antivirus xp 2008 |
||
---|---|---|
#0
| ||
16.07.2008, 04:58
Member
Beiträge: 15 |
||
|
||
16.07.2008, 07:41
Member
Beiträge: 694 |
#2
Hallo,
wirf eine Blick hier rein: http://board.protecus.de/t23188.htm - Erstellen eines Hijackthis-Logfiles ((http://sicher-ins-netz.info/analyse/hjt.html) - CleanUp (temporaeren Dateien loeschen) - Combofix - Logfiles mittels datfind.bat (alle Files, nur die letzten 3-6 Monate posten) chris |
|
|
||
17.07.2008, 20:52
Member
Themenstarter Beiträge: 15 |
#3
Sodele, hab alles abgearbeitet... Hier die diversen Logfiles:
Malwarebite: Malwarebytes' Anti-Malware 1.20 Datenbank Version: 962 Windows 5.1.2600 Service Pack 2 20:18:05 17.07.2008 mbam-log-7-17-2008 (20-18-05).txt Scan Art: Komplett Scan (C:\|D:\|) Objekte gescannt: 69113 Scan Dauer: 24 minute(s), 41 second(s) Infizierte Speicher Prozesse: 1 Infizierte Speicher Module: 3 Infizierte Registrierungsschlüssel: 3 Infizierte Registrierungswerte: 6 Infizierte Datei Objekte der Registrierung: 2 Infizierte Verzeichnisse: 12 Infizierte Dateien: 14 Infizierte Speicher Prozesse: C:\Programme\rhclv4j0e3a1\rhclv4j0e3a1.exe (Rogue.Multiple) -> Unloaded process successfully. Infizierte Speicher Module: C:\Programme\rhclv4j0e3a1\MFC71.dll (Rogue.Multiple) -> Unloaded module successfully. C:\Programme\rhclv4j0e3a1\msvcp71.dll (Rogue.Multiple) -> Unloaded module successfully. C:\Programme\rhclv4j0e3a1\msvcr71.dll (Rogue.Multiple) -> Unloaded module successfully. Infizierte Registrierungsschlüssel: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rhclv4j0e3a1 (Rogue.Multiple) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\rhclv4j0e3a1 (Rogue.Multiple) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smrhclv4j0e3a1 (Rogue.Multiple) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphcgv4j0e3a1 (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully. Infizierte Datei Objekte der Registrierung: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Infizierte Verzeichnisse: C:\Programme\rhclv4j0e3a1 (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Martin\Anwendungsdaten\rhclv4j0e3a1 (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Martin\Anwendungsdaten\rhclv4j0e3a1\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Martin\Anwendungsdaten\rhclv4j0e3a1\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Martin\Anwendungsdaten\rhclv4j0e3a1\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Martin\Anwendungsdaten\rhclv4j0e3a1\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Martin\Anwendungsdaten\rhclv4j0e3a1\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Martin\Anwendungsdaten\rhclv4j0e3a1\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Martin\Anwendungsdaten\rhclv4j0e3a1\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Martin\Anwendungsdaten\rhclv4j0e3a1\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Martin\Anwendungsdaten\rhclv4j0e3a1\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Martin\Anwendungsdaten\rhclv4j0e3a1\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully. Infizierte Dateien: C:\0xf9.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{D92C6370-6A68-40C5-9346-0C96721955DD}\RP415\A0026632.exe (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Programme\rhclv4j0e3a1\database.dat (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Programme\rhclv4j0e3a1\license.txt (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Programme\rhclv4j0e3a1\MFC71.dll (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Programme\rhclv4j0e3a1\MFC71ENU.DLL (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Programme\rhclv4j0e3a1\msvcp71.dll (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Programme\rhclv4j0e3a1\msvcr71.dll (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Programme\rhclv4j0e3a1\rhclv4j0e3a1.exe (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Programme\rhclv4j0e3a1\rhclv4j0e3a1.exe.local (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Programme\rhclv4j0e3a1\Uninstall.exe (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\All Users\Desktop\Antivirus XP 2008.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully. C:\WINDOWS\system32\phcgv4j0e3a1.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\system32\pphcgv4j0e3a1.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. Combofix: ComboFix 08-07-15.4 - Martin 2008-07-17 20:32:56.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1031.18.134 [GMT 2:00] ausgeführt von:: C:\Dokumente und Einstellungen\Martin\Desktop\ComboFix.exe * Neuer Wiederherstellungspunkt wurde erstellt [color=red]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color] . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Dokumente und Einstellungen\Martin\new.txt . ((((((((((((((((((((((( Dateien erstellt von 2008-06-17 bis 2008-07-17 )))))))))))))))))))))))))))))) . 2008-07-17 19:42 . 2008-07-17 19:42 <DIR> d-------- C:\Programme\Malwarebytes' Anti-Malware 2008-07-17 19:42 . 2008-07-17 19:42 <DIR> d-------- C:\Dokumente und Einstellungen\Martin\Anwendungsdaten\Malwarebytes 2008-07-17 19:42 . 2008-07-17 19:42 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes 2008-07-17 19:42 . 2008-07-07 17:35 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys 2008-07-17 19:42 . 2008-07-07 17:35 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-07-17 19:33 . 2008-07-17 19:33 <DIR> d-------- C:\Programme\CCleaner 2008-07-16 23:46 . 2008-07-16 23:46 0 --a------ C:\WINDOWS\system32\4.tmp 2008-07-16 00:18 . 2007-12-24 17:37 138,384 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys 2008-07-16 00:16 . 2008-07-16 02:32 <DIR> d-------- C:\Dokumente und Einstellungen\Martin\Anwendungsdaten\HouseCall 6.6 2008-07-04 02:15 . 2008-07-17 20:20 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-07-04 02:15 . 2008-07-04 02:15 1,409 --a------ C:\WINDOWS\QTFont.for . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-26 19:04 --------- d--h--w C:\Programme\InstallShield Installation Information 2008-05-26 19:04 --------- d-----w C:\Programme\Yahoo! 2008-05-26 19:03 --------- d-----w C:\Programme\PartyGaming 2008-05-26 19:02 --------- d-----w C:\Programme\ICQToolbar 2008-05-26 18:59 --------- d-----w C:\Programme\GXTranscoder.net 2008-05-19 20:07 --------- d-----w C:\Dokumente und Einstellungen\Martin\Anwendungsdaten\ICQ Toolbar . (((((((((((((((((((((((((((( Autostart Punkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt. [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Yahoo! Pager"="C:\Programme\Yahoo!\Messenger\YahooMessenger.exe" [2006-11-30 22:49 4662776] "MSMSGS"="C:\Programme\Messenger\msmsgs.exe" [2004-08-04 01:58 1667584] "NBJ"="C:\Programme\Ahead\Nero BackItUp\NBJ.exe" [2004-09-07 13:55 1871872] "MsnMsgr"="C:\Programme\MSN Messenger\MsnMsgr.Exe" [2007-01-19 12:55 5674352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-04-05 15:22 94208] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-04-05 15:19 77824] "Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2005-04-05 15:23 114688] "TkBellExe"="C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" [2006-11-24 05:08 180269] "BigDogPath"="C:\WINDOWS\VM_STI.EXE" [2003-01-21 16:19 40960] "SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784] "Realtime Monitor"="C:\PROGRA~1\CA\ETRUST~1\realmon.exe" [2003-03-21 23:33 487696] "Sony Ericsson PC Suite"="C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 16:17 159744] "QuickTime Task"="C:\Programme\QuickTime\QTTask.exe" [2007-10-19 21:16 286720] "iTunesHelper"="C:\Programme\iTunes\iTunesHelper.exe" [2007-11-02 19:36 267048] "Adobe Photo Downloader"="C:\Programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09 63712] "SoundMan"="SOUNDMAN.EXE" [2004-11-15 19:20 77824 C:\WINDOWS\SOUNDMAN.EXE] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 01:57 15360] C:\Dokumente und Einstellungen\All Users\Startmen\Programme\Autostart\ Adobe Reader - Schnellstart.lnk - C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696] Microsoft Office.lnk - C:\Programme\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04 83360] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Programme\\Yahoo!\\Messenger\\YahooMessenger.exe"= "C:\\Programme\\Yahoo!\\Messenger\\YServer.exe"= "C:\\Programme\\LimeWire\\LimeWire.exe"= "C:\\Programme\\NetMeeting\\conf.exe"= "C:\\Programme\\MSN Messenger\\msnmsgr.exe"= "C:\\Programme\\MSN Messenger\\livecall.exe"= "C:\\Programme\\iTunes\\iTunes.exe"= R2 LogWatch;Ereignisprotokoll-Überwachung;C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe [2005-03-12 17:02] R3 ZSMC302;USB PC Camera 302;C:\WINDOWS\system32\Drivers\usbvm302.sys [2003-12-09 16:28] S3 CA_LIC_CLNT;CA-Lizenz-Client;C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe [2005-03-12 17:02] S3 CA_LIC_SRVR;CA-Lizenzserver;C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe [2005-03-12 17:02] *Newly Created Service* - CATCHME *Newly Created Service* - PROCEXP90 . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-17 20:34:37 Windows 5.1.2600 Service Pack 2 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostart Einträge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** . Zeit der Fertigstellung: 2008-07-17 20:37:44 ComboFix-quarantined-files.txt 2008-07-17 18:36:45 7 Verzeichnis(se), 11,237,457,920 Bytes frei 9 Verzeichnis(se), 11,244,351,488 Bytes frei HijackThis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:43:47, on 17.07.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\WINDOWS\VM_STI.EXE C:\Programme\Java\jre1.6.0_05\bin\jusched.exe C:\PROGRA~1\CA\ETRUST~1\realmon.exe C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\Programme\iTunes\iTunesHelper.exe C:\Programme\Messenger\msmsgs.exe C:\Programme\Gemeinsame Dateien\Teleca Shared\CapabilityManager.exe C:\Programme\Gemeinsame Dateien\Teleca Shared\Generic.exe C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programme\CA\eTrust Antivirus\InoRpc.exe C:\Programme\CA\eTrust Antivirus\InoRT.exe C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe C:\WINDOWS\System32\svchost.exe C:\Programme\iPod\bin\iPodService.exe C:\WINDOWS\system32\wscntfy.exe C:\Programme\Mozilla Firefox\firefox.exe C:\WINDOWS\explorer.exe C:\Programme\Trend Micro\HJT\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://de.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://de.search.yahoo.com R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE USB PC Camera 302 O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Programme\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [NBJ] "C:\Programme\Ahead\Nero BackItUp\NBJ.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Programme\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Programme\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programme\Yahoo!\Common\yinsthelper.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{C224CFF2-58CA-4E7F-88CE-E601DBC41DFF}: NameServer = 217.237.150.115 217.237.151.205 O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: CA-Lizenz-Client (CA_LIC_CLNT) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe O23 - Service: CA-Lizenzserver (CA_LIC_SRVR) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoRpc.exe O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoRT.exe O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoTask.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: Ereignisprotokoll-Überwachung (LogWatch) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe -- End of file - 7003 bytes und Datfind: Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: C0A1-47E9 Verzeichnis von C:\WINDOWS\system32 16.07.2008 23:46 0 4.tmp 12.07.2008 10:58 2.206 wpa.dbl 23.04.2008 12:15 114.176 FNTCACHE.DAT (in den anderen Ordnern war nichts aus den letzten 3 Monaten) Vielen Dank schonmal für die Hilfe!!! |
|
|
||
18.07.2008, 08:31
Member
Beiträge: 694 |
#4
Hi,
was treibt der Rechner? Wo ist antivirus 2008 xp hin installiert worden? Das HJ-Log sieht gut aus, bitte noch DSS: Download dss zum Desktop (http://www.techsupportforum.com/sectools/Deckard/dss.exe) Schliesse alle Anwendungen und Doppelklicke dss.exe Während DSS läuft, keine anderen Aktionen ausführen! Kopiere den Inhalt des Berichts C:\main.txt und extra.txt in Deinen Thread chris |
|
|
||
18.07.2008, 15:27
Member
Themenstarter Beiträge: 15 |
#5
Also der Rechner scheint wieder problemlos zu laufen. Wohin das Programm installiert wurde kann ich dir leider nicht mehr sagen, ist auf jeden Fall wieder weg.
Hier noch die beiden Logs von DSS: Deckard's System Scanner v20071014.68 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft Windows XP Professional (build 2600) SP 2.0 Architecture: X86; Language: German CPU 0: Intel(R) Pentium(R) 4 CPU 2.80GHz Percentage of Memory in Use: 53% Physical Memory (total/avail): 503.23 MiB / 235.54 MiB Pagefile Memory (total/avail): 1229.99 MiB / 1016.13 MiB Virtual Memory (total/avail): 2047.88 MiB / 1944.82 MiB A: is Removable (No Media) C: is Fixed (NTFS) - 35.66 GiB total, 10.42 GiB free. D: is Fixed (NTFS) - 36.15 GiB total, 21.43 GiB free. E: is CDROM (No Media) \\.\PHYSICALDRIVE0 - ST3120213AS - 111.79 GiB - 3 partitions \PARTITION0 - Unknown - 4.88 GiB \PARTITION1 (bootable) - Installierbares Dateisystem - 35.66 GiB - C: \PARTITION2 - Installierbares Dateisystem - 36.15 GiB - D: -- Security Center ------------------------------------------------------------- AUOptions is scheduled to auto-install. Windows Internal Firewall is enabled. [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Programme\\MSN Messenger\\msncall.exe"="C:\\Programme\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)" "C:\\Programme\\MSN Messenger\\msnmsgr.exe"="C:\\Programme\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Programme\\MSN Messenger\\livecall.exe"="C:\\Programme\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Programme\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Programme\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger" "C:\\Programme\\Yahoo!\\Messenger\\YServer.exe"="C:\\Programme\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server" "C:\\Programme\\LimeWire\\LimeWire.exe"="C:\\Programme\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire" "C:\\Programme\\NetMeeting\\conf.exe"="C:\\Programme\\NetMeeting\\conf.exe:*:Enabled:Windows® NetMeeting®" "C:\\Programme\\MSN Messenger\\msnmsgr.exe"="C:\\Programme\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Programme\\MSN Messenger\\livecall.exe"="C:\\Programme\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\\Programme\\iTunes\\iTunes.exe"="C:\\Programme\\iTunes\\iTunes.exe:*:Enabled:iTunes" -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\Dokumente und Einstellungen\All Users APPDATA=C:\Dokumente und Einstellungen\Martin\Anwendungsdaten AVENGINE=C:\PROGRA~1\CA\SHARED~1\SCANEN~1 CLASSPATH=.;C:\Programme\Java\jre1.6.0_03\lib\ext\QTJava.zip CLIENTNAME=Console CommonProgramFiles=C:\Programme\Gemeinsame Dateien COMPUTERNAME=MARTIN-ZXG2I3L3 ComSpec=C:\WINDOWS\system32\cmd.exe DEFAULT_CA_NR=CA6 FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Dokumente und Einstellungen\Martin INOCULAN=C:\PROGRA~1\CA\ETRUST~1 LOGONSERVER=\\MARTIN-ZXG2I3L3 NUMBER_OF_PROCESSORS=1 OS=Windows_NT Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\PROGRA~1\CA\SHARED~1\SCANEN~1;C:\PROGRA~1\CA\ETRUST~1;C:\Programme\Gemeinsame Dateien\Teleca Shared;C:\Programme\QuickTime\QTSystem PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel PROCESSOR_LEVEL=15 PROCESSOR_REVISION=0209 ProgramFiles=C:\Programme PROMPT=$P$G QTJAVA=C:\Programme\Java\jre1.6.0_03\lib\ext\QTJava.zip SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOKUME~1\Martin\LOKALE~1\Temp TMP=C:\DOKUME~1\Martin\LOKALE~1\Temp USERDOMAIN=MARTIN-ZXG2I3L3 USERNAME=Martin USERPROFILE=C:\Dokumente und Einstellungen\Martin windir=C:\WINDOWS -- User Profiles --------------------------------------------------------------- Martin (admin) -- Add/Remove Programs --------------------------------------------------------- --> C:\Programme\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL --> C:\Programme\Gemeinsame Dateien\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 --> C:\WINDOWS\UNNeroVision.exe /UNINSTALL --> C:\WINDOWS\UNNMP.exe /UNINSTALL --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Adobe Download Manager 2.0 (Nur entfernen) --> "C:\Programme\Gemeinsame Dateien\Adobe\ESD\uninst.exe" Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Reader 7.0.8 - Deutsch --> MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A70800000002} Adobe® Photoshop® Album Starter Edition 3.2 --> MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61} Apple Mobile Device Support --> MsiExec.exe /I{B5C209B1-8DDB-4642-A573-375B951514CB} Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4} CA eTrust Antivirus --> C:\WINDOWS\IsUn0407.exe -f"C:\Programme\CA\eTrust Antivirus\Uninst.isu" -c"C:\Programme\CA\eTrust Antivirus\InoSetup.dll" CCleaner (remove only) --> "C:\Programme\CCleaner\uninst.exe" CleanUp! --> C:\Programme\CleanUp!\uninstall.exe DivX Content Uploader --> C:\Programme\DivX\DivXContentUploaderUninstall.exe /CUPLOADER DivX Web Player --> C:\Programme\DivX\DivXWebPlayerUninstall.exe /PLUGIN EdenCity Download Setup --> C:\PROGRA~1\EdenCity\Download\UNWISE.EXE C:\PROGRA~1\EdenCity\Download\INSTALL.LOG EdenCity Download Setup mit VideoChat --> C:\PROGRA~1\EdenCity\Download\UNWISE.EXE C:\PROGRA~1\EdenCity\Download\INSTALL.LOG EdenCity Download VideoChat BETATEST Setup --> C:\PROGRA~1\EdenCity\DOWNLO~1\UNWISE.EXE C:\PROGRA~1\EdenCity\DOWNLO~1\INSTALL.LOG EdenCity Download VideoChat Setup --> C:\PROGRA~1\EdenCity\DOWNLO~1\UNWISE.EXE C:\PROGRA~1\EdenCity\DOWNLO~1\INSTALL.LOG ElsterFormular 2005/2006 --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{1C27C64B-D5CF-4881-A310-0BD2A0D21927}\setup.exe" -l0x7 -removeonly ElsterFormular 2006/2007 --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{CBBCBE04-EA5E-4201-A924-E7ED3E8686AE}\setup.exe" -l0x7 -removeonly GetDataBack for NTFS --> "C:\Programme\Runtime Software\GetDataBack for NTFS\Uninstall.exe" "C:\Programme\Runtime Software\GetDataBack for NTFS\install.log" -u HijackThis 2.0.2 --> "C:\Programme\Trend Micro\HJT\HijackThis.exe" /uninstall Hotfix für Windows XP (KB886540) --> Hotfix für Windows XP (KB889527) --> "C:\WINDOWS\$NtUninstallKB889527$\spuninst\spuninst.exe" Hotfix für Windows XP (KB893357) --> "C:\WINDOWS\$NtUninstallKB893357$\spuninst\spuninst.exe" Hotfix für Windows XP (KB903234) --> "C:\WINDOWS\$NtUninstallKB903234$\spuninst\spuninst.exe" Hotfix für Windows XP (KB904412) --> "C:\WINDOWS\$NtUninstallKB904412$\spuninst\spuninst.exe" Hotfix für Windows XP (KB906569) --> "C:\WINDOWS\$NtUninstallKB906569$\spuninst\spuninst.exe" Hotfix für Windows XP (KB907865) --> "C:\WINDOWS\$NtUninstallKB907865$\spuninst\spuninst.exe" HouseCall 6.6 --> "C:\Dokumente und Einstellungen\Martin\Anwendungsdaten\HouseCall 6.6\uninstaller.exe" Intel(R) Graphics Media Accelerator Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2782 PCI\VEN_8086&DEV_2582 iTunes --> MsiExec.exe /I{E3FEE4E7-4488-4A3F-A6BD-13745936EADB} J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090} Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030} Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050} Java(TM) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010} LimeWire 4.12.6 --> "C:\Programme\LimeWire\uninstall.exe" Malwarebytes' Anti-Malware --> "C:\Programme\Malwarebytes' Anti-Malware\unins000.exe" Messenger Plus! Live --> "C:\Programme\Messenger Plus! Live\Uninstall.exe" Microsoft Office XP Professional mit FrontPage --> MsiExec.exe /I{90280407-6000-11D3-8CFE-0050048383C9} Microsoft Office XP Web Components --> MsiExec.exe /I{90260407-6000-11D3-8CFE-0050048383C9} Mozilla Firefox (2.0) --> C:\Programme\Mozilla Firefox\uninstall\uninst.exe Nero Suite --> C:\Programme\Gemeinsame Dateien\Ahead\Uninstall\Setup.exe /uninstall QuickTime --> MsiExec.exe /I{5B09BD67-4C99-46A1-8161-B7208CE18121} RealPlayer --> C:\Programme\Gemeinsame Dateien\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE Sicherheitsupdate für Windows XP (KB890046) --> "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB893066) --> "C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB893756) --> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB896358) --> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB896422) --> "C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB896423) --> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB896428) --> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB896688) --> "C:\WINDOWS\$NtUninstallKB896688$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB899587) --> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB899588) --> "C:\WINDOWS\$NtUninstallKB899588$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB899589) --> "C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB899591) --> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB900725) --> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB901017) --> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB901214) --> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB902400) --> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB904706) --> "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB905414) --> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB905749) --> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe" Sony Ericsson PC Suite 1.20.173 --> MsiExec.exe /I{C5ADA65A-7828-4D85-B071-ECC52B51F794} T-Online Fotoservice --> C:\PROGRA~1\T-ONLI~1\UNWISE.EXE C:\PROGRA~1\T-ONLI~1\INSTALL.LOG Update für Windows XP (KB894391) --> "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe" Update für Windows XP (KB897663) --> "C:\WINDOWS\$NtUninstallKB897663$\spuninst\spuninst.exe" Update für Windows XP (KB898461) --> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe" Update für Windows XP (KB900930) --> "C:\WINDOWS\$NtUninstallKB900930$\spuninst\spuninst.exe" USB PC Camera 302 --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{5EA24DA8-F398-42C7-8CDC-39273493C514}\setup.exe" -l0x9 Windows Live Messenger --> MsiExec.exe /I{279DB581-239C-4E13-97F8-0F48E40BE75C} Windows Live Sign-in Assistant --> MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7} Windows XP-Hotfix - KB873333 --> C:\WINDOWS\$NtUninstallKB873333$\spuninst\spuninst.exe Windows XP-Hotfix - KB873339 --> C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe Windows XP-Hotfix - KB884020 --> C:\WINDOWS\$NtUninstallKB884020$\spuninst\spuninst.exe Windows XP-Hotfix - KB884883 --> "C:\WINDOWS\$NtUninstallKB884883$\spuninst\spuninst.exe" Windows XP-Hotfix - KB885222 --> "C:\WINDOWS\$NtUninstallKB885222$\spuninst\spuninst.exe" Windows XP-Hotfix - KB885250 --> C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe Windows XP-Hotfix - KB885523 --> C:\WINDOWS\$NtUninstallKB885523$\spuninst\spuninst.exe Windows XP-Hotfix - KB885835 --> C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe Windows XP-Hotfix - KB885836 --> C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe Windows XP-Hotfix - KB885884 --> C:\WINDOWS\$NtUninstallKB885884$\spuninst\spuninst.exe Windows XP-Hotfix - KB885894 --> C:\WINDOWS\$NtUninstallKB885894$\spuninst\spuninst.exe Windows XP-Hotfix - KB886185 --> C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe Windows XP-Hotfix - KB886677 --> C:\WINDOWS\$NtUninstallKB886677$\spuninst\spuninst.exe Windows XP-Hotfix - KB886716 --> "C:\WINDOWS\$NtUninstallKB886716$\spuninst\spuninst.exe" Windows XP-Hotfix - KB887742 --> C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe Windows XP-Hotfix - KB888113 --> C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe Windows XP-Hotfix - KB888302 --> C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe Windows XP-Hotfix - KB889016 --> C:\WINDOWS\$NtUninstallKB889016$\spuninst\spuninst.exe Windows XP-Hotfix - KB890047 --> C:\WINDOWS\$NtUninstallKB890047$\spuninst\spuninst.exe Windows XP-Hotfix - KB890175 --> C:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe Windows XP-Hotfix - KB890831 --> C:\WINDOWS\$NtUninstallKB890831$\spuninst\spuninst.exe Windows XP-Hotfix - KB890859 --> "C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe" Windows XP-Hotfix - KB891781 --> C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe Windows XP-Hotfix - KB893086 --> "C:\WINDOWS\$NtUninstallKB893086$\spuninst\spuninst.exe" Windows XP-Hotfix - KB896626 --> "C:\WINDOWS\$NtUninstallKB896626$\spuninst\spuninst.exe" WinRAR Archivierer --> C:\Programme\WinRAR\uninstall.exe Yahoo! Extras --> C:\PROGRA~1\Yahoo!\Common\unyext.exe Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL Yahoo! Internet Mail --> C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\ymmapi.dll Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG -- Application Event Log ------------------------------------------------------- Event Record #/Type16156 / Success Event Submitted/Written: 07/18/2008 02:24:34 PM Event ID/Source: 12001 / usnjsvc Event Description: The Messenger Sharing USN Journal Reader service started successfully. Event Record #/Type16138 / Success Event Submitted/Written: 07/17/2008 09:00:53 PM Event ID/Source: 12001 / usnjsvc Event Description: The Messenger Sharing USN Journal Reader service started successfully. Event Record #/Type16114 / Success Event Submitted/Written: 07/17/2008 05:35:01 PM Event ID/Source: 12001 / usnjsvc Event Description: The Messenger Sharing USN Journal Reader service started successfully. Event Record #/Type16051 / Success Event Submitted/Written: 07/15/2008 11:46:52 PM Event ID/Source: 12001 / usnjsvc Event Description: The Messenger Sharing USN Journal Reader service started successfully. Event Record #/Type16041 / Success Event Submitted/Written: 07/15/2008 00:38:54 PM Event ID/Source: 12001 / usnjsvc Event Description: The Messenger Sharing USN Journal Reader service started successfully. -- Security Event Log ---------------------------------------------------------- No Errors/Warnings found. -- System Event Log ------------------------------------------------------------ Event Record #/Type35764 / Error Event Submitted/Written: 07/18/2008 02:24:05 PM Event ID/Source: 7034 / Service Control Manager Event Description: Dienst "eTrust Antivirus Job Server" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Event Record #/Type35749 / Warning Event Submitted/Written: 07/18/2008 02:21:36 PM Event ID/Source: 1007 / Dhcp Event Description: Die IP-Adresse für die Netzwerkkarte mit der Netzwerkadresse 00138F10BCEB wurde automatisch durch diesen Computer konfiguriert. Die verwendete IP-Adresse ist 169.254.30.123. Event Record #/Type35736 / Error Event Submitted/Written: 07/17/2008 09:00:30 PM Event ID/Source: 7034 / Service Control Manager Event Description: Dienst "eTrust Antivirus Job Server" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Event Record #/Type35717 / Warning Event Submitted/Written: 07/17/2008 08:54:47 PM Event ID/Source: 1007 / Dhcp Event Description: Die IP-Adresse für die Netzwerkkarte mit der Netzwerkadresse 00138F10BCEB wurde automatisch durch diesen Computer konfiguriert. Die verwendete IP-Adresse ist 169.254.30.123. Event Record #/Type35697 / Error Event Submitted/Written: 07/17/2008 08:26:49 PM Event ID/Source: 7034 / Service Control Manager Event Description: Dienst "eTrust Antivirus Job Server" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. -- End of Deckard's System Scanner: finished at 2008-07-18 15:19:06 -- Deckard's System Scanner v20071014.68 Run by Martin on 2008-07-18 15:18:08 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 4 Restore Point(s) -- 4: 2008-07-18 13:18:11 UTC - RP418 - Deckard's System Scanner Restore Point 3: 2008-07-17 18:32:41 UTC - RP417 - ComboFix created restore point 2: 2008-07-17 16:16:25 UTC - RP416 - Systemprüfpunkt 1: 2008-07-15 21:42:45 UTC - RP415 - Systemprüfpunkt Backed up registry hives. Performed disk cleanup. [color=red]Total Physical Memory: 504 MiB (512 MiB recommended).[/color] -- HijackThis (run as Martin.exe) ---------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:18:36, on 18.07.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\WINDOWS\VM_STI.EXE C:\Programme\Java\jre1.6.0_05\bin\jusched.exe C:\PROGRA~1\CA\ETRUST~1\realmon.exe C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\Programme\iTunes\iTunesHelper.exe C:\Programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe C:\Programme\Messenger\msmsgs.exe C:\Programme\Gemeinsame Dateien\Teleca Shared\CapabilityManager.exe C:\Programme\Gemeinsame Dateien\Teleca Shared\Generic.exe C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programme\CA\eTrust Antivirus\InoRpc.exe C:\Programme\CA\eTrust Antivirus\InoRT.exe C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe C:\WINDOWS\System32\svchost.exe C:\Programme\iPod\bin\iPodService.exe C:\Programme\MSN Messenger\usnsvc.exe C:\Dokumente und Einstellungen\Martin\Desktop\dss.exe C:\PROGRA~1\TRENDM~1\HJT\Martin.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://de.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://de.search.yahoo.com R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE USB PC Camera 302 O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Programme\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [NBJ] "C:\Programme\Ahead\Nero BackItUp\NBJ.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Programme\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Programme\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programme\Yahoo!\Common\yinsthelper.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{C224CFF2-58CA-4E7F-88CE-E601DBC41DFF}: NameServer = 217.237.150.115 217.237.151.205 O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: CA-Lizenz-Client (CA_LIC_CLNT) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe O23 - Service: CA-Lizenzserver (CA_LIC_SRVR) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoRpc.exe O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoRT.exe O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoTask.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: Ereignisprotokoll-Überwachung (LogWatch) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe -- End of file - 7088 bytes -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R0 INO_FLPY - c:\windows\system32\drivers\ino_flpy.sys <Not Verified; Computer Associates; CA eTrust eTrust Antivirus/InoculateIT version 7.X/6.X/4.X> R2 INO_FLTR - c:\windows\system32\drivers\ino_fltr.sys <Not Verified; Computer Associates; CA eTrust eTrust Antivirus/InoculateIT version 6.0> R3 ZSMC302 (USB PC Camera 302) - c:\windows\system32\drivers\usbvm302.sys <Not Verified; VM; > S3 catchme - c:\combofix\catchme.sys (file missing) -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 Apple Mobile Device - "c:\programme\gemeinsame dateien\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service> R2 InoRPC (eTrust Antivirus RPC Server) - "c:\programme\ca\etrust antivirus\inorpc.exe" <Not Verified; Computer Associates International, Inc.; eTrust Antivirus> R2 InoRT (eTrust Antivirus Realtime Server) - "c:\programme\ca\etrust antivirus\inort.exe" <Not Verified; Computer Associates International, Inc.; eTrust Antivirus> R2 LogWatch (Ereignisprotokoll-Überwachung) - c:\programme\ca\sharedcomponents\ca_lic\logwatnt.exe <Not Verified; Computer Associates; Computer Associates LogWatNT> S2 InoTask (eTrust Antivirus Job Server) - "c:\programme\ca\etrust antivirus\inotask.exe" <Not Verified; Computer Associates International, Inc.; eTrust Antivirus> S3 CA_LIC_CLNT (CA-Lizenz-Client) - c:\programme\ca\sharedcomponents\ca_lic\lic98rmt.exe <Not Verified; Computer Associates; Computer Associates lic98rmt> S3 CA_LIC_SRVR (CA-Lizenzserver) - c:\programme\ca\sharedcomponents\ca_lic\lic98rmtd.exe <Not Verified; Computer Associates; Computer Associates lic98rmtd> -- Device Manager: Disabled ---------------------------------------------------- No disabled devices found. -- Files created between 2008-06-18 and 2008-07-18 ----------------------------- 2008-07-17 20:42:55 0 d-------- C:\Programme\Trend Micro 2008-07-17 20:33:04 0 d-------- C:\Dokumente und Einstellungen\Martin\Start Menu 2008-07-17 20:32:25 68096 --a------ C:\WINDOWS\zip.exe 2008-07-17 20:32:25 49152 --a------ C:\WINDOWS\VFind.exe 2008-07-17 20:32:25 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists> 2008-07-17 20:32:25 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller> 2008-07-17 20:32:25 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor> 2008-07-17 20:32:25 98816 --a------ C:\WINDOWS\sed.exe 2008-07-17 20:32:25 80412 --a------ C:\WINDOWS\grep.exe 2008-07-17 20:32:25 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; > 2008-07-17 19:42:03 0 d-------- C:\Programme\Malwarebytes' Anti-Malware 2008-07-17 19:34:56 0 dr-h----- C:\Dokumente und Einstellungen\Martin\Recent 2008-07-17 19:33:57 0 d-------- C:\Programme\CCleaner -- Find3M Report --------------------------------------------------------------- 2008-07-17 19:42:07 0 d-------- C:\Dokumente und Einstellungen\Martin\Anwendungsdaten\Malwarebytes 2008-07-16 02:32:08 0 d-------- C:\Dokumente und Einstellungen\Martin\Anwendungsdaten\HouseCall 6.6 2008-05-26 21:04:42 0 d-------- C:\Programme\Yahoo! 2008-05-26 21:04:22 0 d--h----- C:\Programme\InstallShield Installation Information 2008-05-26 21:03:38 0 d-------- C:\Programme\PartyGaming 2008-05-26 21:02:16 0 d-------- C:\Programme\ICQToolbar 2008-05-26 20:59:40 0 d-------- C:\Programme\GXTranscoder.net 2008-05-19 22:07:49 0 d-------- C:\Dokumente und Einstellungen\Martin\Anwendungsdaten\ICQ Toolbar -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09.07.2001 12:50] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [05.04.2005 15:22] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [05.04.2005 15:19] "Persistence"="C:\WINDOWS\system32\igfxpers.exe" [05.04.2005 15:23] "SoundMan"="SOUNDMAN.EXE" [15.11.2004 19:20 C:\WINDOWS\SOUNDMAN.EXE] "TkBellExe"="C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" [24.11.2006 05:08] "BigDogPath"="C:\WINDOWS\VM_STI.exe" [21.01.2003 16:19] "SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_05\bin\jusched.exe" [22.02.2008 05:25] "Realtime Monitor"="C:\PROGRA~1\CA\ETRUST~1\realmon.exe" [21.03.2003 23:33] "Sony Ericsson PC Suite"="C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [26.10.2005 16:17] "QuickTime Task"="C:\Programme\QuickTime\QTTask.exe" [19.10.2007 21:16] "iTunesHelper"="C:\Programme\iTunes\iTunesHelper.exe" [02.11.2007 19:36] "Adobe Photo Downloader"="C:\Programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [09.03.2007 11:09] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Yahoo! Pager"="C:\Programme\Yahoo!\Messenger\YahooMessenger.exe" [30.11.2006 22:49] "MSMSGS"="C:\Programme\Messenger\msmsgs.exe" [04.08.2004 01:58] "NBJ"="C:\Programme\Ahead\Nero BackItUp\NBJ.exe" [07.09.2004 13:55] "MsnMsgr"="C:\Programme\MSN Messenger\MsnMsgr.exe" [19.01.2007 12:55] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=0 (0x0) "HideLegacyLogonScripts"=0 (0x0) "HideLogoffScripts"=0 (0x0) "RunLogonScriptSync"=1 (0x1) "RunStartupScriptSync"=0 (0x0) "HideStartupScripts"=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "HideLegacyLogonScripts"=0 (0x0) "HideLogoffScripts"=0 (0x0) "RunLogonScriptSync"=1 (0x1) "RunStartupScriptSync"=0 (0x0) "HideStartupScripts"=0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" -- End of Deckard's System Scanner: finished at 2008-07-18 15:19:06 ------------ |
|
|
||
18.07.2008, 16:09
Member
Beiträge: 694 |
#6
Hi,
auch das sieht bis auf ein paar Schönheitsprobleme gut aus: Hijackthis, fixen: öffne das HijackThis -- Button "scan" -- vor den nachfolgenden Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten Beim fixen müssen alle Programme geschlossen sein! Code O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe (file missing)Normalerweise installiert sich Antivirus XP 2008 in das Programmverzeichnis als "Antivirus Xp ...", inzwischen sind sie schlauer (C:\Programme\rhclv4j0e3a1), Antimalewarebytes hat es erwischt... Das sollte es gewesen sein, bitte noch Update von Java und alte Version deinstallieren: Download jre-6u7-windows-i586-p.exe Scrolle runter nach ---->Java Runtime Environment (JRE) 6u7 The Java SE Runtime Environment (JRE) allows end-users to run Java applications. Klicke auf "Download" Setze ein Haeckchen bei --->"Accept License Agreement". Klicke “Windows Offline Installation, Multi-language” um “jre-6u7-windows-i586.exe”zum Desktop zu installieren Schliesse alle Programme auch Deinen Webbrowser Über "Start -> Einstellungen -> Systemsteuerung -> Software entferne alle aelteren Versionen von Java Runtime Environment (JRE of J2SE) Auch auf C:\Programme\Java entfernen! Nachdem alles entfernt wurde --->Rechner neu starten Installiere jetzt vom Desktop aus ---> “jre-6u7-windows-i586-p.exe” http://www.java.com/de/download/help/5000010800.xml chris Chris |
|
|
||
22.07.2008, 19:21
Member
Themenstarter Beiträge: 15 |
#7
So, fertig...
War wohl so, wie du es geschrieben hast, stand als Antivir XP im Verzeichnis, hatte aber im Taskmanager u.a. auch rhclv4j0e3a1.exe (oder zumindest so ähnlich) laufen. Vielen Dank nochmals für die detaillierte Hilfe! |
|
|
||
Hab mir nen kleinen Freund eingefangen mit o.g. Namen. Da ich länger nichts mehr mit so einem lästigen Problem zu tun hatte, wäre ich dankbar, wenn Ihr mir nochmal ne kleine Anleitung zur Bekämpfung schreiben könntet. Welche Programme in welcher Reihenfolge sollte ich mal durchlaufen lassen (Hijackthis, combofix, datfindbat, etc)?
Vielen Dank dafür