Gefährliche Toolbar auf Rechner entdeckt. Was nun?

#1 Hallo Protecus Community,
Habe folgendes Problem. Habe vor einigen Tagen AdAware drüberlaufen lassen und er hat mir eine Toolbar ausgespuckt (den Namen habe ich ungünstigerweise nicht notiert), die mit 9 von 10 Punkten gerated wurde. Das hat mich ein kleines bisschen verunsichert und daraufhin hab ich direkt nochmal Antivir drüberlaufen lassen. Der Scanner hat allerdings nichts außer ein paar Meldungen über Verzeichnisse ausgespuckt, auf die nicht zugegriffen werden kann. Virenwarnungen / Trojanerwarnungen hat er keine ausgegeben. Nun hab ich auch nochmal ein HJT Log gemacht und es hier reingestellt. Würde mich drüber freuen, wenn das jemand in Augenschein nehmen könnte um mir zu sagen, welche Einträge ich dort reparieren (fixen) soll. Würde mich über Hilfe freuen. Will mein System schliesslich wieder bereinigen . Vielen Dank schonmal im vorraus an all diejenigen unter euch, die mir helfen.

MFG Greenhorn87

_________________________________________________________

Logfile HJT
_________________________________________________________

Logfile of HijackThis v1.99.1
Scan saved at 16:32:41, on 21.09.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
D:\_Media\Music\Winamp\winampa.exe
C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
C:\Programme\Messenger\msmsgs.exe
D:\_Media\Music\Winamp\Winamp.exe
C:\Programme\Adobe\Acrobat 6.0\Reader\AcroRd32.exe
C:\Dokumente und Einstellungen\Master\Desktop\Programme\Antivirus\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Programme\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [WinampAgent] D:\_Media\Music\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ICQ Lite] "C:\Programme\ICQLite\ICQLite.exe" -minimize
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Startup: Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Google-Suche - res://C:\Programme\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Ins Deutsche übersetzen - res://C:\Programme\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://C:\Programme\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Verweisseiten - res://C:\Programme\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://C:\Programme\Google\GoogleToolbar1.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {2EF98DE5-183F-11D4-83EC-EC6A1DB6E213} (DynaGeoX Element) - http://www.dynageo.de/download/dyngeoviewer
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x/client/wuweb_site.cab?1151449141030
O17 - HKLM\System\CCS\Services\Tcpip\..\{976C2F1F-8F48-4154-B035-1515A3AF0950}: NameServer = 192.168.2.1,0.0.0.0
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

#2 Hi Greenhorn87,

Suche mit dem WinExplorer nachfolgenden Ordner:
C:\Dokumente und Einstellungen\Username\Anwendungsdaten\Lavasoft\Ad-Aware\Logs
(für "Username" musst Du den Namen des aktuellen Users einsetzen!)

dort findest Du alle AD-Aware Logs. Suche das Log heraus, in dem das kritische Objekt angezeigt wird, öffne es mit Notepad und kopiere den gesamten Text hier in Deinen Thread.

Gruß
Heron
__________
"Die Welt ist groß, weil der Kopf so klein"
Wilhelm Busch

#3 Habe in meinem Verzeichnis nach der Datei gesucht und sie gefunden. Hoffe, dass da jemand durchblickt und mir sagen kann ob ich noch irgendwas fixen muss. Also hier das Adaware Log. Hab die mir seltsam vorkommenden Stellen Rot markiert. Trotzdem wäre ich froh wenn sich jemand das ganze nochmal genau ansehen könnte.


Ad-Aware SE Build 1.06r1
Logfile Created on:Mittwoch, 20. September 2006 21:29:55
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R123 13.09.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):18 total references
Softomate Toolbar(TAC index:9):6 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


20.09.2006 21:29:55 - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : C:\Dokumente und Einstellungen\Master\recent
Description : list of recently opened documents


MRU List Object Recognized!
Location: : S-1-5-21-1935655697-1343024091-1060284298-1003\software\adobe\acrobat reader\6.0\avgeneral\crecentfiles
Description : list of recently used files in adobe reader


MRU List Object Recognized!
Location: : S-1-5-21-1935655697-1343024091-1060284298-1003\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : S-1-5-21-1935655697-1343024091-1060284298-1003\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : S-1-5-21-1935655697-1343024091-1060284298-1003\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Object Recognized!
Location: : S-1-5-21-1935655697-1343024091-1060284298-1003\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Object Recognized!
Location: : S-1-5-21-1935655697-1343024091-1060284298-1003\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-1935655697-1343024091-1060284298-1003\software\microsoft\internet explorer\main
Description : last save directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-1935655697-1343024091-1060284298-1003\software\microsoft\mediaplayer\medialibraryui
Description : last selected node in the microsoft windows media player media library


MRU List Object Recognized!
Location: : S-1-5-21-1935655697-1343024091-1060284298-1003\software\microsoft\mediaplayer\preferences
Description : last playlist index loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-1935655697-1343024091-1060284298-1003\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-1935655697-1343024091-1060284298-1003\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened


MRU List Object Recognized!
Location: : S-1-5-21-1935655697-1343024091-1060284298-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension


MRU List Object Recognized!
Location: : S-1-5-21-1935655697-1343024091-1060284298-1003\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened


MRU List Object Recognized!
Location: : S-1-5-21-1935655697-1343024091-1060284298-1003\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 460
ThreadCreationTime : 20.09.2006 17:05:48
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 524
ThreadCreationTime : 20.09.2006 17:05:50
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 552
ThreadCreationTime : 20.09.2006 17:05:52
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 604
ThreadCreationTime : 20.09.2006 17:05:52
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Anwendung für Dienste und Controller
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 616
ThreadCreationTime : 20.09.2006 17:05:52
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 764
ThreadCreationTime : 20.09.2006 17:05:52
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 828
ThreadCreationTime : 20.09.2006 17:05:53
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 892
ThreadCreationTime : 20.09.2006 17:05:53
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 932
ThreadCreationTime : 20.09.2006 17:05:53
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 984
ThreadCreationTime : 20.09.2006 17:05:53
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [vsmon.exe]
FilePath : C:\WINDOWS\system32\ZONELABS\
ProcessID : 1012
ThreadCreationTime : 20.09.2006 17:05:54
BasePriority : Normal
FileVersion : 6.5.722.000
ProductVersion : 6.5.722.000
ProductName : TrueVector Service
CompanyName : Zone Labs, LLC
FileDescription : TrueVector Service
InternalName : vsmon
LegalCopyright : Copyright © 1998-2006, Zone Labs, LLC
OriginalFilename : vsmon.exe

#:12 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1256
ThreadCreationTime : 20.09.2006 17:05:59
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:13 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1532
ThreadCreationTime : 20.09.2006 17:06:05
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : EXPLORER.EXE

#:14 [nvsvc32.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1704
ThreadCreationTime : 20.09.2006 17:06:07
BasePriority : Normal
FileVersion : 6.14.10.8198
ProductVersion : 6.14.10.8198
ProductName : NVIDIA Driver Helper Service, Version 81.98
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 81.98
InternalName : NVSVC
LegalCopyright : (C) NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe

#:15 [wdfmgr.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1748
ThreadCreationTime : 20.09.2006 17:06:07
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: dnsrv(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:16 [zlclient.exe]
FilePath : C:\Programme\Zone Labs\ZoneAlarm\
ProcessID : 1888
ThreadCreationTime : 20.09.2006 17:06:08
BasePriority : Normal
FileVersion : 6.5.722.000
ProductVersion : 6.5.722.000
ProductName : Zone Labs Client
CompanyName : Zone Labs, LLC
FileDescription : Zone Labs Client
InternalName : zlclient
LegalCopyright : Copyright © 1998-2006, Zone Labs, LLC
OriginalFilename : zlclient.exe

#:17 [winampa.exe]
FilePath : D:\_Media\Music\Winamp\
ProcessID : 1912
ThreadCreationTime : 20.09.2006 17:06:08
BasePriority : Normal


#:18 [jusched.exe]
FilePath : C:\Programme\Java\jre1.5.0_06\bin\
ProcessID : 1952
ThreadCreationTime : 20.09.2006 17:06:08
BasePriority : Normal


#:19 [msmsgs.exe]
FilePath : C:\Programme\Messenger\
ProcessID : 1968
ThreadCreationTime : 20.09.2006 17:06:08
BasePriority : Normal
FileVersion : 4.7.3000
ProductVersion : Version 4.7.3000
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Windows Messenger
InternalName : msmsgs
LegalCopyright : Copyright (c) Microsoft Corporation 2004
LegalTrademarks : Microsoft(R) is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe

#:20 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1028
ThreadCreationTime : 20.09.2006 17:06:15
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:21 [ad-aware.exe]
FilePath : C:\Programme\Lavasoft\Ad-Aware SE Personal\
ProcessID : 1928
ThreadCreationTime : 20.09.2006 17:43:13
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

#:22 [avguard.exe]
FilePath : C:\Programme\AntiVir PersonalEdition Classic\
ProcessID : 3844
ThreadCreationTime : 20.09.2006 19:29:20
BasePriority : Normal


#:23 [avgnt.exe]
FilePath : C:\Programme\AntiVir PersonalEdition Classic\
ProcessID : 3512
ThreadCreationTime : 20.09.2006 19:29:24
BasePriority : Normal


#:24 [sched.exe]
FilePath : C:\Programme\AntiVir PersonalEdition Classic\
ProcessID : 1944
ThreadCreationTime : 20.09.2006 19:29:24
BasePriority : Normal


Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 18


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Softomate Toolbar Object Recognized!
Type : Regkey
Data :
TAC Rating : 9
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{77d6ddfa-7834-4541-b2b3-a8b0fb0e3924}

Softomate Toolbar Object Recognized!
Type : Regkey
Data :
TAC Rating : 9
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{855f3b16-6d32-4fe6-8a56-bbb695989046}
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 2
Objects found so far: 20


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 20

Softomate Toolbar Object Recognized!
Type : RegValue
Data :
TAC Rating : 9
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\toolbar
Value : {855f3b16-6d32-4fe6-8a56-bbb695989046}

Softomate Toolbar Object Recognized!
Type : RegValue
Data :
TAC Rating : 9
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1935655697-1343024091-1060284298-1003\software\microsoft\internet explorer\toolbar\Webbrowser
Value : {855f3b16-6d32-4fe6-8a56-bbb695989046}


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 22



Deep scanning and examining files (C
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 22


Deep scanning and examining files (D
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 22


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 22




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Softomate Toolbar Object Recognized!
Type : Regkey
Data :
TAC Rating : 9
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\icqtoolbar

Softomate Toolbar Object Recognized!
Type : RegData
Data : 0
TAC Rating : 9
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\main\featurecontrol\feature_localmachine_lockdown
Value : iexplore.exe
Data : 0

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 2
Objects found so far: 24

21:34:32 Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:04:37.439
Objects scanned:123756
Objects identified:6
Objects ignored:0
New critical objects:6

#4 Greenhorn87

lade das und poste den report (die toolbar wird so geloescht werden)
http://virus-protect.org/artikel/tools/combofix.html

stelle den CleanUp genauso ein, wie hier angegeben:
http://virus-protect.org/cleanup.html

Kopiere diese 4 Textdateien ab . (rechtsklick mit der Maus -> den Text markieren -> kopieren -> einfügen) Sie sind nach Datum geordnet. (kopiere nur die letzten 3 Monate ab)
http://virus-protect.org/datfindbat.html
__________
MfG Sabina

rund um die PC-Sicherheit

#5 *********************************************************

Folgende Datei gibt mir Combofix aus:

*********************************************************
*********************************************************

Master - 06-09-23 9:44:55,41 Service Pack 2
ComboFix 06.09.21 - Running from: "C:\Dokumente und Einstellungen\Master\Desktop\Programme\Antivirus"

((((((((((((((((((((((((((((((( Files Created from 2006-08-23 to 2006-09-23 ))))))))))))))))))))))))))))))))))


2006-09-04 19:16 180,224 --a------ C:\WINDOWS\system32\nvudisp.exe
2006-09-04 19:14 180,224 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2006-09-03 20:57 3,955,456 --a------ C:\WINDOWS\system32\nv4_disp.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-09-23 09:44 1808 --a------ C:\Dokumente und Einstellungen\Master\Anwendungsdaten\CleanUp!.log
2006-09-22 14:54 -------- d-------- C:\Programme\CleanUp!
2006-09-16 14:27 -------- d-------- C:\Programme\ICQToolbar
2006-09-16 14:27 -------- d-------- C:\Dokumente und Einstellungen\Master\Anwendungsdaten\ICQ Toolbar
2006-09-14 14:21 -------- d-------- C:\Programme\Teamspeak2_RC2_Serverversion
2006-09-14 14:19 -------- d-------- C:\Dokumente und Einstellungen\Master\Anwendungsdaten\teamspeak2
2006-09-14 14:18 -------- d-------- C:\Programme\Teamspeak2_RC2
2006-09-13 21:34 -------- d-------- C:\Dokumente und Einstellungen\Master\Anwendungsdaten\DynaGeo
2006-09-11 19:35 -------- d-------- C:\Dokumente und Einstellungen\Master\Anwendungsdaten\Sun
2006-09-11 19:33 -------- d-------- C:\Programme\Java
2006-09-11 19:32 -------- d-------- C:\Programme\Gemeinsame Dateien\Java
2006-09-11 18:18 -------- d-------- C:\Programme\Google
2006-09-04 11:43 -------- d-------- C:\Dokumente und Einstellungen\Master\Anwendungsdaten\Opera
2006-09-03 22:02 -------- d-------- C:\Programme\Lucas Learning
2006-08-30 20:23 -------- d-------- C:\Programme\PTGui
2006-08-30 19:58 -------- d-------- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared
2006-08-30 17:24 -------- d-------- C:\Programme\Panorama Tools
2006-08-29 23:20 -------- d-------- C:\Programme\Hotwind
2006-08-01 01:17 78848 --a------ C:\WINDOWS\system32\drivers\SSHDRV85.sys
2006-08-01 00:51 76288 --a------ C:\WINDOWS\system32\drivers\SSHDRV82.sys
2006-07-23 17:12 737280 --a------ C:\WINDOWS\iun6002.exe
2006-06-29 20:06 14 --a------ C:\WINDOWS\system32\systeminfo.dll
2006-06-28 08:40 57384 --a------ C:\WINDOWS\system32\avsda.dll
2006-06-28 00:29 0 -rahs---- C:\MSDOS.SYS
2006-06-28 00:29 0 -rahs---- C:\IO.SYS
2006-06-28 00:29 0 --a------ C:\CONFIG.SYS
2006-06-28 00:29 0 --a------ C:\AUTOEXEC.BAT


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="\"C:\\Programme\\Messenger\\msmsgs.exe\" /background"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Runonce]
"ICQ Lite"="C:\\Programme\\ICQLite\\ICQLite.exe -trayboot"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Zone Labs Client"="\"C:\\Programme\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"avgnt"="\"C:\\Programme\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"
"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"WinampAgent"="D:\\_Media\\Music\\Winamp\\winampa.exe"
"QuickTime Task"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"SunJavaUpdateSched"="C:\\Programme\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"ICQ Lite"="\"C:\\Programme\\ICQLite\\ICQLite.exe\" -minimize"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Die derzeitige Homepage"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


C:\WINDOWS\Prefetch\CLEANUP.EXE-21B56F2B.pf - deleted
C:\WINDOWS\Prefetch\CMD.EXE-087B4001.pf - deleted
C:\WINDOWS\Prefetch\FIND.EXE-0EC32F1E.pf - deleted
C:\WINDOWS\Prefetch\NIRCMD.EXE-0F2ED1D6.pf - deleted
C:\WINDOWS\Prefetch\SWREG.EXE-024F30B1.pf - deleted
C:\WINDOWS\Prefetch\SWREG.EXE-298CB0F2.pf - deleted
C:\WINDOWS\Prefetch\REGEDIT.EXE-1B606482.pf - deleted
C:\WINDOWS\Prefetch\NIRCMD.EXE-22AC7776.pf - deleted
C:\WINDOWS\Prefetch\FINDSTR.EXE-29CCA663.pf - deleted
C:\WINDOWS\Prefetch\CSCRIPT.EXE-1C26180C.pf - deleted
C:\WINDOWS\Prefetch\FIND.EXE-39BA054E.pf - deleted
C:\WINDOWS\Prefetch\REG.EXE-0D2A95F7.pf - deleted
C:\WINDOWS\Prefetch\COMBOFIX.EXE-0AD3C7C8.pf - deleted
C:\WINDOWS\Prefetch\SC.EXE-2DC19A59.pf - deleted
C:\WINDOWS\Prefetch\CHCP.COM-18156052.pf - deleted
C:\WINDOWS\Prefetch\FINDSTR.EXE-0CA6274B.pf - deleted
C:\WINDOWS\Prefetch\NIRCMD.EXE-1FB8FB94.pf - deleted
C:\WINDOWS\Prefetch\SWREG.EXE-3530D480.pf - deleted
C:\WINDOWS\Prefetch\SORT.EXE-2F324C30.pf - deleted
C:\WINDOWS\Prefetch\COMBOFIX.EXE-36397029.pf - deleted
C:\WINDOWS\Prefetch\NOTEPAD.EXE-336351A9.pf - deleted
C:\WINDOWS\Prefetch\IEXPLORE.EXE-2CA9778D.pf - deleted
'Run MRU' list - removed from the registry.
Search Assistant MRU list - removed from the registry.
Explorer Open/Save MRU list - removed from the registry.
Explorer Last Visited MRU list - removed from the registry.
Paint Recent File List - removed from the registry.
Telnet's MRU list - removed from the registry.
CleanUp! 4.5.2 recovered 909.3 KB of disk space from 136 files.
CleanUp! finished on 09/23/06 10:01:08.

*********************************************************
*********************************************************

Zu dem letzten genannten Program habe ich noch eine Frage. Welche der 4 Dateien soll ich hier reinkopieren? Von jeder datei jeweils die letzten 3-4 Monate?

#6 datfindbat - von jedem Text (es sind 4 ) hier ca. 3 Monate reinkopieren
__________
MfG Sabina

rund um die PC-Sicherheit

#7 Gut dann kommen jetzt noch die Datfindbat Logs:

*******************************************************
*******************************************************

Sys.txt:

*******************************************************
*******************************************************

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 1032-73D8

Verzeichnis von C:\

23.09.2006 09:48 0 sys.txt
23.09.2006 09:48 7.116 system.txt
23.09.2006 09:47 134 systemtemp.txt
23.09.2006 09:46 100.913 system32.txt
23.09.2006 09:45 6.069 ComboFix.txt
23.09.2006 09:41 1.073.270.784 hiberfil.sys
23.09.2006 09:41 1.610.612.736 PAGEFILE.SYS
23.09.2006 09:28 5.954 ComboFix2.txt
03.09.2006 11:27 2.992 PCcheck.LOG
29.06.2006 20:06 0 dxva.log
28.06.2006 20:19 64 Capture.fcb
28.06.2006 00:29 0 CONFIG.SYS
28.06.2006 00:29 0 IO.SYS
28.06.2006 00:29 0 AUTOEXEC.BAT
28.06.2006 00:29 0 MSDOS.SYS
28.06.2006 00:21 211 boot.ini
03.08.2004 20:59 251.184 ntldr
03.08.2004 20:38 47.564 NTDETECT.COM
23.08.2001 12:00 4.952 bootfont.bin

19 Datei(en) 2.684.310.673 Bytes
0 Verzeichnis(se), 7.194.771.456 Bytes frei

*******************************************************
*******************************************************

System32.txt

*******************************************************
*******************************************************

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 1032-73D8

Verzeichnis von C:\WINDOWS\system32

23.09.2006 09:42 48.882 vsconfig.xml
23.09.2006 09:42 43.573 nvapps.xml
20.09.2006 18:43 2.206 wpa.dbl
14.09.2006 14:18 34.064 lhacm.acm
11.09.2006 19:34 7.006 jupdate-1.5.0_06-b05.log
08.09.2006 21:41 120.872 MSForms.TWD
04.09.2006 16:56 2.180 d3d8caps.dat
03.09.2006 21:49 2.404 d3d9caps.dat
30.08.2006 20:13 125.320 FNTCACHE.DAT
27.08.2006 01:10 23.148 Atmdeuxx.GID
01.08.2006 00:48 63.580 perfc007.dat
01.08.2006 00:48 380.350 perfh009.dat
01.08.2006 00:48 391.000 perfh007.dat
01.08.2006 00:48 52.764 perfc009.dat
01.08.2006 00:48 786.220 PerfStringBackup.INI
05.07.2006 16:40 2.433 qtplugin.log
29.06.2006 20:06 14 systeminfo.dll
29.06.2006 20:04 0 dvdcomplete.log
28.06.2006 20:27 69.632 system.mdw
28.06.2006 20:26 27.136 ctl3d32.dll.tmp
28.06.2006 19:34 22 ati64hlp.stb
28.06.2006 08:40 57.384 avsda.dll
28.06.2006 08:36 22 ati64hl2.stb
28.06.2006 08:27 4.212 zllictbl.dat
28.06.2006 00:36 261 $winnt$.inf
28.06.2006 00:29 2.951 CONFIG.NT
28.06.2006 00:29 16.832 amcompat.tlb
28.06.2006 00:29 23.392 nscompat.tlb
28.06.2006 00:28 488 logonui.exe.manifest
28.06.2006 00:28 488 WindowsLogon.manifest
28.06.2006 00:28 749 ncpa.cpl.manifest
28.06.2006 00:28 749 sapi.cpl.manifest
28.06.2006 00:28 749 wuaucpl.cpl.manifest
28.06.2006 00:28 749 cdplayer.exe.manifest
28.06.2006 00:28 749 nwc.cpl.manifest
28.06.2006 00:25 21.740 emptyregdb.dat
18.06.2006 17:54 394.872 vsdatant.sys
18.06.2006 17:54 71.672 zlcommdb.dll
18.06.2006 17:54 83.960 zlcomm.dll
18.06.2006 17:54 100.344 vsxml.dll
18.06.2006 17:54 59.384 vswmi.dll
18.06.2006 17:54 440.312 vsutil.dll
18.06.2006 17:54 71.672 vsregexp.dll
18.06.2006 17:54 268.280 vspubapi.dll
18.06.2006 17:54 104.440 vsmonapi.dll
18.06.2006 17:54 157.688 vsinit.dll
18.06.2006 17:54 83.960 vsdata.dll
18.06.2006 17:54 796.584 libeay32_0.9.6l.dll

*******************************************************
*******************************************************

System.txt

*******************************************************
*******************************************************
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 1032-73D8

Verzeichnis von C:\WINDOWS

23.09.2006 09:42 0 0.log
23.09.2006 09:41 2.048 bootstat.dat
23.09.2006 09:41 1.145.923 WindowsUpdate.log
23.09.2006 09:41 32.630 SchedLgU.Txt
13.09.2006 21:34 361.631 setupapi.log
08.09.2006 16:40 15.374 Master.acl
06.09.2006 16:33 410 wiadebug.log
06.09.2006 16:33 50 wiaservc.log
06.09.2006 10:56 60.753 wmsetup.log
04.09.2006 19:46 8.798 KB885835.log
04.09.2006 19:46 8.548 KB885836.log
04.09.2006 19:46 8.373 KB920214.log
04.09.2006 19:46 8.047 KB911927.log
04.09.2006 19:46 7.953 KB922616.log
04.09.2006 19:46 7.856 KB901017.log
04.09.2006 19:46 7.748 KB899591.log
04.09.2006 19:46 7.657 KB896424.log
04.09.2006 19:45 7.556 KB893756.log
04.09.2006 19:45 7.453 KB911280.log
04.09.2006 19:45 7.352 KB911562.log
04.09.2006 19:45 8.539 KB900485.log
04.09.2006 19:45 5.966 KB899589.log
04.09.2006 19:45 5.872 KB914388.log
04.09.2006 19:45 6.144 KB917344.log
04.09.2006 19:45 5.672 KB905414.log
04.09.2006 19:45 5.577 KB917953.log
04.09.2006 19:45 5.476 KB901214.log
04.09.2006 19:45 5.381 KB917422.log
04.09.2006 19:45 5.352 KB888302.log
04.09.2006 19:45 5.188 KB900725.log
04.09.2006 19:44 5.079 KB912919.log
04.09.2006 19:44 7.160 KB899587.log
04.09.2006 19:44 6.667 KB917159.log
04.09.2006 19:43 6.644 KB873339.log
04.09.2006 19:43 6.480 KB921398.log
04.09.2006 19:43 3.707 KB890859.log
04.09.2006 19:43 6.450 KB887472.log
04.09.2006 19:43 6.277 KB896358.log
04.09.2006 19:42 6.560 KB918899.log
04.09.2006 19:42 6.069 KB920670.log
04.09.2006 19:42 6.048 KB891781.log
04.09.2006 19:42 5.874 KB918439.log
04.09.2006 19:42 5.792 KB902400.log
04.09.2006 19:42 5.680 KB890046.log
04.09.2006 19:37 4.733 KB916595.log
04.09.2006 19:37 4.491 KB904706.log
04.09.2006 19:36 4.410 KB908531.log
04.09.2006 19:36 4.288 KB905749.log
04.09.2006 19:36 4.198 KB913580.log
04.09.2006 19:36 4.087 KB896428.log
04.09.2006 19:36 3.999 KB911567.log
04.09.2006 19:36 3.900 KB894391.log
04.09.2006 19:36 3.797 KB908519.log
04.09.2006 19:36 3.597 KB920683.log
04.09.2006 19:36 3.546 KB914389.log
04.09.2006 19:31 3.697 KB921883.log
04.09.2006 19:31 3.492 KB896423.log
04.09.2006 19:13 1.040 Directx.log
04.09.2006 19:13 1.409 QTFont.for
04.09.2006 19:13 54.156 QTFont.qfn
04.09.2006 11:43 616 win.ini
03.09.2006 14:41 10 WININIT.INI
27.08.2006 20:39 18 ssetup.ini
27.08.2006 20:39 0 setup.lst
26.08.2006 22:56 3.056 MedCtrOC.log
26.08.2006 22:56 6.548 netfxocm.log
26.08.2006 22:56 2.038 ocmsn.log
26.08.2006 22:56 2.185 tabletoc.log
26.08.2006 22:56 1.968 msgsocm.log
26.08.2006 22:56 22.555 comsetup.log
26.08.2006 22:56 1.917 imsins.log
26.08.2006 22:56 67.881 iis6.log
26.08.2006 22:56 26.340 ocgen.log
26.08.2006 22:56 12.281 ntdtcsetup.log
26.08.2006 22:56 20.420 tsoc.log
26.08.2006 22:56 30.695 FaxSetup.log
26.08.2006 22:56 15.670 msmqinst.log
26.08.2006 22:56 0 setuperr.log
26.08.2006 22:53 178.282 setupact.log
01.08.2006 01:20 1.452 COM+.log
01.08.2006 00:46 316.640 WMSysPr9.prx
23.07.2006 17:12 737.280 iun6002.exe
03.07.2006 22:27 162 SIERRA.INI
28.06.2006 20:27 4.348 ODBCINST.INI
28.06.2006 20:27 634 ODBC.INI
28.06.2006 13:29 0 ATIMMC.INI
28.06.2006 08:06 4.381 WGA.log
28.06.2006 08:06 7.353 KB898461.log
28.06.2006 08:06 1.374 imsins.BAK
28.06.2006 08:06 6.023 KB893803v2.log
28.06.2006 00:40 829 OEWABLog.txt
28.06.2006 00:37 8.192 REGLOCS.OLD
28.06.2006 00:29 0 control.ini
28.06.2006 00:28 749 WindowsShell.Manifest
28.06.2006 00:26 1.023 sessmgr.setup.log
28.06.2006 00:25 36 vb.ini
28.06.2006 00:25 37 vbaddin.ini
28.06.2006 00:25 133 DtcInstall.log
28.06.2006 00:22 200 cmsetacl.log

*******************************************************
*******************************************************

Systemtemp.txt

*******************************************************
*******************************************************

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 1032-73D8

Verzeichnis von C:\DOKUME~1\Master\LOKALE~1\Temp


*******************************************************
*******************************************************

Habe meinen Beitrag zu DataFindbat nun aktualisiert. Nun sollte alles vorhanden sein, um prüfen zu können, ob mein System sauber ist oder nicht oder?

Vielen Dank schonmal an alle, die mir bisher geholfen haben. Wäre nett wenn ihr das alles nochmal prüfen könntet. Danke

#8 Greenhorn87

virustotal
Oben auf der Seite --> auf Durchsuchen klicken --> Datei mit korrektem Pfad einkopieren) --> Doppelklick auf die zu prüfende Datei --> klick auf Submit... jetzt abwarten
http://www.virustotal.com/flash/index_en.html

C:\WINDOWS\system32\ctl3d32.dll.tmp

poste den report
__________
MfG Sabina

rund um die PC-Sicherheit

#9 Virustotal ergibt folgendes auf Anfrage nach der folgenden Datei:

C:\WINDOWS\system32\ctl3d32.dll.tmp

Antivirus Version Update Result
AntiVir 7.2.0.18 09.23.2006 no virus found
Authentium 4.93.8 09.23.2006 no virus found
Avast 4.7.844.0 09.22.2006 no virus found
AVG 386 09.22.2006 no virus found
BitDefender 7.2 09.23.2006 no virus found
CAT-QuickHeal 8.00 09.22.2006 no virus found
ClamAV devel-20060426 09.23.2006 no virus found
DrWeb 4.33 09.22.2006 no virus found
eTrust-InoculateIT 23.73.3 09.23.2006 no virus found
eTrust-Vet 30.3.3093 09.22.2006 no virus found
Ewido 4.0 09.23.2006 no virus found
Fortinet 2.82.0.0 09.23.2006 no virus found
F-Prot 3.16f 09.22.2006 no virus found
F-Prot4 4.2.1.29 09.23.2006 no virus found
Ikarus 0.2.65.0 09.23.2006 no virus found
Kaspersky 4.0.2.24 09.23.2006 no virus found
McAfee 4858 09.22.2006 no virus found
Microsoft 1.1560 09.23.2006 no virus found
NOD32v2 1.1769 09.23.2006 no virus found
Norman 5.90.23 09.22.2006 no virus found
Panda 9.0.0.4 09.23.2006 no virus found
Sophos 4.09.0 09.23.2006 no virus found
Symantec 8.0 09.23.2006 no virus found
TheHacker 6.0.1.077 09.22.2006 no virus found
UNA 1.83 09.22.2006 no virus found
VBA32 3.11.1 09.23.2006 no virus found
VirusBuster 4.3.7:9 09.23.2006 no virus found

Aditional Information
File size: 27136 bytes
MD5: 89cf6af0a2a1cfebc82851c20852c121
SHA1: 9106f4ade6a696d5f98968bce895333ad5dbd9ae