Spyware Detection Alert

#0
21.02.2007, 16:27
...neu hier

Beiträge: 2
#1 Spyware Detection Alert
Ich werde das Programm
nicht loss brauche Hilfe
anbei meine Logfile


Logfile of HijackThis v1.99.1
Scan saved at 16:20:12, on 21.02.2007
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\System32\v6.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\1&1 Internet\VirtuSafe\VirtuSafe.exe
C:\Program Files\avmwlanstick\WLanGUI.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Users\Bernd\AppData\Local\Temp\Rar$EX00.812\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [syswin] C:\Windows\system32\v6.exe
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\Windows\system32\drvpuj.dll,startup
O4 - HKLM\..\Run: [{C4B76CD3-044C-1031-1021-040031}] "C:\Program Files\Common Files\{C4B76CD3-044C-1031-1021-040031}\Update.exe" mc-110-12-0000272

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [1&1 VirtuSafe] "c:\progra~1\1&1int~1\virtus~1\virtusafe.exe"
O4 - HKLM\..\Run: [AVMWlanClient] C:\Program Files\avmwlanstick\wlangui.exe
O4 - HKCU\..\Run: [Ieuu] "C:\PROGRA~1\SSEMBL~1\netdde.exe" -vt yazb
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll

O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{E7A10C89-A963-46D3-894F-E08DF1373E88}: NameServer = 192.168.100.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: pmnmmlj - C:\Windows\SYSTEM32\pmnmmlj.dll
O20 - Winlogon Notify: winnqi32 - C:\Windows\SYSTEM32\winnqi32.dll

O23 - Service: Apache2.2 - Unknown owner - C:\Program Files\xampp\apache\bin\apache.exe" -k runservice (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVM WLAN Connection Service - AVM Berlin - C:\Program Files\avmwlanstick\WlanNetService.exe
O23 - Service: cyberJack PC/SC COM Service (cjpcsc) - REINER SCT - C:\Windows\system32\cjpcsc.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
Seitenanfang Seitenende
21.02.2007, 22:07
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#2 Bernd171257

««
stelle den CleanUp genauso ein, wie hier angegeben:
http://virus-protect.org/cleanup.html

««
Kopiere diese 6 Textdateien ab . (rechtsklick mit der Maus -> den Text markieren -> kopieren -> einfügen) Sie sind nach Datum geordnet. (kopiere nur die letzten 3 Monate ab)
http://virus-protect.org/datfindbat.html

««
ServiceFilter.zip
http://virus-protect.org/artikel/tools/ServiceFilter.zip

- entzippen
- doppelklick auf die datei ServiceFilter.vbs
- versions-nummer bestätigen
- scannen
- öffnen von wordpad oder editor erlauben
- POST_THIS.TXT abkopieren

»»
poste dieses log
http://virus-protect.org/artikel/tools/comboscan.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
22.02.2007, 15:12
...neu hier

Themenstarter

Beiträge: 2
#3 «


22.02.2007 15:06 405 down.txt
22.02.2007 15:06 117 tmp.txt
22.02.2007 15:06 3.205 system.txt
22.02.2007 15:06 346 systemtemp.txt
22.02.2007 15:06 117.259 system32.txt
22.02.2007 14:48 1.073.274.880 hiberfil.sys
22.02.2007 14:48 1.387.200.512 pagefile.sys
02.11.2006 10:53 438.840 bootmgr
18.09.2006 22:43 10 config.sys
18.09.2006 22:43 24 autoexec.bat
14 Datei(en), 2.461.145.384 Bytes
0 Verzeichnis(se), 21.236.834.304 Bytes frei

11.12.2006 16:44 367 LegitCheckControl.inf
09.11.2006 14:36 5.019 swflash.inf
18.09.2006 22:26 65 desktop.ini
3 Datei(en), 5.451 Bytes
0 Verzeichnis(se), 21.236.834.304 Bytes frei

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: C4B7-6CD3

Verzeichnis von C:\Windows\Temp


22.02.2007 14:56 240.851 WindowsUpdate.log
22.02.2007 14:48 67.584 bootstat.dat
21.02.2007 18:11 26.840 DirectX.log
21.02.2007 17:39 3.992 avminstcli1.log
21.02.2007 17:39 2.200 avmadd32.log
21.02.2007 17:39 1.766 avminstcli.log
21.02.2007 17:08 39.325 avmfwlanci.log
20.02.2007 17:15 5.976 avmadd321.log
20.02.2007 17:14 5.230 avmsetup.log
20.02.2007 17:14 17.244 avmacc.log
20.02.2007 17:14 371 avmcowlan.log
20.02.2007 17:13 448 avmcowlan1.log
19.02.2007 19:25 199 WISO.INI
19.02.2007 19:24 639.488 fpuninst.exe
19.02.2007 19:15 1.908 KB867460.log
28.12.2006 01:02 7.031 instwcli.inf
02.11.2006 13:52 0 setuperr.log
02.11.2006 13:50 749 WindowsShell.Manifest
02.11.2006 13:47 94 SETUPAPI.LOG
02.11.2006 13:35 316.640 WMSysPr9.prx
02.11.2006 13:34 49.680 twunk_16.exe
02.11.2006 13:34 31.232 twunk_32.exe
02.11.2006 13:34 50.688 twain_32.dll
02.11.2006 13:34 94.784 twain.dll
02.11.2006 13:34 151.040 notepad.exe
02.11.2006 10:45 9.216 winhlp32.exe
02.11.2006 10:45 134.656 regedit.exe
02.11.2006 10:45 497.152 HelpPane.exe
02.11.2006 10:45 14.848 hh.exe
02.11.2006 10:45 13.312 fveupdate.exe
02.11.2006 10:45 2.923.520 explorer.exe
02.11.2006 10:44 50.176 bfsvc.exe
02.11.2006 08:46 43.131 mib.bin

22.02.2007 15:03 3.564 ~loroqec.tmp
31.10.2006 00:00 145.184 ose00000.exe
2 Datei(en), 148.748 Bytes
0 Verzeichnis(se), 21.236.899.840 Bytes frei

22.02.2007 14:57 617.860 perfh009.dat
22.02.2007 14:57 107.004 perfc009.dat
22.02.2007 14:57 650.364 perfh007.dat
22.02.2007 14:57 120.530 perfc007.dat
22.02.2007 14:57 1.488.910 PerfStringBackup.INI
22.02.2007 14:50 2.464 7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
22.02.2007 14:50 2.464 7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
19.02.2007 20:16 3.139 jupdate-1.4.2_03-b02.log
19.02.2007 19:59 374.240 FNTCACHE.DAT
19.02.2007 13:43 104.448 DWWIN.EXE
19.02.2007 13:42 3.580.416 mshtml.dll
19.02.2007 13:41 383.488 ieapfltr.dll
19.02.2007 13:41 4.153.344 GameUXLegacyGDFs.dll
19.02.2007 13:41 1.686.016 gameux.dll
19.02.2007 13:40 974.336 crypt32.dll
12.02.2007 18:55 364.544 cjpcsc32.dll
11.02.2007 20:14 40.426 cjbc_en.lan
11.02.2007 20:11 43.402 cjbc_de.lan
09.02.2007 13:40 593.920 cjpcsc.exe
09.02.2007 13:39 303.104 ctrsct32.dll
09.02.2007 13:38 638.976 cjpcscui.exe
07.02.2007 23:01 12.293.536 mrt.exe
30.01.2007 10:38 60.702 rsct_pv_start.wav
30.01.2007 10:38 60.702 rsct_mv_start.wav
30.01.2007 10:38 157.808 cjppa32.dll
30.01.2007 10:38 47.616 cjKbBase.dll
30.01.2007 10:38 13.084 rsct_key_clear.wav
30.01.2007 10:38 4.636 rsct_key_1.wav
30.01.2007 10:38 656 rsct_key.wav
30.01.2007 10:38 18.192 Psap64f5.rra
30.01.2007 10:38 13.026 rsct_key_err.wav
20.01.2007 00:53 3.584 timerstop.sys
15.01.2007 18:32 689.280 aswBoot.exe
15.01.2007 18:23 90.112 AVASTSS.scr
28.12.2006 01:02 74.240 fwlanci.dll
28.12.2006 01:02 68.096 avmadd32.dll
19.12.2006 16:14 266.240 rsct_pnp.dll
12.12.2006 10:45 1.474.864 LegitCheckControl.DLL

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\TabletInputService
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\TBS
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\TrustedInstaller
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\volmgr.sys
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\volmgrx.sys
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ nsi\0lltdsvc\0SSDPSRV\0upnphost\0SCardSvr\0w32time\0EventSystem\0RemoteRegistry\0WinHttpAutoProxySvc\
0lanmanworkstation\0TBS\0SLUINotify\0THREADORDER\0fdrespub\0netprofm\0fdphost\
0wcncsvc\0QWAVE\0Mcx2Svc\0WebClient\0\0
LocalSystemNetworkRestricted REG_MULTI_SZ hidserv\0UxSms\0WdiSystemHost\0Netman\0trkwks\0AudioEndpointBuilder\0WUDFSvc\
0irmon\0sysmain\0IPBusEnum\0dot3svc\0PcaSvc\0EMDMgmt\0TabletInputService\0wlansvc\0WPDBusEnum\0\0
NetworkServiceNetworkRestricted REG_MULTI_SZ PolicyAgent\0\0
LocalServiceNoNetwork REG_MULTI_SZ PLA\0DPS\0BFE\0mpssvc\0ehstart\0\0
NetworkService REG_MULTI_SZ CryptSvc\0DHCP\0TermService\0KtmRm\0DNSCache\0NapAgent\0nlasvc\0WinRM\0WECSVC\0Tapisrv\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WerSvcGroup REG_MULTI_SZ wersvc\0\0
swprv REG_MULTI_SZ swprv\0\0
LocalServiceNetworkRestricted REG_MULTI_SZ DHCP\0eventlog\0AudioSrv\0LmHosts\0wscsvc\0p2pimsvc\0PNRPSvc\0p2psvc\0WPCSvc\0PnrpAutoReg\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
regsvc REG_MULTI_SZ RemoteRegistry\0\0
wcssvc REG_MULTI_SZ WcsPlugInService\0\0
DcomLaunch REG_MULTI_SZ PlugPlay\0DcomLaunch\0\0
wdisvc REG_MULTI_SZ WdiServiceHost\0\0
sdrsvc REG_MULTI_SZ sdrsvc\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
secsvcs REG_MULTI_SZ WinDefend\0\0

HKLM\software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs*
AeLookupSvc
UxTuneUp
wercplsupport
CertPropSvc
SCPolicySvc
gpsvc
IKEEXT
LogonHours
PCAudit
iphlpsvc
AppInfo
msiscsi
MMCSS
ProfSvc
EapHost
SessionEnv
hkmsvc


ComboScan v20070221.16 run by Bernd on 2007-02-22 at 15:00:05
Supplementary logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information -----------------------------------------------------------

Microsoft® Windows Vista™ Home Premium (build 6000)
Architecture: X86; Language: German

CPU 0: AMD Athlon(tm) XP
Percentage of Memory in Use: 53%
Physical Memory (total/avail): 1022.94 MiB / 472.39 MiB
Pagefile Memory (total/avail): 2301.9 MiB / 1652.78 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1942.48 MiB

A: is Removable (FAT)
C: is Fixed (NTFS) - 37.27 GiB total, 19.88 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)


-- Security Center --------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AV: avast! antivirus 4.7.942 [VPS 000716-0] v4.7.942 (ALWIL Software)
AS: Windows-Defender v1.1.1505.0 (Microsoft Corporation)


-- Environment Variables --------------------------------------------------------

windir=C:\Windows
ZKA_SIG_HOME=C:\Program Files\REINER SCT\cyberJack


-- User Profiles ----------------------------------------------------------------

Bernd


-- Add/Remove Programs ----------------------------------------------------------

--> C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\Windows\UNNeroBackItUp.exe /UNINSTALL
--> C:\Windows\UNNeroMediaHome.exe /UNINSTALL
--> C:\Windows\UNNeroShowTime.exe /UNINSTALL
--> C:\Windows\UNNeroVision.exe /UNINSTALL
--> C:\Windows\UNRecode.exe /UNINSTALL
1&1 FotoManager --> "C:\Program Files\1&1 FotoManager\unins000.exe"
1&1 VirtuSafe --> C:\PROGRA~1\1&1INT~1\VIRTUS~1\UNWISE.EXE C:\PROGRA~1\1&1INT~1\VIRTUS~1\INSTALL.LOG
Adobe Flash Player 9 ActiveX --> C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Reader 8 - Deutsch --> MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A80000000002}
Agfa ScanWise 2.00 --> C:\Windows\IsUn0407.exe -f"C:\Program Files\Agfa\ScanWise 2_00\uninst.isu" -c"C:\Program Files\Agfa\ScanWise 2_00\UNINSTALL.DLL"
AGFAnet Print Service --> C:\PROGRA~1\AGFAnet\INTERN~1\UNWISE.EXE C:\PROGRA~1\AGFAnet\INTERN~1\INSTALL.LOG
appleJuice Client --> "C:\Program Files\appleJuice\unins000.exe"
Ask Toolbar --> rundll32 C:\PROGRA~1\AskTBar\bar\1.bin\AskTBar.dll,O
avast! Antivirus --> rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup
CleanUp! --> C:\Program Files\CleanUp!\uninstall.exe
cyberJack Base Components --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC338210-F594-11D3-BA24-00001C3AB4DF}\setup.exe" -l0x7 -removeonly
IsoBuster 2.0 --> "C:\Program Files\Smart Projects\IsoBuster\Uninst\unins000.exe"
Java 2 Runtime Environment, SE v1.4.2_03 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
LetsTrade Komponenten --> C:\Windows\fpuninst.exe -uninstall:"c:\program files\letstrade\uninst\uninst.ini"
Mein Geld Standard --> MsiExec.exe /I{04E4F3CE-A34E-4667-8DE9-147249FAE468}
Microsoft .NET Framework 1.1 --> msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1 --> MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1 German Language Pack --> MsiExec.exe /X{E78BFA60-5393-4C38-82AB-E8019E464EB4}
Microsoft Office Access MUI (German) 2007 --> MsiExec.exe /X{90120000-0015-0407-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (German) 2007 --> MsiExec.exe /X{90120000-0016-0407-0000-0000000FF1CE}
Microsoft Office Groove MUI (German) 2007 --> MsiExec.exe /X{90120000-00BA-0407-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (German) 2007 --> MsiExec.exe /X{90120000-0044-0407-0000-0000000FF1CE}
Microsoft Office OneNote MUI (German) 2007 --> MsiExec.exe /X{90120000-00A1-0407-0000-0000000FF1CE}
Microsoft Office Outlook MUI (German) 2007 --> MsiExec.exe /X{90120000-001A-0407-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (German) 2007 --> MsiExec.exe /X{90120000-0018-0407-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007 --> MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Italian) 2007 --> MsiExec.exe /X{90120000-001F-0410-0000-0000000FF1CE}
Microsoft Office Proofing (German) 2007 --> MsiExec.exe /X{90120000-002C-0407-0000-0000000FF1CE}
Microsoft Office Publisher MUI (German) 2007 --> MsiExec.exe /X{90120000-0019-0407-0000-0000000FF1CE}
Microsoft Office Shared MUI (German) 2007 --> MsiExec.exe /X{90120000-006E-0407-0000-0000000FF1CE}
Microsoft Office Word MUI (German) 2007 --> MsiExec.exe /X{90120000-001B-0407-0000-0000000FF1CE}
Mozilla Firefox (2.0.0.1) --> C:\Program Files\Mozilla Firefox\uninstall\uninst.exe
Nero 7 --> MsiExec.exe /I{42F7C377-2A1F-44FB-A17F-053C29E81031}
TuneUp Utilities 2007 --> MsiExec.exe /I{C8BB4912-12D9-42AE-B571-E580D8CD1B5B}
WinRAR Archivierer --> C:\Program Files\WinRAR\uninstall.exe
XAMPP 1.6.0 --> "C:\Program Files\xampp\uninstall.exe"


-- End of ComboScan: finished at 2007-02-22 at 15:03:50 -------------------------
Seitenanfang Seitenende
22.02.2007, 16:08
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#4 Bernd171257

poste bitte noch mal die 6 logs von datfind bat und ich waere dir sehr verbunden, wenn es nicht wie kraut und Rueben dabei zuginge, sondern oberhalb von jedem log den dazugehoerigen Pfad mit reinkopieren

»
das log von comboscan ist ebenfalls nicht komplett ;) - noch mal bitte

««
catchme
http://gmer.net/catchme.exe
click the catchme.exe - catchme.log - poste das log

««
ServiceFilter.zip
http://virus-protect.org/artikel/tools/ServiceFilter.zip

- entzippen
- doppelklick auf die datei ServiceFilter.vbs
- versions-nummer bestätigen
- scannen
- öffnen von wordpad oder editor erlauben
- POST_THIS.TXT abkopieren
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren: