13030.0 2007.10.05 -
Ikarus T3.1.1.12 2007.10.05 -
Kaspersky 7.0.0.125 2007.10.05 -
McAfee 5134 2007.10.04 -
Microsoft 1.2803 2007.10.04 -
NOD32v2 2573 2007.10.05 -
Norman 5.80.02 2007.10.05 -
Panda 9.0.0.4 2007.10.05 -
Prevx1 V2 2007.10.05 -
Rising 19.43.40.00 2007.10.05 -
Sophos 4.22.0 2007.10.05 -
Sunbelt 2.2.907.0 2007.10.04 -
Symantec 10 2007.10.05 -
TheHacker 6.2.6.076 2007.10.03 -
VBA32 3.12.2.4 2007.10.05 -
VirusBuster 4.3.26:9 2007.10.04 -
Webwasher-Gateway 6.0.1 2007.10.05 -
weitere Informationen
File size: 532594 bytes
MD5: ac81542bd9ad04189877a4e1a019e0c4
SHA1: ba6543b69194fdc8a7495cc24c5f842267e135f4
____________________________________________________________________________________________________
Datei qfe.exe_ empfangen 2007.10.05 14:54:00 (CET)
Status: Laden ... Wartend Warten Überprüfung Beendet Nicht gefunden Gestoppt
Ergebnis: 0/32 (0%)
Antivirus Version letzte aktualisierung Ergebnis
AhnLab-V3 2007.10.5.2 2007.10.05 -
AntiVir 7.6.0.20 2007.10.05 -
Authentium 4.93.8 2007.10.05 -
Avast 4.7.1051.0 2007.10.05 -
AVG 7.5.0.488 2007.10.04 -
BitDefender 7.2 2007.10.05 -
CAT-QuickHeal 9.00 2007.10.05 -
ClamAV 0.91.2 2007.10.05 -
DrWeb 4.44.0.09170 2007.10.05 -
eSafe 7.0.15.0 2007.10.04 -
eTrust-Vet 31.2.5188 2007.10.05 -
Ewido 4.0 2007.10.05 -
FileAdvisor 1 2007.10.05 -
Fortinet 3.11.0.0 2007.10.05 -
F-Prot 4.3.2.48 2007.10.05 -
F-Secure 6.70.13030.0 2007.10.05 -
Ikarus T3.1.1.12 2007.10.05 -
Kaspersky 7.0.0.125 2007.10.05 -
McAfee 5134 2007.10.04 -
Microsoft 1.2803 2007.10.04 -
NOD32v2 2573 2007.10.05 -
Norman 5.80.02 2007.10.05 -
Panda 9.0.0.4 2007.10.05 -
Prevx1 V2 2007.10.05 -
Rising 19.43.40.00 2007.10.05 -
Sophos 4.22.0 2007.10.05 -
Sunbelt 2.2.907.0 2007.10.04 -
Symantec 10 2007.10.05 -
TheHacker 6.2.6.076 2007.10.03 -
VBA32 3.12.2.4 2007.10.05 -
VirusBuster 4.3.26:9 2007.10.04 -
Webwasher-Gateway 6.0.1 2007.10.05 -
weitere Informationen
File size: 754928 bytes
MD5: 65106dbcda4cd322e6c81549c09c5dec
SHA1: c5691c80aa3fc0341a151244d065b6c2b475f656 Dann noch ein Hijackthis-Log: Zitat:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:11:21, on 05.10.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Running processes:
C:\Programme\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\oodtray.exe
C:\Programme\Apoint\Apoint.exe
C:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Programme\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Windows Desktop Search\WindowsSearch.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\notepad.exe
C:\Dokumente und Einstellungen\*****\Eigene Dateien\2.02.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = hxxps://login.live.com/ppsecure/sha1auth.srf?lc=2055
O1 - Hosts: 255.255.255.255 broadcasthost
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [IntelWireless] C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe
O4 - HKLM\..\Run: [AVP] "C:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Windows-Desktopsuche.lnk = C:\Programme\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Hinzufügen zu Kaspersky Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Statistik für Web-Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://wxw.update.microsoft.com/wind...?1187872765703
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - hxxp://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: EvtEng - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Programme\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Private Folder Service (prfldsvc) - Unknown owner - C:\Programme\Microsoft Private Folder 1.0\PrfldSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Programme\Gemeinsame Dateien\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Programme\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 6571 bytes
| Desweiteren findet Spybot noch die "Malware" Mailskinner.rtk in den Reg-Einträgen: (Nach einem Reboot ist sie wieder da) Zitat:
MailSkinner.rtk: [SBI $68FD185E] Root class (Registrierungsdatenbank-Schlüssel, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\OutlookAddin.Addin
MailSkinner.rtk: [SBI $68FD185E] Root class (Registrierungsdatenbank-Schlüssel, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\OutlookAddin.Addin.1
MailSkinner.rtk: [SBI $68FD185E] Class ID (Registrierungsdatenbank-Schlüssel, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C704648D-6030-47E9-ADBA-1E13B6A784AE}
MailSkinner.rtk: [SBI $6DA3251B] Einstellungen (Registrierungsdatenbank-Schlüssel, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\OutlookAddin.Addin
| Diese Funde werden als Falspositives bezeichnet und sollen zu Kaspersky gehören! (siehe hier)
Was soll Ich machen?
Vielen Dank
.::|||::. |