Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
bitte umkurze hilfe

bitte umkurze hilfe


Log-Analyse und Auswertung: bitte umkurze hilfe

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 21.01.2007, 16:33   #1
Flo25
 
bitte umkurze hilfe - Standard

bitte umkurze hilfe


erstmal danke für deine rasche antwort und hilfe !!

zu 1) ich kenne dieses programm nur so weit ich weiß hab ichs selber deaktiviert.

zu 2) welche registry meinst du??

zu 3)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Header
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Microsoft Windows XP [Version 5.1.2600]
Sun Jan 21 11:47:33 2007 => Deleting Registry Key: HKCU\software\microsoft\windows\currentversion\explorer\menuorder\start menu\programs\zango
Sun Jan 21 11:15:34 2007 => Virus Database Date: 1/19/2007
Sun Jan 21 11:16:04 2007 => Virus Database Date: 1/21/2007
Sun Jan 21 11:44:43 2007 => Virus Database Date: 1/21/2007
Sun Jan 21 15:40:03 2007 => Virus Database Date: 1/21/2007
Sun Jan 21 15:48:31 2007 => Virus Database Date: 1/21/2007
Sun Jan 21 11:12:37 2007 => Virus-Datenbank Datum: 1/19/2007
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Infektionsmeldungen
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Sun Jan 21 11:47:30 2007 => System found infected with funweb Spyware/Adware ({147a976f-eee1-4377-8ea7-4716e4cdd239})! Action taken: Entries Removed.
Sun Jan 21 11:47:30 2007 => System found infected with ibis Spyware/Adware ({1d4db7d2-6ec9-47a3-bd87-1e41684e07bb})! Action taken: Entries Removed.
Sun Jan 21 11:47:30 2007 => System found infected with istbar Spyware/Adware ({7c559105-9ecf-42b8-b3f7-832e75edd959})! Action taken: Entries Removed.
Sun Jan 21 11:47:35 2007 => System found infected with windupdate Spyware/Adware (ide21201.vxd)! Action taken: Entries Removed.
Sun Jan 21 11:47:51 2007 => System found infected with lop.com Spyware/Adware (backup.reg)! Action taken: Entries Removed.
Sun Jan 21 11:48:21 2007 => System found infected with spylax Trojan (C:\WINDOWS\unvise32.exe)! Action taken: Entries Removed.
~~~~~~~~~~~
Dateien
~~~~~~~~~~~
~~~~ Infected files
~~~~~~~~~~~
Sun Jan 21 11:55:54 2007 => File C:\Dokumente und Einstellungen\Mythos\Lokale Einstellungen\Anwendungsdaten\Microsoft\Outlook\Outlook.pst infected by "Trojan-Downloader.Win32.Small.dam" Virus! Action Taken: No Action Taken.
~~~~~~~~~~~
~~~~ Tagged files
~~~~~~~~~~~
Sun Jan 21 14:13:47 2007 => File C:\RECYCLER\S-1-5-21-1547161642-1450960922-725345543-1003\Dc116\Del3D.tmp tagged as "not-a-virus:AdWare.Win32.180Solutions.x". Action Taken: File Deleted.
Sun Jan 21 14:14:03 2007 => File C:\RECYCLER\S-1-5-21-1547161642-1450960922-725345543-1003\Dc116\New49.tmp\upgrade.exe tagged as "not-a-virus:AdWare.Win32.NewDotNet.f". Action Taken: File Deleted.
Sun Jan 21 14:14:13 2007 => File C:\RECYCLER\S-1-5-21-1547161642-1450960922-725345543-1003\Dc116\res25.tmp tagged as "not-a-virus:AdWare.Win32.180Solutions.q". Action Taken: File Deleted.
Sun Jan 21 14:36:24 2007 => File C:\WINDOWS\NDNuninstall6_90.exe tagged as "not-a-virus:AdWare.Win32.NewDotNet.e". Action Taken: File Deleted.
Sun Jan 21 14:36:24 2007 => File C:\WINDOWS\NDNuninstall6_98.exe tagged as "not-a-virus:AdWare.Win32.NewDotNet.e". Action Taken: File Deleted.
Sun Jan 21 14:36:24 2007 => File C:\WINDOWS\NDNuninstall7_14.exe tagged as "not-a-virus:AdWare.Win32.NewDotNet.e". Action Taken: File Deleted.
Sun Jan 21 14:36:25 2007 => File C:\WINDOWS\NDNuninstall7_22.exe tagged as "not-a-virus:AdWare.Win32.NewDotNet.e". Action Taken: File Deleted.
~~~~~~~~~~~
~~~~ Offending files
~~~~~~~~~~~
Sun Jan 21 11:47:35 2007 => Offending file found: C:\WINDOWS\system32\ide21201.vxd
Sun Jan 21 11:47:51 2007 => Offending file found: C:\DOKUME~1\Mythos\Desktop\backup.reg
Sun Jan 21 11:48:21 2007 => Offending file found: C:\WINDOWS\unvise32.exe
~~~~~~~~~~~
Ordner
~~~~~~~~~~~
Sun Jan 21 11:47:35 2007 => Offending Folder found: C:\Programme\aveo
~~~~~~~~~~~
Registry
~~~~~~~~~~~
Sun Jan 21 11:47:32 2007 => Offending Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\media gateway !!!
Sun Jan 21 11:47:32 2007 => Offending Key found: HKLM\Software\aveo !!!
Sun Jan 21 11:47:32 2007 => Offending Key found: HKCU\Software\ist !!!
Sun Jan 21 11:47:33 2007 => Offending Key found: HKCU\software\microsoft\windows\currentversion\explorer\menuorder\start menu\programs\zango !!!
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Statistiken:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Sun Jan 21 11:53:19 2007 => Scanning Folder: C:\Dokumente und Einstellungen\Mythos\Eigene Dateien\Eigene Bilder\Adobe\Gescannte Fotos\*.*


zu 4)
01/21/07 16:13:37 [Info]: BlackLight Engine 1.0.55 initialized
01/21/07 16:13:37 [Info]: OS: 5.1 build 2600 (Service Pack 2)
01/21/07 16:13:37 [Note]: 7019 4
01/21/07 16:13:37 [Note]: 7005 0
01/21/07 16:13:40 [Note]: 7006 0
01/21/07 16:13:40 [Note]: 7011 1816
01/21/07 16:13:41 [Note]: 7026 0
01/21/07 16:13:41 [Note]: 7026 0
01/21/07 16:13:51 [Note]: FSRAW library version 1.7.1021
01/21/07 16:19:29 [Note]: 2000 1012
01/21/07 16:22:22 [Note]: 7007 0

Alt 21.01.2007, 16:36   #2
Sunny
Administrator
> Competence Manager
 
bitte umkurze hilfe - Standard

bitte umkurze hilfe


Soweit so gut, jetzt bitte noch das hier posten:

Anleitung SmitfraudFix:


Lade dir dieses Tool -> SmitfraudFix
-Starte es dann und lass das System durchsuchen. (Option 1)
-Poste danach wie in der Anleitung beschrieben, das Ergebnis des Scans


Filelist.zip


1.) Lade dir die Filelist.zip auf den Desktop
2.) entpacke die Zip-Datei auf deinen Desktop (kostenlose Zip-Tools)
3.) starte deinen Rechner neu auf
4.) öffne die nun auf deinem Desktop vorhandene filelist.bat mit einem Doppelklick auf die Datei
5.) dein Editor (Textverarbeitungsprogramm) wird sich öffnen
6.) markiere von diesen Inhalt aus jedem Verzeichnis jeweils NUR die letzten 30 Tage, wähle kopieren, füge diese Dateien deinem nächsten Beitrag an.

Zitat:
Zitat von Verzeichnisse
* Verzeichnis von C:\
* Verzeichnis von C:\WINDOWS\system
* Verzeichnis von C:\WINDOWS\system32
* Verzeichnis von C:\WINDOWS
* Verzeichnis von C:\WINDOWS\Prefetch
* Verzeichnis von C:\WINDOWS\tasks
* Verzeichnis von C:\WINDOWS\Temp
* Verzeichnis von C:\DOCUME~1\Name\LOCALS~1\Temp
Sunny
__________________

__________________
Alt 22.01.2007, 17:57   #3
Flo25
 
bitte umkurze hilfe - Standard

bitte umkurze hilfe


halloooo

soda hab jetzt deine nächsten punkte durchgeführt, wobei ich mich leider verlsen habe und bei SmitfraudFix option 2 ausgeführt habe. hoffe ich habe damit nichts schlimmes angerichtet

zu 1)
SmitFraudFix v2.133

Scan done at 17:24:35,43, 22.01.2007
Run from C:\Dokumente und Einstellungen\***\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End


zu 2)
----- Root -----------------------------
Datentr„ger in Laufwerk C: ist Festplatte C
Volumeseriennummer: ACD8-30B4

Verzeichnis von C:\

22.01.2007 17:46 43 filelist.txt
22.01.2007 17:43 1.610.612.736 pagefile.sys
22.01.2007 17:26 211 boot.ini
22.01.2007 17:25 1.107 rapport.txt
21.01.2007 15:40 0 23990098.$$$

----- Windows --------------------------
Datentr„ger in Laufwerk C: ist Festplatte C
Volumeseriennummer: ACD8-30B4

Verzeichnis von C:\WINDOWS

22.01.2007 17:44 0 0.log
22.01.2007 17:44 159 wiadebug.log
22.01.2007 17:43 1.225.987 WindowsUpdate.log
22.01.2007 17:43 50 wiaservc.log
22.01.2007 17:43 0 TempFile
22.01.2007 17:43 2.048 bootstat.dat
22.01.2007 17:33 32.618 SchedLgU.Txt
22.01.2007 17:26 646 win.ini
22.01.2007 17:26 227 system.ini
22.01.2007 17:25 186.226 setupact.log
21.01.2007 11:47 5.566.316 REGBK00.ZIP
21.01.2007 11:44 50 Lic.xxx
19.01.2007 18:09 1.409 QTFont.for
19.01.2007 18:09 54.156 QTFont.qfn
13.01.2007 16:57 793.942 iis6.log
13.01.2007 16:57 243.137 comsetup.log
13.01.2007 16:57 146.568 ntdtcsetup.log
13.01.2007 16:57 328.628 tsoc.log
13.01.2007 16:57 35.773 tabletoc.log
13.01.2007 16:57 38.886 ocmsn.log
13.01.2007 16:57 1.374 imsins.log
13.01.2007 16:57 3.520 KB929969.log
13.01.2007 16:57 49.544 MedCtrOC.log
13.01.2007 16:57 124.530 netfxocm.log
13.01.2007 16:57 346.988 ocgen.log
13.01.2007 16:57 35.680 msgsocm.log
13.01.2007 16:57 699.616 FaxSetup.log
13.01.2007 16:57 221.110 msmqinst.log
11.01.2007 18:13 1.917 imsins.BAK
11.01.2007 18:09 0 setuperr.log
10.01.2007 18:40 116 NeroDigital.ini
10.01.2007 18:25 8.199 hhdrvi.log
10.01.2007 18:25 1.042.470 setupapi.log.0.old
09.01.2007 18:45 118.690 DirectX.log
09.01.2007 18:43 155 winamp.ini
24.12.2006 09:38 956 GEARInstall.log

----- System ---
Datentr„ger in Laufwerk C: ist Festplatte C
Volumeseriennummer: ACD8-30B4

Verzeichnis von C:\WINDOWS\system

14.05.16745 12:49 398.416 VBRUN300.DLL
25.08.2006 01:35 4.096 LEXHDL5.DLL
18.01.2006 20:33 157.696 STORAGE.DLL

----- System 32 (Achtung: Zeitfenster beachten!) ---
Datentr„ger in Laufwerk C: ist Festplatte C
Volumeseriennummer: ACD8-30B4

Verzeichnis von C:\WINDOWS\system32

22.01.2007 17:44 13.646 wpa.dbl
22.01.2007 17:24 0 tmp.txt
22.01.2007 17:24 4.098 tmp.reg
21.01.2007 21:50 952 KGyGaAvL.sys
19.01.2007 17:01 45 initdebug.nfo
12.01.2007 14:18 383.254 perfh009.dat
12.01.2007 14:18 394.500 perfh007.dat
12.01.2007 14:18 53.608 perfc009.dat
12.01.2007 14:18 64.598 perfc007.dat
12.01.2007 14:18 899.052 PerfStringBackup.INI
03.01.2007 00:19 10.980.776 MRT.exe
21.12.2006 21:48 9.132 jupdate-1.5.0_10-b03.log

----- Prefetch -------------------------
Datentr„ger in Laufwerk C: ist Festplatte C
Volumeseriennummer: ACD8-30B4

Verzeichnis von C:\WINDOWS\Prefetch

22.01.2007 17:46 11.510 FIND.EXE-0EEAD1A7.pf
22.01.2007 17:46 12.810 CMD.EXE-034B0549.pf
22.01.2007 17:45 22.538 WUAUCLT.EXE-1360D60A.pf
22.01.2007 17:45 1.047.548 NTOSBOOT-B00DFAAD.pf
22.01.2007 17:45 42.914 GOOGLETOOLBARNOTIFIER.EXE-0F12F50A.pf
22.01.2007 17:32 14.688 WINRAR.EXE-3588DFE8.pf
22.01.2007 17:30 85.784 IEXPLORE.EXE-360BBB5C.pf
22.01.2007 17:29 35.082 RUNDLL32.EXE-4EE39BB6.pf
22.01.2007 17:29 6.168 LOGON.SCR-24ADF392.pf
22.01.2007 17:21 18.886 LOGONUI.EXE-312BE1BF.pf
22.01.2007 17:21 32.946 MSCONFIG.EXE-1EF1EA0F.pf
22.01.2007 17:20 19.142 I_VIEW32.EXE-1A0A16FA.pf
21.01.2007 21:49 65.354 CORELPP.EXE-00A4A8A3.pf
21.01.2007 21:46 60.854 OUTLOOK.EXE-11202EC3.pf
21.01.2007 21:44 16.024 NOTEPAD.EXE-2F2D61E1.pf
21.01.2007 21:42 54.796 EPMWORKER.EXE-22C486BA.pf
21.01.2007 21:42 24.646 CONNECTIONWIZARD.EXE-0FDCD8C2.pf
21.01.2007 16:31 53.322 FINDSTR.EXE-1A4FC238.pf
21.01.2007 16:28 5.426 MORE.COM-32B5155B.pf
21.01.2007 16:28 10.914 VERCLSID.EXE-28F52AD2.pf
21.01.2007 16:23 35.144 BLBETA.EXE-3A08426C.pf
21.01.2007 16:12 14.380 BLBETA.EXE-356C64A4.pf
21.01.2007 15:58 31.680 WMIPRVSE.EXE-0D449B4F.pf
21.01.2007 15:58 62.374 SOFTWAREUPDATE.EXE-25CB4300.pf
21.01.2007 15:55 34.880 WGATRAY.EXE-350D4455.pf
21.01.2007 15:55 76.086 GENERIC.EXE-0D0328B3.pf
21.01.2007 15:55 15.970 ALG.EXE-275708CF.pf
21.01.2007 15:55 22.668 IPODSERVICE.EXE-07892C80.pf
28 Datei(en) 1.934.534 Bytes
0 Verzeichnis(se), 96.905.625.600 Bytes frei

----- Tasks ----------------------------
Datentr„ger in Laufwerk C: ist Festplatte C
Volumeseriennummer: ACD8-30B4

Verzeichnis von C:\WINDOWS\tasks

22.01.2007 17:43 6 SA.DAT
21.01.2007 15:58 276 AppleSoftwareUpdate.job
18.08.2001 11:00 65 desktop.ini
3 Datei(en) 347 Bytes
0 Verzeichnis(se), 96.905.625.600 Bytes frei

----- Windows/Temp -----------------------
Datentr„ger in Laufwerk C: ist Festplatte C
Volumeseriennummer: ACD8-30B4

Verzeichnis von C:\WINDOWS\Temp

22.01.2007 17:44 408 WGANotify.settings
22.01.2007 17:43 255 WGAErrLog.txt
19.01.2007 14:50 0 Upd2.tmp

----- Temp -----------------------------
Datentr„ger in Laufwerk C: ist Festplatte C
Volumeseriennummer: ACD8-30B4

Verzeichnis von C:\DOKUME~1\***\LOKALE~1\Temp

22.01.2007 17:33 173 jusched.log
1 Datei(en) 173 Bytes
0 Verzeichnis(se), 96.905.625.600 Bytes frei


weiters hab ich festgestellt nach dem ich den seitendeckel entfernt habe, dass mein pc wieder etwas besser läuft!! nach der bios-info hat meine cpu ca 65C° und das is doch schon etwas sehr hoch, kann es sein das meine cpu am abbrennen ist??
__________________
Alt 22.01.2007, 19:35   #4
Sunny
Administrator
> Competence Manager
 
bitte umkurze hilfe - Standard

bitte umkurze hilfe


Zitat:
SmitfraudFix option 2 ausgeführt habe. hoffe ich habe damit nichts schlimmes angerichtet
Nein, hast du nicht!

Eigentlich müsste fast alles weg sein, aber sicher ist sicher:

Ad-Aware


Lade dir das Tool -> Hier
Starte es und lass es einmal durchlaufen.

Danach arbeite das hier ab:


Anleitung Avenger:


1.) Lade dir das Tool Avenger und speichere es auf dem Desktop:


2.) Klicke nun auf die Option „Input Script manually“ -> klicke jetzt auf die Lupe und kopiere folgenden Text rein:
Zitat:
Files to delete:
c:\windows\System32\tmp.reg
c:\windows\system32\tmp.txt
C:\WINDOWS\unvise32.exe
C:\WINDOWS\NDNuninstall6_98.exe
C:\WINDOWS\NDNuninstall6_90.exe
C:\WINDOWS\NDNuninstall7_22.exe
C:\WINDOWS\NDNuninstall7_14.exe
C:\WINDOWS\system32\ide21201.vxd
3.) Klicke nun auf die „grüne Ampel“, das Script fängt an zu arbeiten.

4.) Danach das System unverzüglich neu starten lassen
5.) Lass HijackThis nochmal laufen, erstelle und poste ein neues HijackThis Logfile.
Poste ausserdem den Inhalt der C:\avenger.txt Datei.

Poste im Anschluss ein neues Hijacklog, und führe nochmals einen eScan durch.
Dann solltest du es geschafft haben.

Gruß
Sunny
__________________
Anfragen per Email, Profil- oder privater Nachricht werden ignoriert!
Hilfe gibts NUR im Forum!


Stulti est se ipsum sapientem putare.

Alt 23.01.2007, 19:29   #5
Flo25
 
bitte umkurze hilfe - Standard

bitte umkurze hilfe


soda also hier nochmal die letzten log-files

Logfile of HijackThis v1.99.1
Scan saved at 19:18:53, on 23.01.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\FLO\Programme\EtkBMW\transbase\tbmux32.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Programme\Analog Devices\SoundMAX\Smax4.exe
C:\Programme\Java\jre1.5.0_10\bin\jusched.exe
C:\Programme\Microsoft IntelliPoint\point32.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programme\Sony Ericsson K610\Application Launcher\Application Launcher.exe
C:\FLO\Programme\ITunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Gemeinsame Dateien\Teleca Shared\CapabilityManager.exe
C:\FLO\Programme\Acrobat\Reader\reader_sl.exe
C:\WINDOWS\system32\notepad.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\Gemeinsame Dateien\Teleca Shared\Generic.exe
C:\Programme\Sony Ericsson\Mobile\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\FLO\Programme\HiJackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Programme\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [QuickTime Task] "C:\flo\programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Programme\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [CnOServerLauncher] CNOServerLauncher.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Programme\Sony Ericsson K610\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [iTunesHelper] "C:\FLO\Programme\ITunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\FLO\Programme\Acrobat\Reader\reader_sl.exe
O8 - Extra context menu item: &Download with &DAP - E:\PROGRA~1\DAP\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - E:\PROGRA~1\DAP\DAP\dapextie2.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\FLO\PROGRA~1\MsOffice\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - E:\PROGRA~1\ICQ\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - E:\PROGRA~1\ICQ\ICQ\ICQ.exe
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - E:\PROGRA~1\DAP\DAP\DAP.EXE
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\FLO\PROGRA~1\MsOffice\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\FLO\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\FLO\Programme\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {410A8B3C-7CCB-40E8-8B11-28B099E5C488} (Trend Micro Security Services Control) - http://tmss.trendmicro.com/Dashboard/controls/activex_10/TMSSReportW.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1166188082765
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangocash.com/cab/Zango/ie/bridge-c18.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://80.240.228.234/AxisCamControl.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://player.virtools.com/downloads/player/Install3.0/Installer.exe
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Transbase - Transaction Software, D 81737 Munich - C:\FLO\Programme\EtkBMW\transbase\tbmux32.exe
und hier das andre log-file

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\urudoorq

*******************

Script file located at: \??\C:\WINDOWS\imrhxqqh.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File c:\windows\System32\tmp.reg deleted successfully.
File c:\windows\system32\tmp.txt deleted successfully.


File C:\WINDOWS\unvise32.exe not found!
Deletion of file C:\WINDOWS\unvise32.exe failed!

Could not process line:
C:\WINDOWS\unvise32.exe
Status: 0xc0000034



File C:\WINDOWS\NDNuninstall6_98.exe not found!
Deletion of file C:\WINDOWS\NDNuninstall6_98.exe failed!

Could not process line:
C:\WINDOWS\NDNuninstall6_98.exe
Status: 0xc0000034



File C:\WINDOWS\NDNuninstall6_90.exe not found!
Deletion of file C:\WINDOWS\NDNuninstall6_90.exe failed!

Could not process line:
C:\WINDOWS\NDNuninstall6_90.exe
Status: 0xc0000034



File C:\WINDOWS\NDNuninstall7_22.exe not found!
Deletion of file C:\WINDOWS\NDNuninstall7_22.exe failed!

Could not process line:
C:\WINDOWS\NDNuninstall7_22.exe
Status: 0xc0000034



File C:\WINDOWS\NDNuninstall7_14.exe not found!
Deletion of file C:\WINDOWS\NDNuninstall7_14.exe failed!

Could not process line:
C:\WINDOWS\NDNuninstall7_14.exe
Status: 0xc0000034



File C:\WINDOWS\system32\ide21201.vxd not found!
Deletion of file C:\WINDOWS\system32\ide21201.vxd failed!

Could not process line:
C:\WINDOWS\system32\ide21201.vxd
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.


Alt 23.01.2007, 19:30   #6
Flo25
 
bitte umkurze hilfe - Standard

bitte umkurze hilfe


ahja das hier ist noch das log von ad-aware, muß hier noch was beachtet werden??


Ad-Aware SE Build 1.06r1
Logfile Created onienstag, 23. Jänner 2007 19:24:52
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R146 22.01.2007
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):30 total references
Possible Browser Hijack attempt(TAC index:3):2 total references
Tracking Cookie(TAC index:3):5 total references
WindUpdates(TAC index:8):3 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


23.01.2007 19:24:52 - Scan started. (Smart mode)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 680
ThreadCreationTime : 23.01.2007 18:13:56
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 740
ThreadCreationTime : 23.01.2007 18:13:58
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 764
ThreadCreationTime : 23.01.2007 18:13:59
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 812
ThreadCreationTime : 23.01.2007 18:13:59
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Anwendung für Dienste und Controller
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 824
ThreadCreationTime : 23.01.2007 18:13:59
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 988
ThreadCreationTime : 23.01.2007 18:14:00
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1056
ThreadCreationTime : 23.01.2007 18:14:00
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1152
ThreadCreationTime : 23.01.2007 18:14:00
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1240
ThreadCreationTime : 23.01.2007 18:14:00
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1288
ThreadCreationTime : 23.01.2007 18:14:00
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1504
ThreadCreationTime : 23.01.2007 18:14:01
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:12 [sched.exe]
FilePath : C:\Programme\AntiVir PersonalEdition Classic\
ProcessID : 1696
ThreadCreationTime : 23.01.2007 18:14:01
BasePriority : Normal


#:13 [avguard.exe]
FilePath : C:\Programme\AntiVir PersonalEdition Classic\
ProcessID : 1708
ThreadCreationTime : 23.01.2007 18:14:01
BasePriority : Normal


#:14 [nvsvc32.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1896
ThreadCreationTime : 23.01.2007 18:14:02
BasePriority : Normal
FileVersion : 6.14.10.6172
ProductVersion : 6.14.10.6172
ProductName : NVIDIA Driver Helper Service, Version 61.72
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 61.72
InternalName : NVSVC
LegalCopyright : (C) NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe

#:15 [smagent.exe]
FilePath : C:\Programme\Analog Devices\SoundMAX\
ProcessID : 2040
ThreadCreationTime : 23.01.2007 18:14:02
BasePriority : Normal
FileVersion : 3, 2, 6, 0
ProductVersion : 3, 2, 6, 0
ProductName : SoundMAX service agent
CompanyName : Analog Devices, Inc.
FileDescription : SoundMAX service agent component
InternalName : SMAgent
LegalCopyright : Copyright © 2002
OriginalFilename : SMAgent.exe

#:16 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 264
ThreadCreationTime : 23.01.2007 18:14:02
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:17 [tbmux32.exe]
FilePath : C:\FLO\Programme\EtkBMW\transbase\
ProcessID : 304
ThreadCreationTime : 23.01.2007 18:14:03
BasePriority : Normal
FileVersion : V6.1.2.19 (Build 404)
ProductVersion : V6.1.2.19 (Build 404) $ProjectRevision: 4.119.1.19 $
ProductName : Transbase/CD Database System
CompanyName : Transaction Software, D 81737 Munich
FileDescription : Transbase/CD Database System
LegalCopyright : Copyright (c) 1987 - 2004

#:18 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 544
ThreadCreationTime : 23.01.2007 18:14:03
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : EXPLORER.EXE

#:19 [smax4pnp.exe]
FilePath : C:\Programme\Analog Devices\SoundMAX\
ProcessID : 1100
ThreadCreationTime : 23.01.2007 18:14:04
BasePriority : Normal
FileVersion : 4, 0, 4, 11
ProductVersion : 4, 0, 4, 11
ProductName : SMax4PNP Application
CompanyName : Analog Devices, Inc.
FileDescription : SMax4PNP MFC Application
InternalName : SMax4PNP
LegalCopyright : Copyright (C) 2002-2003 Analog Devices
OriginalFilename : SMax4PNP.EXE

#:20 [smax4.exe]
FilePath : C:\Programme\Analog Devices\SoundMAX\
ProcessID : 1112
ThreadCreationTime : 23.01.2007 18:14:04
BasePriority : Normal
FileVersion : 4, 0, 4, 25
ProductVersion : 4, 0, 4, 25
ProductName : SoundMAX Control Panel
CompanyName : Analog Devices, Inc.
FileDescription : SoundMAX Control Center
InternalName : SMax4
LegalCopyright : Copyright © 2002-2003, Analog Devices
OriginalFilename : SMax4.EXE

#:21 [jusched.exe]
FilePath : C:\Programme\Java\jre1.5.0_10\bin\
ProcessID : 1128
ThreadCreationTime : 23.01.2007 18:14:04
BasePriority : Normal


#:22 [point32.exe]
FilePath : C:\Programme\Microsoft IntelliPoint\
ProcessID : 1136
ThreadCreationTime : 23.01.2007 18:14:04
BasePriority : Normal


#:23 [avgnt.exe]
FilePath : C:\Programme\AntiVir PersonalEdition Classic\
ProcessID : 1192
ThreadCreationTime : 23.01.2007 18:14:04
BasePriority : Normal


#:24 [rundll32.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1304
ThreadCreationTime : 23.01.2007 18:14:05
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Eine DLL-Datei als Anwendung ausführen
InternalName : rundll
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : RUNDLL.EXE

#:25 [application launcher.exe]
FilePath : C:\Programme\Sony Ericsson K610\Application Launcher\
ProcessID : 1324
ThreadCreationTime : 23.01.2007 18:14:05
BasePriority : Normal
FileVersion : 1.1.1.3
ProductVersion : 1.1.1.3
ProductName : Application Launcher
CompanyName : Sony Ericsson Mobile Communications AB
FileDescription : Application Launcher
InternalName : Application Launcher
LegalCopyright : Copyright (c) 2005 Popwire AB. All rights reserved.
OriginalFilename : Application Launcher.exe

#:26 [ituneshelper.exe]
FilePath : C:\FLO\Programme\ITunes\
ProcessID : 1356
ThreadCreationTime : 23.01.2007 18:14:05
BasePriority : Normal
FileVersion : 7.0.2.16
ProductVersion : 7.0.2.16
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iTunesHelper Module
InternalName : iTunesHelper
LegalCopyright : © 2003-2006 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iTunesHelper.exe

#:27 [ctfmon.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1552
ThreadCreationTime : 23.01.2007 18:14:05
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:28 [capabilitymanager.exe]
FilePath : C:\Programme\Gemeinsame Dateien\Teleca Shared\
ProcessID : 1624
ThreadCreationTime : 23.01.2007 18:14:05
BasePriority : Normal
FileVersion : 0.0.1.48
ProductVersion : 0.0.1.48
ProductName : CapabilityManager
CompanyName : Teleca Software Solutions AB
FileDescription : Capability Manager
InternalName : CapabilityManager.exe
LegalCopyright : Copyright © 2004 Teleca Software Solutions AB. All rights reserved.
OriginalFilename : CapabilityManager.exe
Comments : This is a generic version of this component

#:29 [notepad.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1988
ThreadCreationTime : 23.01.2007 18:14:07
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Editor
InternalName : Notepad
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : NOTEPAD.EXE

#:30 [ipodservice.exe]
FilePath : C:\Programme\iPod\bin\
ProcessID : 2240
ThreadCreationTime : 23.01.2007 18:14:07
BasePriority : Normal
FileVersion : 7.0.2.16
ProductVersion : 7.0.2.16
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iPodService Module
InternalName : iPodService
LegalCopyright : © 2003-2006 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iPodService.exe

#:31 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2380
ThreadCreationTime : 23.01.2007 18:14:08
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

Alt 23.01.2007, 19:30   #7
Flo25
 
bitte umkurze hilfe - Standard

bitte umkurze hilfe


#:32 [generic.exe]
FilePath : C:\Programme\Gemeinsame Dateien\Teleca Shared\
ProcessID : 2932
ThreadCreationTime : 23.01.2007 18:14:12
BasePriority : Normal
FileVersion : 1, 0, 3, 2
ProductVersion : 1, 0, 3, 2
ProductName : Device Management
CompanyName : Teleca Software Solutions
FileDescription : Generic Device Management Executable.
InternalName : Generic.exe
LegalCopyright : (c) Teleca Software Solutions. All rights reserved.
OriginalFilename : Generic.exe
Comments : Teleca main line.

#:33 [epmworker.exe]
FilePath : C:\Programme\Sony Ericsson\Mobile\Mobile Phone Monitor\
ProcessID : 3032
ThreadCreationTime : 23.01.2007 18:14:13
BasePriority : Normal
FileVersion : 1, 2, 0,1184
ProductVersion : 1,3,0,3
ProductName : CAPI_Worker Module
CompanyName : Sony Ericsson Mobile Communications AB
FileDescription : CAPI_Worker Module
InternalName : CAPI_Worker
LegalCopyright : Copyright © 2005 Popwire AB. All rights reserved.
OriginalFilename : EPMWorker.EXE

#:34 [iexplore.exe]
FilePath : C:\Programme\Internet Explorer\
ProcessID : 3400
ThreadCreationTime : 23.01.2007 18:17:07
BasePriority : Normal
FileVersion : 7.00.5730.11 (winmain(wmbla).061017-1135)
ProductVersion : 7.00.5730.11
ProductName : Windows® Internet Explorer
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

#:35 [googletoolbarnotifier.exe]
FilePath : C:\Programme\Google\GoogleToolbarNotifier\1.2.908.5008\
ProcessID : 3504
ThreadCreationTime : 23.01.2007 18:17:12
BasePriority : Normal
FileVersion : 1, 2, 908, 5008
ProductVersion : 1, 2, 908, 5008
ProductName : GoogleToolbarNotifier
CompanyName : Google Inc.
FileDescription : GoogleToolbarNotifier
LegalCopyright : Copyright © 2005-2006
OriginalFilename : GoogleToolbarNotifier.exe

#:36 [notepad.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 3732
ThreadCreationTime : 23.01.2007 18:19:55
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Editor
InternalName : Notepad
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : NOTEPAD.EXE

#:37 [notepad.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 3772
ThreadCreationTime : 23.01.2007 18:21:28
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Editor
InternalName : Notepad
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : NOTEPAD.EXE

#:38 [ad-aware.exe]
FilePath : C:\Ad-Aware\
ProcessID : 3876
ThreadCreationTime : 23.01.2007 18:24:42
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

WindUpdates Object Recognized!
Type : Regkey
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{8fcdf9d9-a28b-480f-8c3d-581f119a8ab8}

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 1


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Possible Browser Hijack attempt : {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (http://static.zangocash.com/cab/zango/ie/bridge-c18.cab)

Possible Browser Hijack attempt Object Recognized!
Type : Regkey
Data :
TAC Rating : 8
Category : Vulnerability
Comment : Possible Browser Hijack attempt : http://static.zangocash.com/cab/zango/ie/bridge-c18.cab
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FCDF9D9-A28B-480F-8C3D-581F119A8AB8}

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Vulnerability
Comment : Possible Browser Hijack attempt : http://static.zangocash.com/cab/zango/ie/bridge-c18.cab
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FCDF9D9-A28B-480F-8C3D-581F119A8AB8}
Value : Installer

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 2
Objects found so far: 3


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : mythos@hitbox[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:14
Value : Cookie:mythos@hitbox.com/
Expires : 21.01.2008 16:11:12
LastSync : Hits:14
UseCount : 0
Hits : 14

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : mythos@statse.webtrendslive[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:mythos@statse.webtrendslive.com/
Expires : 18.01.2017 16:10:38
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : mythos@ehg-idg.hitbox[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:7
Value : Cookie:mythos@ehg-idg.hitbox.com/
Expires : 21.01.2008 16:11:12
LastSync : Hits:7
UseCount : 0
Hits : 7

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : mythos@advertising[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:10
Value : Cookie:mythos@advertising.com/
Expires : 20.01.2012 16:09:24
LastSync : Hits:10
UseCount : 0
Hits : 10

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : mythos@doubleclick[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:mythos@doubleclick.net/
Expires : 20.01.2010 16:08:04
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 5
Objects found so far: 8



Deep scanning and examining files...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 8

Disk Scan Result for C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 8

Disk Scan Result for C:\DOKUME~1\***\LOKALE~1\Temp\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 8


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 8



MRU List Object Recognized!
Location: : C:\Dokumente und Einstellungen\Mythos\recent
Description : list of recently opened documents


MRU List Object Recognized!
Location: : S-1-5-21-1547161642-1450960922-725345543-1003\software\google\navclient\1.1\history
Description : list of recently used search terms in the google toolbar


MRU List Object Recognized!
Location: : S-1-5-21-1547161642-1450960922-725345543-1003\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : S-1-5-21-1547161642-1450960922-725345543-1003\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : S-1-5-21-1547161642-1450960922-725345543-1003\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Object Recognized!
Location: : S-1-5-21-1547161642-1450960922-725345543-1003\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Object Recognized!
Location: : S-1-5-21-1547161642-1450960922-725345543-1003\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-1547161642-1450960922-725345543-1003\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-1547161642-1450960922-725345543-1003\software\microsoft\mediaplayer\medialibraryui
Description : last selected node in the microsoft windows media player media library


MRU List Object Recognized!
Location: : S-1-5-21-1547161642-1450960922-725345543-1003\software\microsoft\mediaplayer\player\recentfilelist
Description : list of recently used files in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-1547161642-1450960922-725345543-1003\software\microsoft\mediaplayer\player\settings
Description : last open directory used in jasc paint shop pro


MRU List Object Recognized!
Location: : S-1-5-21-1547161642-1450960922-725345543-1003\software\microsoft\mediaplayer\preferences
Description : last playlist index loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-1547161642-1450960922-725345543-1003\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-1547161642-1450960922-725345543-1003\software\microsoft\microsoft management console\recent file list
Description : list of recent snap-ins used in the microsoft management console


MRU List Object Recognized!
Location: : S-1-5-21-1547161642-1450960922-725345543-1003\software\microsoft\office\11.0\powerpoint\recent file list
Description : list of recent files used by microsoft powerpoint


MRU List Object Recognized!
Location: : S-1-5-21-1547161642-1450960922-725345543-1003\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant


MRU List Object Recognized!
Location: : S-1-5-21-1547161642-1450960922-725345543-1003\software\microsoft\windows\currentversion\applets\paint\recent file list
Description : list of files recently opened using microsoft paint


MRU List Object Recognized!
Location: : S-1-5-21-1547161642-1450960922-725345543-1003\software\microsoft\windows\currentversion\applets\regedit
Description : last key accessed using the microsoft registry editor


MRU List Object Recognized!
Location: : S-1-5-21-1547161642-1450960922-725345543-1003\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened


MRU List Object Recognized!
Location: : S-1-5-21-1547161642-1450960922-725345543-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension


MRU List Object Recognized!
Location: : S-1-5-21-1547161642-1450960922-725345543-1003\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened


MRU List Object Recognized!
Location: : S-1-5-21-1547161642-1450960922-725345543-1003\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run


MRU List Object Recognized!
Location: : S-1-5-21-1547161642-1450960922-725345543-1003\software\nvidia corporation\global\nview\windowmanagement
Description : nvidia nview cached application window positions


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : S-1-5-21-1547161642-1450960922-725345543-1003\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : S-1-5-21-1547161642-1450960922-725345543-1003\software\winrar\dialogedithistory\extrpath
Description : winrar "extract-to" history



Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

WindUpdates Object Recognized!
Type : Regkey
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : mediagatewayx.installer

WindUpdates Object Recognized!
Type : Regkey
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\downloadmanager

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 2
Objects found so far: 40

19:26:28 Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:01:36.469
Objects scanned:96809
Objects identified:10
Objects ignored:0
New critical objects:10

Antwort

Themen zu bitte umkurze hilfe
absturz, adobe, antivir, application, avg, avira, bho, computer, excel, explorer, google, hijack, hijackthis, internet, internet explorer, log-file, monitor, neustart, rundll, security, software, starten, system, trend micro, windows, windows xp


« NetPumper | wer kann bei auswertung des log files helfen?? »


Ähnliche Themen: bitte umkurze hilfe


  1. Virus Dirty Decrypt Verschlüsselung Trojaner, alle Foto kann ich nicht aufmachen, bitte bitte Hilfe!!!
    Log-Analyse und Auswertung - 24.07.2013 (6)
  2. Hilfe Mein forum wurde übernomen keine möglichkeiten rein zu kommen bitte um ideen und hilfe
    Diskussionsforum - 29.06.2012 (6)
  3. (3x) Bitte Bitte um Hilfe habe mir AKM Trojaner eingefangen brauche aber dringend meinen PC
    Mülltonne - 08.05.2012 (1)
  4. Hilfe Virus! Antivir, internet usw außer gefächt!!! Bitte um Hilfe
    Mülltonne - 15.07.2008 (0)
  5. Viren??Würmer..HILFE! Bitte um Hilfe bei der Auswertung meines hijackthis-log
    Mülltonne - 14.11.2007 (0)
  6. Oh man brauch so dringend Hilfe!!!! Virus?Spyware? Hilfe für einen Laien!Bitte!
    Log-Analyse und Auswertung - 13.06.2007 (6)
  7. SCVHOST.EXE Log file bitte checken! Bitte um hilfe
    Log-Analyse und Auswertung - 06.06.2007 (8)
  8. Ich bin verzweifelt bitte um Dringende Hilfe Bitte bitte
    Plagegeister aller Art und deren Bekämpfung - 08.01.2007 (11)
  9. Bitte, bitte Hilfe wegen Winfixer/ Errorsafe
    Plagegeister aller Art und deren Bekämpfung - 19.12.2006 (3)
  10. Hilfe! EXP/Agent.B Brauche dringent Hilfe, bitte!
    Plagegeister aller Art und deren Bekämpfung - 02.12.2006 (8)
  11. Hilfe 1 Adware Eingefangen Schnelle Hilfe Bitte!!
    Mülltonne - 08.10.2006 (1)
  12. Bitte BITTE bitte HILFE log-file
    Log-Analyse und Auswertung - 18.01.2006 (1)
  13. Hilfe ich habe trojaner und viren hilfe bitte
    Plagegeister aller Art und deren Bekämpfung - 06.01.2006 (2)
  14. HILFE, ich habe einige Trojaner - bitte um Eure Hilfe
    Log-Analyse und Auswertung - 01.12.2005 (2)
  15. Schnauze voll von Aurora.brauche dringend hilfe bitte bitte
    Log-Analyse und Auswertung - 08.08.2005 (2)
  16. Bitte Bitte Bitte Hilfe!!! Trojaner
    Log-Analyse und Auswertung - 10.11.2004 (1)
  17. Hilfe,Hilfe,habe Probleme mit Norton Antivirus bitte helfen!!
    Plagegeister aller Art und deren Bekämpfung - 02.03.2004 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema bitte umkurze hilfe - erstmal danke für deine rasche antwort und hilfe !! zu 1) ich kenne dieses programm nur so weit ich weiß hab ichs selber deaktiviert. zu 2) welche registry meinst du?? - bitte umkurze hilfe...
Archiv
Du betrachtest: bitte umkurze hilfe auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131