30 Viren oder Infizierte Dateien im Container und nun? |
||
---|---|---|
#0
| ||
26.02.2007, 23:51
...neu hier
Beiträge: 5 |
||
|
||
27.02.2007, 01:21
Ehrenmitglied
Beiträge: 29434 |
#2
Phil79
Erstellen eines Hijackthis-Logfiles http://virus-protect.org/hjtkurz.html Lade/entpacke HijackThis in einem Ordner ---> None of the above just start the program --> Scan -> Save log --> hijackthis.log - Save - es öffnet sich der Editor nun das KOMPLETTE Log mit rechtem Mausklick abkopieren und ins Forum mit rechtem Mausklick "einfügen" __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
27.02.2007, 13:05
...neu hier
Themenstarter Beiträge: 5 |
#3
Hallo!
Ich habe den Scan gemacht, hier der komplette Logfile: Logfile of HijackThis v1.99.1 Scan saved at 12:56:56, on 27.02.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5346.0005) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\htpatch.exe C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\Dit.exe C:\Programme\Medion Home CinemaXL\PowerCinema\PCMService.exe C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Programme\Gemeinsame Dateien\PCSuite\DataLayer\DataLayer.exe C:\Programme\Java\jre1.5.0_10\bin\jusched.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Programme\ICQLite\ICQLite.exe C:\Programme\Alwil Software\Avast4\aswUpdSv.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\Programme\Alwil Software\Avast4\ashServ.exe C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe C:\Programme\QuickTime\qttask.exe C:\Programme\iTunes\iTunesHelper.exe C:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe C:\Programme\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Spybot - Search & Destroy\TeaTimer.exe C:\Programme\Cisco Systems\VPN Client\cvpnd.exe C:\Programme\Skype\Phone\Skype.exe C:\PROGRA~1\GEMEIN~1\PCSuite\Services\SERVIC~1.EXE C:\WINDOWS\DitExp.exe C:\PROGRA~2\Borland\INTERB~1\Bin\ibguard.exe C:\PROGRA~1\GEMEIN~1\Nokia\MPAPI\MPAPI3s.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\Programme\iPod\bin\iPodService.exe C:\Programme\Alwil Software\Avast4\ashMaiSv.exe C:\Programme\Alwil Software\Avast4\ashWebSv.exe C:\PROGRA~2\Borland\INTERB~1\Bin\ibserver.exe C:\Programme\Cisco Systems\VPN Client\vpngui.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Programme\Mozilla Thunderbird\thunderbird.exe C:\Dokumente und Einstellungen\Philipp\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://de.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://de.search.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.yahoo.com R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_10\bin\ssv.dll O2 - BHO: metaspinner GmbH - {84B94901-3645-4D80-A6B7-4D0050B19455} - C:\Programme\Preispiraten3\Preispiraten3\IEButtonAmazonInterface.dll (file missing) O2 - BHO: metaspinner GmbH - {CD9B7762-DFBC-42B1-BB30-02A78287B456} - C:\Programme\Preispiraten3\Preispiraten3\IEButtonEbayInterface.dll (file missing) O2 - BHO: metaspinner GmbH - {E9E027BF-C3F3-4022-8F6B-8F6D39A59684} - C:\Programme\Preispiraten3\Preispiraten3\IEButtonPPInterface.dll (file missing) O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe O4 - HKLM\..\Run: [Dit] Dit.exe O4 - HKLM\..\Run: [VOBRegCheck] C:\WINDOWS\System32\VOBREGCheck.exe -CheckReg O4 - HKLM\..\Run: [PCMService] C:\Programme\Medion Home CinemaXL\PowerCinema\PCMService.exe O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray O4 - HKLM\..\Run: [DataLayer] C:\Programme\Gemeinsame Dateien\PCSuite\DataLayer\DataLayer.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.5.0_10\bin\jusched.exe" O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [ICQ Lite] "C:\Programme\ICQLite\ICQLite.exe" -minimize O4 - HKLM\..\Run: [BearShare] "C:\Programme\BearShare\BearShare.exe" /pause O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [AOLMIcon] C:\Programme\Gemeinsame Dateien\aolshare\AOLMIcon.exe O4 - HKCU\..\Run: [PcSync] C:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [VoipDiscount] "C:\Programme\VoipDiscount.com\VoipDiscount\VoipDiscount.exe" -nosplash -minimized O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Programme\Cisco Systems\VPN Client\vpngui.exe O8 - Extra context menu item: &Preispiratensuche nach markiertem Text - C:\\Programme\\Preispiraten3\\Preispiraten3\\preispiraten.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_10\bin\npjpi150_10.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_10\bin\npjpi150_10.dll O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra button: MedionShop - {01E9CF82-AE9D-42BA-A629-B23D51A4B86B} - http://www.medionshop.de/ (file missing) (HKCU) O11 - Options group: [INTERNATIONAL] International* O14 - IERESET.INF: START_PAGE_URL=http://www.medion.com/ O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programme\Yahoo!\Common\yinsthelper.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{29C8380E-812C-4BFF-A07C-0321F32F178E}: NameServer = 144.41.11.2,144.41.13.25 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = z2214.stw-whs.uni-hohenheim.de O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = z2214.stw-whs.uni-hohenheim.de O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = z2214.stw-whs.uni-hohenheim.de O18 - Protocol: shell - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programme\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Programme\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programme\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Programme\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InterBase Guardian (InterBaseGuardian) - Inprise Corporation - C:\PROGRA~2\Borland\INTERB~1\Bin\ibguard.exe O23 - Service: InterBase Server (InterBaseServer) - Inprise Corporation - C:\PROGRA~2\Borland\INTERB~1\Bin\ibserver.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe |
|
|
||
27.02.2007, 14:30
Ehrenmitglied
Beiträge: 29434 |
#4
scanne und poste die logs ComboScan.txt + Supplementary.txt
http://virus-protect.org/artikel/tools/comboscan.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
27.02.2007, 17:01
...neu hier
Themenstarter Beiträge: 5 |
#5
Hallo!
Den Combo Scan habe ich nun gemacht. Hier die logs: ComboScan v20070226.18 run by Philipp on 2007-02-27 at 16:50:54 Computer is in Normal Mode. -------------------------------------------------------------------------------- Successfully created restore point. Performed disk cleanup. -- HijackThis (run as Philipp.exe) ---------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 16:52:12, on 27.02.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5346.0005) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\htpatch.exe C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\Dit.exe C:\Programme\Medion Home CinemaXL\PowerCinema\PCMService.exe C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Programme\Gemeinsame Dateien\PCSuite\DataLayer\DataLayer.exe C:\Programme\Java\jre1.5.0_10\bin\jusched.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Programme\Alwil Software\Avast4\aswUpdSv.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\Programme\Alwil Software\Avast4\ashServ.exe C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe C:\Programme\QuickTime\qttask.exe C:\Programme\iTunes\iTunesHelper.exe C:\Programme\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Spybot - Search & Destroy\TeaTimer.exe C:\Programme\Cisco Systems\VPN Client\cvpnd.exe C:\Programme\Skype\Phone\Skype.exe C:\PROGRA~1\GEMEIN~1\PCSuite\Services\SERVIC~1.EXE C:\WINDOWS\DitExp.exe C:\PROGRA~2\Borland\INTERB~1\Bin\ibguard.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\Programme\iPod\bin\iPodService.exe C:\Programme\Alwil Software\Avast4\ashMaiSv.exe C:\Programme\Alwil Software\Avast4\ashWebSv.exe C:\PROGRA~2\Borland\INTERB~1\Bin\ibserver.exe C:\Programme\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\Dokumente und Einstellungen\Philipp\Desktop\comboscan.exe C:\DOKUME~1\Philipp\Desktop\Philipp.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://de.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://de.search.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.yahoo.com R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_10\bin\ssv.dll O2 - BHO: metaspinner GmbH - {84B94901-3645-4D80-A6B7-4D0050B19455} - C:\Programme\Preispiraten3\Preispiraten3\IEButtonAmazonInterface.dll (file missing) O2 - BHO: metaspinner GmbH - {CD9B7762-DFBC-42B1-BB30-02A78287B456} - C:\Programme\Preispiraten3\Preispiraten3\IEButtonEbayInterface.dll (file missing) O2 - BHO: metaspinner GmbH - {E9E027BF-C3F3-4022-8F6B-8F6D39A59684} - C:\Programme\Preispiraten3\Preispiraten3\IEButtonPPInterface.dll (file missing) O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe O4 - HKLM\..\Run: [Dit] Dit.exe O4 - HKLM\..\Run: [VOBRegCheck] C:\WINDOWS\System32\VOBREGCheck.exe -CheckReg O4 - HKLM\..\Run: [PCMService] C:\Programme\Medion Home CinemaXL\PowerCinema\PCMService.exe O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray O4 - HKLM\..\Run: [DataLayer] C:\Programme\Gemeinsame Dateien\PCSuite\DataLayer\DataLayer.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.5.0_10\bin\jusched.exe" O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [ICQ Lite] "C:\Programme\ICQLite\ICQLite.exe" -minimize O4 - HKLM\..\Run: [BearShare] "C:\Programme\BearShare\BearShare.exe" /pause O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [AOLMIcon] C:\Programme\Gemeinsame Dateien\aolshare\AOLMIcon.exe O4 - HKCU\..\Run: [PcSync] C:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [VoipDiscount] "C:\Programme\VoipDiscount.com\VoipDiscount\VoipDiscount.exe" -nosplash -minimized O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Programme\Cisco Systems\VPN Client\vpngui.exe O8 - Extra context menu item: &Preispiratensuche nach markiertem Text - C:\\Programme\\Preispiraten3\\Preispiraten3\\preispiraten.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_10\bin\npjpi150_10.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_10\bin\npjpi150_10.dll O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra button: MedionShop - {01E9CF82-AE9D-42BA-A629-B23D51A4B86B} - http://www.medionshop.de/ (file missing) (HKCU) O11 - Options group: [INTERNATIONAL] International* O14 - IERESET.INF: START_PAGE_URL=http://www.medion.com/ O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programme\Yahoo!\Common\yinsthelper.dll O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = z2214.stw-whs.uni-hohenheim.de O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = z2214.stw-whs.uni-hohenheim.de O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = z2214.stw-whs.uni-hohenheim.de O18 - Protocol: shell - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programme\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Programme\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programme\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Programme\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InterBase Guardian (InterBaseGuardian) - Inprise Corporation - C:\PROGRA~2\Borland\INTERB~1\Bin\ibguard.exe O23 - Service: InterBase Server (InterBaseServer) - Inprise Corporation - C:\PROGRA~2\Borland\INTERB~1\Bin\ibserver.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- File Associations ------------------------------------------------------------ .bat - batfile - "%1" %* .chm - chm.file - "C:\WINDOWS\hh.exe" %1 .cmd - cmdfile - "%1" %* .com - comfile - "%1" %* .exe - exefile - "%1" %* .hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1 .inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1 .ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1 [COLOR=red].js - JSFile - unable to read value[/COLOR] .lnk - lnkfile - {00021401-0000-0000-C000-000000000046} .pif - piffile - "%1" %* .reg - regfile - regedit.exe "%1" .scr - scrfile - "%1" /S .txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1 [COLOR=red].vbs - VBSFile - unable to read value[/COLOR] -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------- 1R Aavmker4 (avast! Asynchronous Virus Monitor) - C:\WINDOWS\system32\drivers\aavmker4.sys 3R ALCXWDM (Service for Realtek AC97 Audio (WDM)) - C:\WINDOWS\system32\drivers\ALCXWDM.SYS 3S Arp1394 (1394-ARP-Clientprotokoll) - C:\WINDOWS\system32\drivers\arp1394.sys 3R asapiW2k - C:\WINDOWS\system32\drivers\asapiW2k.sys 2R aswMon2 (avast! Standard Shield Support) - C:\WINDOWS\system32\drivers\aswmon2.sys 3R aswRdr - C:\WINDOWS\system32\drivers\aswRdr.sys 1R aswTdi (avast! Network Shield Support) - C:\WINDOWS\system32\drivers\aswTdi.sys 3R ati2mtag - C:\WINDOWS\system32\drivers\ati2mtag.sys 3S ATWPKT - C:\WINDOWS\system32\drivers\atwpkt.sys 3R Cap7134 (MEDION (7134) WDM Video Capture) - C:\WINDOWS\system32\drivers\Cap7134.sys 3S CCDECODE (Untertiteldecoder) - C:\WINDOWS\system32\drivers\ccdecode.sys 3S CVirtA (Cisco Systems VPN Adapter) - C:\WINDOWS\system32\drivers\CVirtA.sys 2R CVPNDRVA (Cisco Systems IPsec Driver) - C:\WINDOWS\system32\drivers\CVPNDRVA.sys 3R DNE (Deterministic Network Enhancer Miniport) - C:\WINDOWS\system32\drivers\dne2000.sys 3R GEARAspiWDM - C:\WINDOWS\system32\drivers\GEARAspiWDM.sys 1R intelppm (Intel-Prozessortreiber) - C:\WINDOWS\system32\drivers\intelppm.sys 3S Intels51 (Creatix V.9X DSP Data Fax Modem) - C:\WINDOWS\system32\drivers\ctxs51.sys 3S MSTEE (Microsoft Streaming Tee/Sink-to-Sink-Konvertierung) - C:\WINDOWS\system32\drivers\mstee.sys 3R ms_mpu401 (Microsoft MPU-401 MIDI UART-Treiber) - C:\WINDOWS\system32\drivers\msmpu401.sys 3R MxlW2k - C:\WINDOWS\system32\drivers\MxlW2k.sys 3S NABTSFEC (NABTS/FEC VBI-Codec) - C:\WINDOWS\system32\drivers\nabtsfec.sys 3S NdisIP (Microsoft TV-/Videoverbindung) - C:\WINDOWS\system32\drivers\ndisip.sys 3S NIC1394 (1394-Netzwerktreiber) - C:\WINDOWS\system32\drivers\nic1394.sys 0R ohci1394 (OHCI-konformer IEEE 1394-Hostcontroller) - C:\WINDOWS\system32\drivers\ohci1394.sys 3R pfc (Padus ASPI Shell) - C:\WINDOWS\system32\drivers\pfc.sys 3R PhTVTune (MEDION TV-TUNER 7134 MK2/3) - C:\WINDOWS\system32\drivers\PhTVTune.sys 1S SABKUTIL - C:\Programme\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys (not found) 3S SABProcEnum - C:\Programme\SuperAdBlocker.com\Super Ad Blocker\SABProcEnum.sys (not found) 0R SISAGP (SiS AGP Filter) - C:\WINDOWS\system32\drivers\SISAGPX.SYS 3R SISNIC (SiS PCI Fast Ethernet Adapter Driver) - C:\WINDOWS\system32\drivers\sisnic.sys 3S SLIP (BDA Slip De-Framer) - C:\WINDOWS\system32\drivers\slip.sys 0R srescan - C:\WINDOWS\system32\ZoneLabs\srescan.sys 3S streamip (BDA-IPSink) - C:\WINDOWS\system32\drivers\streamip.sys 3R usbehci (Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller) - C:\WINDOWS\system32\drivers\usbehci.sys 3R usbohci (Miniporttreiber für Microsoft USB Open Host-Controller) - C:\WINDOWS\system32\drivers\usbohci.sys 3S usbscan (USB-Scannertreiber) - C:\WINDOWS\system32\drivers\usbscan.sys 3R usbstor (USB-Massenspeichertreiber) - C:\WINDOWS\system32\drivers\usbstor.sys 1R vsdatant - C:\WINDOWS\system32\vsdatant.sys 3S wanatw (WAN Miniport (ATW)) - C:\WINDOWS\system32\DRIVERS\wanatw4.sys (not found) 3S WSTCODEC (World Standard Teletext-Codec) - C:\WINDOWS\system32\drivers\wstcodec.sys 3S WudfPf (Windows Driver Foundation - User-mode Driver Framework Platform Driver) - C:\WINDOWS\system32\drivers\WudfPf.sys 3S WudfRd (Windows Driver Foundation - User-mode Driver Framework Reflector) - C:\WINDOWS\system32\drivers\WudfRd.sys 3S X10UIF (%DESCRIPTION%) - C:\WINDOWS\system32\drivers\x10uif.sys -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- 3S aspnet_state (ASP.NET State Service) - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe 2R aswUpdSv (avast! iAVS4 Control Service) - "C:\Programme\Alwil Software\Avast4\aswUpdSv.exe" 2R avast! Antivirus - "C:\Programme\Alwil Software\Avast4\ashServ.exe" 3R avast! Mail Scanner - "C:\Programme\Alwil Software\Avast4\ashMaiSv.exe" /service 3R avast! Web Scanner - "C:\Programme\Alwil Software\Avast4\ashWebSv.exe" /service 3S clr_optimization_v2.0.50727_32 (.NET Runtime Optimization Service v2.0.50727_X86) - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 2R CVPND (Cisco Systems, Inc. VPN Service) - "C:\Programme\Cisco Systems\VPN Client\cvpnd.exe" 2S Fax - C:\WINDOWS\system32\fxssvc.exe 3S IDriverT (InstallDriver Table Manager) - "C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe" 2R InterBaseGuardian (InterBase Guardian) - C:\PROGRA~2\Borland\INTERB~1\Bin\ibguard.exe -s 3R InterBaseServer (InterBase Server) - C:\PROGRA~2\Borland\INTERB~1\Bin\ibserver.exe -s -g 3R iPod Service - "C:\Programme\iPod\bin\iPodService.exe" 3S ose (Office Source Engine) - "C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE" 2R vsmon (TrueVector Internet Monitor) - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service 3R x10nets (X10 Device Network Service) - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- Scheduled Tasks -------------------------------------------------------------- 2007-02-18 17:48:01 276 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job<APPLES~1.JOB> -- Files created between 2007-01-27 and 2007-02-27 ------------------------------ 2007-02-23 23:53:54 0 d-------- C:\CL 2007-02-06 23:34:46 0 d-------- C:\Programme\Paint.NET 2007-02-05 00:22:32 0 d-------- C:\Programme\iPod 2007-02-05 00:22:21 0 d-------- C:\Programme\iTunes 2007-02-05 00:19:52 0 d-------- C:\Programme\Apple Software Update<APPLES~1> 2007-02-04 22:25:13 1 --a------ C:\WINDOWS\system32\sav86032.sys 2007-01-29 09:58:06 60416 -----n--- C:\WINDOWS\system32\tzchange.exe -- Find3M Report ---------------------------------------------------------------- 2007-02-27 16:52:15 0 d-------- C:\Dokumente und Einstellungen\Philipp\Anwendungsdaten\Skype 2007-02-27 16:37:12 0 d-------- C:\Programme\Mozilla Thunderbird<MOZILL~1> 2007-02-25 15:51:56 0 d-------- C:\Programme\Mozilla Firefox<MOZILL~2> 2007-02-18 17:51:51 0 d-------- C:\Programme\QuickTime<QUICKT~1> 2007-02-01 13:36:21 0 d-------- C:\Dokumente und Einstellungen\Philipp\Anwendungsdaten\Yahoo! 2007-01-26 22:06:35 0 d-------- C:\Programme\DokoWorld<DOKOWO~1> 2007-01-21 17:29:03 0 d---s---- C:\Dokumente und Einstellungen\Philipp\Anwendungsdaten\Microsoft<MICROS~1> 2007-01-20 01:02:58 0 d-------- C:\Programme\Gemeinsame Dateien<GEMEIN~1> 2007-01-20 00:46:06 4096 --a------ C:\WINDOWS\d3dx.dat 2007-01-15 18:32:07 689280 --a------ C:\WINDOWS\system32\aswBoot.exe 2007-01-15 18:23:20 90112 --a------ C:\WINDOWS\system32\AVASTSS.scr 2007-01-15 00:54:26 0 d-------- C:\Programme\Gemeinsame Dateien\Dienste 2007-01-11 22:32:42 0 d-------- C:\Programme\PacificPoker<PACIFI~1> 2007-01-11 22:27:35 253952 -----n--- C:\WINDOWS\Setup1.exe 2007-01-09 21:18:13 0 d-------- C:\Dokumente und Einstellungen\Philipp\Anwendungsdaten\VoipDiscount<VOIPDI~1> 2007-01-09 16:26:20 0 d-------- C:\Programme\Java 2006-12-22 16:42:31 59312 --a------ C:\Dokumente und Einstellungen\Philipp\Anwendungsdaten\GDIPFONTCACHEV1.DAT<GDIPFO~1.DAT> 2006-12-19 22:49:41 135168 --a------ C:\WINDOWS\system32\shsvcs.dll 2006-12-19 19:17:03 334336 --a------ C:\WINDOWS\system32\wiaservc.dll 2006-11-27 15:54:15 433152 --a------ C:\WINDOWS\system32\riched20.dll 2006-11-27 15:54:15 539136 --a------ C:\WINDOWS\system32\msftedit.dll -- Registry Dump ---------------------------------------------------------------- [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "AOLMIcon"="C:\\Programme\\Gemeinsame Dateien\\aolshare\\AOLMIcon.exe" "PcSync"="C:\\Programme\\Nokia\\Nokia PC Suite 6\\PcSync2.exe /NoDialog" "MSMSGS"="\"C:\\Programme\\Messenger\\msmsgs.exe\" /background" "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" "Konni Symbol Autostart"="" "SpybotSD TeaTimer"="C:\\Programme\\Spybot - Search & Destroy\\TeaTimer.exe" "Skype"="\"C:\\Programme\\Skype\\Phone\\Skype.exe\" /nosplash /minimized" "VoipDiscount"="\"C:\\Programme\\VoipDiscount.com\\VoipDiscount\\VoipDiscount.exe\" -nosplash -minimized" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce] "ICQ Lite"="C:\\Programme\\ICQLite\\ICQLite.exe -trayboot" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "HTpatch"="C:\\WINDOWS\\htpatch.exe" "ATIPTA"="C:\\Programme\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe" "SoundMan"="SOUNDMAN.EXE" "NeroCheck"="C:\\WINDOWS\\System32\\\\NeroCheck.exe" "Dit"="Dit.exe" "VOBRegCheck"="C:\\WINDOWS\\System32\\VOBREGCheck.exe -CheckReg" "PCMService"="C:\\Programme\\Medion Home CinemaXL\\PowerCinema\\PCMService.exe" "PCSuiteTrayApplication"="C:\\Programme\\Nokia\\Nokia PC Suite 6\\LaunchApplication.exe -onlytray" "DataLayer"="C:\\Programme\\Gemeinsame Dateien\\PCSuite\\DataLayer\\DataLayer.exe" "SunJavaUpdateSched"="\"C:\\Programme\\Java\\jre1.5.0_10\\bin\\jusched.exe\"" "Microsoft Works Update Detection"="C:\\Programme\\Gemeinsame Dateien\\Microsoft Shared\\Works Shared\\WkUFind.exe" "avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe" "ICQ Lite"="\"C:\\Programme\\ICQLite\\ICQLite.exe\" -minimize" "BearShare"="\"C:\\Programme\\BearShare\\BearShare.exe\" /pause" "TkBellExe"="\"C:\\Programme\\Gemeinsame Dateien\\Real\\Update_OB\\realsched.exe\" -osboot" "KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\ 65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00 "Zone Labs Client"="\"C:\\Programme\\Zone Labs\\ZoneAlarm\\zlclient.exe\"" "QuickTime Task"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime" "iTunesHelper"="\"C:\\Programme\\iTunes\\iTunesHelper.exe\"" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler] "{553858A7-4922-4e7e-B1C1-97140C1C16EF}"="IE Component Categories cache daemon" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0 -- End of ComboScan: finished at 2007-02-27 at 16:52:58 ------------------------- ComboScan v20070226.18 run by Philipp on 2007-02-27 at 16:50:54 Supplementary logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ----------------------------------------------------------- Microsoft Windows XP Home Edition (build 2600) SP 2.0 Architecture: X86; Language: German CPU 0: Intel(R) Pentium(R) 4 CPU 2.60GHz Percentage of Memory in Use: 58% Physical Memory (total/avail): 511.48 MiB / 213.67 MiB Pagefile Memory (total/avail): 1250.23 MiB / 930.3 MiB Virtual Memory (total/avail): 2047.88 MiB / 1992.93 MiB C: is Fixed (NTFS) - 74.52 GiB total, 42.46 GiB free. D: is Fixed (NTFS) - 65.73 GiB total, 64.42 GiB free. E: is Fixed (FAT32) - 8.78 GiB total, 5.59 GiB free. F: is CDROM (No Media) G: is CDROM (No Media) H: is Removable (No Media) I: is Removable (No Media) J: is Removable (No Media) K: is Removable (No Media) -- Security Center -------------------------------------------------------------- AUOptions is scheduled to auto-install. Windows Internal Firewall is disabled. AntivirusOverride is set. FW: ZoneAlarm Firewall v6.5.737.000 (Zone Labs, Inc.) AV: avast! antivirus 4.7.942 [VPS 000718-0] v4.7.942 (ALWIL Software) -- Environment Variables -------------------------------------------------------- ALLUSERSPROFILE=C:\Dokumente und Einstellungen\All Users APPDATA=C:\Dokumente und Einstellungen\Philipp\Anwendungsdaten CLASSPATH=.;C:\Programme\Java\jre1.5.0_10\lib\ext\QTJava.zip CLIENTNAME=Console CommonProgramFiles=C:\Programme\Gemeinsame Dateien ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Dokumente und Einstellungen\Philipp NUMBER_OF_PROCESSORS=1 OS=Windows_NT Path=C:\Programme\Mozilla Firefox;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Programme\ATI Technologies\ATI Control Panel;C:\Programme\QuickTime\QTSystem\ PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 7, GenuineIntel PROCESSOR_LEVEL=15 PROCESSOR_REVISION=0207 ProgramFiles=C:\Programme PROMPT=$P$G QTJAVA=C:\Programme\Java\jre1.5.0_10\lib\ext\QTJava.zip SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOKUME~1\Philipp\LOKALE~1\Temp TMP=C:\DOKUME~1\Philipp\LOKALE~1\Temp tvdumpflags=8 USERDOMAIN=COMPUTERNAME USERNAME=Philipp USERPROFILE=C:\Dokumente und Einstellungen\Philipp windir=C:\WINDOWS -- User Profiles ---------------------------------------------------------------- Philipp (admin) -- Add/Remove Programs ---------------------------------------------------------- --> C:\Programme\Gemeinsame Dateien\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 --> C:\WINDOWS\IsUn0407.exe -fC:\WINDOWS\orun32.isu --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{82F248C6-D392-11D5-9EA2-0050BAE317E1}\setup.exe" -uninst --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf 3D Windows XP Screen Saver --> rundll32.exe setupapi.dll,InstallHinfSection UninstallInstall 132 C:\WINDOWS\system32\3D Windows XP.inf Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG Adobe Acrobat 5.0 --> C:\WINDOWS\ISUN0407.EXE -f"C:\Programme\Gemeinsame Dateien\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Programme\Gemeinsame Dateien\Adobe\Acrobat 5.0\NT\Uninst.dll" Apple Software Update --> MsiExec.exe /I{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D} ATI Control Panel --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe" ATI Display Driver --> rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_classISPLAY -clean avast! Antivirus --> rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup Citavi 2.2 --> C:\Programme\Citavi\Deinstallieren.exe CleanUp! --> C:\Programme\CleanUp!\uninstall.exe DivX 5.0.2 Bundle --> C:\WINDOWS\unvise32.exe C:\Programme\DivX\uninstal.log DokoWorld (remove only) --> "C:\Programme\DokoWorld\uninst.exe" eConcept eWork 1.6 --> C:\WINDOWS\system32\UNWISE.EXE C:\WINDOWS\system32\INSTALL.LOG eDocPrintPro --> C:\PROGRA~1\GEMEIN~1\MAYCOM~1\EDOCPR~1\UNWISE.EXE C:\PROGRA~1\GEMEIN~1\MAYCOM~1\EDOCPR~1\INSTALL.LOG Filzip 3.04 --> "C:\Programme\Filzip\unins000.exe" FLV Player 1.3.3 --> "C:\Programme\FLVPlayer\uninstall.exe" Google Earth --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly HijackThis 1.99.1 --> C:\Dokumente und Einstellungen\Philipp\Desktop\HijackThis.exe /uninstall Hotfix für Windows XP (KB915865) --> "C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe" ICQ 5.1 --> C:\Programme\ICQLite\ICQLiteUninstall.EXE Informationen über Ihren PC --> MsiExec.exe /I{3D1A6B70-3E02-49BC-88B0-916C80274632} InstantCopy --> MsiExec.exe /I{A2B3D1A5-82CA-4876-AFFA-DB304A3A4FE1} InterBase 6 Open Edition - 6.0.2.0 --> C:\PROGRA~2\Borland\INTERB~1\UNINST~1\UNWISE.EXE C:\PROGRA~2\Borland\INTERB~1\UNINST~1\INSTALL_INTERBASE_OPEN.LOG Internet Explorer 7 Beta 2 --> "C:\WINDOWS\$NtUninstallie7beta2$\spuninst\spuninst.exe" iTunes --> MsiExec.exe /I{446DBFFA-4088-48E3-8932-74316BA4CAE4} J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100} J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060} J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090} Macromedia Flash Player 8 --> C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe Macromedia Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~2\Install.log Medi@Show --> C:\WINDOWS\IsUn0407.exe -f"C:\Programme\Medion Home CinemaXL\MediaShow\Uninst.isu" Medion Flash XL --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{EA1CB7AC-E221-4822-A789-0ADB051DC498}\Setup.exe" -l0x9 Microsoft Access 2000 Runtime --> MsiExec.exe /I{00180407-78E1-11D2-B60F-006097C998E7} Microsoft AutoRoute 2002 --> MsiExec.exe /I{F7F2DC0A-C22E-49AD-AD37-797309A54E7B} Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Encarta Enzyklopädie 2003 --> MsiExec.exe /I{03440014-3975-4267-9F39-1DC4745090B7} Microsoft Office Excel Viewer 2003 --> MsiExec.exe /I{90840409-6000-11D3-8CFE-0150048383C9} Microsoft Office PowerPoint Viewer 2003 --> MsiExec.exe /X{90AF0407-6000-11D3-8CFE-0150048383C9} Microsoft Picture It! Foto 7.0 --> MsiExec.exe /I{369B36BE-3D64-4641-9AEA-808D436FE132} Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft Windows-Journal-Viewer --> MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA7} Microsoft Word 2002 --> MsiExec.exe /I{911B0407-6000-11D3-8CFE-0050048383C9} Microsoft Works 7.0 --> MsiExec.exe /I{EDDDC607-91D9-4758-9F57-265FDCD8A772} Microsoft Works Suite-Add-Ins für Microsoft Word --> MsiExec.exe /I{7CDBE27D-87EC-434E-AFE4-D0116AE876BB} Mozilla Firefox (2.0.0.2) --> C:\Programme\Mozilla Firefox\uninstall\helper.exe Mozilla Thunderbird (1.5.0.9) --> C:\Programme\Mozilla Thunderbird\uninstall\uninstall.exe /ua "1.5.0.9 (de)" MUSICMATCH Jukebox --> C:\WINDOWS\IsUn0407.exe -f"C:\Programme\MUSICMATCH\MUSICMATCH Jukebox\Uninst.isu" -cC:\PROGRA~1\MUSICM~1\MUSICM~1\unmatch.dll Nero - Burning Rom --> MsiExec.exe /X{A4D7B764-4140-11D4-88EB-0050DA3579C0} Nokia Connectivity Cable Driver --> C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4AD35E01-9BA9-4F0C-B6B7-09C6C8F20D15} /l1031 Nokia PC Suite --> C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{1267949C-73FC-4692-AA22-176F5E909647} /l1031 Paint.NET v3.0 --> MsiExec.exe /X{267AB309-8021-4CAE-9698-D9A0BEEF7FBA} PowerCinema --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{6B103F43-069C-11D6-9EA2-0050BAE317E1}\SETUP.EXE" -uninst PowerCinema 2.0 --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\setup.exe" -uninstall PowerDirector Pro --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" -uninstall PowerDVD --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall QuickTime --> MsiExec.exe /I{50D8FFDD-90CD-4859-841F-AA1961C7767A} R for Windows 2.3.1 --> "C:\Programme\R-Projekt\R-2.3.1\unins000.exe" RagTime Privat --> C:\WINDOWS\IsUn0407.exe -f"C:\Programme\RagTime Privat\Uninst.isu" RealPlayer --> C:\Programme\Gemeinsame Dateien\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE Schwedisch AKTIV --> C:\Programme\Schwedisch AKTIV\uninstall.exe /u Shockwave --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log Sicherheitsupdate für Step by Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe" Sicherheitsupdate für Step by Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB890046) --> "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB893756) --> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB896358) --> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB896422) --> "C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB896423) --> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB896424) --> "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB896428) --> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB899587) --> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB899591) --> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB900725) --> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB901017) --> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB901214) --> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB902400) --> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB904706) --> Sicherheitsupdate für Windows XP (KB905414) --> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB905749) --> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB905915) --> "C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB908519) --> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB908531) --> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB911280) --> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB911562) --> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB911567) --> "C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB911927) --> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB912812) --> "C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB912919) --> "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB913446) --> "C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB913580) --> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB914388) --> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB914389) --> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB917159) --> "C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB917422) --> "C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB917953) --> "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB918118) --> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB918439) --> "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB919007) --> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB920213) --> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB920214) --> "C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB920670) --> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB920683) --> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB920685) --> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB921398) --> "C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB921883) --> "C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB922616) --> "C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB922819) --> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB923191) --> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB923414) --> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB923694) --> "C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB923980) --> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB924191) --> "C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB924270) --> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB924496) --> "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB924667) --> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB926255) --> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB926436) --> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB927779) --> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB927802) --> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB928255) --> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB928843) --> "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe" SiS 900 PCI Fast Ethernet Adapter Driver --> C:\Progra~1\SiSLan\Uninst.exe Skype 2.5 --> "C:\Programme\Skype\Phone\unins000.exe" Spybot - Search & Destroy 1.4 --> "C:\Programme\Spybot - Search & Destroy\unins000.exe" Update für Windows XP (KB894391) --> "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe" Update für Windows XP (KB898461) --> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe" Update für Windows XP (KB900485) --> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe" Update für Windows XP (KB904942) --> "C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe" Update für Windows XP (KB910437) --> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe" Update für Windows XP (KB916595) --> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe" Update für Windows XP (KB920872) --> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe" Update für Windows XP (KB922582) --> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe" Update für Windows XP (KB931836) --> "C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe" VideoLive Mail 4.0 --> C:\WINDOWS\IsUn0407.exe -f"C:\Programme\Medion Home CinemaXL\VideoLiveMail\Uninst.isu" Viewpoint Media Player (Remove Only) --> C:\Programme\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe -u VPN Client --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{5624C000-B109-11D4-9DB4-00E0290FCAC5}\Setup.exe" -l0x9 VpnUninstall Windows-Sicherungsprogramm --> MsiExec.exe /I{76EFFC7C-17A6-479D-9E47-8E658C1695AE} Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows XP-Hotfix - KB873339 --> C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe Windows XP-Hotfix - KB885250 --> C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe Windows XP-Hotfix - KB885835 --> C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe Windows XP-Hotfix - KB885836 --> C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe Windows XP-Hotfix - KB885884 --> C:\WINDOWS\$NtUninstallKB885884$\spuninst\spuninst.exe Windows XP-Hotfix - KB886185 --> C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe Windows XP-Hotfix - KB887472 --> C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe Windows XP-Hotfix - KB887742 --> C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe Windows XP-Hotfix - KB888113 --> C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe Windows XP-Hotfix - KB888302 --> C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe Windows XP-Hotfix - KB890859 --> "C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe" Windows XP-Hotfix - KB891781 --> C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe WinRAR archiver --> C:\Programme\WinRAR\uninstall.exe X10 Hardware(TM) --> C:\WINDOWS\UNWISE.EXE C:\PROGRA~1\X10HAR~1\Install.log ZoneAlarm --> C:\Programme\Zone Labs\ZoneAlarm\zauninst.exe -- End of ComboScan: finished at 2007-02-27 at 16:52:58 ------------------------- |
|
|
||
27.02.2007, 17:16
Ehrenmitglied
Beiträge: 29434 |
#6
deinstalliere: C:\Programme\BearShare - damit ist der ganze muell auf deinen Rechner gekommen und leere die Quarantaene vom Avast
__________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
27.02.2007, 17:32
...neu hier
Themenstarter Beiträge: 5 |
#7
In Systemsteuerung -->Software steht kein Bearshare ... hab jetzt einfach den Ordner C:\Programme\BearShare gelöscht, da war auch kaum was drinnen. Reicht das?
Kurze Frage: alle Container Dateien oder nur die Infizierten löschen? (Siehe Anhang meines ersten Postings) Dieser Beitrag wurde am 27.02.2007 um 17:37 Uhr von Phil79 editiert.
|
|
|
||
28.02.2007, 00:50
Ehrenmitglied
Beiträge: 29434 |
||
|
||
Ich habe mit avast einen scan gemacht und alles verdächtiges in den Container verschoben.
Meine Frage nun: Sind all die Dateien tatsächlich Viren? Müssen sie alle gelöscht werden? Ist es wahrscheinlich, dass da noch mehr bzw. irgendwelche Schäden auf meinem Rechner sind?
Anbei ein Screenshot mit den verschobenen Dateien.
Über eine Antwort würde ich mich sehr freuen!