msn virus- virenscanner findet den nicht, wird per link verschickt |
||
---|---|---|
#0
| ||
17.02.2008, 16:32
...neu hier
Beiträge: 6 |
||
|
||
17.02.2008, 17:12
Ehrenmitglied
Beiträge: 1441 |
#2
Hallo
poste bitte das Log von Combofix hier http://virus-protect.org/artikel/tools/combofix.html __________ Gruss Pinguin bin dabei, meine Seite + Proggies zu aktualisieren: http://www.virus-protect.org/ |
|
|
||
17.02.2008, 17:28
...neu hier
Themenstarter Beiträge: 6 |
#3
hallo.
also hier ist das log von combofix: C:\ProgramData\HotbarSA C:\ProgramData\HotbarSA\HotbarSA.dat C:\ProgramData\HotbarSA\HotbarSA_kyf.dat C:\ProgramData\HotbarSA\HotbarSAAbout.mht C:\ProgramData\HotbarSA\HotbarSAau.dat C:\ProgramData\HotbarSA\HotbarSAEULA.mht C:\Windows\system32\lsprst7.dll . ((((((((((((((((((((((( Dateien erstellt von 2008-01-17 bis 2008-02-17 )))))))))))))))))))))))))))))) . 2008-02-17 11:58 . 2008-02-17 11:58 <DIR> d-------- C:\Windows\System32\Kaspersky Lab 2008-02-14 08:27 . 2008-02-14 08:27 194,560 --a------ C:\Windows\System32\WebClnt.dll 2008-02-14 08:27 . 2008-02-14 08:27 110,080 --a------ C:\Windows\System32\drivers\mrxdav.sys 2008-02-14 08:25 . 2008-02-14 08:25 1,585,664 --a------ C:\Windows\System32\setupapi.dll 2008-02-14 08:25 . 2008-02-14 08:25 613,888 --a------ C:\Windows\System32\wpd_ci.dll 2008-02-14 08:25 . 2008-02-14 08:25 558,080 --a------ C:\Windows\System32\oleaut32.dll 2008-02-14 08:25 . 2008-02-14 08:25 260,096 --a------ C:\Windows\System32\dpx.dll 2008-02-14 08:25 . 2008-02-14 08:25 224,824 --a------ C:\Windows\System32\clfs.sys 2008-02-14 08:25 . 2008-02-14 08:25 221,696 --a------ C:\Windows\System32\umpnpmgr.dll 2008-02-14 08:25 . 2008-02-14 08:25 101,888 --a------ C:\Windows\System32\drvinst.exe 2008-02-14 08:25 . 2008-02-14 08:25 19,456 --a------ C:\Windows\System32\cfgmgr32.dll 2008-02-14 08:25 . 2008-02-14 08:25 6,656 --a------ C:\Windows\System32\kbd106n.dll 2008-02-14 08:20 . 2008-02-14 08:20 3,504,696 --a------ C:\Windows\System32\ntkrnlpa.exe 2008-02-14 08:20 . 2008-02-14 08:20 3,470,392 --a------ C:\Windows\System32\ntoskrnl.exe 2008-02-14 08:20 . 2008-02-14 08:20 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys 2008-02-14 08:20 . 2008-02-14 08:20 110,136 --a------ C:\Windows\System32\drivers\ataport.sys 2008-02-14 08:20 . 2008-02-14 08:20 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys 2008-02-14 08:20 . 2008-02-14 08:20 21,560 --a------ C:\Windows\System32\drivers\atapi.sys 2008-02-14 08:20 . 2008-02-14 08:20 15,928 --a------ C:\Windows\System32\drivers\pciide.sys 2008-02-14 08:19 . 2008-02-14 08:19 806,400 --a------ C:\Windows\System32\drivers\tcpip.sys 2008-02-14 08:19 . 2008-02-14 08:19 217,144 --a------ C:\Windows\System32\drivers\netio.sys 2008-02-14 08:19 . 2008-02-14 08:19 167,424 --a------ C:\Windows\System32\tcpipcfg.dll 2008-02-14 08:19 . 2008-02-14 08:19 24,064 --a------ C:\Windows\System32\netcfg.exe 2008-02-14 08:19 . 2008-02-14 08:19 22,016 --a------ C:\Windows\System32\netiougc.exe 2008-02-14 08:18 . 2008-02-14 08:18 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll 2008-02-14 08:18 . 2008-02-14 08:18 1,686,528 --a------ C:\Windows\System32\gameux.dll 2008-02-13 14:51 . 2008-02-13 14:52 <DIR> d-------- C:\Users\All Users\Lavasoft 2008-02-13 14:51 . 2008-02-13 14:52 <DIR> d-------- C:\ProgramData\Lavasoft 2008-02-13 14:51 . 2008-02-13 14:51 <DIR> d-------- C:\Program Files\Lavasoft 2008-02-13 14:49 . 2008-02-13 14:49 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-02-09 22:56 . 2008-02-17 11:19 <DIR> d-------- C:\MDT 2008-02-09 22:00 . 2008-02-09 22:00 <DIR> d-------- C:\Users\Pimpf\AppData\Roaming\CyberLink 2008-02-09 22:00 . 2008-02-09 22:00 <DIR> d-------- C:\Users\All Users\CyberLink 2008-02-09 22:00 . 2008-02-09 22:00 <DIR> d-------- C:\ProgramData\CyberLink 2008-02-01 15:32 . 2008-02-01 15:32 <DIR> d-------- C:\Users\All Users\SafeNet Sentinel 2008-02-01 15:32 . 2008-02-01 15:32 <DIR> d-------- C:\ProgramData\SafeNet Sentinel 2008-02-01 15:31 . 2008-02-01 15:31 <DIR> d-------- C:\ProgramData\Application Data 2008-02-01 15:31 . 2008-02-01 15:31 <DIR> d-------- C:\Program Files\Common Files\SPSS 2008-02-01 15:28 . 2008-02-01 15:28 <DIR> d-------- C:\Program Files\SPSSInc 2008-02-01 15:28 . 2008-02-01 15:28 1,025 --a------ C:\Windows\System32\sysprs7.tgz 2008-02-01 15:28 . 2008-02-01 15:28 1,025 --a------ C:\Windows\System32\sysprs7.dll 2008-02-01 15:28 . 2008-02-01 15:28 219 --a------ C:\Windows\System32\lsprst7.tgz 2008-02-01 15:28 . 2008-02-01 15:28 16 ---h----- C:\Windows\System32\servdat.slm 2008-02-01 15:27 . 2008-02-01 15:27 0 --a------ C:\law.sp . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-15 20:51 --------- d-----w C:\Users\Pimpf\AppData\Roaming\Skype 2008-02-14 07:19 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll 2008-02-14 07:19 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll 2008-02-14 07:19 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll 2008-02-14 07:19 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll 2008-02-14 07:15 824,832 ----a-w C:\Windows\System32\wininet.dll 2008-02-14 07:15 56,320 ----a-w C:\Windows\System32\iesetup.dll 2008-02-14 07:15 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll 2008-02-14 07:15 26,624 ----a-w C:\Windows\System32\ieUnatt.exe 2008-02-08 20:08 --------- d-----w C:\Program Files\Firefox 2008-02-03 14:05 87,688 ----a-w C:\Users\Pimpf\AppData\Roaming\GDIPFONTCACHEV1.DAT 2008-01-16 19:01 --------- d-----w C:\Program Files\Picasa2 2008-01-09 21:25 --------- d-----w C:\Program Files\Windows Sidebar 2008-01-09 21:25 --------- d-----w C:\Program Files\Windows Mail 2008-01-09 19:55 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys 2008-01-09 19:55 11,776 ----a-w C:\Windows\System32\sbunattend.exe 2008-01-09 19:55 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys 2007-12-18 07:16 1,327,104 ----a-w C:\Windows\System32\quartz.dll 2007-12-18 07:15 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL 2007-12-18 07:15 223,232 ----a-w C:\Windows\System32\WMASF.DLL 2007-12-18 07:13 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys 2007-12-18 07:13 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys 2007-12-18 07:13 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys 2007-12-18 07:13 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys 2007-12-17 13:54 7,415 ----a-w C:\Users\Pimpf\Speedport-Konfig-071217-002.bin 2007-12-17 13:53 7,442 ----a-w C:\Users\Pimpf\Speedport-Konfig-071217-001.bin 2007-12-14 10:32 12,632 ----a-w C:\Windows\System32\lsdelete.exe 2007-09-02 08:30 174 --sha-w C:\Program Files\desktop.ini 2007-08-25 19:26 17,976,688 ----a-w C:\Users\Pimpf\Install_Messenger.exe . (((((((((((((((((((((((((((( Autostart Punkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {965B54B0-71E0-4611-8DE7-F73FA0B20E26} {2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_CLASSES_ROOT\clsid\{965b54b0-71e0-4611-8de7-f73fa0b20e26}] [HKEY_CLASSES_ROOT\BabylonTBLib.BabylonTB.1] [HKEY_CLASSES_ROOT\TypeLib\{162484B8-B114-453f-A344-C0B24B0F1D99}] [HKEY_CLASSES_ROOT\BabylonTBLib.BabylonTB] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{965B54B0-71E0-4611-8DE7-F73FA0B20E26}"= C:\Program Files\Babylon\Babylon Toolbar\BabylonIEToolBar.dll [2007-10-10 16:05 264416] [HKEY_CLASSES_ROOT\clsid\{965b54b0-71e0-4611-8de7-f73fa0b20e26}] [HKEY_CLASSES_ROOT\BabylonTBLib.BabylonTB.1] [HKEY_CLASSES_ROOT\TypeLib\{162484B8-B114-453f-A344-C0B24B0F1D99}] [HKEY_CLASSES_ROOT\BabylonTBLib.BabylonTB] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55 5674352] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-10-31 20:50 171448] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:34 201728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-04 21:00 1006264] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-20 18:51 815104] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496] "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-07-11 17:12 90112] "SigmatelSysTrayApp"="sttray.exe" [2007-02-08 06:11 303104 C:\Windows\sttray.exe] "Broadcom Wireless Manager UI"="C:\Windows\system32\WLTRAY.exe" [2006-11-18 06:48 1540096] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 11:37 81920] "RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 11:22 221184] "PDVDDXSrv"="C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 17:23 118784] "ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-03-16 11:50 17920] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-04 13:38 1862144] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 14:40 155648] "F-Secure Manager"="C:\Program Files\F-Secure\Common\FSM32.exe" [2007-08-27 14:21 182952] "F-Secure TNB"="C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" [2007-08-27 14:20 895600] "Babylon Client"="C:\Program Files\Babylon\Babylon-Pro\Babylon.exe" [ ] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 22:18 443968] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Reader - Schnellstart.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26 29696] Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2007-08-04 13:22:36 50688] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 00:01:04 83360] QuickSet.lnk - C:\Windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2007-08-04 13:24:25 45056] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL [HKLM\~\startupfolder\C:^Users^Pimpf^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^WEB.DE SmartSurfer.lnk] path=C:\Users\Pimpf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WEB.DE SmartSurfer.lnk backup=C:\Windows\pss\WEB.DE SmartSurfer.lnk.Startup backupExtension=.Startup R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-30 10:22] R1 F-Secure HIPS;F-Secure HIPS;C:\Program Files\F-Secure\HIPS\fshs.sys [2007-08-27 14:20] R1 FSES;F-Secure Email Scanning Driver;C:\Windows\system32\drivers\fses.sys [2007-08-27 14:18] R1 FSFW;F-Secure Firewall Driver;C:\Windows\system32\drivers\fsdfw.sys [2007-08-27 14:19] R1 fsvista;F-Secure Vista Support Driver;C:\Program Files\F-Secure\Anti-Virus\minifilter\fsvista.sys [2007-08-27 14:17] R2 SmartSurferManager;SmartSurfer Manager;"C:\Program Files\SmartSurfer\SmurfService.exe" [2007-08-01 12:07] R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-11-12 00:10] R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\F-Secure\Anti-Virus\minifilter\fsgk.sys [2007-08-27 14:17] R3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-24 22:46] S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files\F-Secure\Anti-Virus\Win2K\FSfilter.sys [2007-08-27 14:18] S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\F-Secure\Anti-Virus\Win2K\FSrec.sys [2007-08-27 14:18] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-17 17:24:22 Windows 6.0.6000 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostart Einträge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** . Zeit der Fertigstellung: 2008-02-17 17:25:20 ComboFix-quarantined-files.txt 2008-02-17 16:25:17 . 2008-02-16 08:25:43 --- E O F --- danke für die bemühungen! |
|
|
||
17.02.2008, 18:35
Ehrenmitglied
Beiträge: 1441 |
#4
««
Scanne mit bitdefender- poste das log vom Scan http://virus-protect.org/onlinescan.html «« Lade + scanne mit Malwarebytes Anti-Malware - poste auch den report http://virus-protect.org/artikel/tools/malwarebytes.html __________ Gruss Pinguin bin dabei, meine Seite + Proggies zu aktualisieren: http://www.virus-protect.org/ |
|
|
||
17.02.2008, 23:40
...neu hier
Themenstarter Beiträge: 6 |
#5
also hier ist erstmal das log vom bitdefender:
BitDefender Log File !!!!! Product : BitDefender Total Security 2008 Version : BitDefender UIScanner v.11 Log date : 23:25:41 17/02/2008 Log path : C:\ProgramData\BitDefender\Desktop\Profiles\Logs\deep_scan\1203287141_1_00.xml Scan Pathsath0000: C:\ Path0001: D:\ Scan Options:Scan for viruses : Yes Scan for adware : Yes Scan for spyware : Yes Scan for applications : Yes Scan for dialers : Yes Scan for rootkits : Yes Target selection options:Scan registry keys : Yes Scan cookies : Yes Scan boot sectors : Yes Scan memory processes : Yes Scan archives : Yes Scan runtime packers : Yes Scan emails : Yes Scan all files : Yes Heuristic Scan : Yes Scanned extensions : Excluded extensions : Target ProcessingDefault action for infected objects : Disinfect Default action for suspicious objects : None Default action for hidden objects : None Scan engines summaryNumber of virus signatures : 981563 Archive plugins : 41 Email plugins : 6 Scan plugins : 12 Archive plugins : 41 System plugins : 4 Unpack plugins : 7 Overall scan summaryScanned items : 277264 Infected items : 0 Suspicious items : 0 Resolved items : 0 Individual viruses found : 0 Scanned directories : 14770 Scanned boot sectors : 4 Scanned archives : 1811 Input-output errors : 83 Scan time : 00:00:54:26 Files per second : 84 Scanned processes summaryScanned : 81 Infected : 0 Scanned registry keys summaryScanned : 399 Infected : 0 Scanned cookies summaryScanned : 1 Infected : 0 Remaining issues:Object Name Threat Name Final Status Resolved issues:Object Name Threat Name Final Status Objects that were not scanned:Object Name Reason Final Status |
|
|
||
17.02.2008, 23:46
Ehrenmitglied
Beiträge: 1441 |
#6
««
Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als listen.bat mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden. --> die listen.bat doppelt klicken--> kopiere den Text, der erscheint Zitat cd\ __________ Gruss Pinguin bin dabei, meine Seite + Proggies zu aktualisieren: http://www.virus-protect.org/ |
|
|
||
18.02.2008, 00:29
...neu hier
Themenstarter Beiträge: 6 |
#7
hallo.
also das hab ich gemacht. wenn ich versuche die datei zu öffnen kommt zum einen eine meldung, dass diese datei nicht gefunden werden konnte und zum anderen öffnet sich ein fenster mit folgendem text: C:\Users\Pimpf\Documents\Desktop>cd\ C:\>dir "C:\Program Files\MSN Messenger" 1>>files.txt Zugriff verweigert C:\>notepad files.txt neben bei ist malwarebytes noch beim scannen. hat auch schon infizierte objekte gefunden. |
|
|
||
18.02.2008, 00:40
Ehrenmitglied
Beiträge: 1441 |
#8
poste dann den report vom malwarebytes
__________ Gruss Pinguin bin dabei, meine Seite + Proggies zu aktualisieren: http://www.virus-protect.org/ |
|
|
||
18.02.2008, 00:56
...neu hier
Themenstarter Beiträge: 6 |
#9
okay. der scan ist jetzt fertig.
log von malwarebytes: Malwarebytes' Anti-Malware 1.03 Datenbank Version: 371 Scan Art: Komplett Scan (C:\|D:\|) Objekte gescannt: 125171 Scan Dauer: 53 minute(s), 45 second(s) Infizierte Speicher Prozesse: 0 Infizierte Speicher Module: 0 Infizierte Registrierungsschlüssel: 20 Infizierte Registrierungswerte: 0 Infizierte Datei Objekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicher Prozesse: (Keine Malware Objekte gefunden) Infizierte Speicher Module: (Keine Malware Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CLASSES_ROOT\toolbar.htmlmenuui (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\toolbar.htmlmenuui.1 (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\toolbar.toolbarctl (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\toolbar.toolbarctl.1 (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\srv.coreservices (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\srv.coreservices.1 (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\hostol.mailanim (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\hostol.mailanim.1 (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\hbmain.commband (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\hbmain.commband.1 (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\coresrv.lfgax (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\coresrv.lfgax.1 (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\hostol.webmailsend (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\hostol.webmailsend.1 (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\instie.hbinstobj (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\instie.hbinstobj.1 (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\coresrv.coreservices (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\coresrv.coreservices.1 (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\hbr.hbmain (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\hbr.hbmain.1 (Adware.Zango) -> No action taken. Infizierte Registrierungswerte: (Keine Malware Objekte gefunden) Infizierte Datei Objekte der Registrierung: (Keine Malware Objekte gefunden) Infizierte Verzeichnisse: (Keine Malware Objekte gefunden) Infizierte Dateien: (Keine Malware Objekte gefunden) ich hab dann halt auf entfernen geklickt und das hat glaube ich auch geklappt. logfile: Malwarebytes' Anti-Malware 1.03 Datenbank Version: 371 Scan Art: Komplett Scan (C:\|D:\|) Objekte gescannt: 125171 Scan Dauer: 53 minute(s), 45 second(s) Infizierte Speicher Prozesse: 0 Infizierte Speicher Module: 0 Infizierte Registrierungsschlüssel: 20 Infizierte Registrierungswerte: 0 Infizierte Datei Objekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicher Prozesse: (Keine Malware Objekte gefunden) Infizierte Speicher Module: (Keine Malware Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CLASSES_ROOT\toolbar.htmlmenuui (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\toolbar.htmlmenuui.1 (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\toolbar.toolbarctl (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\toolbar.toolbarctl.1 (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\srv.coreservices (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\srv.coreservices.1 (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\hostol.mailanim (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\hostol.mailanim.1 (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\hbmain.commband (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\hbmain.commband.1 (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\coresrv.lfgax (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\coresrv.lfgax.1 (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\hostol.webmailsend (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\hostol.webmailsend.1 (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\instie.hbinstobj (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\instie.hbinstobj.1 (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\coresrv.coreservices (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\coresrv.coreservices.1 (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\hbr.hbmain (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\hbr.hbmain.1 (Adware.Zango) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: (Keine Malware Objekte gefunden) Infizierte Datei Objekte der Registrierung: (Keine Malware Objekte gefunden) Infizierte Verzeichnisse: (Keine Malware Objekte gefunden) Infizierte Dateien: (Keine Malware Objekte gefunden) ist das problem nun also gelöst??? Dieser Beitrag wurde am 18.02.2008 um 01:00 Uhr von miamaria editiert.
|
|
|
||
18.02.2008, 10:18
Ehrenmitglied
Beiträge: 1441 |
#10
Hallo,
1. Klicke auf Start, und klicke anschließend auf Windows Explorer. 2. Suche und klicke dann mit der rechten Maustaste auf die Datei Cmd.exe. Die Datei Cmd.exe befindet sich in dem Ordner %windir%\System32. 3. Klicke auf Eigenschaften. 4. Klicke auf die Registerkarte Sicherheit. 5. Klicke auf Hinzufügen. 6. Gib im Feld die zu verwendenden Objektnamen ein: Batch und zweimal klicke dann auf OK. 7. Klicke auf Ja, wenn gefragt wird, fortzufahren. ............................ Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als listen.bat mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden. --> die listen.bat doppelt klicken--> kopiere den Text, der erscheint Zitat cd\------------- «« poste die zwei Logs von Comboscan http://virus-protect.org/artikel/tools/comboscan.html __________ Gruss Pinguin bin dabei, meine Seite + Proggies zu aktualisieren: http://www.virus-protect.org/ |
|
|
||
18.02.2008, 17:40
...neu hier
Themenstarter Beiträge: 6 |
#11
hallo.
also die datei Cmd.exe find ich zwar, jedoch ist da nirgends die option "hinzufügen". in der registrierkarte "sicherheit" lässt sich lediglich die option "bearbeiten" anklicken- und auch da kann man keine änderungen vornehmen. die zwei logs von comboscan sind wie folgt. der main.txt ist: Deckard's System Scanner v20071014.68 Run by Pimpf on 2008-02-18 18:27:40 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- Last 5 Restore Point(s) -- 17: 2008-02-17 21:09:39 UTC - RP132 - Installed BitDefender Total Security 2008 16: 2008-02-17 16:19:33 UTC - RP131 - ComboFix created restore point 15: 2008-02-16 08:24:13 UTC - RP130 - Windows Update 14: 2008-02-15 10:59:47 UTC - RP129 - Windows Update 13: 2008-02-14 07:13:27 UTC - RP128 - Windows Update -- First Restore Point -- 1: 2008-01-25 11:28:09 UTC - RP116 - Windows Update Backed up registry hives. Performed disk cleanup. -- HijackThis Clone ------------------------------------------------------------ Emulating logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2008-02-18 18:29:16 Platform: Windows Vista (6.00.6000) MSIE: Internet Explorer (7.00.6000.16386) Boot mode: Normal Running processes: C:\Windows\System32\taskeng.exe C:\Windows\System32\dwm.exe C:\Windows\explorer.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Windows\sttray.exe C:\Windows\System32\WLTRAY.EXE C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files\F-Secure\common\FSM32.EXE C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Windows\System32\conime.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe C:\Program Files\F-Secure\FSGUI\fsguidll.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe C:\Program Files\Firefox\firefox.exe C:\Users\Pimpf\Documents\Desktop\dss.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://intranet.noea.dk/sites/noea/serviceoekonom/default.aspx R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar2.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll O3 - Toolbar: Babylon - {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - C:\Program Files\Babylon\Babylon Toolbar\BabylonIEToolBar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar2.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user') O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: QuickSet.lnk = ? O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\microsoft shared\Web Folders\PKMCDO.DLL O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\microsoft shared\Web Components\10\OWC10.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\System32\Ati2evxx.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\common\FNRB32.exe O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure\FSAUA\program\fsaua.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\program\fsdfwd.exe O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\F-Secure\common\FSMA32.EXE O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\Nero O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe O23 - Service: SmartSurfer Manager (SmartSurferManager) - United Internet AG - C:\Program Files\SmartSurfer\SmurfService.exe O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\System32\drivers\XAudio.exe -- End of file - 9564 bytes -- File Associations ----------------------------------------------------------- [COLOR=red].cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*[/COLOR] -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- S3 DSproct - \??\c:\program files\dellsupport\gtaction\triggers\dsproct.sys -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 STacSV (SigmaTel Audio Service) - c:\program files\sigmatel\c-major audio\wdm\stacsv.exe <Not Verified; SigmaTel, Inc.; C-Major Audio> S3 DSBrokerService - "c:\program files\dellsupport\brkrsvc.exe" <Not Verified; ; Gteko BrkrSvc Application> S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe S3 stllssvr - "c:\program files\common files\surething shared\stllssvr.exe" <Not Verified; MicroVision Development, Inc.; SureThing CD Labeler> -- Device Manager: Disabled ---------------------------------------------------- No disabled devices found. -- Files created between 2008-01-18 and 2008-02-18 ----------------------------- 2008-02-17 23:41:24 0 d-------- C:\Users\All Users\Malwarebytes 2008-02-17 23:41:17 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-02-17 22:10:17 0 d-------- C:\Users\All Users\BitDefender 2008-02-17 22:10:17 0 d-------- C:\Program Files\BitDefender 2008-02-17 22:09:12 0 d-------- C:\Program Files\Common Files\BitDefender 2008-02-17 17:18:58 68096 --a------ C:\Windows\system32\zip.exe 2008-02-17 17:18:57 98816 --a------ C:\Windows\system32\sed.exe 2008-02-17 17:18:57 80412 --a------ C:\Windows\system32\grep.exe 2008-02-17 17:18:57 73728 --a------ C:\Windows\system32\fdsv.exe <Not Verified; Smallfrogs Studio; > 2008-02-17 11:58:56 0 d-------- C:\Windows\system32\Kaspersky Lab 2008-02-13 14:51:01 0 d-------- C:\Program Files\Lavasoft 2008-02-13 14:51:00 0 d-------- C:\Users\All Users\Lavasoft 2008-02-13 14:49:44 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-02-09 22:56:14 0 d-------- C:\MDT 2008-02-09 22:00:47 0 d-------- C:\Users\All Users\CyberLink 2008-02-01 15:32:36 0 d-------- C:\Users\All Users\SafeNet Sentinel 2008-02-01 15:31:35 0 d-------- C:\Users\All Users\Application Data 2008-02-01 15:31:35 0 d-------- C:\Users\All Users\Application Data\SPSS 2008-02-01 15:31:35 0 d-------- C:\Program Files\Common Files\SPSS 2008-02-01 15:28:54 0 d-------- C:\Program Files\SPSSInc 2008-02-01 15:28:18 1025 --a------ C:\Windows\system32\sysprs7.dll -- Find3M Report --------------------------------------------------------------- 2008-02-18 00:35:42 0 d-------- C:\Program Files\Common Files 2008-02-17 23:41:30 0 d-------- C:\Users\Pimpf\AppData\Roaming\Malwarebytes 2008-02-17 23:40:48 0 d-------- C:\Users\Pimpf\AppData\Roaming\Download Manager 2008-02-17 22:13:39 0 d-------- C:\Users\Pimpf\AppData\Roaming\BitDefender 2008-02-15 21:51:25 0 d-------- C:\Users\Pimpf\AppData\Roaming\Skype 2008-02-13 10:12:16 648034 --a------ C:\Windows\system32\perfh007.dat 2008-02-13 10:12:16 119690 --a------ C:\Windows\system32\perfc007.dat 2008-02-09 22:00:52 0 d-------- C:\Users\Pimpf\AppData\Roaming\CyberLink 2008-02-08 21:08:02 0 d-------- C:\Program Files\Firefox 2008-02-03 15:05:16 87688 --a------ C:\Users\Pimpf\AppData\Roaming\GDIPFONTCACHEV1.DAT 2008-01-16 20:01:17 0 d-------- C:\Program Files\Picasa2 2008-01-09 22:25:24 0 d-------- C:\Program Files\Windows Mail 2008-01-09 22:25:23 0 d-------- C:\Program Files\Windows Sidebar -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{965B54B0-71E0-4611-8DE7-F73FA0B20E26}"= C:\Program Files\Babylon\Babylon Toolbar\BabylonIEToolBar.dll [10.10.2007 16:05 264416] [-HKEY_CLASSES_ROOT\CLSID\{965B54B0-71E0-4611-8DE7-F73FA0B20E26}] [HKEY_CLASSES_ROOT\BabylonTBLib.BabylonTB.1] [HKEY_CLASSES_ROOT\TypeLib\{162484B8-B114-453f-A344-C0B24B0F1D99}] [HKEY_CLASSES_ROOT\BabylonTBLib.BabylonTB] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [04.08.2007 21:00] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [20.11.2006 18:51] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25.09.2007 01:11] "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [11.07.2006 17:12] "SigmatelSysTrayApp"="sttray.exe" [08.02.2007 06:11 C:\Windows\sttray.exe] "Broadcom Wireless Manager UI"="C:\Windows\system32\WLTRAY.exe" [18.11.2006 06:48] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [03.10.2006 11:37] "RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [05.11.2006 11:22] "PDVDDXSrv"="C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [20.10.2006 17:23] "ECenter"="c:\dell\E-Center\EULALauncher.exe" [16.03.2007 11:50] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [04.08.2007 13:38] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [12.01.2006 14:40] "F-Secure Manager"="C:\Program Files\F-Secure\Common\FSM32.exe" [27.08.2007 14:21] "F-Secure TNB"="C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" [27.08.2007 14:20] "Babylon Client"="C:\Program Files\Babylon\Babylon-Pro\Babylon.exe" [] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [19.01.2007 11:55] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [31.10.2007 20:50] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [02.11.2006 13:34] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Reader - Schnellstart.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23.09.2005 21:05:26] Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [04.08.2007 13:22:36] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [13.02.2001 00:01:04] QuickSet.lnk - C:\Windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [04.08.2007 13:24:25] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] @="IEEE 1394 Bus host controllers" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] @="SBP2 IEEE 1394 Devices" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] @="SecurityDevices" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Pimpf^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^WEB.DE SmartSurfer.lnk] path=C:\Users\Pimpf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WEB.DE SmartSurfer.lnk backup=C:\Windows\pss\WEB.DE SmartSurfer.lnk.Startup backupExtension=.Startup [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE WebClient LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc wlansvc EMDMgmt TabletInputService WPDBusEnum LocalServiceNoNetwork PLA DPS BFE mpssvc [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] C:\Windows\system32\unregmp2.exe /ShowWMP [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI -- End of Deckard's System Scanner: finished at 2008-02-18 18:31:36 ------------ und der extra.txt: Deckard's System Scanner v20071014.68 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft® Windows Vista™ Home Basic (build 6000) Architecture: X86; Language: German CPU 0: AMD Athlon(tm) 64 X2 Dual-Core Processor TK-53 Percentage of Memory in Use: 39% Physical Memory (total/avail): 1917.44 MiB / 1162.05 MiB Pagefile Memory (total/avail): 4056.91 MiB / 3015.27 MiB Virtual Memory (total/avail): 2047.88 MiB / 1907.33 MiB C: is Fixed (NTFS) - 138.94 GiB total, 99.63 GiB free. D: is Fixed (NTFS) - 10 GiB total, 6.92 GiB free. E: is CDROM (CDFS) \\.\PHYSICALDRIVE0 - FUJITSU MHW2160BH ATA Device - 149.05 GiB - 3 partitions \PARTITION0 - Unknown - 109.79 MiB \PARTITION1 - Installierbares Dateisystem - 10 GiB - D: \PARTITION2 (bootable) - Installierbares Dateisystem - 138.94 GiB - C: -- Security Center ------------------------------------------------------------- AUOptions is scheduled to auto-install. Windows Internal Firewall is disabled. FW: McAfee Personal Firewall v (McAfee) FW: ZoneAlarm Firewall v7.1.099.000 (Check Point, LTD.) FW: F-Secure Client Security 7.10 v7.10 (F-Secure Corporation) AV: Avira AntiVir PersonalEdition v 6.39.1.134 (Avira GmbH) AV: F-Secure Client Security 7.10 v7.10 (F-Secure Corporation) AV: McAfee VirusScan v (McAfee) AS: McAfee VirusScan v (McAfee) AS: Avira AntiVir PersonalEdition v 6.39.1.134 (Avira GmbH) AS: Windows-Defender v1.1.1505.0 (Microsoft Corporation) AS: F-Secure Client Security 7.10 v7.10 (F-Secure Corporation) [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\ProgramData APPDATA=C:\Users\Pimpf\AppData\Roaming CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=MUSCHELCHEN ComSpec=C:\Windows\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Users\Pimpf LOCALAPPDATA=C:\Users\Pimpf\AppData\Local LOGONSERVER=\\MUSCHELCHEN NewEnvironment1=C:\Program Files\ATI Technologies\ NUMBER_OF_PROCESSORS=2 OS=Windows_NT Path=C:\Windows\system32;C:\Windows;C:\Windows\system32\wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 15 Model 104 Stepping 1, AuthenticAMD PROCESSOR_LEVEL=15 PROCESSOR_REVISION=6801 ProgramData=C:\ProgramData ProgramFiles=C:\Program Files PROMPT=$P$G PUBLIC=C:\Users\Public RoxioCentral=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\ SystemDrive=C: SystemRoot=C:\Windows TEMP=C:\Users\Pimpf\AppData\Local\Temp TMP=C:\Users\Pimpf\AppData\Local\Temp USERDOMAIN=Muschelchen USERNAME=Pimpf USERPROFILE=C:\Users\Pimpf windir=C:\Windows -- User Profiles --------------------------------------------------------------- Pimpf -- Add/Remove Programs --------------------------------------------------------- --> "C:\Program Files\F-Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware Scanner" --> "C:\Program Files\F-Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware" --> "C:\Program Files\F-Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus Client Security Installer" --> "C:\Program Files\F-Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Automatic Update Agent" --> "C:\Program Files\F-Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure DAAS" --> "C:\Program Files\F-Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Diagnostics" --> "C:\Program Files\F-Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure FWES" --> "C:\Program Files\F-Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure GateKeeper Interface" --> "C:\Program Files\F-Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Gemini" --> "C:\Program Files\F-Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure GUI" --> "C:\Program Files\F-Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Help" --> "C:\Program Files\F-Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Localization API" --> "C:\Program Files\F-Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Management Agent" --> "C:\Program Files\F-Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Pegasus Engine" --> "C:\Program Files\F-Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Policy Manager Support" --> "C:\Program Files\F-Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure TNB" --> "C:\Program Files\F-Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Uninstall" --> C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL --> C:\Windows\UNNeroBackItUp.exe /UNINSTALL --> C:\Windows\UNNeroMediaHome.exe /UNINSTALL --> C:\Windows\UNNeroShowTime.exe /UNINSTALL --> C:\Windows\UNNeroVision.exe /UNINSTALL --> C:\Windows\UNRecode.exe /UNINSTALL Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF} Adobe Flash Player 9 ActiveX --> C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete Adobe Flash Player Plugin --> C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe Adobe Reader 7.0.8 - Deutsch --> MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A70800000002} Adobe Shockwave Player --> C:\Windows\System32\Macromed\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Macromed\SHOCKW~1\Install.log Assistant zum Anpassen des Dell-Systems --> MsiExec.exe /I{FD023F61-65E9-465C-B558-7C64EB2B97E6} ATI Catalyst Control Center Ex --> MsiExec.exe /I{15CC668C-F37C-CE24-9047-40EC8034E29D} ATI Catalyst Control Center Ex --> MsiExec.exe /I{EAB9C426-6626-7B76-64F3-569FDCA9852D} ATI PCI Express (3GIO) Filter Driver --> C:\Program Files\InstallShield Installation Information\{E713653C-8312-4BC6-AFC9-ADE1F2F04AB9}\setup.exe -runfromtemp -l0x0009 -removeonly Babylon --> C:\Program Files\Babylon\Babylon-Pro\Utils\uninstbb.exe Babylon Toolbar --> MsiExec.exe /I{67A339E5-D8AA-4E88-9278-A571B397F798} Benutzerhandbuch --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}\setup.exe" CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe" Conexant HDA D110 MDC V.92 Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3\HXFSETUP.EXE -U -IDellHDAz.inf Dell Support Center --> MsiExec.exe /I{B8C54AB1-7E1A-40E8-B794-EDB6E8921F3A} Dell Wireless WLAN Card --> "C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card" DellSupport --> MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D} Digital Line Detect --> C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0007 -removeonly F-Secure Client Security - systemkontrol --> "C:\Program Files\F-Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure HIPS" F-Secure Client Security - virus/spyware --> "C:\Program Files\F-Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus" F-Secure Client Security – e-mail-scanning --> "C:\Program Files\F-Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure E-mail Scanning" F-Secure Client Security – internetskjold. --> "C:\Program Files\F-Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Internet Shield" F-Secure Client Security – scanning af internettrafikken --> "C:\Program Files\F-Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Protocol Scanner" Google Desktop --> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29} Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll" Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020} Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030} Java(TM) SE Runtime Environment 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000} Kaspersky Online Scanner --> C:\Windows\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe Microsoft Office XP Professional mit FrontPage --> MsiExec.exe /I{90280407-6000-11D3-8CFE-0050048383C9} Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Works --> MsiExec.exe /I{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3} Modem-Diagnose-Tool --> MsiExec.exe /I{F63A3748-B93D-4360-9AD4-B064481A5C7B} Mozilla Firefox (2.0.0.12) --> C:\Program Files\Firefox\uninstall\helper.exe MSXML 4.0 SP2 (KB927978) --> MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F} MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF} Nero 7 Ultra Edition --> MsiExec.exe /I{235BBFC6-D863-4066-A01A-3BD504C31031} NetWaiting --> C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0007 -removeonly OpenOffice.org 2.2 --> MsiExec.exe /I{E4C7B3EF-B3DB-4BB6-A812-E8FAE47534D3} Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe" PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{281ECE39-F043-492B-8337-F2E546B5604A}\Setup.exe" -l0x7 -cluninstall QuickSet --> MsiExec.exe /I{7F0C4457-8E64-491B-8D7B-991504365D1E} Roxio Creator Audio --> MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82} Roxio Creator BDAV Plugin --> MsiExec.exe /I{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC} Roxio Creator Copy --> MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048} Roxio Creator Data --> MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87} Roxio Creator DE --> MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C} Roxio Creator Tools --> MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF} Roxio Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA} Roxio MyDVD DE --> MsiExec.exe /I{D639085F-4B6E-4105-9F37-A0DBB023E2FB} Roxio Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E} SigmaTel Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x7 -remove -removeonly Skype™ 3.5 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82} Sonic Activation Module --> MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0} SPSS 16.0 Evaluation Version --> MsiExec.exe /X{9A657E90-E2B7-44DE-8929-055948162595} Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall URL Assistant --> regsvr32 /u /s "C:\Program Files\BAE\BAE.dll" WEB.DE SmartSurfer --> C:\Program Files\SmartSurfer\Uninstall.exe Windows Live Messenger --> MsiExec.exe /I{279DB581-239C-4E13-97F8-0F48E40BE75C} WinRAR --> C:\Program Files\WinRAR\uninstall.exe -- Application Event Log ------------------------------------------------------- Event Record #/Type11487 / Success Event Submitted/Written: 02/18/2008 05:41:16 PM Event ID/Source: 12001 / usnjsvc Event Description: The Messenger Sharing USN Journal Reader service started successfully. Event Record #/Type11482 / Error Event Submitted/Written: 02/18/2008 01:30:18 PM Event ID/Source: 5007 / WerSvc Event Description: Die Zieldatei für die Windows-Feedbackplattform (eine DLL-Datei, die eine Liste der auf diesem Computer aufgetretenen Probleme enthält, für deren Diagnose das Sammeln zusätzlicher Daten erforderlich ist) konnte nicht analysiert werden. Fehlercode 8014FFF9. Event Record #/Type11478 / Success Event Submitted/Written: 02/18/2008 01:29:04 PM Event ID/Source: 5617 / WinMgmt Event Description: Event Record #/Type11476 / Success Event Submitted/Written: 02/18/2008 01:29:01 PM Event ID/Source: 5615 / WinMgmt Event Description: Event Record #/Type11472 / Success Event Submitted/Written: 02/18/2008 01:28:50 PM Event ID/Source: 902 / Software Licensing Service Event Description: Der Softwarelizenzierungsdienst wurde gestartet. -- Security Event Log ---------------------------------------------------------- No Errors/Warnings found. -- System Event Log ------------------------------------------------------------ Event Record #/Type58171 / Warning Event Submitted/Written: 02/18/2008 06:29:43 PM Event ID/Source: 3004 / WinDefend Event Description: Vom %Muschelchen27-Echtzeitschutz-Agent wurden Änderungen erkannt. Microsoft empfiehlt, die Software, die diese Änderungen vorgenommen hat, zu analysieren, um potenzielle Risiken festzustellen. Sie können anhand der Informationen über die Funktionsweise dieser Programme entscheiden, ob die Software ausgeführt werden kann oder vom Computer entfernt werden soll. Lassen Sie nur Änderungen zu, wenn das Programm oder der Softwareherausgeber vertrauenswürdig ist. %Muschelchen27 kann Änderungen, die Sie zugelassen haben, nicht mehr rückgängig machen. Weitere Informationen finden Sie im Folgenden: %Muschelchen275 Scan-ID: {76B2360F-3262-4DD1-9292-07BEC3772140} Benutzer: Muschelchen\Pimpf Name: %Muschelchen271 ID: %Muschelchen272 Schweregrad-ID: %Muschelchen273 Kategorie-ID: %Muschelchen274 Gefundener Pfad: %Muschelchen276 Warnungsart: %Muschelchen278 Feststellungstyp: 1.1.1505.02 Event Record #/Type58170 / Warning Event Submitted/Written: 02/18/2008 06:29:43 PM Event ID/Source: 3004 / WinDefend Event Description: Vom %Muschelchen27-Echtzeitschutz-Agent wurden Änderungen erkannt. Microsoft empfiehlt, die Software, die diese Änderungen vorgenommen hat, zu analysieren, um potenzielle Risiken festzustellen. Sie können anhand der Informationen über die Funktionsweise dieser Programme entscheiden, ob die Software ausgeführt werden kann oder vom Computer entfernt werden soll. Lassen Sie nur Änderungen zu, wenn das Programm oder der Softwareherausgeber vertrauenswürdig ist. %Muschelchen27 kann Änderungen, die Sie zugelassen haben, nicht mehr rückgängig machen. Weitere Informationen finden Sie im Folgenden: %Muschelchen275 Scan-ID: {04928A04-5E28-4C83-BCF5-F8126259EB59} Benutzer: Muschelchen\Pimpf Name: %Muschelchen271 ID: %Muschelchen272 Schweregrad-ID: %Muschelchen273 Kategorie-ID: %Muschelchen274 Gefundener Pfad: %Muschelchen276 Warnungsart: %Muschelchen278 Feststellungstyp: 1.1.1505.02 Event Record #/Type58169 / Warning Event Submitted/Written: 02/18/2008 06:29:43 PM Event ID/Source: 3004 / WinDefend Event Description: Vom %Muschelchen27-Echtzeitschutz-Agent wurden Änderungen erkannt. Microsoft empfiehlt, die Software, die diese Änderungen vorgenommen hat, zu analysieren, um potenzielle Risiken festzustellen. Sie können anhand der Informationen über die Funktionsweise dieser Programme entscheiden, ob die Software ausgeführt werden kann oder vom Computer entfernt werden soll. Lassen Sie nur Änderungen zu, wenn das Programm oder der Softwareherausgeber vertrauenswürdig ist. %Muschelchen27 kann Änderungen, die Sie zugelassen haben, nicht mehr rückgängig machen. Weitere Informationen finden Sie im Folgenden: %Muschelchen275 Scan-ID: {C2EDA0CD-4F29-4344-AB9C-A2111D6615FE} Benutzer: Muschelchen\Pimpf Name: %Muschelchen271 ID: %Muschelchen272 Schweregrad-ID: %Muschelchen273 Kategorie-ID: %Muschelchen274 Gefundener Pfad: %Muschelchen276 Warnungsart: %Muschelchen278 Feststellungstyp: 1.1.1505.02 Event Record #/Type58168 / Warning Event Submitted/Written: 02/18/2008 06:29:40 PM Event ID/Source: 3004 / WinDefend Event Description: Vom %Muschelchen27-Echtzeitschutz-Agent wurden Änderungen erkannt. Microsoft empfiehlt, die Software, die diese Änderungen vorgenommen hat, zu analysieren, um potenzielle Risiken festzustellen. Sie können anhand der Informationen über die Funktionsweise dieser Programme entscheiden, ob die Software ausgeführt werden kann oder vom Computer entfernt werden soll. Lassen Sie nur Änderungen zu, wenn das Programm oder der Softwareherausgeber vertrauenswürdig ist. %Muschelchen27 kann Änderungen, die Sie zugelassen haben, nicht mehr rückgängig machen. Weitere Informationen finden Sie im Folgenden: %Muschelchen275 Scan-ID: {E9BB50AE-1085-4723-B4AE-F94CD77893AD} Benutzer: Muschelchen\Pimpf Name: %Muschelchen271 ID: %Muschelchen272 Schweregrad-ID: %Muschelchen273 Kategorie-ID: %Muschelchen274 Gefundener Pfad: %Muschelchen276 Warnungsart: %Muschelchen278 Feststellungstyp: 1.1.1505.02 Event Record #/Type58167 / Warning Event Submitted/Written: 02/18/2008 06:29:40 PM Event ID/Source: 3004 / WinDefend Event Description: Vom %Muschelchen27-Echtzeitschutz-Agent wurden Änderungen erkannt. Microsoft empfiehlt, die Software, die diese Änderungen vorgenommen hat, zu analysieren, um potenzielle Risiken festzustellen. Sie können anhand der Informationen über die Funktionsweise dieser Programme entscheiden, ob die Software ausgeführt werden kann oder vom Computer entfernt werden soll. Lassen Sie nur Änderungen zu, wenn das Programm oder der Softwareherausgeber vertrauenswürdig ist. %Muschelchen27 kann Änderungen, die Sie zugelassen haben, nicht mehr rückgängig machen. Weitere Informationen finden Sie im Folgenden: %Muschelchen275 Scan-ID: {41CEEE6A-F73B-473B-84A2-1EE46D976D01} Benutzer: Muschelchen\Pimpf Name: %Muschelchen271 ID: %Muschelchen272 Schweregrad-ID: %Muschelchen273 Kategorie-ID: %Muschelchen274 Gefundener Pfad: %Muschelchen276 Warnungsart: %Muschelchen278 Feststellungstyp: 1.1.1505.02 -- End of Deckard's System Scanner: finished at 2008-02-18 18:31:36 ------------ Dieser Beitrag wurde am 18.02.2008 um 18:35 Uhr von miamaria editiert.
|
|
|
||
ich habe einen msn virus der sich mit dem link "PARTY PARTY PARTY www. username. com/ megaview" (so in etwa) verschickt. klickt man den link an, muss man seinen msn benutzernamen+passwort eingeben.
der virus macht sich bemerkbar, indem er unbemerkt von meinem computer aus den link weiterverschickt und mich ab und zu aus msn rauskickt.
ich habe schon etliche virenscans laufen lassen, jedoch konnte keines der programme einen virus erkennen.
wie werde ich den also dann los????
dies ist mein logfile:
Logfile of HijackThis v1.99.1
Scan saved at 16:25:49, on 17.02.2008
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Windows\sttray.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\F-Secure\common\FSM32.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Windows\system32\conime.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Firefox\firefox.exe
C:\Users\Pimpf\Documents\Desktop\virus\HJT.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://intranet.noea.dk/sites/noea/serviceoekonom/default.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=6070804
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer bereitgestellt von Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: Babylon - {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - C:\Program Files\Babylon\Babylon Toolbar\BabylonIEToolBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [HotbarOE] C:\Program Files\Hotbar\bin\10.0.357.0\OEAddOn.exe
O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickSet.lnk = ?
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: SmartSurfer Manager (SmartSurferManager) - United Internet AG - C:\Program Files\SmartSurfer\SmurfService.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
schon mal vielen vielen dank für eure hilfe!