2 Trojaner auf meinem Laptop ! Wie werde ich diesen los |
||
---|---|---|
#0
| ||
11.12.2008, 16:44
Member
Beiträge: 27 |
||
|
||
11.12.2008, 16:47
Moderator
Beiträge: 5694 |
#2
Hallo und herzlich Willkommen
Arbeite erst das hier ab und poste die Logs: http://board.protecus.de/t23188.htm Gruss Swiss |
|
|
||
11.12.2008, 17:03
Member
Themenstarter Beiträge: 27 |
#3
Hier bitte:
Logfile von Malwarebytes Malwarebytes' Anti-Malware 1.31 Datenbank Version: 1489 Windows 6.0.6000 11.12.2008 17:03:08 mbam-log-2008-12-11 (17-02-48).txt Scan-Methode: Quick-Scan Durchsuchte Objekte: 45788 Laufzeit: 4 minute(s), 5 second(s) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 9 Infizierte Registrierungswerte: 3 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 1 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CLASSES_ROOT\toolband.xttbpos00 (Adware.BHO) -> No action taken. HKEY_CLASSES_ROOT\TypeLib\{77d6ddfa-7834-4541-b2b3-a8b0fb0e3924} (Adware.BHO) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Adware.BHO) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Adware.BHO) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Adware.BHO) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{4bd2d6c3-31dc-b947-23d0-dc52ec4f0c4c} (Adware.BHO) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{855f3b16-6d32-4fe6-8a56-bbb695989046} (Adware.BHO) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{855f3b16-6d32-4fe6-8a56-bbb695989046} (Adware.BHO) -> No action taken. HKEY_CLASSES_ROOT\toolband.xttbpos00.1 (Adware.BHO) -> No action taken. Infizierte Registrierungswerte: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{855f3b16-6d32-4fe6-8a56-bbb695989046} (Adware.BHO) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{855f3b16-6d32-4fe6-8a56-bbb695989046} (Adware.BHO) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{855f3b16-6d32-4fe6-8a56-bbb695989046} (Adware.BHO) -> No action taken. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Program Files\ICQToolbar\toolbaru.dll (Adware.BHO) -> No action taken. Logfile von HijackThis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:59:39, on 11.12.2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16386) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\System32\rundll32.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Genesys PC Camera Device\GenePccMon.exe C:\Windows\WindowsMobile\wmdSync.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Windows\System32\rundll32.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\T-Online\WLAN-Access Finder\ToWLaAcF.exe C:\Program Files\Philips\Philips SPC210NC Webcam\TrayMin210.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Common Files\Marmiko Shared\MWLaMaS.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe C:\Windows\system32\conime.exe C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis2\kernel.exe C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis2\sc_watch.exe C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis2\PROFIL~1.EXE C:\PROGRA~1\T-Online\T-ONLI~1\Notifier\Notifier.exe C:\PROGRAM FILES\T-ONLINE\T-ONLINE_SOFTWARE_6\BROWSER\BROWSER.EXE c:\program files\t-online\t-online_software_6\browser\dlman.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll O1 - Hosts: ::1 localhost O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [GenePccMon.exe] C:\Program Files\Genesys PC Camera Device\GenePccMon.exe O4 - HKLM\..\Run: [BullGuard] "C:\Program Files\BullGuard Software\BullGuard\bullguard.exe" -boot O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\VistaCodecPack\QT\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [ToADiMon.exe] C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe -TOnlineAutodialStart O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [BullGuard] "C:\Program Files\BullGuard Software\BullGuard\bullguard.exe" O4 - HKCU\..\Run: [T-Online_Software_6\WLAN-Access Finder] C:\Program Files\T-Online\WLAN-Access Finder\ToWLaAcF.exe /StartMinimized O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [InfoCockpit] C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE /nosplash (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [InfoCockpit] C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE /nosplash (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [InfoCockpit] C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE /nosplash (User 'Default user') O4 - Global Startup: Bluetooth Manager.lnk = ? O4 - Global Startup: TrayMin210.exe.lnk = ? O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O13 - Gopher Prefix: O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://www.samsung-cameras.de/fileadmin/3dview/NV24HD/NV24HD_vr.html O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.tabblo.com/bitty-static/uploader/ImageUploader5.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Avira AntiVir Personal - Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: BullGuard LiveUpdate (BGLiveSvc) - BullGuard Software - C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- End of file - 10509 bytes |
|
|
||
11.12.2008, 19:54
Moderator
Beiträge: 5694 |
#4
Hast du bei Malwarebytes alles gefundene entfernen lassen?
Bitte reiche noch eiN Combofig Log nach: http://www.virus-protect.org/artikel/tools/combofix.html und update dein JAVA: http://board.protecus.de/t32385-1.htm Gruss Swiss Dieser Beitrag wurde am 11.12.2008 um 19:57 Uhr von Tonstudio editiert.
|
|
|
||
11.12.2008, 22:08
Member
Themenstarter Beiträge: 27 |
#5
Combofig Log wollte leider nicht funkz, da bei Ausführen eine Fehler Meldung erschien.
Neue Logfile von HJT nach löschung aller funde von Malwarebytes und das updaten von Java: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:59:39, on 11.12.2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16386) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\System32\rundll32.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Genesys PC Camera Device\GenePccMon.exe C:\Windows\WindowsMobile\wmdSync.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Windows\System32\rundll32.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\T-Online\WLAN-Access Finder\ToWLaAcF.exe C:\Program Files\Philips\Philips SPC210NC Webcam\TrayMin210.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Common Files\Marmiko Shared\MWLaMaS.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe C:\Windows\system32\conime.exe C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis2\kernel.exe C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis2\sc_watch.exe C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis2\PROFIL~1.EXE C:\PROGRA~1\T-Online\T-ONLI~1\Notifier\Notifier.exe C:\PROGRAM FILES\T-ONLINE\T-ONLINE_SOFTWARE_6\BROWSER\BROWSER.EXE c:\program files\t-online\t-online_software_6\browser\dlman.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll O1 - Hosts: ::1 localhost O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [GenePccMon.exe] C:\Program Files\Genesys PC Camera Device\GenePccMon.exe O4 - HKLM\..\Run: [BullGuard] "C:\Program Files\BullGuard Software\BullGuard\bullguard.exe" -boot O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\VistaCodecPack\QT\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [ToADiMon.exe] C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe -TOnlineAutodialStart O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [BullGuard] "C:\Program Files\BullGuard Software\BullGuard\bullguard.exe" O4 - HKCU\..\Run: [T-Online_Software_6\WLAN-Access Finder] C:\Program Files\T-Online\WLAN-Access Finder\ToWLaAcF.exe /StartMinimized O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [InfoCockpit] C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE /nosplash (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [InfoCockpit] C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE /nosplash (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [InfoCockpit] C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE /nosplash (User 'Default user') O4 - Global Startup: Bluetooth Manager.lnk = ? O4 - Global Startup: TrayMin210.exe.lnk = ? O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O13 - Gopher Prefix: O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://www.samsung-cameras.de/fileadmin/3dview/NV24HD/NV24HD_vr.html O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.tabblo.com/bitty-static/uploader/ImageUploader5.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Avira AntiVir Personal - Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: BullGuard LiveUpdate (BGLiveSvc) - BullGuard Software - C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- End of file - 10509 bytes |
|
|
||
12.12.2008, 16:30
Moderator
Beiträge: 5694 |
#6
Zitat da bei Ausführen eine Fehler Meldung erschien.Welche denn?? >> Lade bitte SDfix, wende es im abgesicherten Modus an + poste hier den Report, der nach Neustart erscheint http://virus-protect.org/artikel/tools/sdfix.html Gruss Swiss |
|
|
||
13.12.2008, 13:35
Member
Themenstarter Beiträge: 27 |
#7
Zitat SDFix funktioniert nur bei Windows 2000 und Windows XP im abgesicherten Modus !Ich habe Leider Vista ^^ |
|
|
||
13.12.2008, 13:37
Moderator
Beiträge: 5694 |
#8
>>
Dann scanne mit smitfraudfix (option 1 und 2) - poste beide scanreporte http://virus-protect.org/artikel/tools/smitfrautfix.html >> wende bitte RSIT an + poste die zwei Logs http://virus-protect.org/artikel/tools/random.html Gruss Swiss |
|
|
||
13.12.2008, 15:40
Member
Themenstarter Beiträge: 27 |
#9
Hie dir beiden Logs von RSIT :
Logfile of random's system information tool 1.04 (written by random/random) Run by haus at 2008-12-13 15:37:09 Microsoft® Windows Vista™ Home Premium System drive C: has 7 GB (14%) free of 51 GB Total RAM: 2046 MB (50% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:37:22, on 13.12.2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16386) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\System32\rundll32.exe C:\Program Files\Genesys PC Camera Device\GenePccMon.exe C:\Windows\WindowsMobile\wmdSync.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Windows\System32\rundll32.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\T-Online\WLAN-Access Finder\ToWLaAcF.exe C:\Program Files\Philips\Philips SPC210NC Webcam\TrayMin210.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\Common Files\Marmiko Shared\MWLaMaS.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe C:\PROGRA~1\MICROS~2\wkcalrem.exe C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis2\kernel.exe C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis2\sc_watch.exe C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis2\PROFIL~1.EXE C:\PROGRA~1\T-Online\T-ONLI~1\Notifier\Notifier.exe C:\PROGRAM FILES\T-ONLINE\T-ONLINE_SOFTWARE_6\BROWSER\BROWSER.EXE C:\Windows\system32\conime.exe C:\Windows\System32\SnippingTool.exe C:\Windows\SYSTEM32\WISPTIS.EXE c:\program files\t-online\t-online_software_6\browser\dlman.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\haus\Desktop\RSIT.exe C:\Program Files\Trend Micro\HijackThis\haus.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - Default URLSearchHook is missing O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [GenePccMon.exe] C:\Program Files\Genesys PC Camera Device\GenePccMon.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\VistaCodecPack\QT\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [ToADiMon.exe] C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe -TOnlineAutodialStart O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [T-Online_Software_6\WLAN-Access Finder] C:\Program Files\T-Online\WLAN-Access Finder\ToWLaAcF.exe /StartMinimized O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [InfoCockpit] C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE /nosplash (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [InfoCockpit] C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE /nosplash (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [InfoCockpit] C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE /nosplash (User 'Default user') O4 - Global Startup: Bluetooth Manager.lnk = ? O4 - Global Startup: TrayMin210.exe.lnk = ? O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html O13 - Gopher Prefix: O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://www.samsung-cameras.de/fileadmin/3dview/NV24HD/NV24HD_vr.html O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.tabblo.com/bitty-static/uploader/ImageUploader5.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Avira AntiVir Personal - Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- End of file - 9595 bytes ======Scheduled tasks folder====== C:\Windows\tasks\1-Klick-Wartung.job C:\Windows\tasks\User_Feed_Synchronization-{5FE5F45E-1904-46F2-A34D-A98E81E476C7}.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}] Winamp Toolbar Loader - C:\Program Files\Winamp Toolbar\winamptb.dll [2008-03-19 1267040] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-11 320920] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live Anmelde-Hilfsprogramm - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-11 34816] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - Winamp Toolbar - C:\Program Files\Winamp Toolbar\winamptb.dll [2008-03-19 1267040] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-02 1004136] "NvSvc"=C:\Windows\system32\nvsvc.dll [2007-09-28 86016] "NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2007-09-28 8497696] "NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2007-09-28 81920] "GenePccMon.exe"=C:\Program Files\Genesys PC Camera Device\GenePccMon.exe [2007-02-13 36864] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792] "Windows Mobile-based device management"=C:\Windows\WindowsMobile\wmdSync.exe [2006-11-02 215552] "SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2003-10-14 155648] "PaperPort PTD"=C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [2005-03-17 57393] "IndexSearch"=C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [2005-03-17 40960] "QuickTime Task"=C:\Program Files\VistaCodecPack\QT\QTTask.exe [2008-09-06 413696] "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576] "ToADiMon.exe"=C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe [2007-02-15 282624] "00PCTFW"=C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe [2008-08-05 2611096] "VirtualCloneDrive"=C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [2008-06-29 52168] "avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-11 136600] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2006-11-02 1196032] "ehTray.exe"=C:\Windows\ehome\ehTray.exe [2006-11-02 125440] "T-Online_Software_6\WLAN-Access Finder"=C:\Program Files\T-Online\WLAN-Access Finder\ToWLaAcF.exe [2008-04-08 671796] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe TrayMin210.exe.lnk - C:\Program Files\Philips\Philips SPC210NC Webcam\TrayMin210.exe [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ae71598c-856d-11dd-823a-001060d0ffc9}] shell\AutoRun\command - e.com shell\explore\command - e.com shell\open\command - e.com ======List of files/folders created in the last 1 months====== 2008-12-13 15:37:09 ----D---- C:\rsit 2008-12-11 21:57:15 ----D---- C:\Program Files\CCleaner 2008-12-11 21:41:17 ----A---- C:\Windows\system32\javaws.exe 2008-12-11 21:41:17 ----A---- C:\Windows\system32\javaw.exe 2008-12-11 21:41:17 ----A---- C:\Windows\system32\java.exe 2008-12-11 21:41:17 ----A---- C:\Windows\system32\deploytk.dll 2008-12-11 16:58:35 ----D---- C:\Program Files\Trend Micro 2008-12-11 16:54:11 ----D---- C:\Users\haus\AppData\Roaming\Malwarebytes 2008-12-11 16:53:56 ----D---- C:\ProgramData\Malwarebytes 2008-12-11 16:53:56 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2008-12-10 22:33:23 ----D---- C:\ProgramData\Avira 2008-12-10 22:33:23 ----D---- C:\Program Files\Avira 2008-12-10 14:21:03 ----D---- C:\ProgramData\Avira(99) 2008-12-04 20:26:22 ----D---- C:\Program Files\PC-Linq 2008-12-04 20:25:08 ----A---- C:\Windows\system32\coinst.dll 2008-12-02 22:37:35 ----D---- C:\Windows\system32\Samsung_USB_Drivers 2008-12-02 21:50:14 ----D---- C:\SharedFolder 2008-11-30 17:59:18 ----D---- C:\Inbox 2008-11-24 19:05:50 ----D---- C:\Program Files\Elaborate Bytes 2008-11-24 18:56:48 ----D---- C:\Users\haus\AppData\Roaming\WinRAR 2008-11-24 18:55:33 ----D---- C:\Program Files\WinRAR 2008-11-17 13:09:30 ----D---- C:\Users\haus\AppData\Roaming\PCToolsFirewallPlus 2008-11-17 13:07:31 ----AD---- C:\ProgramData\TEMP 2008-11-17 13:06:38 ----D---- C:\Program Files\Common Files\PC Tools 2008-11-17 13:06:33 ----D---- C:\Program Files\PC Tools Firewall Plus ======List of files/folders modified in the last 1 months====== 2008-12-13 15:37:17 ----D---- C:\Windows\Temp 2008-12-13 15:27:17 ----D---- C:\Windows\System32 2008-12-13 15:27:17 ----A---- C:\Windows\system32\PerfStringBackup.INI 2008-12-13 15:27:16 ----D---- C:\Windows\inf 2008-12-11 21:58:42 ----D---- C:\Windows\Debug 2008-12-11 21:58:42 ----D---- C:\Windows 2008-12-11 21:57:15 ----RD---- C:\Program Files 2008-12-11 21:41:38 ----SHD---- C:\Windows\Installer 2008-12-11 21:40:56 ----D---- C:\Program Files\Java 2008-12-11 21:40:48 ----SHD---- C:\System Volume Information 2008-12-11 21:40:27 ----D---- C:\ProgramData\BullGuard 2008-12-11 21:40:17 ----D---- C:\Windows\system32\drivers 2008-12-11 21:39:03 ----D---- C:\Program Files\Common Files 2008-12-11 21:26:30 ----D---- C:\Program Files\ICQToolbar 2008-12-11 16:53:56 ----HD---- C:\ProgramData 2008-12-11 16:48:04 ----D---- C:\Program Files\Adobe 2008-12-11 16:26:39 ----SD---- C:\Windows\Downloaded Program Files 2008-12-10 22:19:38 ----D---- C:\Windows\WindowsMobile 2008-12-10 22:19:36 ----D---- C:\Windows\system32\wbem 2008-12-10 22:18:47 ----D---- C:\Windows\system32\config 2008-12-10 22:18:36 ----D---- C:\Windows\Tasks 2008-12-10 22:18:36 ----D---- C:\Windows\system32\Tasks 2008-12-10 22:18:36 ----D---- C:\Windows\system32\spool 2008-12-10 22:18:36 ----D---- C:\Windows\system32\catroot2 2008-12-10 22:18:36 ----D---- C:\Users\haus\AppData\Roaming\Winamp 2008-12-10 22:18:33 ----HD---- C:\Program Files\InstallShield Installation Information 2008-12-10 22:18:32 ----D---- C:\Windows\registration 2008-12-10 22:12:59 ----D---- C:\Windows\Minidump 2008-12-10 22:03:45 ----D---- C:\ProgramData\Avira(104) 2008-12-10 22:00:27 ----D---- C:\Windows\Prefetch 2008-12-10 22:00:27 ----D---- C:\Windows\Logs 2008-12-10 14:07:27 ----D---- C:\Program Files\X10 Hardware 2008-12-10 00:21:37 ----D---- C:\Users\haus\AppData\Roaming\Skype 2008-12-10 00:07:29 ----D---- C:\Users\haus\AppData\Roaming\skypePM 2008-12-03 19:29:43 ----D---- C:\Windows\system32\WDI 2008-12-02 22:41:56 ----D---- C:\Windows\system32\catroot 2008-12-02 22:37:25 ----D---- C:\Program Files\Samsung 2008-11-20 10:32:44 ----D---- C:\Windows\system32\Macromed 2008-11-19 17:18:35 ----D---- C:\Users\haus\AppData\Roaming\Adobe ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys [2007-02-27 11840] R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2008-10-30 75072] R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2008-07-21 24392] R1 pctfw2;pctfw2; \??\C:\Windows\System32\drivers\pctfw2.sys [2008-07-28 160792] R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2007-11-08 21248] R1 Tosrfcom;Bluetooth RFCOMM; C:\Windows\System32\Drivers\tosrfcom.sys [2007-05-24 64000] R2 CdaD10BA;CdaD10BA; \??\C:\Windows\system32\drivers\CdaD10BA.SYS [2008-02-24 12464] R2 Hardlock;Hardlock; \??\C:\Windows\system32\drivers\HARDLOCK.SYS [1998-02-19 88064] R3 AgereSoftModem;Agere Systems-Softmodem; C:\Windows\system32\DRIVERS\AGRSM.sys [2006-11-02 983552] R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys [2008-05-20 52032] R3 CmBatt;Treiber für Microsoft-ACPI-Kontrollmethodenkompatible Batterie; C:\Windows\system32\DRIVERS\CmBatt.sys [2006-11-02 14208] R3 DCamUSBGene;GenesysLogic USB2.0 PC Camera; C:\Windows\system32\DRIVERS\usbgene.sys [2007-06-26 131584] R3 FWAuth;FWAuth Driver; \??\C:\Windows\system32\drivers\FWAuthDriver.sys [2008-08-05 58136] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464] R3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520] R3 NETw3v32;Intel(R) PRO/Wireless 3945ABG-Adaptertreiber für Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-02 1781760] R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2007-09-28 7628192] R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys [2006-11-02 8192] R3 RTL8169;Realtek 8169-NT-Treiber; C:\Windows\system32\DRIVERS\Rtlh86.sys [2006-11-02 44544] R3 SFilter;PCTools Driver; C:\Windows\system32\DRIVERS\pctfw.sys [2008-07-17 93952] R3 toshidpt;Bluetooth HID Port; C:\Windows\system32\drivers\Toshidpt.sys [2005-07-11 3712] R3 tosporte;Bluetooth COM Port; C:\Windows\system32\DRIVERS\tosporte.sys [2006-10-10 41600] R3 tosrfbd;Bluetooth RFBUS; C:\Windows\system32\DRIVERS\tosrfbd.sys [2007-04-24 113920] R3 tosrfbnp;Bluetooth RFBNEP; C:\Windows\System32\Drivers\tosrfbnp.sys [2006-11-20 36480] R3 Tosrfhid;Bluetooth RFHID; C:\Windows\system32\DRIVERS\Tosrfhid.sys [2007-03-01 73728] R3 tosrfnds;Bluetooth Personal Area Network; C:\Windows\system32\DRIVERS\tosrfnds.sys [2005-01-06 18612] R3 Tosrfusb;Bluetooth USB Controller; C:\Windows\system32\DRIVERS\tosrfusb.sys [2007-06-11 41856] R3 VClone;VClone; C:\Windows\system32\DRIVERS\VClone.sys [2008-09-24 29184] R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560] R3 X10Hid;X10 Hid Device; C:\Windows\System32\Drivers\x10hid.sys [2006-11-17 13976] S3 BthEnum;Bluetooth-Anforderungsblocktreiber; C:\Windows\system32\DRIVERS\BthEnum.sys [2006-11-02 19456] S3 BthPan;Bluetooth-Gerät (PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2006-11-02 92160] S3 BTHPORT;Bluetooth-Porttreiber; C:\Windows\System32\Drivers\BTHport.sys [2006-11-02 220160] S3 BTHUSB;USB-Treiber für Bluetooth-Funkgerät; C:\Windows\System32\Drivers\BTHUSB.sys [2006-11-02 29184] S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\Windows\System32\Drivers\btwusb.sys [2005-08-24 56648] S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632] S3 FETNDIS;VIA Rhine-Familie--Fast-Ethernet-Adaptertreiberdienst; C:\Windows\system32\DRIVERS\fetnd5.sys [2006-11-02 45568] S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192] S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888] S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016] S3 MTOnlPktAlyX;MTOnlPktAlyX NDIS Protocol Driver; \??\C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis1\MTOnlPktAlyX.SYS [2006-10-09 17536] S3 PhilCap;NXP service; C:\Windows\system32\DRIVERS\PhilCap.sys [2007-07-31 908896] S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 2028032] S3 RFCOMM;Bluetooth-Gerät (RFCOMM-Protokoll-TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2006-11-02 49664] S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM); C:\Windows\system32\DRIVERS\ss_bus.sys [2007-05-02 83592] S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter; C:\Windows\system32\DRIVERS\ss_mdfl.sys [2007-05-02 15112] S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers; C:\Windows\system32\DRIVERS\ss_mdm.sys [2007-05-02 109704] S3 TosRfSnd;Bluetooth Audio; C:\Windows\system32\drivers\tosrfsnd.sys [2007-01-22 53376] S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2008-07-10 32000] S3 usbscan;USB-Scannertreiber; C:\Windows\system32\DRIVERS\usbscan.sys [2006-11-02 35328] S3 Wdm1;USB Bridge Cable Driver; C:\Windows\System32\Drivers\usbbc.sys [2001-01-08 15576] S3 winusb;WinUSB Service; C:\Windows\system32\DRIVERS\winusb.sys [2006-11-02 31616] S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2006-11-02 39936] S3 XUIF;X10 USB Wireless Transceiver; C:\Windows\System32\Drivers\x10ufx2.sys [2006-11-17 26904] S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Planer; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865] R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297] R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040] R2 Bonjour Service;Bonjour-Dienst; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888] R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2006-11-02 22016] R2 PCToolsFirewallPlus;PC Tools Firewall Plus; C:\Program Files\PC Tools Firewall Plus\FWService.exe [2008-08-04 126200] R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2006-11-02 22016] R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2007-02-25 125048] R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2006-11-02 22016] R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2006-11-02 22016] R2 x10nets;X10 Device Network Service; C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe [2001-11-12 20480] R3 iPod Service;iPod-Dienst; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872] S3 TuneUp.Defrag;@%SystemRoot%\System32\TuneUpDefragService.exe,-1; C:\Windows\System32\TuneUpDefragService.exe [2008-05-03 354560] S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240] -----------------EOF----------------- ------------------------------------------------------ info.txt logfile of random's system information tool 1.04 2008-12-13 15:37:24 ======Uninstall list====== -->MsiExec.exe /I{8A42F680-2DD6-11D4-9A8C-0040F6982C20} -->MsiExec.exe /I{A2529672-574A-4A99-86A5-C1770A0E31FE} -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2638924D-DC58-4C40-BB1C-48C2B24B7B1B}\Setup.exe" -L0x7 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{52739387-B81C-4C55-9593-EB7A1044A657}\Setup.exe" -L0x7 Adobe Acrobat 4.0-->C:\WINDOWS\ISUN0407.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 4.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 4.0\NT\Uninst.dll" Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7} Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe Adobe Reader 8.1.2 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A81200000003} Adobe Shockwave Player-->C:\Windows\System32\Adobe\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Adobe\SHOCKW~1\Install.log Apple Mobile Device Support-->MsiExec.exe /I{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6} Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033} Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE Bluetooth Stack for Windows by Toshiba-->MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6} Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959} CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe" Compatibility Pack für 2007 Office System-->MsiExec.exe /X{90120000-0020-0407-0000-0000000FF1CE} DHTML Editing Component-->MsiExec.exe /I{2EA870FA-585F-4187-903D-CB9FFD21E2E0} ElsterFormular 2007/2008-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B480BD2A-F1BA-4FE6-8C8E-34C6111B72C9}\setup.exe" -l0x7 -removeonly Gadu-Gadu 7.7-->C:\Program Files\Gadu-Gadu\Setup.exe Genesys PC Camera Device-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3FB39BED-37C8-4E60-8E02-315B8C2B07E3}\setup.exe" -l0x7 -removeonly HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall ICQ Toolbar-->regsvr32 /u /s "C:\PROGRA~1\ICQTOO~1\toolbaru.dll" iTunes-->MsiExec.exe /I{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843} Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF} Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Microsoft .NET Framework 1.1 German Language Pack-->MsiExec.exe /X{E78BFA60-5393-4C38-82AB-E8019E464EB4} Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft Office PowerPoint Viewer 2007 (German)-->MsiExec.exe /X{95120000-00AF-0407-0000-0000000FF1CE} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7} Microsoft Visual J# .NET Redistributable Package 1.1-->MsiExec.exe /X{1A655D51-1423-48A3-B748-8F5A0BE294C8} Microsoft Works-->MsiExec.exe /I{39D0E034-1042-4905-BECB-5502909FCB7C} Need for Speed™ Most Wanted-->G:\EA GAMES\Need for Speed Most Wanted\EAUninstall.exe NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI PaperPort-->MsiExec.exe /I{A17EABB6-D0C6-44E5-820C-72DC7F495064} PC Tools Firewall Plus 4.0-->C:\Program Files\PC Tools Firewall Plus\unins000.exe /LOG PC-Linq-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{808FAA20-4C3A-11D4-8A57-00201853C903}\Setup.exe" Philips SPC210NC Webcam -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{38D95956-E92C-4473-904B-CD877EA04410}\setup.exe" -l0x7 Photosynth 2.0.1403.5-->MsiExec.exe /X{556EEE74-6788-4292-8252-8B17E2C7952A} QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB} Safari-->MsiExec.exe /I{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868} Samsung Converter-->C:\Program Files\InstallShield Installation Information\{4B55E0A8-07F5-4966-9B7B-D32C8ADC0FF4}\Setup.exe -runfromtemp -l0x0007 -removeonly Samsung Master-->C:\Program Files\InstallShield Installation Information\{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}\Setup.exe -runfromtemp -l0x0007 -removeonly SAMSUNG Mobile Modem Driver Set-->C:\Windows\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe Samsung Mobile phone USB driver Software-->C:\Windows\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe SAMSUNG Mobile USB Modem 1.0 Software-->C:\Windows\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe SAMSUNG Mobile USB Modem Software-->C:\Windows\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe Samsung PC Studio 3 USB Driver Installer-->"C:\Program Files\InstallShield Installation Information\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}\setup.exe" -runfromtemp -l0x0007 -removeonly Samsung USB Driver-->"C:\Program Files\InstallShield Installation Information\{713E5AB1-2389-43A6-8313-CB4D3C44C4FA}\Setup.exe" -runfromtemp -l0x0009 anything -removeonly Sicherer Spieltreiber-->C:\Program Files\SkillJam Technologies\Secure Player\Uninstall.exe Skype™ 3.6-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82} T-Online 6.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B1275E23-717A-4D52-997A-1AD1E24BC7F3}\Setup.exe" CPAS T-Online WLAN-Access Finder-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{295C31E5-3F91-498E-9623-DA24D2FA2B6A}\Setup.exe" -L0x7 TuneUp Utilities 2008-->MsiExec.exe /I{5888428E-699C-4E71-BF71-94EE06B497DA} Uniblue DriverScanner 2009-->"C:\ProgramData\{D5ABFFAD-D592-4F98-B02B-587125B4801F}\DriverScanner_Setup.exe" REMOVE=TRUE MODIFY=FALSE Uniblue DriverScanner 2009-->C:\ProgramData\{D5ABFFAD-D592-4F98-B02B-587125B4801F}\DriverScanner_Setup.exe Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u VirtualCloneDrive-->"C:\Program Files\Elaborate Bytes\VirtualCloneDrive\vcd-uninst.exe" /D="C:\Program Files\Elaborate Bytes\VirtualCloneDrive" Vista Codec Package-->MsiExec.exe /I{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99} Winamp Toolbar for Internet Explorer-->"C:\Program Files\Winamp Toolbar\uninstall.exe" Winamp-->"C:\Program Files\Winamp\UninstWA.exe" Windows Live Anmelde-Assistent-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986} Windows Live installer-->MsiExec.exe /X{7A7B0BF3-2F00-4F03-8A9B-6ABCC07B90C6} WinRAR-->C:\Program Files\WinRAR\uninstall.exe ======Security center information====== AV: Avira AntiVir PersonalEdition FW: PC Tools Firewall Plus AS: Windows-Defender ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis2\;C:\Program Files\VistaCodecPack\QT\QTSystem\ "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC "PROCESSOR_ARCHITECTURE"=x86 "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "USERNAME"=SYSTEM "windir"=%SystemRoot% "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel "PROCESSOR_REVISION"=0f0d "NUMBER_OF_PROCESSORS"=2 "CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip "QTJAVA"=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip -----------------EOF----------------- Und bei smitfraudfix kommt diese Meldung. Anhang: Screen.JPG
|
|
|
||
13.12.2008, 17:31
Moderator
Beiträge: 5694 |
#10
Also hier sehe ich nichts mehr. Wie siehst aus mit dem Antivirenprogramm und dem Emailprogramm?`
Tretten noch Probleme auf? Gruss Swiss |
|
|
||
13.12.2008, 20:02
Member
Themenstarter Beiträge: 27 |
#11
Ja leider immer noch, AntiVir reagiert nicht auf das Überprüfen des Systems, und das T-online 6.0 Email Programm lässt sich nicht starten
|
|
|
||
14.12.2008, 22:33
Moderator
Beiträge: 5694 |
#12
>>
HAst Du einen USB Stick angeschlossen welcher evtl verseucht ist? >> Verstehe ich richtig, du kannst keine Prüfung machen mit Avira? >> Welche Fehlermeldung kommt dann bei Combofix? >> Mach ein Onlinescan mit FSecure: http://support.f-secure.de 1. Klicke: Start Scanning 2. Du wirst aufgefordert , ein ActiveX-Control zu installieren 3. Installiere diese ActiveX-Komponente 4. Lies die Anleitung und klicke: "Accept" 5. Klicke "Full System Scan" 6. klicke "Show report" - kopiere den Scanreport (Sicherheitsforum) >> Scanne mit Dr Web: http://board.protecus.de/t29350.htm >> Arbeite datfindbat ab - poste von jedem log nur die Daten der letzten drei Monate: http://www.virus-protect.org/datfindbat.html Gruss Swiss |
|
|
||
Ihre Namen:
TR/DLdr.WMA.Wimad.A
und
TR/DLdr.iBiLL.BV
Nun deaktiviert mir dieser Sogar mein AntiVir und mein Email Programm (Von t-online 6.0 die Email Funktion)
Mit was soll ich mein PC Scannen Sodass ihr wießt was hier los ist.
#Neu aufsetzen möchte ich NICHT ! Da ich sehr wichtige Daten hier drauf habe ;-)