Syntaxfehler!!! |
||
---|---|---|
#0
| ||
16.02.2009, 00:06
Member
Beiträge: 29 |
||
|
||
16.02.2009, 16:39
Member
Beiträge: 3716 |
||
|
||
16.02.2009, 19:20
Member
Themenstarter Beiträge: 29 |
#3
ok hier die angeforderten logs
malewarebytes: Malwarebytes' Anti-Malware 1.30 Datenbank Version: 1395 Windows 6.0.6001 Service Pack 1 16.02.2009 19:05:35 mbam-log-2009-02-16 (19-05-35).txt Scan-Methode: Quick-Scan Durchsuchte Objekte: 48007 Laufzeit: 4 minute(s), 39 second(s) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) combofix: ComboFix 09-02-15.01 - Marcus 2009-02-16 18:51:37.1 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1031.18.2037.827 [GMT 1:00] ausgeführt von:: c:\users\Marcus\Downloads\ComboFix.exe * Neuer Wiederherstellungspunkt wurde erstellt * Resident AV is active . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . c:\users\Marcus\AppData\Local\hwoix.dat c:\users\Marcus\AppData\Local\hwoix_nav.dat c:\users\Marcus\AppData\Local\hwoix_navps.dat c:\users\Marcus\AppData\Local\ieycwr.dat c:\users\Marcus\AppData\Local\ieycwr_nav.dat c:\users\Marcus\AppData\Local\ieycwr_navps.dat c:\windows\system32\x64 . ((((((((((((((((((((((( Dateien erstellt von 2009-01-16 bis 2009-02-16 )))))))))))))))))))))))))))))) . 2009-02-16 13:30 . 2008-12-05 05:32 428,544 --a------ c:\windows\System32\EncDec.dll 2009-02-16 13:30 . 2008-12-05 05:32 293,376 --a------ c:\windows\System32\psisdecd.dll 2009-02-16 13:30 . 2008-12-05 05:31 217,088 --a------ c:\windows\System32\psisrndr.ax 2009-02-16 13:30 . 2008-12-05 05:31 177,664 --a------ c:\windows\System32\mpg2splt.ax 2009-02-16 13:30 . 2008-12-05 05:31 80,896 --a------ c:\windows\System32\MSNP.ax 2009-02-15 20:11 . 2009-02-15 20:11 <DIR> d-------- c:\users\All Users\SweetIM 2009-02-15 20:11 . 2009-02-15 20:11 <DIR> d-------- c:\programdata\SweetIM 2009-02-15 20:11 . 2009-02-15 20:11 <DIR> d-------- c:\program files\SweetIM 2009-02-12 16:51 . 2009-02-12 16:52 <DIR> d-------- C:\DVDVideoSoft 2009-02-12 15:22 . 2009-02-12 15:22 <DIR> d-------- c:\users\Marcus\Silly 2009-02-06 18:17 . 2009-02-06 18:17 <DIR> d-------- C:\ANNO1602 2009-02-06 12:48 . 2008-06-20 02:14 781,344 --a------ c:\windows\System32\PresentationNative_v0300.dll 2009-02-06 12:48 . 2008-06-20 02:14 622,080 --a------ c:\windows\System32\icardagt.exe 2009-02-06 12:48 . 2008-06-20 02:14 326,160 --a------ c:\windows\System32\PresentationHost.exe 2009-02-06 12:48 . 2008-06-20 02:14 105,016 --a------ c:\windows\System32\PresentationCFFRasterizerNative_v0300.dll 2009-02-06 12:48 . 2008-06-20 02:14 97,800 --a------ c:\windows\System32\infocardapi.dll 2009-02-06 12:48 . 2008-06-20 02:14 43,544 --a------ c:\windows\System32\PresentationHostProxy.dll 2009-02-06 12:48 . 2008-06-20 02:14 37,384 --a------ c:\windows\System32\infocardcpl.cpl 2009-02-06 12:48 . 2008-06-20 02:14 11,264 --a------ c:\windows\System32\icardres.dll 2009-02-06 12:37 . 2008-07-27 19:03 282,112 --a------ c:\windows\System32\mscoree.dll 2009-02-06 12:37 . 2008-07-27 19:03 158,720 --a------ c:\windows\System32\mscorier.dll 2009-02-06 12:37 . 2008-07-27 19:03 96,760 --a------ c:\windows\System32\dfshim.dll 2009-02-06 12:37 . 2008-07-27 19:03 83,968 --a------ c:\windows\System32\mscories.dll 2009-02-06 12:37 . 2008-07-27 19:03 41,984 --a------ c:\windows\System32\netfxperf.dll 2009-02-05 18:06 . 2009-02-05 18:16 <DIR> d-------- c:\users\Marcus\AppData\Roaming\SecondLife 2009-02-05 15:44 . 2009-02-05 15:45 <DIR> d-------- c:\users\Marcus\vom alten rechner 2009-02-05 12:54 . 2009-02-05 14:20 <DIR> d-------- c:\users\Marcus\AppData\Roaming\DAEMON Tools Pro 2009-02-05 12:54 . 2009-02-05 12:54 <DIR> d-------- c:\users\Marcus\AppData\Roaming\DAEMON Tools 2009-02-05 12:53 . 2009-02-05 12:53 <DIR> d-------- c:\users\All Users\DAEMON Tools Lite 2009-02-05 12:53 . 2009-02-05 12:53 <DIR> d-------- c:\programdata\DAEMON Tools Lite 2009-02-05 12:52 . 2009-02-05 12:53 <DIR> d-------- c:\program files\DAEMON Tools Toolbar 2009-02-05 12:52 . 2009-02-05 12:53 <DIR> d-------- c:\program files\DAEMON Tools Lite 2009-02-05 00:04 . 2009-02-05 00:04 717,296 --a------ c:\windows\System32\drivers\sptd.sys 2009-02-05 00:03 . 2009-02-05 12:55 <DIR> d-------- c:\users\Marcus\AppData\Roaming\DAEMON Tools Lite 2009-02-04 21:36 . 2009-02-04 21:36 <DIR> d-------- c:\program files\Smart Projects 2009-02-04 00:35 . 2009-02-04 00:35 13,824 --a------ C:\grf_last.grf 2009-02-02 00:10 . 2009-02-02 23:17 <DIR> d-------- c:\users\Marcus\vanny-lin 2009-01-31 13:50 . 2009-01-31 13:50 <DIR> d-------- c:\users\Marcus\Videos 2009-01-28 14:29 . 2009-01-28 14:32 <DIR> d-------- c:\users\Public\Games 2009-01-24 00:30 . 2009-01-24 19:05 <DIR> d-------- c:\users\Marcus\Contacts 2009-01-23 12:50 . 2009-02-02 16:19 <DIR> d-------- c:\users\Marcus\zeug 2009-01-20 01:59 . 2009-01-20 01:59 <DIR> d-------- c:\users\Marcus\.thumbnails 2009-01-20 01:45 . 2009-02-09 13:33 <DIR> d-------- c:\users\Marcus\.gimp-2.6 2009-01-20 01:45 . 2009-01-20 01:45 <DIR> d-------- c:\users\Marcus\.gegl-0.0 . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-16 12:54 --------- d-----w c:\program files\Windows Mail 2009-02-06 14:10 --------- d-----w c:\users\Marcus\AppData\Roaming\gtk-2.0 2009-02-03 23:37 --------- d---a-w c:\programdata\TEMP 2009-01-31 12:51 --------- d-----w c:\program files\DivX 2009-01-31 12:51 --------- d-----w c:\program files\Common Files\PX Storage Engine 2009-01-28 18:59 456 ----a-w c:\users\Marcus\AppData\Roaming\wklnhst.dat 2009-01-26 21:28 --------- d-----w c:\program files\Ashampoo 2009-01-26 20:54 --------- d-----w c:\program files\Free FLV Converter 2009-01-26 20:38 --------- d-----w c:\program files\Paint.NET 2009-01-24 00:18 --------- d-----w c:\users\Marcus\AppData\Roaming\phonostar-Player 2009-01-21 19:08 --------- d-----w c:\program files\Videograbber 5.0 2009-01-21 14:22 --------- d-----w c:\users\Marcus\AppData\Roaming\dvdcss 2009-01-18 19:38 --------- d-----w c:\users\Marcus\AppData\Roaming\Any Video Converter 2009-01-08 06:26 --------- d-----w c:\program files\PhotoScape 2009-01-04 18:06 --------- d--h--w c:\program files\InstallShield Installation Information 2009-01-04 18:06 --------- d-----w c:\program files\phenomedia 2008-12-30 12:00 --------- d-----w c:\program files\mp3DirectCut 2008-12-29 21:57 952,832 ----a-w c:\windows\system32\drivers\athr.sys 2008-12-16 02:42 288,768 ----a-w c:\windows\system32\drivers\srv.sys 2008-12-11 00:33 86,016 ----a-w c:\windows\System32\dpl100.dll 2008-12-11 00:33 200,704 ----a-w c:\windows\System32\dtu100.dll 2008-12-09 02:28 593,920 ----a-w c:\windows\System32\dpuGUI11.dll 2008-12-09 02:28 57,344 ----a-w c:\windows\System32\dpv11.dll 2008-12-09 02:28 344,064 ----a-w c:\windows\System32\dpus11.dll 2008-12-09 02:28 294,912 ----a-w c:\windows\System32\dpu11.dll 2008-10-23 10:19 77,824 ----a-w c:\program files\FaceControl.8bf 2008-06-28 12:16 5,864,016 ----a-w c:\program files\ashampoo_burningstudio661_free_cbo_de.exe 2008-06-20 12:37 174 --sha-w c:\program files\desktop.ini 2006-02-03 07:41 41,168 ----a-w c:\users\Public\FirewallInstallHelper.dll 2006-05-03 09:06 163,328 --sh--r c:\windows\System32\flvDX.dll 2007-02-21 10:47 31,232 --sh--r c:\windows\System32\msfDX.dll 2008-03-16 12:30 216,064 --sh--r c:\windows\System32\nbDX.dll 2008-06-17 10:21 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008061720080618\index.dat 2008-08-14 01:56 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008081420080815\index.dat 2008-11-13 14:07 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008111320081114\index.dat . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2008-10-08 173368] [HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}] [HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1] [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}] [HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}] 2008-10-08 12:22 1172792 --a------ c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792] [HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}] [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3] [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}] [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792] [HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}] [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3] [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}] [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216] "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-06-06 159744] "Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-05-22 151552] "WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344] "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-19 266497] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656] "LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-07-16 768520] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-11-08 185896] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600] "SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2009-01-28 111928] "RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 c:\windows\RtHDVCpl.exe] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"= 0 (0x0) "NoFileAssociate"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=eNetHook.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.i420"= i420vfw.dll "msacm.l3acm"= c:\windows\system32\l3codecp.acm "msacm.l3codec"= c:\windows\system32\l3codecp.acm [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk /p \??\F:\0autocheck autochk * [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Tour Reminder] --a------ 2007-05-22 14:49 151552 c:\acer\AcerTour\Reminder.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ] --a------ 2008-11-30 14:41 172792 c:\progra~1\ICQ6.5\ICQ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlayMovie] --------- 2007-05-24 13:38 206952 c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{650690AE-294A-4C4D-B970-295A47B2A065}"= c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe "{BD36B784-84D8-4B37-83BD-DF533C93BB03}"= c:\program files\Acer Arcade Deluxe\VideoMagician\VideoMagician.exe:VideoMagician "{2A244C2D-44B7-42EE-9217-799A3F0EB866}"= c:\program files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:HomeMedia "{68D38B0B-0061-4E79-AA33-5F18EB9B3E64}"= c:\program files\Acer Arcade Deluxe\DV Wizard\DV Wizard.exeV Wizard "{8AF9B2C8-139E-480B-8687-105641CC5DE2}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{6360C419-FD9E-4369-AB7A-99B38BBB01FE}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{27246F7D-5919-4981-9051-918C9E0641FB}"= c:\program files\Acer Arcade Deluxe\DVDivine\DVDivine.exeVDivine "{42D9D1FD-B840-41D8-BBE9-6E7C1BBD7B30}"= c:\program files\Acer Arcade Deluxe\Play Movie\PlayMovie.exelay Movie "{38D3B740-A6D0-4FB2-9AE6-AF7D06B590A2}"= c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exelay Movie Resident Program "TCP Query User{9CD575A7-0027-49A1-9C2A-D1806AADC08E}c:\\program files\\web.de\\web.de multimessenger\\messengr.exe"= UDP:c:\program files\web.de\web.de multimessenger\messengr.exe:WEB.DE MultiMessenger "UDP Query User{C90D1838-482D-4F09-B83E-AF263B0DE4EE}c:\\program files\\web.de\\web.de multimessenger\\messengr.exe"= TCP:c:\program files\web.de\web.de multimessenger\messengr.exe:WEB.DE MultiMessenger "TCP Query User{18099F24-6F4C-4687-8771-896603966F0D}c:\\program files\\web.de\\web.de multimessenger\\messengr.exe"= UDP:c:\program files\web.de\web.de multimessenger\messengr.exe:WEB.DE MultiMessenger "UDP Query User{E6EAB7BD-14A6-4359-84E0-8C53A2891645}c:\\program files\\web.de\\web.de multimessenger\\messengr.exe"= TCP:c:\program files\web.de\web.de multimessenger\messengr.exe:WEB.DE MultiMessenger "{3B4732A6-14FC-438C-B37E-B89D7E7E5CE6}"= UDProfile=Private|Profile=Public|c:\program files\Tobit ClipInc\Server\ClipInc-Server.exe:ClipInc Server "{6C47B181-AA5D-43C9-A9FA-AFEC120ED5CF}"= TCProfile=Private|Profile=Public|c:\program files\Tobit ClipInc\Server\ClipInc-Server.exe:ClipInc Server "{B62B83B1-34AA-44B9-BA73-D1D949923178}"= UDProfile=Private|Profile=Public|c:\program files\Tobit ClipInc\Player\ClipInc-Player.exe:ClipInc Player "{DDAD9AD2-008E-44FF-B0C4-FE5E49438855}"= TCProfile=Private|Profile=Public|c:\program files\Tobit ClipInc\Player\ClipInc-Player.exe:ClipInc Player "TCP Query User{35F2691C-A3BF-4366-9F49-1880A68A4802}c:\\program files\\sony ericsson\\update service\\update service.exe"= UDP:c:\program files\sony ericsson\update service\update service.exe:Update Service "UDP Query User{AE261740-F513-4475-8786-DCFDE2FC58C5}c:\\program files\\sony ericsson\\update service\\update service.exe"= TCP:c:\program files\sony ericsson\update service\update service.exe:Update Service "{6E6A17A0-56DE-462E-B1B8-A244F7CC0BE8}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{9DA6AC57-D38E-46E4-8B8A-72B76E368CC5}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{5488E710-5328-4CED-89F9-8B433B518382}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{6AA9B86D-C0AB-4CEC-BD8B-1333FE8504D9}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "TCP Query User{2C3AA6C6-7B3A-4699-9C7E-119D39A73BA3}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{26F10238-E6A3-4190-837E-F477DCC6DE44}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "{4F350656-CF81-42E5-B7DE-52A8C1FC4DE1}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger "{F54444C5-4F10-46F4-8310-C015B1B9CA91}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger "{5FB47E5C-4B90-4C49-A7FF-1DE32D62449C}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server "{AE429D13-816E-413D-AE91-CC7BA4E707AE}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server "TCP Query User{E6FC236E-82E6-48E9-80B0-07F47D1FA053}c:\\program files\\icq6\\icq.exe"= UDP:c:\program files\icq6\icq.exe:ICQ Library "UDP Query User{89E0EA87-4C71-4EAF-BDB7-18B66BEEAB4B}c:\\program files\\icq6\\icq.exe"= TCP:c:\program files\icq6\icq.exe:ICQ Library "TCP Query User{1A919858-E155-4BB9-B3EB-2D6F44A5BC1D}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox "UDP Query User{0E794209-88FA-4694-BD91-F3FC70113964}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox "TCP Query User{C7845CF6-7B6B-4FD0-BF09-2CF43EA1E815}c:\\program files\\gimp-2.0\\lib\\gimp\\2.0\\plug-ins\\script-fu.exe"= UDP:c:\program files\gimp-2.0\lib\gimp\2.0\plug-ins\script-fu.exe:script-fu "UDP Query User{DF598A5F-1B55-4E9B-B112-E8EE3437D1C5}c:\\program files\\gimp-2.0\\lib\\gimp\\2.0\\plug-ins\\script-fu.exe"= TCP:c:\program files\gimp-2.0\lib\gimp\2.0\plug-ins\script-fu.exe:script-fu "{5CFE543E-E486-43CE-8953-93E683696877}"= UDP:5353:Adobe CSI CS4 "{9F3DBF06-D663-464E-B268-8481E19CC192}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4 "{C3798555-8FCC-4D49-94BB-E25B2B9B6508}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4 "TCP Query User{98B47A0C-C209-4E91-B54F-ADE7F552E8AD}c:\\program files\\icq6\\icq.exe"= UDP:c:\program files\icq6\icq.exe:ICQ Library "UDP Query User{F099707F-260B-421C-86F5-BF3FCFECCE42}c:\\program files\\icq6\\icq.exe"= TCP:c:\program files\icq6\icq.exe:ICQ Library [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "DisableNotifications"= 1 (0x1) R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl [2007-10-29 20:15:47 13560] R2 ALaunchService;ALaunch Service;c:\acer\ALaunch\ALaunchSvc.exe [2007-07-27 50688] R2 TeamViewer;TeamViewer 3;c:\program files\TeamViewer3\TeamViewer_Service.exe [2008-09-25 181544] R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [2007-07-28 179712] R3 d12xbus;4G Systems Multi Mode Datacard Composite Device driver (WDM);c:\windows\System32\drivers\d12xbus.sys [2008-05-10 66880] R3 d12xmdfl;4G Systems Multi Mode Datacard Modem (Filter);c:\windows\System32\drivers\d12xmdfl.sys [2008-05-10 9456] R3 d12xmdm;4G Systems Multi Mode Datacard Modem;c:\windows\System32\drivers\d12xmdm.sys [2008-05-10 101056] R3 d12xserd;4G Systems Multi Mode Datacard Serial Interface (WDM);c:\windows\System32\drivers\d12xserd.sys [2008-05-10 79968] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{340915af-1eae-11dd-bf7d-001b38684d28}] \shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL H:\autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3ddb6b30-7f4f-11dd-9be4-001b38684d28}] \shell\AutoRun\command - F:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3ddb6b45-7f4f-11dd-9be4-001b38684d28}] \shell\AutoRun\command - F:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{84ded317-1ed7-11dd-9075-001b38684d28}] \shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{84ded33c-1ed7-11dd-9075-001b38684d28}] \shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d3d0e541-f43c-11dd-93ba-e735577c6b59}] \shell\AutoRun\command - F:\autoplay.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fd30601c-f37a-11dd-a696-fb06d0cabec5}] \shell\AutoRun\command - G:\autoplay.exe . - - - - Entfernte verwaiste Registrierungseinträge - - - - HKCU-Run-AdobeBridge - (no file) HKLM-Run-Acer Tour - (no file) HKLM-Run-eRecoveryService - (no file) MSConfigStartUp-Adobe Photo Downloader - c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\qttask.exe MSConfigStartUp-WEB.DE_WEB - c:\program files\WEB.DE\WEB.DE MultiMessenger\MESSENGR.EXE . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://start.icq.com/ uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 mStart Page = hxxp://de.intl.acer.yahoo.com uSearchURL,(Default) = hxxp://de.rd.yahoo.com/customize/ycomp/defaults/su/*http://de.yahoo.com IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\users\Marcus\AppData\Roaming\Mozilla\Firefox\Profiles\fxda8tok.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.snapscouts.de/ FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q= 1 Datei(en) verschoben. FF - component: c:\users\Marcus\AppData\Roaming\Mozilla\Firefox\Profiles\fxda8tok.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\platform\WINNT_x86-msvc\components\SSSLauncher.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-16 18:54:53 Windows 6.0.6001 Service Pack 1 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostarteinträge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** . --------------------- Durch laufende Prozesse gestartete DLLs --------------------- - - - - - - - > 'winlogon.exe'(652) c:\windows\system32\eNetHook.dll - - - - - - - > 'lsass.exe'(636) c:\windows\system32\eNetHook.dll . Zeit der Fertigstellung: 2009-02-16 18:57:37 ComboFix-quarantined-files.txt 2009-02-16 17:57:27 Vor Suchlauf: 6.281.003.008 Bytes frei Nach Suchlauf: 5,923,885,056 Bytes frei 282 --- E O F --- 2009-02-16 13:05:12 hijackthis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:15:26, on 16.02.2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Launch Manager\LManager.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Windows\ehome\ehtray.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\ehome\ehmsas.exe C:\Windows\system32\igfxext.exe C:\Windows\system32\wuauclt.exe C:\Windows\system32\notepad.exe C:\Windows\Explorer.exe C:\Program Files\T-Mobile\web'n'walk Manager\OneClickAssistant.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\ICQ6.5\ICQ.exe C:\Windows\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.intl.acer.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://de.rd.yahoo.com/customize/ycomp/defaults/su/*http://de.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - - (no file) R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe O13 - Gopher Prefix: O17 - HKLM\System\CCS\Services\Tcpip\..\{EE8BBC3E-9FB2-4CE6-9609-99C5FB62C9AA}: NameServer = 193.254.160.1 193.254.160.130 O20 - AppInit_DLLs: eNetHook.dll O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: TeamViewer 3 (TeamViewer) - TeamViewer GmbH - C:\Program Files\TeamViewer3\TeamViewer_Service.exe O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 7533 bytes uninstall liste 2007 Microsoft Office Suite Service Pack 1 (SP1) 2007 Microsoft Office Suite Service Pack 1 (SP1) 2007 Microsoft Office Suite Service Pack 1 (SP1) 2007 Microsoft Office Suite Service Pack 1 (SP1) 2007 Microsoft Office Suite Service Pack 1 (SP1) 2007 Microsoft Office Suite Service Pack 1 (SP1) 2007 Microsoft Office Suite Service Pack 1 (SP1) 2007 Microsoft Office Suite Service Pack 1 (SP1) 2007 Microsoft Office Suite Service Pack 1 (SP1) 2007 Microsoft Office Suite Service Pack 1 (SP1) Acer Arcade Deluxe Acer eDataSecurity Management Acer eLock Management Acer Empowering Technology Acer eNet Management Acer ePower Management Acer ePresentation Management Acer eSettings Management Acer GridVista Acer Mobility Center Plug-In Acer ScreenSaver Acer Tour Activation Assistant for the 2007 Microsoft Office suites Adobe Flash Player ActiveX Adobe Flash Player Plugin Adobe Fonts All Adobe Reader 8.1.3 Adobe Search for Help Adobe Service Manager Extension Adobe Setup Adobe Shockwave Player Adobe WinSoft Linguistics Plugin AdobeColorCommonSetCMYK AdobeColorCommonSetRGB Agere Systems HDA Modem ALPS Touch Pad Driver Anno 1602 Any Video Converter 2.6.1 AP Tuner 3.08 Ashampoo Burning Studio 6 FREE Ashampoo WinOptimizer 4 FREE Avira AntiVir Personal - Free Antivirus AVS DVD Player version 2.4 CCleaner (remove only) CD Audio Reader Filter (remove only) Codec Pack - All In 1 6.0.3.0 Connect DAEMON Tools Toolbar DirectVobSub (remove only) DivX Codec DivX Converter DivX Player DivX Plus DirectShow Filters DivX Web Player DScaler 5 Mpeg Decoders DVD Shrink 3.2 EatCam Webcam Recorder 2.0 for Yahoo Messenger Exact Audio Copy 0.99pb4 Favorit Free Fire Screensaver Free FLV Converter V 5.3 Free YouTube to Mp3 Converter version 3.1 GIMP 2.6.3 HijackThis 2.0.2 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) ICQ6.5 Intel(R) Graphics Media Accelerator Driver Java(TM) 6 Update 11 kuler Launch Manager Malwarebytes' Anti-Malware Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 3.5 SP1 Microsoft Office Excel MUI (German) 2007 Microsoft Office Home and Student 2007 Microsoft Office Home and Student 2007 Microsoft Office OneNote MUI (German) 2007 Microsoft Office PowerPoint MUI (German) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (German) 2007 Microsoft Office Proof (Italian) 2007 Microsoft Office Proofing (German) 2007 Microsoft Office Shared MUI (German) 2007 Microsoft Office Word MUI (German) 2007 Microsoft Silverlight Microsoft Visual C++ 2005 Redistributable Microsoft Works Moorhuhn-X Mozilla Firefox (3.0.6) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB941833) MSXML 4.0 SP2 (KB954430) NTI Backup NOW! 4.7 NTI Backup NOW! 4.7 NTI CD & DVD-Maker OpenOffice.org Installer 1.0 OpenSource Flash Video Splitter (remove only) PhotoScape PowerProducer 3.72 RealPlayer Realtek High Definition Audio Driver Search Settings 1.2 Security Update for 2007 Microsoft Office System (KB951550) Security Update for 2007 Microsoft Office System (KB951944) Security Update for 2007 Microsoft Office System (KB958439) Security Update for Microsoft Office Excel 2007 (KB958437) Security Update for Microsoft Office OneNote 2007 (KB950130) Security Update for Microsoft Office PowerPoint 2007 (KB951338) Security Update for Microsoft Office system 2007 (KB954326) Security Update for Microsoft Office system 2007 (KB956828) Security Update for Microsoft Office Word 2007 (KB956358) Sony Eyetoy Webcam Suite Shared Configuration CS4 SUPER © Version 2008.bld.33 (Sep 2, 2008) SweetIM for Messenger 2.6 SweetIM Toolbar for Internet Explorer 3.3 TeamViewer 3 Text-To-Speech-Runtime Uninstall 1.0.0.1 Update for Microsoft Office Excel 2007 Help (KB957242) Update for Office 2007 (KB946691) VC80CRTRedist - 8.0.50727.762 Videograbber 5.0 VideoLAN VLC media player 0.8.6i web'n'walk Manager Windows Live Messenger WinRAR Yahoo! Messenger |
|
|
||
16.02.2009, 19:23
Member
Beiträge: 3716 |
#4
update malwareBytes und lass es erneut laufen
|
|
|
||
19.02.2009, 19:41
Member
Beiträge: 3716 |
#5
na gut wenn meine nicht zehlt...
|
|
|
||
19.02.2009, 19:42
Member
Themenstarter Beiträge: 29 |
#6
sorry hatte mich vertan nich böse sein zuwenig schlaf
hier der neue log mit update Malwarebytes' Anti-Malware 1.34 Datenbank Version: 1779 Windows 6.0.6001 Service Pack 1 19.02.2009 19:53:41 mbam-log-2009-02-19 (19-53-41).txt Scan-Methode: Quick-Scan Durchsuchte Objekte: 61994 Laufzeit: 6 minute(s), 37 second(s) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Dieser Beitrag wurde am 19.02.2009 um 19:54 Uhr von timmi85 editiert.
|
|
|
||
19.02.2009, 20:05
Member
Beiträge: 3716 |
#7
besteht das problem noch?
|
|
|
||
19.02.2009, 21:55
Member
Themenstarter Beiträge: 29 |
#8
ja besteht immer noch und es tritt meisten ins verbindung mit icq auf nachricht bekommen oder ähnliches hab icq auch schonmal neu gemacht hat aber nix geändert
|
|
|
||
20.02.2009, 00:00
Ehrenmitglied
Beiträge: 6028 |
#9
Entferne via Software
DAEMON Tools Toolbar Search Settings 1.2 Scanne mit SuperAntispyware http://board.protecus.de/t31252.htm __________ MfG Argus |
|
|
||
20.02.2009, 15:07
Member
Themenstarter Beiträge: 29 |
#10
habe alles erledigt
SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 02/20/2009 at 02:37 PM Application Version : 4.25.1012 Core Rules Database Version : 3768 Trace Rules Database Version: 1719 Scan type : Complete Scan Total Scan Time : 01:10:48 Memory items scanned : 764 Memory threats detected : 0 Registry items scanned : 7380 Registry threats detected : 0 File items scanned : 29417 File threats detected : 33 Adware.Tracking Cookie C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Cookies\marcus@adserver.71i[6].txt C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Cookies\marcus@atwola[7].txt C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Cookies\marcus@atwola[6].txt C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Cookies\marcus@adserver.71i[2].txt C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Cookies\marcus@atwola[3].txt C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Cookies\marcus@adserver.71i[3].txt C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Cookies\marcus@atwola[4].txt C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Cookies\marcus@adserver.71i[4].txt C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Cookies\marcus@atwola[5].txt C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Cookies\marcus@adserver.71i[1].txt C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Cookies\marcus@adserver.71i[5].txt C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Cookies\marcus@ad.yieldmanager[2].txt C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Cookies\marcus@ad.yieldmanager[1].txt C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Cookies\marcus@zbox.zanox[3].txt C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Cookies\marcus@adfarm1.adition[1].txt C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Cookies\marcus@zbox.zanox[4].txt C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Cookies\marcus@zbox.zanox[1].txt C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Cookies\marcus@zanox[1].txt C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Cookies\marcus@serving-sys[2].txt C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Cookies\marcus@ad.71i[2].txt C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Cookies\marcus@bs.serving-sys[1].txt C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Cookies\marcus@ad.71i[3].txt C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Cookies\marcus@bs.serving-sys[2].txt C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Cookies\marcus@ad.71i[4].txt C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Cookies\marcus@bs.serving-sys[3].txt C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Cookies\marcus@ad.71i[1].txt C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Cookies\marcus@bs.serving-sys[4].txt C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Cookies\marcus@adtech[1].txt C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Cookies\marcus@serving-sys[5].txt C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Cookies\marcus@serving-sys[3].txt C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Cookies\marcus@serving-sys[1].txt C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Cookies\marcus@atwola[1].txt C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Cookies\marcus@atwola[2].txt im anhang mal nen bild der fehler meldung script debbuging ist deaktivieren ist aktviert!! Anhang: Image3.gif
|
|
|
||
20.02.2009, 17:22
Member
Beiträge: 1132 |
#11
Hi timmi,
möglicherweise ist ja auch der IE beschädigt. Schau Dir mal diesen Hilfeartikel von MS an und arbeite alles ab. http://support.microsoft.com/kb/285212/de und, falls das Problem immer noch besteht http://support.microsoft.com/kb/308260/DE/ Viel Spaß! Gruß Heron __________ "Die Welt ist groß, weil der Kopf so klein" Wilhelm Busch |
|
|
||
20.02.2009, 17:52
Member
Beiträge: 4730 |
#12
Das Problem könnte wirklich was mit ICQ zu tun haben. Ich hatte es auch in Verbindung mit ICQ, inzwischen ist es aber ohne Grund verschwunden. Evtl. mal prüfen, ob alle Windows-Updates installiert sind und auch das neuste Build von ICQ herunterladen und installieren (bei mir läuft ICQ 6.5 Build 104 problemlos unter Vista, aktuell ist Buil 1005 [glaub ich]).
Ich empfehle außerdem, SweetIM zu deinstallieren. Dieses Programm für Mädchen könnte auch für einige Probleme verantwortlich sein. __________ Dies ist eine Signatur! Persönlicher Service: Du kommst aus Berlin? Dann melde Dich per PN bei mir, evtl. können wir einen Termin vereinbaren. Der Grabsteinschubser Dieser Beitrag wurde am 20.02.2009 um 18:00 Uhr von Gool editiert.
|
|
|
||
20.02.2009, 18:47
Member
Themenstarter Beiträge: 29 |
#13
hat bis jezz alles nix gebracht icq is egtl auf dem neusten stand sweet.... is deinstalliert....*verzweifelt bin*
ich glaub auch das es erst ist seit dem ich firefox habe. icq hängt sich jezz auch andauernt auf beim schreiben! |
|
|
||
21.02.2009, 09:47
Member
Beiträge: 4730 |
#14
Wenn ich mich doch erinnern könnte, ob es wirklich einfach weg war oder ob ich irgendwas gemacht habe... das würde sicherlich weiterhelfen... damals hatte ich die beta vom IE8 installiert und dachte, dass es daran liegt. Nach der Deinstallation von IE8 ging es aber weiterhin nicht.
__________ Dies ist eine Signatur! Persönlicher Service: Du kommst aus Berlin? Dann melde Dich per PN bei mir, evtl. können wir einen Termin vereinbaren. Der Grabsteinschubser |
|
|
||
seit geraumer zeit bekomme ich immer wieder eine fehlermeldung über
ein scriptfehler des IE obwohl ich ausschließlich firefox benutze.
in dem fehler steht fehlerart: syntaxfehler, adresse:about blank....
habe jezz gelesen das dies nen virus oder sonst ein schädlicher datei kram sein kann
weiß jemand woran das liegen könnte und wie man es weg bekommt????
hier mal der hijack logfile
danke schon im vorraus...lg
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:00:18, on 16.02.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\igfxsrvc.exe
C:\Users\Marcus\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\T-Mobile\web'n'walk Manager\OneClickAssistant.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\ICQ6.5\ICQ.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.intl.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://de.rd.yahoo.com/customize/ycomp/defaults/su/*http://de.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B193BC16-E5E7-4539-AAF3-607A0E2AEBB8}: NameServer = 193.254.160.1 193.254.160.130
O20 - AppInit_DLLs: eNetHook.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: TeamViewer 3 (TeamViewer) - TeamViewer GmbH - C:\Program Files\TeamViewer3\TeamViewer_Service.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 8741 bytes