antivirus xp 2008

#0
16.07.2008, 04:58
Member

Beiträge: 15
#1 Hallo Zusammen!

Hab mir nen kleinen Freund eingefangen mit o.g. Namen. Da ich länger nichts mehr mit so einem lästigen Problem zu tun hatte, wäre ich dankbar, wenn Ihr mir nochmal ne kleine Anleitung zur Bekämpfung schreiben könntet. Welche Programme in welcher Reihenfolge sollte ich mal durchlaufen lassen (Hijackthis, combofix, datfindbat, etc)?
Vielen Dank dafür
Seitenanfang Seitenende
16.07.2008, 07:41
Member
Avatar Chris4You

Beiträge: 694
#2 Hallo,

wirf eine Blick hier rein:

http://board.protecus.de/t23188.htm
- Erstellen eines Hijackthis-Logfiles ((http://sicher-ins-netz.info/analyse/hjt.html)
- CleanUp (temporaeren Dateien loeschen)
- Combofix
- Logfiles mittels datfind.bat (alle Files, nur die letzten 3-6 Monate posten)

chris
Seitenanfang Seitenende
17.07.2008, 20:52
Member

Themenstarter

Beiträge: 15
#3 Sodele, hab alles abgearbeitet... Hier die diversen Logfiles:

Malwarebite:

Malwarebytes' Anti-Malware 1.20
Datenbank Version: 962
Windows 5.1.2600 Service Pack 2

20:18:05 17.07.2008
mbam-log-7-17-2008 (20-18-05).txt

Scan Art: Komplett Scan (C:\|D:\|)
Objekte gescannt: 69113
Scan Dauer: 24 minute(s), 41 second(s)

Infizierte Speicher Prozesse: 1
Infizierte Speicher Module: 3
Infizierte Registrierungsschlüssel: 3
Infizierte Registrierungswerte: 6
Infizierte Datei Objekte der Registrierung: 2
Infizierte Verzeichnisse: 12
Infizierte Dateien: 14

Infizierte Speicher Prozesse:
C:\Programme\rhclv4j0e3a1\rhclv4j0e3a1.exe (Rogue.Multiple) -> Unloaded process successfully.

Infizierte Speicher Module:
C:\Programme\rhclv4j0e3a1\MFC71.dll (Rogue.Multiple) -> Unloaded module successfully.
C:\Programme\rhclv4j0e3a1\msvcp71.dll (Rogue.Multiple) -> Unloaded module successfully.
C:\Programme\rhclv4j0e3a1\msvcr71.dll (Rogue.Multiple) -> Unloaded module successfully.

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rhclv4j0e3a1 (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\rhclv4j0e3a1 (Rogue.Multiple) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smrhclv4j0e3a1 (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphcgv4j0e3a1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.

Infizierte Datei Objekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
C:\Programme\rhclv4j0e3a1 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Martin\Anwendungsdaten\rhclv4j0e3a1 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Martin\Anwendungsdaten\rhclv4j0e3a1\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Martin\Anwendungsdaten\rhclv4j0e3a1\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Martin\Anwendungsdaten\rhclv4j0e3a1\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Martin\Anwendungsdaten\rhclv4j0e3a1\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Martin\Anwendungsdaten\rhclv4j0e3a1\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Martin\Anwendungsdaten\rhclv4j0e3a1\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Martin\Anwendungsdaten\rhclv4j0e3a1\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Martin\Anwendungsdaten\rhclv4j0e3a1\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Martin\Anwendungsdaten\rhclv4j0e3a1\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Martin\Anwendungsdaten\rhclv4j0e3a1\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.

Infizierte Dateien:
C:\0xf9.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D92C6370-6A68-40C5-9346-0C96721955DD}\RP415\A0026632.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Programme\rhclv4j0e3a1\database.dat (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Programme\rhclv4j0e3a1\license.txt (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Programme\rhclv4j0e3a1\MFC71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Programme\rhclv4j0e3a1\MFC71ENU.DLL (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Programme\rhclv4j0e3a1\msvcp71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Programme\rhclv4j0e3a1\msvcr71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Programme\rhclv4j0e3a1\rhclv4j0e3a1.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Programme\rhclv4j0e3a1\rhclv4j0e3a1.exe.local (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Programme\rhclv4j0e3a1\Uninstall.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\All Users\Desktop\Antivirus XP 2008.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\phcgv4j0e3a1.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pphcgv4j0e3a1.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Combofix:

ComboFix 08-07-15.4 - Martin 2008-07-17 20:32:56.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1031.18.134 [GMT 2:00]
ausgeführt von:: C:\Dokumente und Einstellungen\Martin\Desktop\ComboFix.exe
* Neuer Wiederherstellungspunkt wurde erstellt

[color=red]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Dokumente und Einstellungen\Martin\new.txt

.
((((((((((((((((((((((( Dateien erstellt von 2008-06-17 bis 2008-07-17 ))))))))))))))))))))))))))))))
.

2008-07-17 19:42 . 2008-07-17 19:42 <DIR> d-------- C:\Programme\Malwarebytes' Anti-Malware
2008-07-17 19:42 . 2008-07-17 19:42 <DIR> d-------- C:\Dokumente und Einstellungen\Martin\Anwendungsdaten\Malwarebytes
2008-07-17 19:42 . 2008-07-17 19:42 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2008-07-17 19:42 . 2008-07-07 17:35 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-07-17 19:42 . 2008-07-07 17:35 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-17 19:33 . 2008-07-17 19:33 <DIR> d-------- C:\Programme\CCleaner
2008-07-16 23:46 . 2008-07-16 23:46 0 --a------ C:\WINDOWS\system32\4.tmp
2008-07-16 00:18 . 2007-12-24 17:37 138,384 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-07-16 00:16 . 2008-07-16 02:32 <DIR> d-------- C:\Dokumente und Einstellungen\Martin\Anwendungsdaten\HouseCall 6.6
2008-07-04 02:15 . 2008-07-17 20:20 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-04 02:15 . 2008-07-04 02:15 1,409 --a------ C:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-26 19:04 --------- d--h--w C:\Programme\InstallShield Installation Information
2008-05-26 19:04 --------- d-----w C:\Programme\Yahoo!
2008-05-26 19:03 --------- d-----w C:\Programme\PartyGaming
2008-05-26 19:02 --------- d-----w C:\Programme\ICQToolbar
2008-05-26 18:59 --------- d-----w C:\Programme\GXTranscoder.net
2008-05-19 20:07 --------- d-----w C:\Dokumente und Einstellungen\Martin\Anwendungsdaten\ICQ Toolbar
.

(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Programme\Yahoo!\Messenger\YahooMessenger.exe" [2006-11-30 22:49 4662776]
"MSMSGS"="C:\Programme\Messenger\msmsgs.exe" [2004-08-04 01:58 1667584]
"NBJ"="C:\Programme\Ahead\Nero BackItUp\NBJ.exe" [2004-09-07 13:55 1871872]
"MsnMsgr"="C:\Programme\MSN Messenger\MsnMsgr.Exe" [2007-01-19 12:55 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-04-05 15:22 94208]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-04-05 15:19 77824]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2005-04-05 15:23 114688]
"TkBellExe"="C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" [2006-11-24 05:08 180269]
"BigDogPath"="C:\WINDOWS\VM_STI.EXE" [2003-01-21 16:19 40960]
"SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"Realtime Monitor"="C:\PROGRA~1\CA\ETRUST~1\realmon.exe" [2003-03-21 23:33 487696]
"Sony Ericsson PC Suite"="C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 16:17 159744]
"QuickTime Task"="C:\Programme\QuickTime\QTTask.exe" [2007-10-19 21:16 286720]
"iTunesHelper"="C:\Programme\iTunes\iTunesHelper.exe" [2007-11-02 19:36 267048]
"Adobe Photo Downloader"="C:\Programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09 63712]
"SoundMan"="SOUNDMAN.EXE" [2004-11-15 19:20 77824 C:\WINDOWS\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 01:57 15360]

C:\Dokumente und Einstellungen\All Users\Startmen\Programme\Autostart\
Adobe Reader - Schnellstart.lnk - C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
Microsoft Office.lnk - C:\Programme\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04 83360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programme\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Programme\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Programme\\LimeWire\\LimeWire.exe"=
"C:\\Programme\\NetMeeting\\conf.exe"=
"C:\\Programme\\MSN Messenger\\msnmsgr.exe"=
"C:\\Programme\\MSN Messenger\\livecall.exe"=
"C:\\Programme\\iTunes\\iTunes.exe"=

R2 LogWatch;Ereignisprotokoll-Überwachung;C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe [2005-03-12 17:02]
R3 ZSMC302;USB PC Camera 302;C:\WINDOWS\system32\Drivers\usbvm302.sys [2003-12-09 16:28]
S3 CA_LIC_CLNT;CA-Lizenz-Client;C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe [2005-03-12 17:02]
S3 CA_LIC_SRVR;CA-Lizenzserver;C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe [2005-03-12 17:02]

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-17 20:34:37
Windows 5.1.2600 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostart Einträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
Zeit der Fertigstellung: 2008-07-17 20:37:44
ComboFix-quarantined-files.txt 2008-07-17 18:36:45

7 Verzeichnis(se), 11,237,457,920 Bytes frei
9 Verzeichnis(se), 11,244,351,488 Bytes frei

HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:43:47, on 17.07.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\WINDOWS\VM_STI.EXE
C:\Programme\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Gemeinsame Dateien\Teleca Shared\CapabilityManager.exe
C:\Programme\Gemeinsame Dateien\Teleca Shared\Generic.exe
C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\CA\eTrust Antivirus\InoRpc.exe
C:\Programme\CA\eTrust Antivirus\InoRT.exe
C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Programme\Trend Micro\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://de.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://de.search.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE USB PC Camera 302
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Programme\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NBJ] "C:\Programme\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Programme\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Programme\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programme\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{C224CFF2-58CA-4E7F-88CE-E601DBC41DFF}: NameServer = 217.237.150.115 217.237.151.205
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: CA-Lizenz-Client (CA_LIC_CLNT) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA-Lizenzserver (CA_LIC_SRVR) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoTask.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Ereignisprotokoll-Überwachung (LogWatch) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe

--
End of file - 7003 bytes


und Datfind:

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: C0A1-47E9

Verzeichnis von C:\WINDOWS\system32

16.07.2008 23:46 0 4.tmp
12.07.2008 10:58 2.206 wpa.dbl
23.04.2008 12:15 114.176 FNTCACHE.DAT

(in den anderen Ordnern war nichts aus den letzten 3 Monaten)



Vielen Dank schonmal für die Hilfe!!!
Seitenanfang Seitenende
18.07.2008, 08:31
Member
Avatar Chris4You

Beiträge: 694
#4 Hi,

was treibt der Rechner?

Wo ist antivirus 2008 xp hin installiert worden?

Das HJ-Log sieht gut aus, bitte noch DSS:

Download dss zum Desktop (http://www.techsupportforum.com/sectools/Deckard/dss.exe)
Schliesse alle Anwendungen und Doppelklicke dss.exe
Während DSS läuft, keine anderen Aktionen ausführen!
Kopiere den Inhalt des Berichts C:\main.txt und extra.txt in Deinen Thread

chris
Seitenanfang Seitenende
18.07.2008, 15:27
Member

Themenstarter

Beiträge: 15
#5 Also der Rechner scheint wieder problemlos zu laufen. Wohin das Programm installiert wurde kann ich dir leider nicht mehr sagen, ist auf jeden Fall wieder weg.

Hier noch die beiden Logs von DSS:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: German

CPU 0: Intel(R) Pentium(R) 4 CPU 2.80GHz
Percentage of Memory in Use: 53%
Physical Memory (total/avail): 503.23 MiB / 235.54 MiB
Pagefile Memory (total/avail): 1229.99 MiB / 1016.13 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1944.82 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 35.66 GiB total, 10.42 GiB free.
D: is Fixed (NTFS) - 36.15 GiB total, 21.43 GiB free.
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST3120213AS - 111.79 GiB - 3 partitions
\PARTITION0 - Unknown - 4.88 GiB
\PARTITION1 (bootable) - Installierbares Dateisystem - 35.66 GiB - C:
\PARTITION2 - Installierbares Dateisystem - 36.15 GiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.


[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Programme\\MSN Messenger\\msncall.exe"="C:\\Programme\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Programme\\MSN Messenger\\msnmsgr.exe"="C:\\Programme\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Programme\\MSN Messenger\\livecall.exe"="C:\\Programme\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Programme\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Programme\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Programme\\Yahoo!\\Messenger\\YServer.exe"="C:\\Programme\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Programme\\LimeWire\\LimeWire.exe"="C:\\Programme\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Programme\\NetMeeting\\conf.exe"="C:\\Programme\\NetMeeting\\conf.exe:*:Enabled:Windows® NetMeeting®"
"C:\\Programme\\MSN Messenger\\msnmsgr.exe"="C:\\Programme\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Programme\\MSN Messenger\\livecall.exe"="C:\\Programme\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Programme\\iTunes\\iTunes.exe"="C:\\Programme\\iTunes\\iTunes.exe:*:Enabled:iTunes"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Dokumente und Einstellungen\All Users
APPDATA=C:\Dokumente und Einstellungen\Martin\Anwendungsdaten
AVENGINE=C:\PROGRA~1\CA\SHARED~1\SCANEN~1
CLASSPATH=.;C:\Programme\Java\jre1.6.0_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Programme\Gemeinsame Dateien
COMPUTERNAME=MARTIN-ZXG2I3L3
ComSpec=C:\WINDOWS\system32\cmd.exe
DEFAULT_CA_NR=CA6
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Dokumente und Einstellungen\Martin
INOCULAN=C:\PROGRA~1\CA\ETRUST~1
LOGONSERVER=\\MARTIN-ZXG2I3L3
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\PROGRA~1\CA\SHARED~1\SCANEN~1;C:\PROGRA~1\CA\ETRUST~1;C:\Programme\Gemeinsame Dateien\Teleca Shared;C:\Programme\QuickTime\QTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Programme
PROMPT=$P$G
QTJAVA=C:\Programme\Java\jre1.6.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOKUME~1\Martin\LOKALE~1\Temp
TMP=C:\DOKUME~1\Martin\LOKALE~1\Temp
USERDOMAIN=MARTIN-ZXG2I3L3
USERNAME=Martin
USERPROFILE=C:\Dokumente und Einstellungen\Martin
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Martin (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Programme\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\Programme\Gemeinsame Dateien\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNNMP.exe /UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Download Manager 2.0 (Nur entfernen) --> "C:\Programme\Gemeinsame Dateien\Adobe\ESD\uninst.exe"
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0.8 - Deutsch --> MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A70800000002}
Adobe® Photoshop® Album Starter Edition 3.2 --> MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61}
Apple Mobile Device Support --> MsiExec.exe /I{B5C209B1-8DDB-4642-A573-375B951514CB}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
CA eTrust Antivirus --> C:\WINDOWS\IsUn0407.exe -f"C:\Programme\CA\eTrust Antivirus\Uninst.isu" -c"C:\Programme\CA\eTrust Antivirus\InoSetup.dll"
CCleaner (remove only) --> "C:\Programme\CCleaner\uninst.exe"
CleanUp! --> C:\Programme\CleanUp!\uninstall.exe
DivX Content Uploader --> C:\Programme\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Web Player --> C:\Programme\DivX\DivXWebPlayerUninstall.exe /PLUGIN
EdenCity Download Setup --> C:\PROGRA~1\EdenCity\Download\UNWISE.EXE C:\PROGRA~1\EdenCity\Download\INSTALL.LOG
EdenCity Download Setup mit VideoChat --> C:\PROGRA~1\EdenCity\Download\UNWISE.EXE C:\PROGRA~1\EdenCity\Download\INSTALL.LOG
EdenCity Download VideoChat BETATEST Setup --> C:\PROGRA~1\EdenCity\DOWNLO~1\UNWISE.EXE C:\PROGRA~1\EdenCity\DOWNLO~1\INSTALL.LOG
EdenCity Download VideoChat Setup --> C:\PROGRA~1\EdenCity\DOWNLO~1\UNWISE.EXE C:\PROGRA~1\EdenCity\DOWNLO~1\INSTALL.LOG
ElsterFormular 2005/2006 --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{1C27C64B-D5CF-4881-A310-0BD2A0D21927}\setup.exe" -l0x7 -removeonly
ElsterFormular 2006/2007 --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{CBBCBE04-EA5E-4201-A924-E7ED3E8686AE}\setup.exe" -l0x7 -removeonly
GetDataBack for NTFS --> "C:\Programme\Runtime Software\GetDataBack for NTFS\Uninstall.exe" "C:\Programme\Runtime Software\GetDataBack for NTFS\install.log" -u
HijackThis 2.0.2 --> "C:\Programme\Trend Micro\HJT\HijackThis.exe" /uninstall
Hotfix für Windows XP (KB886540) -->
Hotfix für Windows XP (KB889527) --> "C:\WINDOWS\$NtUninstallKB889527$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB893357) --> "C:\WINDOWS\$NtUninstallKB893357$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB903234) --> "C:\WINDOWS\$NtUninstallKB903234$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB904412) --> "C:\WINDOWS\$NtUninstallKB904412$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB906569) --> "C:\WINDOWS\$NtUninstallKB906569$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB907865) --> "C:\WINDOWS\$NtUninstallKB907865$\spuninst\spuninst.exe"
HouseCall 6.6 --> "C:\Dokumente und Einstellungen\Martin\Anwendungsdaten\HouseCall 6.6\uninstaller.exe"
Intel(R) Graphics Media Accelerator Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2782 PCI\VEN_8086&DEV_2582
iTunes --> MsiExec.exe /I{E3FEE4E7-4488-4A3F-A6BD-13745936EADB}
J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
LimeWire 4.12.6 --> "C:\Programme\LimeWire\uninstall.exe"
Malwarebytes' Anti-Malware --> "C:\Programme\Malwarebytes' Anti-Malware\unins000.exe"
Messenger Plus! Live --> "C:\Programme\Messenger Plus! Live\Uninstall.exe"
Microsoft Office XP Professional mit FrontPage --> MsiExec.exe /I{90280407-6000-11D3-8CFE-0050048383C9}
Microsoft Office XP Web Components --> MsiExec.exe /I{90260407-6000-11D3-8CFE-0050048383C9}
Mozilla Firefox (2.0) --> C:\Programme\Mozilla Firefox\uninstall\uninst.exe
Nero Suite --> C:\Programme\Gemeinsame Dateien\Ahead\Uninstall\Setup.exe /uninstall
QuickTime --> MsiExec.exe /I{5B09BD67-4C99-46A1-8161-B7208CE18121}
RealPlayer --> C:\Programme\Gemeinsame Dateien\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Sicherheitsupdate für Windows XP (KB890046) --> "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB893066) --> "C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB893756) --> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB896358) --> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB896422) --> "C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB896423) --> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB896428) --> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB896688) --> "C:\WINDOWS\$NtUninstallKB896688$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB899587) --> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB899588) --> "C:\WINDOWS\$NtUninstallKB899588$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB899589) --> "C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB899591) --> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB900725) --> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB901017) --> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB901214) --> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB902400) --> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB904706) --> "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB905414) --> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB905749) --> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Sony Ericsson PC Suite 1.20.173 --> MsiExec.exe /I{C5ADA65A-7828-4D85-B071-ECC52B51F794}
T-Online Fotoservice --> C:\PROGRA~1\T-ONLI~1\UNWISE.EXE C:\PROGRA~1\T-ONLI~1\INSTALL.LOG
Update für Windows XP (KB894391) --> "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update für Windows XP (KB897663) --> "C:\WINDOWS\$NtUninstallKB897663$\spuninst\spuninst.exe"
Update für Windows XP (KB898461) --> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update für Windows XP (KB900930) --> "C:\WINDOWS\$NtUninstallKB900930$\spuninst\spuninst.exe"
USB PC Camera 302 --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{5EA24DA8-F398-42C7-8CDC-39273493C514}\setup.exe" -l0x9
Windows Live Messenger --> MsiExec.exe /I{279DB581-239C-4E13-97F8-0F48E40BE75C}
Windows Live Sign-in Assistant --> MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
Windows XP-Hotfix - KB873333 --> C:\WINDOWS\$NtUninstallKB873333$\spuninst\spuninst.exe
Windows XP-Hotfix - KB873339 --> C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP-Hotfix - KB884020 --> C:\WINDOWS\$NtUninstallKB884020$\spuninst\spuninst.exe
Windows XP-Hotfix - KB884883 --> "C:\WINDOWS\$NtUninstallKB884883$\spuninst\spuninst.exe"
Windows XP-Hotfix - KB885222 --> "C:\WINDOWS\$NtUninstallKB885222$\spuninst\spuninst.exe"
Windows XP-Hotfix - KB885250 --> C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
Windows XP-Hotfix - KB885523 --> C:\WINDOWS\$NtUninstallKB885523$\spuninst\spuninst.exe
Windows XP-Hotfix - KB885835 --> C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP-Hotfix - KB885836 --> C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP-Hotfix - KB885884 --> C:\WINDOWS\$NtUninstallKB885884$\spuninst\spuninst.exe
Windows XP-Hotfix - KB885894 --> C:\WINDOWS\$NtUninstallKB885894$\spuninst\spuninst.exe
Windows XP-Hotfix - KB886185 --> C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP-Hotfix - KB886677 --> C:\WINDOWS\$NtUninstallKB886677$\spuninst\spuninst.exe
Windows XP-Hotfix - KB886716 --> "C:\WINDOWS\$NtUninstallKB886716$\spuninst\spuninst.exe"
Windows XP-Hotfix - KB887742 --> C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
Windows XP-Hotfix - KB888113 --> C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
Windows XP-Hotfix - KB888302 --> C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP-Hotfix - KB889016 --> C:\WINDOWS\$NtUninstallKB889016$\spuninst\spuninst.exe
Windows XP-Hotfix - KB890047 --> C:\WINDOWS\$NtUninstallKB890047$\spuninst\spuninst.exe
Windows XP-Hotfix - KB890175 --> C:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe
Windows XP-Hotfix - KB890831 --> C:\WINDOWS\$NtUninstallKB890831$\spuninst\spuninst.exe
Windows XP-Hotfix - KB890859 --> "C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP-Hotfix - KB891781 --> C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
Windows XP-Hotfix - KB893086 --> "C:\WINDOWS\$NtUninstallKB893086$\spuninst\spuninst.exe"
Windows XP-Hotfix - KB896626 --> "C:\WINDOWS\$NtUninstallKB896626$\spuninst\spuninst.exe"
WinRAR Archivierer --> C:\Programme\WinRAR\uninstall.exe
Yahoo! Extras --> C:\PROGRA~1\Yahoo!\Common\unyext.exe
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail --> C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\ymmapi.dll
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG


-- Application Event Log -------------------------------------------------------

Event Record #/Type16156 / Success
Event Submitted/Written: 07/18/2008 02:24:34 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type16138 / Success
Event Submitted/Written: 07/17/2008 09:00:53 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type16114 / Success
Event Submitted/Written: 07/17/2008 05:35:01 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type16051 / Success
Event Submitted/Written: 07/15/2008 11:46:52 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type16041 / Success
Event Submitted/Written: 07/15/2008 00:38:54 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type35764 / Error
Event Submitted/Written: 07/18/2008 02:24:05 PM
Event ID/Source: 7034 / Service Control Manager
Event Description:
Dienst "eTrust Antivirus Job Server" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Event Record #/Type35749 / Warning
Event Submitted/Written: 07/18/2008 02:21:36 PM
Event ID/Source: 1007 / Dhcp
Event Description:
Die IP-Adresse für die Netzwerkkarte mit der Netzwerkadresse 00138F10BCEB
wurde automatisch durch diesen Computer konfiguriert. Die verwendete IP-Adresse ist 169.254.30.123.

Event Record #/Type35736 / Error
Event Submitted/Written: 07/17/2008 09:00:30 PM
Event ID/Source: 7034 / Service Control Manager
Event Description:
Dienst "eTrust Antivirus Job Server" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Event Record #/Type35717 / Warning
Event Submitted/Written: 07/17/2008 08:54:47 PM
Event ID/Source: 1007 / Dhcp
Event Description:
Die IP-Adresse für die Netzwerkkarte mit der Netzwerkadresse 00138F10BCEB
wurde automatisch durch diesen Computer konfiguriert. Die verwendete IP-Adresse ist 169.254.30.123.

Event Record #/Type35697 / Error
Event Submitted/Written: 07/17/2008 08:26:49 PM
Event ID/Source: 7034 / Service Control Manager
Event Description:
Dienst "eTrust Antivirus Job Server" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.



-- End of Deckard's System Scanner: finished at 2008-07-18 15:19:06 --


Deckard's System Scanner v20071014.68
Run by Martin on 2008-07-18 15:18:08
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 4 Restore Point(s) --
4: 2008-07-18 13:18:11 UTC - RP418 - Deckard's System Scanner Restore Point
3: 2008-07-17 18:32:41 UTC - RP417 - ComboFix created restore point
2: 2008-07-17 16:16:25 UTC - RP416 - Systemprüfpunkt
1: 2008-07-15 21:42:45 UTC - RP415 - Systemprüfpunkt


Backed up registry hives.
Performed disk cleanup.

[color=red]Total Physical Memory: 504 MiB (512 MiB recommended).[/color]


-- HijackThis (run as Martin.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:18:36, on 18.07.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\WINDOWS\VM_STI.EXE
C:\Programme\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Gemeinsame Dateien\Teleca Shared\CapabilityManager.exe
C:\Programme\Gemeinsame Dateien\Teleca Shared\Generic.exe
C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\CA\eTrust Antivirus\InoRpc.exe
C:\Programme\CA\eTrust Antivirus\InoRT.exe
C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\MSN Messenger\usnsvc.exe
C:\Dokumente und Einstellungen\Martin\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HJT\Martin.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://de.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://de.search.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE USB PC Camera 302
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Programme\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NBJ] "C:\Programme\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Programme\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Programme\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programme\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{C224CFF2-58CA-4E7F-88CE-E601DBC41DFF}: NameServer = 217.237.150.115 217.237.151.205
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: CA-Lizenz-Client (CA_LIC_CLNT) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA-Lizenzserver (CA_LIC_SRVR) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoTask.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Ereignisprotokoll-Überwachung (LogWatch) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe

--
End of file - 7088 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 INO_FLPY - c:\windows\system32\drivers\ino_flpy.sys <Not Verified; Computer Associates; CA eTrust eTrust Antivirus/InoculateIT version 7.X/6.X/4.X>
R2 INO_FLTR - c:\windows\system32\drivers\ino_fltr.sys <Not Verified; Computer Associates; CA eTrust eTrust Antivirus/InoculateIT version 6.0>
R3 ZSMC302 (USB PC Camera 302) - c:\windows\system32\drivers\usbvm302.sys <Not Verified; VM; >

S3 catchme - c:\combofix\catchme.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\programme\gemeinsame dateien\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 InoRPC (eTrust Antivirus RPC Server) - "c:\programme\ca\etrust antivirus\inorpc.exe" <Not Verified; Computer Associates International, Inc.; eTrust Antivirus>
R2 InoRT (eTrust Antivirus Realtime Server) - "c:\programme\ca\etrust antivirus\inort.exe" <Not Verified; Computer Associates International, Inc.; eTrust Antivirus>
R2 LogWatch (Ereignisprotokoll-Überwachung) - c:\programme\ca\sharedcomponents\ca_lic\logwatnt.exe <Not Verified; Computer Associates; Computer Associates LogWatNT>

S2 InoTask (eTrust Antivirus Job Server) - "c:\programme\ca\etrust antivirus\inotask.exe" <Not Verified; Computer Associates International, Inc.; eTrust Antivirus>
S3 CA_LIC_CLNT (CA-Lizenz-Client) - c:\programme\ca\sharedcomponents\ca_lic\lic98rmt.exe <Not Verified; Computer Associates; Computer Associates lic98rmt>
S3 CA_LIC_SRVR (CA-Lizenzserver) - c:\programme\ca\sharedcomponents\ca_lic\lic98rmtd.exe <Not Verified; Computer Associates; Computer Associates lic98rmtd>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2008-06-18 and 2008-07-18 -----------------------------

2008-07-17 20:42:55 0 d-------- C:\Programme\Trend Micro
2008-07-17 20:33:04 0 d-------- C:\Dokumente und Einstellungen\Martin\Start Menu
2008-07-17 20:32:25 68096 --a------ C:\WINDOWS\zip.exe
2008-07-17 20:32:25 49152 --a------ C:\WINDOWS\VFind.exe
2008-07-17 20:32:25 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-07-17 20:32:25 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-07-17 20:32:25 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-07-17 20:32:25 98816 --a------ C:\WINDOWS\sed.exe
2008-07-17 20:32:25 80412 --a------ C:\WINDOWS\grep.exe
2008-07-17 20:32:25 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-07-17 19:42:03 0 d-------- C:\Programme\Malwarebytes' Anti-Malware
2008-07-17 19:34:56 0 dr-h----- C:\Dokumente und Einstellungen\Martin\Recent
2008-07-17 19:33:57 0 d-------- C:\Programme\CCleaner


-- Find3M Report ---------------------------------------------------------------

2008-07-17 19:42:07 0 d-------- C:\Dokumente und Einstellungen\Martin\Anwendungsdaten\Malwarebytes
2008-07-16 02:32:08 0 d-------- C:\Dokumente und Einstellungen\Martin\Anwendungsdaten\HouseCall 6.6
2008-05-26 21:04:42 0 d-------- C:\Programme\Yahoo!
2008-05-26 21:04:22 0 d--h----- C:\Programme\InstallShield Installation Information
2008-05-26 21:03:38 0 d-------- C:\Programme\PartyGaming
2008-05-26 21:02:16 0 d-------- C:\Programme\ICQToolbar
2008-05-26 20:59:40 0 d-------- C:\Programme\GXTranscoder.net
2008-05-19 22:07:49 0 d-------- C:\Dokumente und Einstellungen\Martin\Anwendungsdaten\ICQ Toolbar


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09.07.2001 12:50]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [05.04.2005 15:22]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [05.04.2005 15:19]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [05.04.2005 15:23]
"SoundMan"="SOUNDMAN.EXE" [15.11.2004 19:20 C:\WINDOWS\SOUNDMAN.EXE]
"TkBellExe"="C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" [24.11.2006 05:08]
"BigDogPath"="C:\WINDOWS\VM_STI.exe" [21.01.2003 16:19]
"SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_05\bin\jusched.exe" [22.02.2008 05:25]
"Realtime Monitor"="C:\PROGRA~1\CA\ETRUST~1\realmon.exe" [21.03.2003 23:33]
"Sony Ericsson PC Suite"="C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [26.10.2005 16:17]
"QuickTime Task"="C:\Programme\QuickTime\QTTask.exe" [19.10.2007 21:16]
"iTunesHelper"="C:\Programme\iTunes\iTunesHelper.exe" [02.11.2007 19:36]
"Adobe Photo Downloader"="C:\Programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [09.03.2007 11:09]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Programme\Yahoo!\Messenger\YahooMessenger.exe" [30.11.2006 22:49]
"MSMSGS"="C:\Programme\Messenger\msmsgs.exe" [04.08.2004 01:58]
"NBJ"="C:\Programme\Ahead\Nero BackItUp\NBJ.exe" [07.09.2004 13:55]
"MsnMsgr"="C:\Programme\MSN Messenger\MsnMsgr.exe" [19.01.2007 12:55]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"




-- End of Deckard's System Scanner: finished at 2008-07-18 15:19:06 ------------
Seitenanfang Seitenende
18.07.2008, 16:09
Member
Avatar Chris4You

Beiträge: 694
#6 Hi,

auch das sieht bis auf ein paar Schönheitsprobleme gut aus:
Hijackthis, fixen:
öffne das HijackThis -- Button "scan" -- vor den nachfolgenden Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten
Beim fixen müssen alle Programme geschlossen sein!

Code

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
Normalerweise installiert sich Antivirus XP 2008 in das Programmverzeichnis als "Antivirus Xp ...", inzwischen sind sie schlauer (C:\Programme\rhclv4j0e3a1),
Antimalewarebytes hat es erwischt...

Das sollte es gewesen sein, bitte noch Update von Java und alte Version deinstallieren:
Download jre-6u7-windows-i586-p.exe
Scrolle runter nach ---->Java Runtime Environment (JRE) 6u7
The Java SE Runtime Environment (JRE) allows end-users to run Java applications.
Klicke auf "Download"
Setze ein Haeckchen bei --->"Accept License Agreement".
Klicke “Windows Offline Installation, Multi-language” um
“jre-6u7-windows-i586.exe”zum Desktop zu installieren
Schliesse alle Programme auch Deinen Webbrowser
Über "Start -> Einstellungen -> Systemsteuerung -> Software
entferne alle aelteren Versionen von Java Runtime Environment (JRE of J2SE)
Auch auf C:\Programme\Java entfernen!
Nachdem alles entfernt wurde --->Rechner neu starten
Installiere jetzt vom Desktop aus ---> “jre-6u7-windows-i586-p.exe”
http://www.java.com/de/download/help/5000010800.xml

chris

Chris
Seitenanfang Seitenende
22.07.2008, 19:21
Member

Themenstarter

Beiträge: 15
#7 So, fertig...
War wohl so, wie du es geschrieben hast, stand als Antivir XP im Verzeichnis, hatte aber im Taskmanager u.a. auch rhclv4j0e3a1.exe (oder zumindest so ähnlich) laufen.
Vielen Dank nochmals für die detaillierte Hilfe!
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren: