Trojaner qoMeEUKA.dll lässt sich nicht löschen mit Antivir |
||
---|---|---|
#0
| ||
12.06.2008, 14:01
Member
Beiträge: 13 |
||
|
||
12.06.2008, 17:50
Ehrenmitglied
Beiträge: 29434 |
#2
annaz
« http://virus-protect.org/artikel/tools/otmoveIt.html öffne: OTMoveIt.exe OTMoveIt Kopiere rein: im linken Fenster ,wo steht: Paste List of Files/Folders to Move Zitat C:\Windows\System32\ssqPjjge.dllKlicke auf den Roten MoveIt! « scanne + poste den report http://virus-protect.org/artikel/tools/malwarebytes.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
13.06.2008, 03:13
Member
Themenstarter Beiträge: 13 |
#3
Hallo,
habe OTMoveIT installiert und die beiden Files gepastet und auf den roten MoveIt geklickt. Danach habe ich Malwarebytes installiert und laufen lassen. Leider fährt immer wieder - habe es jetzt 5 mal oder so versucht nach 10-37 Minuten das komplette System runter, es erscheint ein blauer Bildschirm mit weißer Schrift, da steht sehr viel, er ist aber nur kurz zu sehen so etwas wie "Das System muss aufgrund eines schweren Fehlers heruntergefahren werden um Schaden zu vermeiden" dann startet er neu und es kommt am Anfang eine Meldung, dass Updates installiert werden... ich war offline während der ganzen Prozedur, sehr eigenartig. Antivir hatte ich auch deaktiviert. Da der Computer ja unerwartet runtergefahren ist, habe ich leider den MoveIt-Report nicht mehr, er war jedenfalls anders als der jetzt: File/Folder C:\Windows\System32\ssqPjjge.dll not found. File/Folder C:\Windows\System32\awtqqqnN.dll not found. OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 06132008_030753 scheinbar sind die beiden gelöscht? Wie kann ich weiter vorgehen wenn Malwarebytes nicht auszuführen ist? Er hat nach ca 20 Minuten 4 infizierte Dateien gefunden, kann aber eben nie die Suche beenden. Danke für die Hilfe! |
|
|
||
13.06.2008, 11:25
Ehrenmitglied
Beiträge: 29434 |
#4
Hallo,
versuche comboscan anzuwenden + poste die 2 logs hier, die erstellt werden http://virus-protect.org/artikel/tools/comboscan.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
13.06.2008, 12:21
Member
Themenstarter Beiträge: 13 |
#5
Hallo Sabina,
danke für Deine Hilfe! Comboscan Logs: main: Deckard's System Scanner v20071014.68 Run by anna on 2008-06-13 12:12:43 Computer is in Normal Mode. -------------------------------------------------------------------------------- Backed up registry hives. Performed disk cleanup. [color=red]System Drive C: has 7.5 GiB (less than 15%) free.[/color] -- HijackThis (run as anna.exe) ------------------------------------------------ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:14:38, on 13.06.2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16681) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\WerFault.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe C:\Program Files\PowerISO\PWRISOVM.EXE C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Common Files\Hewlett-Packard\HP Device Communication Services\AppInterfaces\HPDeviceService.exe C:\Program Files\Hewlett-Packard\HP Easy Printer Care\HPPRun.exe C:\Program Files\Winamp\winampa.exe C:\Windows\WindowsMobile\wmdc.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Symantec\LiveUpdate\ALUNOTIFY.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Windows\ehome\ehtray.exe C:\Program Files\phonostar\ps_agent.exe C:\Program Files\Common Files\Hewlett-Packard\HP Device Communication Services\AppInterfaces\HPDeviceHost.exe C:\Program Files\phonostar\ps_timer.exe C:\Program Files\VoipCheapCom\VoipCheapCom.exe C:\Users\anna\AppData\Local\Simplify Media\SimplifyMedia.exe C:\Program Files\Free Download Manager\fdm.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Windows\ehome\ehmsas.exe C:\Windows\System32\mobsync.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files\Windows Mail\WinMail.exe C:\Program Files\OpenOffice.org 2.3\program\soffice.exe C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN C:\Users\anna\AppData\Local\Simplify Media\SimplifyPeer.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Users\anna\Desktop\dss.exe C:\Windows\system32\conime.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\anna.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [KnexStarter] C:\Program Files\Common Files\Hewlett-Packard\HP Device Communication Services\Appinterfaces\HPDeviceService.exe O4 - HKLM\..\Run: [RunTasktray] "C:\Program Files\Hewlett-Packard\HP Easy Printer Care\HPPRun.exe" --regkeypath=Software\Hewlett-Packard\HP Easy Printer Care\HPPRun --valuename=InstallTTM O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe" O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdc.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [PhonostarAgent] C:\Program Files\phonostar\ps_agent.exe O4 - HKCU\..\Run: [PhonostarTimer] C:\Program Files\phonostar\ps_timer.exe O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" O4 - HKCU\..\Run: [VoipCheapCom] "C:\Program Files\VoipCheapCom\VoipCheapCom.exe" -nosplash -minimized O4 - HKCU\..\Run: [Simplify Media] "C:\Users\anna\AppData\Local\Simplify Media\SimplifyMedia.exe" O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe O4 - Startup: Windows Calendar.lnk = D:\Program Files\Windows Calendar\WinCal.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: VPN Client.lnk = ? O8 - Extra context menu item: Alles mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dlall.htm O8 - Extra context menu item: An vorhandenes PDF anfügen - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Auswahl mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: Datei mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dllink.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Videos mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dlfvideo.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O15 - Trusted Zone: http://*.hp.com (HKLM) O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL O18 - Protocol: HPDCS - {BA135F49-A12C-4E26-A2C4-6EA945999072} - C:\Program Files\Common Files\Hewlett-Packard\HP Device Communication Services\APP\hpdcsapp.dll O18 - Protocol: hppfile - {C4E2084B-ED27-4893-A43D-488CA3F370E2} - C:\Program Files\Hewlett-Packard\HP Easy Printer Care\HPPCtrls.dll O18 - Protocol: hppsam - {C4E2084B-ED27-4893-A43D-488CA3F370E2} - C:\Program Files\Hewlett-Packard\HP Easy Printer Care\HPPCtrls.dll O18 - Protocol: hppzip - {C4E2084B-ED27-4893-A43D-488CA3F370E2} - C:\Program Files\Hewlett-Packard\HP Easy Printer Care\HPPCtrls.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Automatisches LiveUpdate - Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: Droppix Service - Droppix - C:\Program Files\Common Files\Droppix\DxService.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe -- End of file - 13683 bytes -- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) ----------- backup-20080612-113020-733 O2 - BHO: (no name) - {2E687E5A-807D-4B8E-BE77-54C54C5027A7} - C:\Windows\system32\qoMeEUKA.dll backup-20080612-113237-151 O4 - HKLM\..\Run: [dc98ce51] rundll32.exe "C:\Windows\system32\njmwrhef.dll",b backup-20080612-113237-180 O2 - BHO: (no name) - {81EA3F36-357A-435A-8741-52C27CCC9F21} - C:\Windows\system32\geBqPhGV.dll backup-20080612-113237-294 O4 - HKLM\..\Run: [BMdfabfdcd] Rundll32.exe "C:\Windows\system32\pmqcffyl.dll",s backup-20080612-113237-756 O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\geBqPhGV.dll,#1 backup-20080612-114045-697 O2 - BHO: (no name) - {2E687E5A-807D-4B8E-BE77-54C54C5027A7} - C:\Windows\system32\qoMeEUKA.dll backup-20080612-114052-295 O4 - HKLM\..\Run: [BMdfabfdcd] Rundll32.exe "C:\Windows\system32\wogtbwik.dll",s backup-20080612-114052-955 O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\geBqPhGV.dll,#1 -- File Associations ----------------------------------------------------------- [COLOR=red].cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*[/COLOR] -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu> R1 ssmdrv - c:\windows\system32\drivers\ssmdrv.sys <Not Verified; AVIRA GmbH; > S3 BVRPMPR5 (BVRPMPR5 NDIS Protocol Driver) - \??\c:\windows\system32\drivers\bvrpmpr5.sys -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 AntiVirScheduler (AntiVir PersonalEdition Classic Planer) - "c:\program files\avira\antivir personaledition classic\sched.exe" <Not Verified; Avira GmbH; AntiVir Workstation> R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service> R2 Bonjour Service (Bonjour-Dienst) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour> R2 TestHandler (Fujitsu Siemens Computers Diagnostic Testhandler) - c:\firststeps\onlinediagnostic\testmanager\testhandler.exe <Not Verified; Fujitsu Siemens Computers; ServerView Online Diagnostic> R3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)> S2 CLTNetCnService (Symantec Lic NetConnect service) - "c:\program files\common files\symantec shared\ccsvchst.exe" /h cccommon (file missing) S2 LiveUpdate Notice Ex (LiveUpdate Notice Service Ex) - "c:\program files\common files\symantec shared\ccsvchst.exe" /h cccommon (file missing) S3 Droppix Service - "c:\program files\common files\droppix\dxservice.exe" <Not Verified; Droppix; Droppix Services> -- Device Manager: Disabled ---------------------------------------------------- Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Microsoft-6zu4-Adapter Device ID: ROOT\*6TO4MP\0000 Manufacturer: Microsoft Name: 6TO4 Adapter PNP Device ID: ROOT\*6TO4MP\0000 Service: tunnel Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Microsoft Tun-Miniportadapter Device ID: ROOT\*TUNMP\0001 Manufacturer: Microsoft Name: Teredo Tunneling Pseudo-Interface PNP Device ID: ROOT\*TUNMP\0001 Service: tunmp Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Cisco Systems VPN Adapter Device ID: ROOT\NET\0000 Manufacturer: Cisco Systems Name: Cisco Systems VPN Adapter PNP Device ID: ROOT\NET\0000 Service: CVirtA -- Files created between 2008-05-13 and 2008-06-13 ----------------------------- 2008-06-13 01:01:49 0 d-------- C:\Users\All Users\Malwarebytes 2008-06-13 01:01:48 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-06-12 12:28:00 68096 --a------ C:\Windows\zip.exe 2008-06-12 12:28:00 49152 --a------ C:\Windows\VFind.exe 2008-06-12 12:28:00 212480 --a------ C:\Windows\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists> 2008-06-12 12:28:00 136704 --a------ C:\Windows\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller> 2008-06-12 12:28:00 161792 --a------ C:\Windows\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor> 2008-06-12 12:28:00 98816 --a------ C:\Windows\sed.exe 2008-06-12 12:28:00 80412 --a------ C:\Windows\grep.exe 2008-06-12 12:28:00 89504 --a------ C:\Windows\fdsv.exe <Not Verified; Smallfrogs Studio; > 2008-06-12 11:49:23 0 d-------- C:\!KillBox 2008-06-12 11:44:59 0 d-------- C:\Program Files\Panda Security 2008-06-12 11:15:48 0 d-------- C:\Program Files\Trend Micro 2008-06-12 00:26:29 0 d-------- C:\327882R2FWJFW 2008-06-11 14:49:03 0 d-------- C:\Program Files\CCleaner 2008-06-09 18:13:16 0 d-------- C:\Program Files\Foxit Software 2008-06-09 17:34:00 0 -rahs---- C:\MSDOS.SYS 2008-06-09 17:34:00 0 -rahs---- C:\IO.SYS 2008-06-06 17:10:42 0 d-------- C:\Downloads 2008-06-06 14:48:51 137 --a------ C:\Windows\UnDriver 2008-06-06 14:48:44 89057 --a------ C:\Windows\system32\tppun.exe <Not Verified; In-System Design, Inc.; TPP Storage Adapter> 2008-06-06 13:56:45 0 d-------- C:\Windows\Drivers 2008-05-25 23:57:40 0 d-------- C:\Users\All Users\FreeDownloadManager.ORG 2008-05-25 23:57:40 0 d-------- C:\Program Files\Free Download Manager 2008-05-19 23:34:45 0 d-------- C:\Program Files\AviSynth 2.5 2008-05-19 23:34:43 0 d-------- C:\Program Files\Red Kawa 2008-05-19 17:12:36 49904 -ra------ C:\Windows\system32\drivers\BVRPMPR5.SYS <Not Verified; Avanquest Software; BVRPNDIS Rawether for Windows> 2008-05-19 17:09:19 0 d-------- C:\Netgear 2008-05-15 14:17:39 113664 --a------ C:\Windows\modup.exe <Not Verified; Mirko Böer; Setup> 2008-05-15 14:17:36 0 d-------- C:\Program Files\MODupRemover 2008-05-13 21:03:55 0 d-------- C:\Program Files\GIMP-2.0 2008-05-13 20:54:04 0 d-------- C:\Program Files\Apple Software Update -- Find3M Report --------------------------------------------------------------- 2008-06-13 12:12:59 0 d-------- C:\Users\anna\AppData\Roaming\Free Download Manager 2008-06-13 12:12:14 644248 --a------ C:\Windows\system32\perfh007.dat 2008-06-13 12:12:14 117550 --a------ C:\Windows\system32\perfc007.dat 2008-06-13 12:11:31 0 d-------- C:\Users\anna\AppData\Roaming\Skype 2008-06-13 12:10:40 0 d-------- C:\Users\anna\AppData\Roaming\skypePM 2008-06-13 12:10:38 0 d-------- C:\Users\anna\AppData\Roaming\OpenOffice.org2 2008-06-13 03:15:46 12 --a------ C:\Windows\bthservsdp.dat 2008-06-13 03:15:46 0 d-------- C:\Program Files\Windows Mail 2008-06-13 01:01:51 0 d-------- C:\Users\anna\AppData\Roaming\Malwarebytes 2008-06-10 22:54:41 0 d-------- C:\Users\anna\AppData\Roaming\Apple Computer 2008-06-10 18:44:51 0 d-------- C:\Users\anna\AppData\Roaming\Azureus 2008-06-10 00:01:45 0 d-------- C:\Users\anna\AppData\Roaming\phonostar-Player 2008-05-28 01:05:31 0 d-------- C:\Users\anna\AppData\Roaming\Adobe 2008-05-23 00:46:32 0 d-------- C:\Program Files\Canon 2008-05-23 00:45:43 0 d-------- C:\Program Files\Common Files\Canon 2008-05-20 14:56:16 0 d-------- C:\Program Files\Bonjour 2008-05-15 14:18:55 0 d-------- C:\Program Files\Azureus 2008-05-13 23:29:47 0 d-------- C:\Users\anna\AppData\Roaming\gtk-2.0 2008-05-13 20:55:04 0 d-------- C:\Program Files\Safari 2008-05-06 21:07:45 0 d-------- C:\Program Files\Common Files 2008-05-06 21:07:45 0 d-------- C:\Program Files\Common Files\xing shared 2008-05-06 21:07:41 0 d-------- C:\Program Files\Common Files\Real 2008-05-03 13:30:50 0 d-------- C:\Program Files\VoipCheapCom 2008-05-03 13:25:57 0 d-------- C:\Users\anna\AppData\Roaming\VoipCheapCom 2008-04-24 13:14:00 0 d-------- C:\Users\anna\AppData\Roaming\Image Zone Express 2008-04-22 18:26:24 106496 --a------ C:\Windows\system32\HPSTDSoap.dll <Not Verified; Hewlett-Packard Company; HP Device Communication Services> 2008-04-22 18:02:58 163840 --a------ C:\Windows\system32\hppatusg01.dll <Not Verified; ; utXmlData Dynamic Link Library> 2008-04-22 18:02:02 126976 --a------ C:\Windows\system32\HPDevEnm.dll <Not Verified; ; Discover Dynamic Link Library> 2008-03-31 23:25:48 823296 --a------ C:\Windows\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®> 2008-03-31 23:25:48 823296 --a------ C:\Windows\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®> 2008-03-31 23:25:46 802816 --a------ C:\Windows\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?> 2008-03-31 23:25:46 831488 --a------ C:\Windows\system32\divx_xx0a.dll 2008-03-31 23:25:46 682496 --a------ C:\Windows\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®> 2008-03-21 22:30:08 3596288 --a------ C:\Windows\system32\qt-dx331.dll 2008-03-21 22:28:54 196608 --a------ C:\Windows\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100> 2008-03-21 22:28:54 81920 --a------ C:\Windows\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100> 2008-03-21 22:28:20 12288 --a------ C:\Windows\system32\DivXWMPExtType.dll -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\Windows\system32\igfxtray.exe" [] "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [06.11.2006 10:05] "Persistence"="C:\Windows\system32\igfxpers.exe" [06.11.2006 10:02] "RtHDVCpl"="RtHDVCpl.exe" [01.11.2006 17:37 C:\Windows\RtHDVCpl.exe] "SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [09.10.2006 21:43] "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [12.03.2007 10:22] "PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [09.04.2007 14:23] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [27.10.2006 00:47] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [10.12.2006 21:52] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [26.02.2007 20:46] "KnexStarter"="C:\Program Files\Common Files\Hewlett-Packard\HP Device Communication Services\Appinterfaces\HPDeviceService.exe" [22.04.2008 18:26] "RunTasktray"="C:\Program Files\Hewlett-Packard\HP Easy Printer Care\HPPRun.exe" [22.04.2008 16:33] "WinampAgent"="C:\Program Files\Winamp\Winampa.exe" [17.04.2003 08:54] "Windows Mobile-based device management"="%windir%\WindowsMobile\wmdc.exe" [] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [16.04.2008 09:52] "ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe" [26.09.2007 11:53] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11.01.2008 22:16] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [28.03.2008 23:37] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [30.03.2008 10:36] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [06.05.2008 21:07] "Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [11.01.2008 19:54] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [10.01.2008 13:11] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [01.02.2008 18:22] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18.10.2007 12:34] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [02.11.2006 14:35] "PhonostarAgent"="C:\Program Files\phonostar\ps_agent.exe" [05.12.2007 17:10] "PhonostarTimer"="C:\Program Files\phonostar\ps_timer.exe" [05.12.2007 17:14] "DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [06.09.2007 15:08] "VoipCheapCom"="C:\Program Files\VoipCheapCom\VoipCheapCom.exe" [20.02.2007 14:23] "Simplify Media"="C:\Users\anna\AppData\Local\Simplify Media\SimplifyMedia.exe" [16.05.2008 11:47] "Free Download Manager"="C:\Program Files\Free Download Manager\fdm.exe" [20.05.2008 17:27] C:\Users\anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [26.10.2006 20:24:54] OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [17.08.2007 22:57:56] Windows Calendar.lnk - C:\Program Files\Windows Calendar\WinCal.exe [14.09.2007 19:34:29] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [02.01.2007 21:40:10] VPN Client.lnk - C:\Windows\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico [12.10.2007 18:51:48] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"=2 (0x2) "EnableLUA"=0 (0x0) "DisableRegistryTools"=0 (0x0) "HideLegacyLogonScripts"=0 (0x0) "HideLogoffScripts"=0 (0x0) "RunLogonScriptSync"=1 (0x1) "RunStartupScriptSync"=0 (0x0) "HideStartupScripts"=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "HideLegacyLogonScripts"=0 (0x0) "HideLogoffScripts"=0 (0x0) "RunLogonScriptSync"=1 (0x1) "RunStartupScriptSync"=0 (0x0) "HideStartupScripts"=0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] @="IEEE 1394 Bus host controllers" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] @="SBP2 IEEE 1394 Devices" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] @="SecurityDevices" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum HPZ12 Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt hpqcxs08 hpqddsvc WindowsMobile wcescomm rapimgr LocalServiceRestricted WcesComm RapiMgr bthsvcs BthServ [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I] AutoRun\command- I:\LaunchU3.exe -a [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] C:\Windows\system32\unregmp2.exe /ShowWMP [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI -- End of Deckard's System Scanner: finished at 2008-06-13 12:16:20 ------------ extra: Deckard's System Scanner v20071014.68 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft® Windows Vista™ Home Premium (build 6000) Architecture: X86; Language: German CPU 0: Intel(R) Core(TM)2 CPU T5300 @ 1.73GHz Percentage of Memory in Use: 47% Physical Memory (total/avail): 2037.56 MiB / 1073.54 MiB Pagefile Memory (total/avail): 4290.16 MiB / 3204.53 MiB Virtual Memory (total/avail): 2047.88 MiB / 1924.16 MiB C: is Fixed (NTFS) - 92.21 GiB total, 7.5 GiB free. D: is Fixed (NTFS) - 45.12 GiB total, 17.75 GiB free. E: is CDROM (No Media) F: is CDROM (No Media) G: is CDROM (No Media) \\.\PHYSICALDRIVE0 - WDC WD1600BEVS-07RST0 - 149.05 GiB - 3 partitions \PARTITION0 - Unknown - 11.72 GiB \PARTITION1 (bootable) - Installierbares Dateisystem - 92.21 GiB - C: \PARTITION2 - Installierbares Dateisystem - 45.12 GiB - D: -- Security Center ------------------------------------------------------------- AUOptions is scheduled to auto-install. Windows Internal Firewall is enabled. AV: Avira AntiVir PersonalEdition v8.0.1.18 (Avira GmbH) AS: Avira AntiVir PersonalEdition v 7.0.3.158 (Avira GmbH) AS: Windows-Defender v1.1.1505.0 (Microsoft Corporation) [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\\Program Files\\Hewlett-Packard\\HP Easy Printer Care\\HPPRun.exe"="C:\\Program Files\\Hewlett-Packard\\HP Easy Printer Care\\HPPRun.exe:*:Enabled:HP Easy Printer Care HPPRun" [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\\Program Files\\Hewlett-Packard\\HP Easy Printer Care\\HPPRun.exe"="C:\\Program Files\\Hewlett-Packard\\HP Easy Printer Care\\HPPRun.exe:*:Enabled:HP Easy Printer Care HPPRun" -- User Profiles --------------------------------------------------------------- anna (admin) -- Add/Remove Programs --------------------------------------------------------- --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER --> C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL --> C:\Windows\UNNeroMediaHome.exe /UNINSTALL --> C:\Windows\UNNeroShowTime.exe /UNINSTALL --> C:\Windows\UNNeroVision.exe /UNINSTALL --> C:\Windows\UNRecode.exe /UNINSTALL 32 Bit HP CIO Components Installer --> MsiExec.exe /I{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB} Adlib Museum Lite 4.1 --> C:\Program Files\InstallShield Installation Information\{96A83915-D57A-4E87-9D73-9A94F2C2D729}\setup.exe -runfromtemp -l0x0007 -removeonly Adobe Acrobat 8.1.2 Professional --> msiexec /I {AC76BA86-1033-F400-7760-000000000003} Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95} Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61} Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394} Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23} Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C} Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C} Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E} Adobe Color Common Settings --> MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9} Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8} Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029} Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5} Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D} Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD} Adobe ExtendScript Toolkit 2 --> C:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8} Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player Plugin --> C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B} Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245} Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078} Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C} Adobe Photoshop CS3 --> C:\Program Files\Common Files\Adobe\Installers\2ac78060bc5856b0c1cf873bb919b58\Setup.exe Adobe Photoshop CS3 --> MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05} Adobe Reader 8.1.2 - Deutsch --> MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A81200000003} Adobe Setup --> MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D} Adobe Setup --> MsiExec.exe /I{D1BB4446-AE9C-4256-9A7F-4D46604D2462} Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183} Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312} Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8} Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5} Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6} Adobe XMP Panels CS3 --> MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923} Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543} Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F} Avira AntiVir Personal – Free Antivirus --> C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE AviSynth 2.5 --> "C:\Program Files\AviSynth 2.5\Uninstall.exe" Azureus --> C:\Program Files\Azureus\Uninstall.exe Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3} Bullzip PDF Printer 3.0.0.332 --> "C:\Program Files\Bullzip\PDF Printer\unins000.exe" Canon Camera Window DC_DV 6 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini" Canon Camera Window MC 6 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowMC\Uninst.ini" Canon G.726 WMP-Decoder --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\G726Decoder\G726DecUnInstall.ini" CANON iMAGE GATEWAY Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\CRWUnInstall.ini" Canon Internet Library for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\CIGUnInstall.ini" Canon MovieEdit Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\MVWUninst.ini" Canon MP530 --> "C:\Windows\system32\CanonIJ Uninstaller Information\{3215EBED-1D06-42fb-A05C-A752A46FB24C}\DelDrv.exe" /U:{3215EBED-1D06-42fb-A05C-A752A46FB24C} /L0x0009 Canon RAW Codec --> "C:\Program Files\Common Files\Canon\UIW\1.3.0.0\Uninst.exe" "C:\Program Files\Canon\RAWCodec120\CRCUnInstall.ini" Canon RAW Image Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\RAW Image Task\Uninst.ini" Canon RemoteCapture Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini" Canon Utilities PhotoStitch --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\PhotoStitch\Uninst.ini" Canon Utilities ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\Uninst.ini" CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe" Cisco Systems VPN Client 5.0.00.0340 --> MsiExec.exe /X{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78} CutePDF Writer 2.7 --> C:\Program Files\Acro Software\CutePDF Writer\uninscpw.exe /uninstall DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN Droppix Recorder 2 --> "C:\Program Files\Droppix\Droppix Recorder 2\unins000.exe" EndNote X Volume License Edition --> MsiExec.exe /I{FE4BD9BD-4A26-4F39-B12C-19336204B102} EPSON CopyFactory --> C:\Program Files\InstallShield Installation Information\{52B4C42B-A110-4236-95C8-AA4B137C16AC}\setup.exe -runfromtemp -l0x0007 UNINST EPSON Scan --> C:\Program Files\epson\escndv\setup\setup.exe /r FirstSteps Diagnostics --> MsiExec.exe /X{94D66D71-12F0-48A5-B46A-D4B835A0F1B7} foobar2000 v0.9.5 --> "C:\Program Files\foobar2000\uninstall.exe" Free Download Manager 2.5 --> "C:\Program Files\Free Download Manager\unins000.exe" FTP Commander --> C:\Program Files\FTP Commander\uninstall.exe Fujitsu Siemens Computers WLAN 802.11b/g (SiS163u) --> C:\Windows\system32\unwlsdrv.exe SiS163u GIMP 2.4.5 --> "C:\Program Files\GIMP-2.0\setup\unins000.exe" Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72} GPL Ghostscript 8.60 --> C:\Program Files\gs\uninstgs.exe "C:\Program Files\gs\gs8.60\uninstal.txt" GPL Ghostscript Fonts --> C:\Program Files\gs\uninstgs.exe "C:\Program Files\gs\fonts\uninstal.txt" HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall HP Customer Participation Program 8.0 --> C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat HP Easy Printer Care --> "C:\Program Files\Hewlett-Packard\Install Engines\HP Easy Printer Care\engine.exe" /x HP Easy Printer Care --> MsiExec.exe /I{49782B2F-49AE-423D-85D6-4EE7019CEA13} HP Imaging Device Functions 8.0 --> C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat HP OCR Software 8.0 --> C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat HP Photosmart Essential --> MsiExec.exe /X{EB21A812-671B-4D08-B974-2A347F0D8F70} HP Photosmart.All-In-One Driver Software 8.0 .A --> C:\Program Files\HP\Digital Imaging\{282E5AB2-8E47-4571-B6FA-6B512555B557}\setup\hpzscr01.exe -datfile hposcr18.dat -onestop -showdisconnect -forcereboot HP Printer Settings Tools --> MsiExec.exe /I{41915A51-6F92-4F0E-87C4-8178785B96CC} HP Printer Usage Report --> MsiExec.exe /I{ECB904FE-CB4D-40A4-A884-E278410F0CE1} HP Proactive Services --> MsiExec.exe /X{7527CD9F-894E-47B3-9AFB-3E680E007051} HP Solution Center 8.0 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat HP Update --> MsiExec.exe /X{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F} HPSSupply --> MsiExec.exe /X{EB75DE50-5754-4F6F-875D-126EDF8E4CB3} IMAPSize 0.3.6 --> "C:\Program Files\IMAPSize\unins000.exe" Intel(R) Graphics Media Accelerator Driver --> C:\Windows\system32\igxpun.exe -uninstall ISI ResearchSoft - Export Helper --> C:\PROGRA~1\COMMON~1\Risxtd\_UNINST.EXE IsoBuster 2.2 --> "C:\Program Files\Smart Projects\IsoBuster\Uninst\unins000.exe" iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B} Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020} Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030} Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050} Komponenten der Betriebssystemkommunikation --> MsiExec.exe /I{D5842AC3-59C7-4DDD-BB33-54FE544DB3DA} Komponenten der Ereigniskommunikation --> MsiExec.exe /I{020CF65F-700F-4E55-AFB7-97024584A2B3} Komponenten der Gerätedatenkommunikation --> MsiExec.exe /I{C0A8F64F-36C8-489F-B813-90D60B541D1E} Komponenten der Kernkommunikation --> MsiExec.exe /I{A1E98303-102A-46FB-A2D0-3838C3F64DF2} LiveUpdate 3.2 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U LiveUpdate Notice (Symantec Corporation) --> MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8} Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Microsoft .NET Framework 2.0 SDK - ENU --> C:\Program Files\Microsoft Visual Studio 8\Microsoft .NET Framework 2.0 SDK - ENU\install.exe Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE} Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE} Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE} Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE} Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE} Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE} Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE} Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE} Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE} Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE} Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE} Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE} Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE} Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE} Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE} Microsoft SQL Server 2005 Compact Edition [ENU] --> MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8} Microsoft Works --> MsiExec.exe /I{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3} MODupRemover - Outlook E-Mail Duplikate entfernen --> C:\Windows\modup.exe /UnInst:"C:\Windows\MODupRemover-E-MailDuplikateentfernen_Uninstall.in" Motorola SM56 Data Fax Modem --> rundll32.exe sm56co6a.dll,SM56UnInstaller Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF} Nero 7 Essentials --> MsiExec.exe /X{81CD6232-10F5-4832-B3DA-1B88B1571031} neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B} ObjectDock --> C:\PROGRA~1\Stardock\OBJECT~1\UNWISE.EXE C:\PROGRA~1\Stardock\OBJECT~1\INSTALL.LOG oggcodecs --> MsiExec.exe /I{D65F0073-A820-4085-B997-A061171595A7} OpenOffice.org 2.3 --> MsiExec.exe /I{83C03FBE-4492-4133-BBAB-421CD88ADA32} Panda ActiveScan 2.0 --> C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe PDF Maker DLL --> C:\WINDOWS\st6unst.exe -n "C:\Program Files\PDFmaker\ST6UNST.LOG" PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5} phonostar-Player Version 2.01.0 --> "C:\Program Files\phonostar\unins000.exe" PowerISO --> "C:\Program Files\PowerISO\uninstall.exe" QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD} RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 Realtek High Definition Audio Driver --> RtlUpd.exe -r -m Rhapsody Player Engine --> MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} Safari --> MsiExec.exe /I{40589552-3892-409E-B92C-9F5032A4B2F0} SAMSUNG CDMA Modem Driver Set --> C:\Windows\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe SAMSUNG Mobile USB Modem 1.0 Software --> C:\Windows\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe SAMSUNG Mobile USB Modem Software --> C:\Windows\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe Samsung PC Studio PC Sync --> MsiExec.exe /X{0E197778-07D7-4896-B0B4-DD6141A656FA} Samsung PC Studio USB Driver Installer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}\setup.exe" -l0x7 -removeonly Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for Excel 2007 (KB946974) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E} Security Update for Microsoft Office Publisher 2007 (KB950114) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85} Security Update for Microsoft Office system 2007 (KB951808) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00} Security Update for Microsoft Office Word 2007 (KB950113) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9} Security Update for Office 2007 (KB934062) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {305D509B-F194-4638-9F0F-D9E4C05F9D33} Security Update for Office 2007 (KB947801) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E} Security Update for Outlook 2007 (KB946983) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {66B9496E-C0C3-4065-9868-85CCA92126C3} Security Update for the 2007 Microsoft Office System (KB936960) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5E5BD655-7AA9-47F9-BB6D-A1D8CE29AC86} Security Update for Visio 2007 (KB947590) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41} Simplify Media --> MsiExec.exe /X{3D3ACF47-781F-4979-96EC-B240B748F79E} Skype™ 3.6 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82} Streamripper Plugin 1.62.2 (Remove only) --> C:\Program Files\Winamp\streamripper_uninstall.exe Tansee iPod Transfer v3.2 --> "C:\Program Files\Tansee iPod Transfer\unins000.exe" TweakVI --> "C:\Windows\TweakVI\uninstall.exe" "/U:C:\Program Files\TweakVI\Uninstall\uninstall.xml" Update for Office 2007 (KB932080) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {EDC9CA29-6BC1-471C-828C-7A36109005D7} Update for Office 2007 (KB934391) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B3091818-7C56-4C45-BE7D-CA23027A5EA5} Update for Office 2007 (KB946691) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278} Update for Outlook 2007 Junk Email Filter (kb950378) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F6296086-AED5-4EC0-938B-08EA0254F20E} USB2 Storage Adapter V3 (LaCie) --> C:\Windows\Drivers\LaCie\SilverUninst.exe UnDriver VideoLAN VLC media player 0.8.6c --> C:\Program Files\VideoLAN\VLC\uninstall.exe Videora iPod Converter 3.07 --> C:\Program Files\Red Kawa\Video Converter 3\uninstaller.exe VoipCheapCom --> "C:\Program Files\VoipCheapCom\unins000.exe" Windows Live Anmelde-Assistent --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986} Windows Live Fotogalerie --> MsiExec.exe /X{A1D08B90-AE1A-4885-AC29-731496FD397E} Windows Live installer --> MsiExec.exe /X{7A7B0BF3-2F00-4F03-8A9B-6ABCC07B90C6} Windows Live Mail --> MsiExec.exe /I{82F2B38B-1426-443D-874C-AC25675E7BEB} Windows Live Messenger --> MsiExec.exe /X{2B091530-69AA-442E-AB09-39ED06B58220} Windows Media Player Firefox Plugin --> MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4} Windows Mobile-Gerätecenter --> MsiExec.exe /I{1F2A5DF9-40E1-4644-ADBD-D80F347BA6C8} Windows Mobile-Gerätecenter: Treiberupdate --> MsiExec.exe /X{CB8CA439-DA83-419C-A4CF-5A0A50025144} WinRAR --> C:\Program Files\WinRAR\uninstall.exe Xilisoft iPod to PC Copy --> C:\Program Files\Xilisoft\iPod to PC Copy\Uninstall.exe -- Application Event Log ------------------------------------------------------- Event Record #/Type40403 / Error Event Submitted/Written: 06/13/2008 00:12:14 PM Event ID/Source: 5007 / WerSvc Event Description: Die Zieldatei für die Windows-Feedbackplattform (eine DLL-Datei, die eine Liste der auf diesem Computer aufgetretenen Probleme enthält, für deren Diagnose das Sammeln zusätzlicher Daten erforderlich ist) konnte nicht analysiert werden. Fehlercode 8014FFF9. Event Record #/Type40397 / Success Event Submitted/Written: 06/13/2008 00:10:39 PM Event ID/Source: 12001 / usnjsvc Event Description: The Messenger Sharing USN Journal Reader service started successfully. Event Record #/Type40383 / Success Event Submitted/Written: 06/13/2008 00:07:06 PM Event ID/Source: 5617 / WinMgmt Event Description: Event Record #/Type40382 / Success Event Submitted/Written: 06/13/2008 00:07:06 PM Event ID/Source: 5615 / WinMgmt Event Description: Event Record #/Type40373 / Success Event Submitted/Written: 06/13/2008 00:06:54 PM Event ID/Source: 902 / Software Licensing Service Event Description: Der Softwarelizenzierungsdienst wurde gestartet. -- Security Event Log ---------------------------------------------------------- No Errors/Warnings found. -- System Event Log ------------------------------------------------------------ Event Record #/Type73117 / Error Event Submitted/Written: 06/13/2008 00:06:44 PM Event ID/Source: 6008 / EventLog Event Description: Das System wurde zuvor am 13.06.2008 um 12:04:19 unerwartet heruntergefahren. Event Record #/Type73110 / Warning Event Submitted/Written: 06/13/2008 11:16:17 AM Event ID/Source: 4 / Client Side Rendering Spooler Event Description: Der Druckspooler konnte eine vorhandene Druckerverbindung nicht erneut öffnen, weil er die Konfigurationsinformationen aus dem Registrierungsschlüssel S-1-5-18\Printers\Connections nicht lesen konnte. Der Druckspooler konnte den Registerierungsschlüssel nicht öffnen. Es könnte sein, dass der Registrierungsschlüssel beschädigt ist oder fehlt oder dass die Registrierung nicht mehr verfügbar ist. Event Record #/Type73109 / Warning Event Submitted/Written: 06/13/2008 11:16:17 AM Event ID/Source: 4 / Client Side Rendering Spooler Event Description: Der Druckspooler konnte eine vorhandene Druckerverbindung nicht erneut öffnen, weil er die Konfigurationsinformationen aus dem Registrierungsschlüssel S-1-5-18\Printers\Connections nicht lesen konnte. Der Druckspooler konnte den Registerierungsschlüssel nicht öffnen. Es könnte sein, dass der Registrierungsschlüssel beschädigt ist oder fehlt oder dass die Registrierung nicht mehr verfügbar ist. Event Record #/Type73108 / Warning Event Submitted/Written: 06/13/2008 11:15:06 AM Event ID/Source: 4 / Client Side Rendering Spooler Event Description: Der Druckspooler konnte eine vorhandene Druckerverbindung nicht erneut öffnen, weil er die Konfigurationsinformationen aus dem Registrierungsschlüssel S-1-5-18\Printers\Connections nicht lesen konnte. Der Druckspooler konnte den Registerierungsschlüssel nicht öffnen. Es könnte sein, dass der Registrierungsschlüssel beschädigt ist oder fehlt oder dass die Registrierung nicht mehr verfügbar ist. Event Record #/Type73107 / Warning Event Submitted/Written: 06/13/2008 11:15:06 AM Event ID/Source: 4 / Client Side Rendering Spooler Event Description: Der Druckspooler konnte eine vorhandene Druckerverbindung nicht erneut öffnen, weil er die Konfigurationsinformationen aus dem Registrierungsschlüssel S-1-5-18\Printers\Connections nicht lesen konnte. Der Druckspooler konnte den Registerierungsschlüssel nicht öffnen. Es könnte sein, dass der Registrierungsschlüssel beschädigt ist oder fehlt oder dass die Registrierung nicht mehr verfügbar ist. -- End of Deckard's System Scanner: finished at 2008-06-13 12:16:20 ------------ Habe gestern noch vergessen zu erwähnen, dass als ich Malwarebytes so zum 3. Mal habe laufen lassen, auf einmal Antivir wieder den qoMeEUKA.dll Trojaner vom Anfang gemeldet hat... nur falls das wichtig ist. Danke und Grüße annaz |
|
|
||
13.06.2008, 13:47
Ehrenmitglied
Beiträge: 29434 |
#6
««
boote in den abgesicherten modus, Antivirus: Expertenmodus - Heuristik: hoch scanne + poste dann hier den report __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
13.06.2008, 15:24
Member
Themenstarter Beiträge: 13 |
#7
Antivir-Report im Expertenmodus mit Heuristik: hoch
Der Suchlauf über die Masterbootsektoren wird begonnen: Masterbootsektor HD0 [INFO] Es wurde kein Virus gefunden! Der Suchlauf über die Bootsektoren wird begonnen: Bootsektor 'C:\' [INFO] Es wurde kein Virus gefunden! Bootsektor 'D:\' [INFO] Es wurde kein Virus gefunden! Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen. Die Registry wurde durchsucht ( '27' Dateien ). Der Suchlauf über die ausgewählten Dateien wird begonnen: Beginne mit der Suche in 'C:\' <System> C:\pagefile.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\QooBox\Quarantine\C\Windows\System32\wogtbwik.dll.vir [FUND] Ist das Trojanische Pferd TR/Vundo.HT [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '48b9679b.qua' verschoben! C:\Windows\System32\drivers\sptd.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! Beginne mit der Suche in 'D:\' <DATA> D:\Uni\Kunstgeschichte\MP\Mirela CD\Programme\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Adobe.PhotoShop.CS2.KeyGen-PANTHEON..zonapentel.)\keygen.exe [FUND] Enthält Erkennungsmuster des Wurmes WORM/Autorun.cxl [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '48cb732c.qua' verschoben! Ende des Suchlaufs: Freitag, 13. Juni 2008 15:15 Benötigte Zeit: 1:16:57 min Der Suchlauf wurde vollständig durchgeführt. 22367 Verzeichnisse wurden überprüft 511021 Dateien wurden geprüft 2 Viren bzw. unerwünschte Programme wurden gefunden 0 Dateien wurden als verdächtig eingestuft 0 Dateien wurden gelöscht 0 Viren bzw. unerwünschte Programme wurden repariert 2 Dateien wurden in die Quarantäne verschoben 0 Dateien wurden umbenannt 2 Dateien konnten nicht durchsucht werden 511019 Dateien ohne Befall 14750 Archive wurden durchsucht 2 Warnungen 2 Hinweise So, das dauert ja leider immer ein Weilchen so ein Systemscan... Der qoMEUKA.dll war nicht bei den Warnungen dabei und Antivir gibt momentan auch Ruhe... Danke und Grüße annaz |
|
|
||
habe im Forum nach der Problematik gesucht und einen Thread dazu gefunden.
Bin nach der Anleitung zum "Erstellen eines neuen Themas" vorgegangen und habe:
1. CCleaner angewendet.
2. Combofix laufen lassen. (Logfile als Anhang)
3. Ein Hijackthis-Logfile erstellt.
Hijack-Logfile:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:36:27, on 12.06.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conime.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Hewlett-Packard\HP Device Communication Services\AppInterfaces\HPDeviceService.exe
C:\Program Files\Hewlett-Packard\HP Easy Printer Care\HPPRun.exe
C:\Program Files\Winamp\winampa.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Symantec\LiveUpdate\ALUNOTIFY.EXE
C:\Program Files\Common Files\Hewlett-Packard\HP Device Communication Services\AppInterfaces\HPDeviceHost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\phonostar\ps_agent.exe
C:\Program Files\phonostar\ps_timer.exe
C:\Program Files\VoipCheapCom\VoipCheapCom.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Windows Calendar\WinCal.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [KnexStarter] C:\Program Files\Common Files\Hewlett-Packard\HP Device Communication Services\Appinterfaces\HPDeviceService.exe
O4 - HKLM\..\Run: [RunTasktray] "C:\Program Files\Hewlett-Packard\HP Easy Printer Care\HPPRun.exe" --regkeypath=Software\Hewlett-Packard\HP Easy Printer Care\HPPRun --valuename=InstallTTM
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [PhonostarAgent] C:\Program Files\phonostar\ps_agent.exe
O4 - HKCU\..\Run: [PhonostarTimer] C:\Program Files\phonostar\ps_timer.exe
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [VoipCheapCom] "C:\Program Files\VoipCheapCom\VoipCheapCom.exe" -nosplash -minimized
O4 - HKCU\..\Run: [Simplify Media] "C:\Users\anna\AppData\Local\Simplify Media\SimplifyMedia.exe"
O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Startup: Windows Calendar.lnk = D:\Program Files\Windows Calendar\WinCal.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: Alles mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: An vorhandenes PDF anfügen - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Auswahl mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Datei mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Videos mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O15 - Trusted Zone: http://*.hp.com (HKLM)
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: HPDCS - {BA135F49-A12C-4E26-A2C4-6EA945999072} - C:\Program Files\Common Files\Hewlett-Packard\HP Device Communication Services\APP\hpdcsapp.dll
O18 - Protocol: hppfile - {C4E2084B-ED27-4893-A43D-488CA3F370E2} - C:\Program Files\Hewlett-Packard\HP Easy Printer Care\HPPCtrls.dll
O18 - Protocol: hppsam - {C4E2084B-ED27-4893-A43D-488CA3F370E2} - C:\Program Files\Hewlett-Packard\HP Easy Printer Care\HPPCtrls.dll
O18 - Protocol: hppzip - {C4E2084B-ED27-4893-A43D-488CA3F370E2} - C:\Program Files\Hewlett-Packard\HP Easy Printer Care\HPPCtrls.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatisches LiveUpdate - Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Droppix Service - Droppix - C:\Program Files\Common Files\Droppix\DxService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
--
End of file - 13481 bytes
Logfiles der letzten 3 Monate von datfind:
Datentr„ger in Laufwerk C: ist System
Volumeseriennummer: DC98-CEFE
Verzeichnis von C:\Windows\system32
12.06.2008 13:35 3.200 7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
12.06.2008 13:35 3.200 7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
12.06.2008 12:42 613.046 perfh009.dat
12.06.2008 12:42 644.248 perfh007.dat
12.06.2008 12:42 104.768 perfc009.dat
12.06.2008 12:42 117.550 perfc007.dat
12.06.2008 12:42 1.469.564 PerfStringBackup.INI
12.06.2008 11:18 0 clkcnt.txt
10.06.2008 21:02 605.184 ssqPjjge.dll
09.06.2008 19:16 1.739.800 FNTCACHE.DAT
09.06.2008 18:41 58.880 awtqqqnN.dll
09.05.2008 23:35 16.863.864 mrt.exe
06.05.2008 21:07 185.944 rmoc3260.dll
06.05.2008 21:07 5.632 pndx5032.dll
06.05.2008 21:07 6.656 pndx5016.dll
06.05.2008 21:07 278.528 pncrt.dll
22.04.2008 18:26 106.496 HPSTDSoap.dll
22.04.2008 18:02 163.840 hppatusg01.dll
22.04.2008 18:02 126.976 HPDevEnm.dll
12.04.2008 11:07 0 tviresource.val
02.04.2008 13:18 256 TweakVI.val
31.03.2008 23:25 161.096 DivXCodecVersionChecker.exe
31.03.2008 23:25 823.296 divx_xx07.dll
31.03.2008 23:25 823.296 divx_xx0c.dll
31.03.2008 23:25 802.816 divx_xx11.dll
31.03.2008 23:25 682.496 DivX.dll
31.03.2008 23:25 831.488 divx_xx0a.dll
28.03.2008 23:37 57.344 QuickTime.qts
28.03.2008 23:37 90.112 QuickTimeVR.qtx
24.03.2008 21:45 630.784 divxdec.ax
22.03.2008 13:28 6.591 jupdate-1.6.0_05-b13.log
21.03.2008 22:30 4.816 divxsm.tlb
21.03.2008 22:30 10.152 dsm_de.qm
21.03.2008 22:30 524.288 DivXsm.exe
21.03.2008 22:30 3.596.288 qt-dx331.dll
21.03.2008 22:30 200.704 ssldivx.dll
21.03.2008 22:30 1.044.480 libdivx.dll
21.03.2008 22:28 416 dtu100.dll.manifest
21.03.2008 22:28 81.920 dpl100.dll
21.03.2008 22:28 196.608 dtu100.dll
21.03.2008 22:28 416 dpl100.dll.manifest
21.03.2008 22:28 53.248 dpuGUI10.dll
21.03.2008 22:28 3.051 dtu_de.qm
21.03.2008 22:28 344.064 dpus11.dll
21.03.2008 22:28 294.912 dpu11.dll
21.03.2008 22:28 57.344 dpv11.dll
21.03.2008 22:28 294.912 dpu10.dll
21.03.2008 22:28 593.920 dpuGUI11.dll
21.03.2008 22:28 12.288 DivXWMPExtType.dll
21.03.2008 22:28 8.523 dpude.qm
08.03.2008 06:30 1.686.528 gameux.dll
08.03.2008 02:37 4.247.552 GameUXLegacyGDFs.dll
Hatte verschiedene Programme ausprobiert, versucht die entsprechenden Trojaner mit Hijack-this zu fixen und habe auch Killbox genau nach Beschreibung mit Reboot getestet. Beides erfolglos. Bin dann nach Anweisung vorgegangen und es scheint, dass nach Combofix nix mehr zu finden ist. Die HijackThis Logfileauswertung meldet keine schlimmen Dinge mehr und die entsprechende Datei C:\Windows\system32\qoMeEUKA.dll wie auch andere C:\Windows\system32\wogtbwik.dll",s und C:\Windows\system32\geBqPhGV.dll,#1, die vorher nicht zu löschen waren, sind nicht mehr im Hijacklogfile drin.
Antivir gibt endlich Ruhe!!! Der Himmel auf Erden! Ich traue der Ruhe noch nicht so ganz...
Im Forum stand allerdings weiter, dass die Probleme nach der Verwendung von Combofix gelöst sein können, der Computer allerdings trotzdem noch verseucht sein könnte und man trotzdem alles im Forum posten soll, was ich hiermit tue.
Wie sieht das alles für Euch Experten aus? Ich hoffe gut....
Das Combofix-Logfile sagt mir jetzt soweit nichts und ich weiß auch nicht, wie man es auswertet...
Vielen Dank für Eure Hilfe, bin unendlich froh, dass es scheinbar geklappt hat, denn ich habe schon das Schlimmste befürchtet.
Tolle Erfindung dieses Forum und alles wirklich fantastisch erklärt!