| |
| |||||||
Log-Analyse und Auswertung: ganz viele trojaner, bitte um hilfeWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
29.02.2008, 01:30
| #1 |
 |  ganz viele trojaner, bitte um hilfe hallo, habe denke ich ganz dolle mist gebaut und steh nun dumm da. antivir kann ich gar nicht mehr aktivieren weil es sonst nur piepst. habe mal aufgeschrieben was in der quarantäne ist: TR/PSW.AGENT.YR TR/Vundo.Gen BDS/Agent.alm hier noch mein log file Logfile of HijackThis v1.99.1 Scan saved at 01:20:55, on 29.02.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\Explorer.EXE C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\AGRSMMSG.exe C:\Programme\ltmoh\Ltmoh.exe C:\PROGRA~1\LAUNCH~1\CPLBCL53.EXE C:\Programme\CyberLink\PowerDVD\PDVDServ.exe C:\Programme\Synaptics\SynTP\SynTPLpr.exe C:\Programme\Synaptics\SynTP\SynTPEnh.exe C:\Programme\Java\jre1.6.0_03\bin\jusched.exe C:\Programme\FreePDF_XP\fpassist.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe C:\PROGRA~1\GEMEIN~1\XCPCSync\TRANSL~1\ErPhn2\ErTray.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe C:\WINDOWS\system32\brsvc01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\brss01a.exe C:\Programme\AntiVir PersonalEdition Classic\sched.exe C:\Programme\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\system32\ircomm2k.exe C:\WINDOWS\System32\svchost.exe C:\DOKUME~1\Vias\LOKALE~1\Temp\Rar$EX00.515\HijackThis.exe C:\Programme\AntiVir PersonalEdition Classic\avcenter.exe C:\WINDOWS\system32\wscntfy.exe C:\Programme\AntiVir PersonalEdition Classic\avcenter.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Programme\Microsoft Office\OFFICE11\OUTLOOK.EXE C:\Programme\Microsoft Office\OFFICE11\WINWORD.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://global.acer.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/ O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Gamburg provider - {0CA10898-7F98-4709-A479-B8134AB3D9F3} - klsock.dll (file missing) O2 - BHO: (no name) - {2C0AD99D-B8D2-47A0-95BE-B56E1253585E} - C:\WINDOWS\system32\tussr.dll (file missing) O2 - BHO: (no name) - {45C2A50F-8F4A-496E-AF02-D0207525BF5A} - C:\WINDOWS\system32\qomkhii.dll (file missing) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [LtMoh] C:\Programme\ltmoh\Ltmoh.exe O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\CPLBCL53.EXE O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe O4 - HKLM\..\Run: [EPSON Stylus DX4000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "C:\WINDOWS\TEMP\E_S18A.tmp" /EF "HKLM" O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [XTNDConnect PC - ErPhn2] C:\PROGRA~1\GEMEIN~1\XCPCSync\TRANSL~1\ErPhn2\ErTray.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BitTorrent] "C:\Programme\BitTorrent\bittorrent.exe" --force_start_minimized O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [JavaCore] C:\Programme\JavaCore\JavaCore.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O10 - Broken Internet access because of LSP provider 'worsock.dll' missing O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Programme\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: qomkhii - qomkhii.dll (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Virtueller Infrarot-Kommunikationsanschluß, Dienstprogramm (IrCOMM2kSvc) - Jan Kiszka - C:\WINDOWS\system32\ircomm2k.exe O23 - Service: Microsoft security update service (msupdate) - Unknown owner - c:\windows\system32\msvcrtd.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programme\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programme\Spyware Doctor\pctsSvc.exe kann mir bitte jemand helfen? habe natürlich auch gegoogelt aber nur was zum TR/Vundo.Gen gefunden. da stand mit superantispy bekomm ich es weg, hat aber leider nicht funktioniert. danke im vorraus für eure zeit gruß |
|
29.02.2008, 01:42
| #2 |
| > MalwareDB   | ganz viele trojaner, bitte um hilfe Vundofix
__________________* Lade dir vundofix.exe * Doppelklick VundoFix.exe * Klicke "Scan" --> Vundo button. * Nach dem Scannen, klicke den "Remove" Vundo button. * Man wird nun gefragt, ob man "remove" will --> klicke YES * Danach werden alle Desktop-Symbole verschwinden * Dann wird man gefragt, ob der PC neustarten soll --> klicke OK. * nach dem neustart, navigierst du zur datei C:\vundofix.txt, poste den inhalt * C:\VundoFix Backups - löschen + Papierkorb leeren * erstelle ein neues hjt-logfile und poste es. |
|
29.02.2008, 10:03
| #3 |
| | vundo hat nichts gefunden hallo alexander,
__________________danke das du dich meiner annimmst. habe deine anweisungen befolgt. vundo hat aber nichts gefunden. die desktopsymbole sind auch alle noch da. dazu muss ich sagen das diese symbole ja auch denke ich alle in ordnung gehen da ich gestern in meiner not diese programme alle installiert habe um die viren von meinem computer zu schmeißen. die haben auch alle ziemlich viel gefunden und wurden repariert. allerdings macht mein antivir immer noch terror. hier die textdatei von vundo: VundoFix V6.7.10 Checking Java version... Sun Java not detected Scan started at 09:04:51 29.02.2008 Listing files found while scanning.... No infected files were found. Beginning removal... was nun? grüße |
|
29.02.2008, 11:02
| #4 |
| > MalwareDB | ganz viele trojaner, bitte um hilfe VirutumodeBeGone 1. Download VirtumundoBegone und speichere es auf Deinem Desktop 2 .Jetzt starte im agesicherten Modus . 3, Wenn Du im abgesicherten Modus eingelooggt bist, führe VirtumundoBeGone durch einen Doppleklick auf VirtumundoBeGone.exe aus und folge den Anweisungen. 4. Wenn das Programm fertig ist, beende es, starte im normalen Modus neuExit when it has finished, and reboot back to normal mode. 5. Es sollte sich automatisch das Notepad öffnen und das Logfile präsentieren, dieses postest Du in Deinem Thread. Wenn nicht liegt es auf dem Desktop als VBG.txt. |
|
29.02.2008, 13:15
| #5 |
| | nur noch abgesicherter modus funktioniert so, habe deine anweisungen befolgt und nun funktioniert nichts mehr im normalen modus... nachdem er mir das logfile gezeigt hat, habe ich ihn runtergefahren und neu gestartet seither sehe ich nurnoch einen schwarzen bildschirm nach dem hochfahren (mouse funktioniert). nach ungefähr 10min erscheint dann das fenster explorer.exe muss beendet werden danach kommt nichts mehr, alles schwarz nur meine mouse funktioniert. hier mein teuer bezahltes logfile: [02/29/2008, 11:34:16] - VirtumundoBeGone v1.5 ( "C:\Dokumente und Einstellungen\Vias\Desktop\VirtumundoBeGone.exe" ) [02/29/2008, 11:34:26] - Detected System Information: [02/29/2008, 11:34:26] - Windows Version: 5.1.2600, Service Pack 2 [02/29/2008, 11:34:26] - Current Username: Administrator (Admin) [02/29/2008, 11:34:26] - Windows is in SAFE mode with Networking. [02/29/2008, 11:34:26] - Searching for Browser Helper Objects: [02/29/2008, 11:34:26] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper) [02/29/2008, 11:34:26] - BHO 2: {0CA10898-7F98-4709-A479-B8134AB3D9F3} (Gamburg provider) [02/29/2008, 11:34:26] - BHO 3: {2C0AD99D-B8D2-47A0-95BE-B56E1253585E} () [02/29/2008, 11:34:26] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/29/2008, 11:34:26] - Checking for HKLM\...\Winlogon\Notify\tussr [02/29/2008, 11:34:26] - Key not found: HKLM\...\Winlogon\Notify\tussr, continuing. [02/29/2008, 11:34:26] - BHO 4: {45C2A50F-8F4A-496E-AF02-D0207525BF5A} () [02/29/2008, 11:34:26] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/29/2008, 11:34:26] - Checking for HKLM\...\Winlogon\Notify\qomkhii [02/29/2008, 11:34:26] - Found: HKLM\...\Winlogon\Notify\qomkhii - This is probably Virtumundo. [02/29/2008, 11:34:26] - Assigning {45C2A50F-8F4A-496E-AF02-D0207525BF5A} MSEvents Object [02/29/2008, 11:34:26] - BHO list has been changed! Starting over... [02/29/2008, 11:34:26] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper) [02/29/2008, 11:34:26] - BHO 2: {0CA10898-7F98-4709-A479-B8134AB3D9F3} (Gamburg provider) [02/29/2008, 11:34:26] - BHO 3: {2C0AD99D-B8D2-47A0-95BE-B56E1253585E} () [02/29/2008, 11:34:26] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/29/2008, 11:34:26] - Checking for HKLM\...\Winlogon\Notify\tussr [02/29/2008, 11:34:26] - Key not found: HKLM\...\Winlogon\Notify\tussr, continuing. [02/29/2008, 11:34:26] - BHO 4: {45C2A50F-8F4A-496E-AF02-D0207525BF5A} (MSEvents Object) [02/29/2008, 11:34:26] - ALERT: Found MSEvents Object! [02/29/2008, 11:34:26] - BHO 5: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection) [02/29/2008, 11:34:26] - BHO 6: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class) [02/29/2008, 11:34:26] - BHO 7: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} (EpsonToolBandKicker Class) [02/29/2008, 11:34:26] - Finished Searching Browser Helper Objects [02/29/2008, 11:34:26] - *** Detected MSEvents Object [02/29/2008, 11:34:26] - Trying to remove MSEvents Object... [02/29/2008, 11:34:27] - Terminating Process: IEXPLORE.EXE [02/29/2008, 11:34:27] - Terminating Process: RUNDLL32.EXE [02/29/2008, 11:34:27] - Disabling Automatic Shell Restart [02/29/2008, 11:34:27] - Terminating Process: EXPLORER.EXE [02/29/2008, 11:34:27] - Suspending the NT Session Manager System Service [02/29/2008, 11:34:27] - Terminating Windows NT Logon/Logoff Manager [02/29/2008, 11:34:28] - Re-enabling Automatic Shell Restart [02/29/2008, 11:34:28] - File to disable: C:\WINDOWS\system32\qomkhii.dll [02/29/2008, 11:34:28] - Removing HKLM\...\Browser Helper Objects\{45C2A50F-8F4A-496E-AF02-D0207525BF5A} [02/29/2008, 11:34:28] - Removing HKCR\CLSID\{45C2A50F-8F4A-496E-AF02-D0207525BF5A} [02/29/2008, 11:34:28] - Adding Kill Bit for ActiveX for GUID: {45C2A50F-8F4A-496E-AF02-D0207525BF5A} [02/29/2008, 11:34:28] - Deleting ATLEvents/MSEvents Registry entries [02/29/2008, 11:34:28] - Removing HKLM\...\Winlogon\Notify\qomkhii [02/29/2008, 11:34:28] - Searching for Browser Helper Objects: [02/29/2008, 11:34:28] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper) [02/29/2008, 11:34:28] - BHO 2: {0CA10898-7F98-4709-A479-B8134AB3D9F3} (Gamburg provider) [02/29/2008, 11:34:28] - BHO 3: {2C0AD99D-B8D2-47A0-95BE-B56E1253585E} () [02/29/2008, 11:34:28] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/29/2008, 11:34:28] - Checking for HKLM\...\Winlogon\Notify\tussr [02/29/2008, 11:34:28] - Key not found: HKLM\...\Winlogon\Notify\tussr, continuing. [02/29/2008, 11:34:28] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection) [02/29/2008, 11:34:28] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class) [02/29/2008, 11:34:28] - BHO 6: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} (EpsonToolBandKicker Class) [02/29/2008, 11:34:28] - Finished Searching Browser Helper Objects [02/29/2008, 11:34:28] - Finishing up... [02/29/2008, 11:34:28] - A restart is needed. [02/29/2008, 11:34:28] - Automatic Reboot on STOP Error is not set. User will have to manually restart. [02/29/2008, 11:34:34] - Attempting to Restart via STOP error (Blue Screen!) [02/29/2008, 11:36:57] - VirtumundoBeGone v1.5 ( "C:\Dokumente und Einstellungen\Vias\Desktop\VirtumundoBeGone.exe" ) [02/29/2008, 11:37:02] - Detected System Information: [02/29/2008, 11:37:02] - Windows Version: 5.1.2600, Service Pack 2 [02/29/2008, 11:37:02] - Current Username: Vias (Admin) [02/29/2008, 11:37:02] - Windows is in SAFE mode with Networking. [02/29/2008, 11:37:02] - Searching for Browser Helper Objects: [02/29/2008, 11:37:02] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper) [02/29/2008, 11:37:02] - BHO 2: {0CA10898-7F98-4709-A479-B8134AB3D9F3} (Gamburg provider) [02/29/2008, 11:37:02] - BHO 3: {2C0AD99D-B8D2-47A0-95BE-B56E1253585E} () [02/29/2008, 11:37:02] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/29/2008, 11:37:02] - Checking for HKLM\...\Winlogon\Notify\tussr [02/29/2008, 11:37:02] - Key not found: HKLM\...\Winlogon\Notify\tussr, continuing. [02/29/2008, 11:37:02] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection) [02/29/2008, 11:37:02] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class) [02/29/2008, 11:37:02] - BHO 6: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} (EpsonToolBandKicker Class) [02/29/2008, 11:37:02] - Finished Searching Browser Helper Objects [02/29/2008, 11:37:02] - Finishing up... [02/29/2008, 11:37:02] - Nothing found! Exiting... hoffentlich hast du noch was in petto, trotzdem danke für deine hilfe gruß |
|
29.02.2008, 14:35
| #6 |
| > MalwareDB | ganz viele trojaner, bitte um hilfe Als erste Maßnahme bitte, wenn möglich, im abgesicherten Modus (ohne Netzwerkunterstüzung) VirtumundoBegone noch einmal laufen lassen. |
|
29.02.2008, 14:58
| #7 |
| | log ohne netzwerkunterstü. hier bitte: [02/29/2008, 11:34:16] - VirtumundoBeGone v1.5 ( "C:\Dokumente und Einstellungen\Vias\Desktop\VirtumundoBeGone.exe" ) [02/29/2008, 11:34:26] - Detected System Information: [02/29/2008, 11:34:26] - Windows Version: 5.1.2600, Service Pack 2 [02/29/2008, 11:34:26] - Current Username: Administrator (Admin) [02/29/2008, 11:34:26] - Windows is in SAFE mode with Networking. [02/29/2008, 11:34:26] - Searching for Browser Helper Objects: [02/29/2008, 11:34:26] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper) [02/29/2008, 11:34:26] - BHO 2: {0CA10898-7F98-4709-A479-B8134AB3D9F3} (Gamburg provider) [02/29/2008, 11:34:26] - BHO 3: {2C0AD99D-B8D2-47A0-95BE-B56E1253585E} () [02/29/2008, 11:34:26] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/29/2008, 11:34:26] - Checking for HKLM\...\Winlogon\Notify\tussr [02/29/2008, 11:34:26] - Key not found: HKLM\...\Winlogon\Notify\tussr, continuing. [02/29/2008, 11:34:26] - BHO 4: {45C2A50F-8F4A-496E-AF02-D0207525BF5A} () [02/29/2008, 11:34:26] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/29/2008, 11:34:26] - Checking for HKLM\...\Winlogon\Notify\qomkhii [02/29/2008, 11:34:26] - Found: HKLM\...\Winlogon\Notify\qomkhii - This is probably Virtumundo. [02/29/2008, 11:34:26] - Assigning {45C2A50F-8F4A-496E-AF02-D0207525BF5A} MSEvents Object [02/29/2008, 11:34:26] - BHO list has been changed! Starting over... [02/29/2008, 11:34:26] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper) [02/29/2008, 11:34:26] - BHO 2: {0CA10898-7F98-4709-A479-B8134AB3D9F3} (Gamburg provider) [02/29/2008, 11:34:26] - BHO 3: {2C0AD99D-B8D2-47A0-95BE-B56E1253585E} () [02/29/2008, 11:34:26] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/29/2008, 11:34:26] - Checking for HKLM\...\Winlogon\Notify\tussr [02/29/2008, 11:34:26] - Key not found: HKLM\...\Winlogon\Notify\tussr, continuing. [02/29/2008, 11:34:26] - BHO 4: {45C2A50F-8F4A-496E-AF02-D0207525BF5A} (MSEvents Object) [02/29/2008, 11:34:26] - ALERT: Found MSEvents Object! [02/29/2008, 11:34:26] - BHO 5: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection) [02/29/2008, 11:34:26] - BHO 6: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class) [02/29/2008, 11:34:26] - BHO 7: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} (EpsonToolBandKicker Class) [02/29/2008, 11:34:26] - Finished Searching Browser Helper Objects [02/29/2008, 11:34:26] - *** Detected MSEvents Object [02/29/2008, 11:34:26] - Trying to remove MSEvents Object... [02/29/2008, 11:34:27] - Terminating Process: IEXPLORE.EXE [02/29/2008, 11:34:27] - Terminating Process: RUNDLL32.EXE [02/29/2008, 11:34:27] - Disabling Automatic Shell Restart [02/29/2008, 11:34:27] - Terminating Process: EXPLORER.EXE [02/29/2008, 11:34:27] - Suspending the NT Session Manager System Service [02/29/2008, 11:34:27] - Terminating Windows NT Logon/Logoff Manager [02/29/2008, 11:34:28] - Re-enabling Automatic Shell Restart [02/29/2008, 11:34:28] - File to disable: C:\WINDOWS\system32\qomkhii.dll [02/29/2008, 11:34:28] - Removing HKLM\...\Browser Helper Objects\{45C2A50F-8F4A-496E-AF02-D0207525BF5A} [02/29/2008, 11:34:28] - Removing HKCR\CLSID\{45C2A50F-8F4A-496E-AF02-D0207525BF5A} [02/29/2008, 11:34:28] - Adding Kill Bit for ActiveX for GUID: {45C2A50F-8F4A-496E-AF02-D0207525BF5A} [02/29/2008, 11:34:28] - Deleting ATLEvents/MSEvents Registry entries [02/29/2008, 11:34:28] - Removing HKLM\...\Winlogon\Notify\qomkhii [02/29/2008, 11:34:28] - Searching for Browser Helper Objects: [02/29/2008, 11:34:28] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper) [02/29/2008, 11:34:28] - BHO 2: {0CA10898-7F98-4709-A479-B8134AB3D9F3} (Gamburg provider) [02/29/2008, 11:34:28] - BHO 3: {2C0AD99D-B8D2-47A0-95BE-B56E1253585E} () [02/29/2008, 11:34:28] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/29/2008, 11:34:28] - Checking for HKLM\...\Winlogon\Notify\tussr [02/29/2008, 11:34:28] - Key not found: HKLM\...\Winlogon\Notify\tussr, continuing. [02/29/2008, 11:34:28] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection) [02/29/2008, 11:34:28] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class) [02/29/2008, 11:34:28] - BHO 6: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} (EpsonToolBandKicker Class) [02/29/2008, 11:34:28] - Finished Searching Browser Helper Objects [02/29/2008, 11:34:28] - Finishing up... [02/29/2008, 11:34:28] - A restart is needed. [02/29/2008, 11:34:28] - Automatic Reboot on STOP Error is not set. User will have to manually restart. [02/29/2008, 11:34:34] - Attempting to Restart via STOP error (Blue Screen!) [02/29/2008, 11:36:57] - VirtumundoBeGone v1.5 ( "C:\Dokumente und Einstellungen\Vias\Desktop\VirtumundoBeGone.exe" ) [02/29/2008, 11:37:02] - Detected System Information: [02/29/2008, 11:37:02] - Windows Version: 5.1.2600, Service Pack 2 [02/29/2008, 11:37:02] - Current Username: Vias (Admin) [02/29/2008, 11:37:02] - Windows is in SAFE mode with Networking. [02/29/2008, 11:37:02] - Searching for Browser Helper Objects: [02/29/2008, 11:37:02] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper) [02/29/2008, 11:37:02] - BHO 2: {0CA10898-7F98-4709-A479-B8134AB3D9F3} (Gamburg provider) [02/29/2008, 11:37:02] - BHO 3: {2C0AD99D-B8D2-47A0-95BE-B56E1253585E} () [02/29/2008, 11:37:02] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/29/2008, 11:37:02] - Checking for HKLM\...\Winlogon\Notify\tussr [02/29/2008, 11:37:02] - Key not found: HKLM\...\Winlogon\Notify\tussr, continuing. [02/29/2008, 11:37:02] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection) [02/29/2008, 11:37:02] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class) [02/29/2008, 11:37:02] - BHO 6: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} (EpsonToolBandKicker Class) [02/29/2008, 11:37:02] - Finished Searching Browser Helper Objects [02/29/2008, 11:37:02] - Finishing up... [02/29/2008, 11:37:02] - Nothing found! Exiting... [02/29/2008, 14:54:17] - VirtumundoBeGone v1.5 ( "C:\Dokumente und Einstellungen\Vias\Desktop\VirtumundoBeGone.exe" ) [02/29/2008, 14:54:21] - Detected System Information: [02/29/2008, 14:54:21] - Windows Version: 5.1.2600, Service Pack 2 [02/29/2008, 14:54:21] - Current Username: Vias (Admin) [02/29/2008, 14:54:21] - Windows is in SAFE mode with Networking. [02/29/2008, 14:54:21] - Searching for Browser Helper Objects: [02/29/2008, 14:54:21] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper) [02/29/2008, 14:54:21] - BHO 2: {0CA10898-7F98-4709-A479-B8134AB3D9F3} (Gamburg provider) [02/29/2008, 14:54:21] - BHO 3: {2C0AD99D-B8D2-47A0-95BE-B56E1253585E} () [02/29/2008, 14:54:21] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/29/2008, 14:54:21] - Checking for HKLM\...\Winlogon\Notify\tussr [02/29/2008, 14:54:21] - Key not found: HKLM\...\Winlogon\Notify\tussr, continuing. [02/29/2008, 14:54:21] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection) [02/29/2008, 14:54:21] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class) [02/29/2008, 14:54:21] - BHO 6: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} (EpsonToolBandKicker Class) [02/29/2008, 14:54:21] - Finished Searching Browser Helper Objects [02/29/2008, 14:54:21] - Finishing up... [02/29/2008, 14:54:21] - Nothing found! Exiting... |
|
29.02.2008, 15:11
| #8 |
| > MalwareDB | ganz viele trojaner, bitte um hilfe Was sagt Dein Rechner nun, wenn Du ihn im normalen Modus startest? |
|
29.02.2008, 15:21
| #9 |
| | alles schwarz gleiches spiel, keine änderungen. was nun? |
|
29.02.2008, 15:36
| #10 |
| > MalwareDB | ganz viele trojaner, bitte um hilfe Erstmal anders Start / Ausführen / "sfc /scannow" [enter] (ohne die "") Ein Popup wird kommen , dies lass durchlaufen und überprüfe das Verhalten dann noch mal. Geändert von BataAlexander (29.02.2008 um 15:46 Uhr) |
|
29.02.2008, 16:14
| #11 |
| | logs teil 1 habe ich gemacht das verhalten ist das gleiche alles schwarz. allerdings war ich zu schnell und habe die eingabeaufforderung erst nach dem scan mit dss gemacht. ich hoffe es ist nicht schlimm. hier die beiden logs die dabei rausgekommen sind. main: Code:
ATTFilter Deckard's System Scanner v20071014.68 Run by Vias on 2008-02-29 15:41:56 Computer is in Safe Mode with Networking. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Failed to create restore point; computer is in safe mode. -- Last 5 Restore Point(s) -- 17: 2008-02-28 23:13:34 UTC - RP378 - Installed SUPERAntiSpyware Free Edition 16: 2008-02-28 22:35:16 UTC - RP377 - Installed Ad-Aware 2007 15: 2008-02-28 20:55:48 UTC - RP376 - Last known good configuration 14: 2008-02-28 20:55:41 UTC - RP375 - Systemprüfpunkt 13: 2008-02-28 20:55:41 UTC - RP374 - Systemprüfpunkt -- First Restore Point -- 1: 2008-02-28 20:55:39 UTC - RP362 - Systemprüfpunkt Backed up registry hives. Performed disk cleanup. -- HijackThis Clone ------------------------------------------------------------ Emulating logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2008-02-29 15:44:38 Platform: Windows XP Service Pack 2 (5.01.2600) MSIE: Internet Explorer (6.00.2900.2180) Boot mode: Safe mode with network support Running processes: C:\WINDOWS\system32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\explorer.exe C:\Dokumente und Einstellungen\Vias\Desktop\dss.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://global.acer.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Gamburg provider - {0CA10898-7F98-4709-A479-B8134AB3D9F3} - klsock.dll (file missing) O2 - BHO: (no name) - {2C0AD99D-B8D2-47A0-95BE-B56E1253585E} - C:\WINDOWS\system32\tussr.dll (file missing) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programme\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [LtMoh] C:\Programme\ltmoh\Ltmoh.exe O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\CPLBCL53.EXE O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe O4 - HKLM\..\Run: [EPSON Stylus DX4000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "C:\WINDOWS\TEMP\E_S18A.tmp" /EF "HKLM" O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [XTNDConnect PC - ErPhn2] C:\PROGRA~1\GEMEIN~1\XCPCSync\TRANSL~1\ErPhn2\ErTray.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BitTorrent] "C:\Programme\BitTorrent\bittorrent.exe" --force_start_minimized O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [JavaCore] C:\Programme\JavaCore\JavaCore.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKLM\..\Policies\Explorer\Run: [SystemManager] C:\WINDOWS\system32\msgina2.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: C:\WINDOWS\system32\worsock.dll O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Programme\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\ati2evxx.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Virtueller Infrarot-Kommunikationsanschluß, Dienstprogramm (IrCOMM2kSvc) - Jan Kiszka - C:\WINDOWS\system32\ircomm2k.exe O23 - Service: Microsoft security update service (msupdate) - Unknown owner - C:\WINDOWS\system32\msvcrtd.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programme\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programme\Spyware Doctor\pctsSvc.exe -- End of file - 6892 bytes -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R3 DKbFltr (Dritek HotKey Keyboard Filter Driver) - c:\windows\system32\drivers\dkbfltr.sys <Not Verified; Dritek System Inc.; Dritek MMKey> R3 NTIDrvr (Upper Class Filter Driver) - c:\windows\system32\drivers\ntidrvr.sys <Not Verified; NewTech Infosystems, Inc.; > S1 InCDPass - c:\windows\system32\drivers\incdpass.sys (file missing) S1 InCDRm (InCD Reader) - c:\windows\system32\drivers\incdrm.sys (file missing) S1 userinfo32 - c:\windows\system\userinfo32.ggt S3 IrCOMM2k (Virtueller Infrarot-Kommunikationsanschluß) - c:\windows\system32\drivers\ircomm2k.sys <Not Verified; Jan Kiszka; IrCOMM2k> S3 SASENUM - c:\programme\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware> S3 se58bus (Sony Ericsson Device 088 driver (WDM)) - c:\windows\system32\drivers\se58bus.sys <Not Verified; MCCI; Sony Ericsson Device 088> S3 se58mdfl (Sony Ericsson Device 088 USB WMC Modem Filter) - c:\windows\system32\drivers\se58mdfl.sys <Not Verified; MCCI; Sony Ericsson Device 088 USB WMC Modem Filter Driver> S3 se58mdm (Sony Ericsson Device 088 USB WMC Modem Driver) - c:\windows\system32\drivers\se58mdm.sys <Not Verified; MCCI; Sony Ericsson Device 088 USB WMC Data Modem> S3 se58mgmt (Sony Ericsson Device 088 USB WMC Device Management Drivers (WDM)) - c:\windows\system32\drivers\se58mgmt.sys <Not Verified; MCCI; Sony Ericsson Device 088 USB WMC Device Management> S3 se58nd5 (Sony Ericsson Device 088 USB Ethernet Emulation SEMC58 (NDIS)) - c:\windows\system32\drivers\se58nd5.sys <Not Verified; MCCI; Sony Ericsson Device 088 USB Ethernet Emulation> S3 se58obex (Sony Ericsson Device 088 USB WMC OBEX Interface) - c:\windows\system32\drivers\se58obex.sys <Not Verified; MCCI; Sony Ericsson Device 088 USB WMC OBEX Interface> S3 se58unic (Sony Ericsson Device 088 USB Ethernet Emulation SEMC58 (WDM)) - c:\windows\system32\drivers\se58unic.sys <Not Verified; MCCI; Sony Ericsson Device 088 USB Ethernet Emulation> S4 InCDFs (InCD File System) - c:\windows\system32\drivers\incdfs.sys (file missing) -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- S2 AntiVirScheduler (AntiVir PersonalEdition Classic Planer) - c:\programme\antivir personaledition classic\sched.exe <Not Verified; Avira GmbH; Scheduler> S2 IrCOMM2kSvc (Virtueller Infrarot-Kommunikationsanschluß, Dienstprogramm) - c:\windows\system32\ircomm2k.exe <Not Verified; Jan Kiszka; IrCOMM2k> S2 msupdate (Microsoft security update service) - c:\windows\system32\msvcrtd.exe -- Device Manager: Disabled ---------------------------------------------------- No disabled devices found. -- Files created between 2008-01-29 and 2008-02-29 ----------------------------- 2008-02-29 10:55:11 0 d-------- C:\Programme\ARCHPR 2008-02-29 09:04:51 0 d-------- C:\VundoFix Backups 2008-02-29 00:13:47 0 d-------- C:\Programme\SUPERAntiSpyware 2008-02-28 23:49:18 0 d--hs---- C:\FOUND.047 2008-02-28 23:35:22 0 d-------- C:\Programme\Lavasoft 2008-02-28 23:34:37 0 d-------- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard 2008-02-28 23:21:29 0 d-------- C:\Programme\Spyware Doctor 2008-02-28 22:56:13 83968 --a------ C:\WINDOWS\UnGins.exe 2008-02-28 22:56:13 0 d-------- C:\Programme\ZIP PASSWORD FINDER 2008-02-28 22:00:28 10752 -----n--- C:\WINDOWS\system32\worsock.dll 2008-02-28 21:58:09 0 d-------- C:\WINDOWS\system32\?dobe 2008-02-28 21:57:40 0 d-------- C:\Programme\?dobe 2008-02-28 21:55:29 57950 --ahs---- C:\WINDOWS\system32\rssut.ini2 2008-02-28 21:52:31 0 d-------- C:\Programme\JavaCore 2008-02-28 21:51:18 35840 -----n--- C:\WINDOWS\system32\msvcrtd.exe 2008-02-28 21:51:01 39936 --a------ C:\WINDOWS\system32\klsock.dll <Not Verified; Sickelning; Stom> 2008-02-28 21:50:51 35840 --a------ C:\d.exe 2008-02-28 21:50:50 2 --a------ C:\640227056 2008-02-28 21:50:48 58368 --a------ C:\wpohl.exe 2008-02-28 21:50:47 39936 --a------ C:\WINDOWS\system32\bnsock.dll <Not Verified; Sickelning; Stom> 2008-02-28 21:38:31 0 d-------- C:\Programme\ElcomSoft 2008-02-26 11:51:10 0 d--hs---- C:\FOUND.046 2008-02-26 11:29:34 0 d--hs---- C:\FOUND.045 2008-02-20 11:21:18 0 d--hs---- C:\FOUND.044 -- Find3M Report --------------------------------------------------------------- 2008-02-29 00:13:48 0 d-------- C:\Dokumente und Einstellungen\Vias\Anwendungsdaten\SUPERAntiSpyware.com 2008-02-28 23:22:54 322180 --a------ C:\WINDOWS\system32\perfh007.dat 2008-02-28 23:22:54 50442 --a------ C:\WINDOWS\system32\perfc007.dat 2008-02-28 23:21:30 0 d-------- C:\Dokumente und Einstellungen\Vias\Anwendungsdaten\PC Tools 2008-02-28 21:57:42 0 d-------- C:\Programme\?dobe 2008-01-22 12:56:02 0 d-------- C:\Dokumente und Einstellungen\Vias\Anwendungsdaten\skypePM 2008-01-22 12:54:26 0 d-------- C:\Dokumente und Einstellungen\Vias\Anwendungsdaten\Skype 2008-01-22 12:54:16 0 d-------- C:\Programme\Skype 2008-01-22 12:54:14 0 d-------- C:\Programme\Gemeinsame Dateien\Skype 2008-01-18 11:29:50 0 d-------- C:\Dokumente und Einstellungen\Vias\Anwendungsdaten\DivX 2008-01-16 14:37:18 0 d-------- C:\Programme\XTNDConnect PC 2008-01-16 14:37:16 0 d-------- C:\Programme\Gemeinsame Dateien\XCPCSync 2008-01-13 11:45:52 0 d-------- C:\Dokumente und Einstellungen\Vias\Anwendungsdaten\Sprite Software 2008-01-13 11:45:52 0 d-------- C:\Dokumente und Einstellungen\Vias\Anwendungsdaten\Sprite PC Agent 2008-01-13 11:44:34 2508 --a------ C:\Dokumente und Einstellungen\Vias\Anwendungsdaten\$_hpcst$.hpc 2008-01-13 11:40:50 0 d-------- C:\Programme\Microsoft ActiveSync 2008-01-04 22:58:50 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll 2008-01-04 22:57:22 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100> 2008-01-04 22:57:22 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100> 2008-01-04 22:57:12 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®> 2008-01-04 22:57:10 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?> 2008-01-04 22:57:10 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®> 2008-01-04 22:57:10 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®> 2008-01-04 22:56:24 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0CA10898-7F98-4709-A479-B8134AB3D9F3}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2C0AD99D-B8D2-47A0-95BE-B56E1253585E}] C:\WINDOWS\system32\tussr.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LaunchApp"="Alaunch" [] "ATIModeChange"="Ati2mdxx.exe" [04.09.2001 16:24 C:\WINDOWS\system32\Ati2mdxx.exe] "ATIPTA"="C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" [27.01.2004 21:10] "SoundMan"="SOUNDMAN.EXE" [19.12.2003 17:53 C:\WINDOWS\SOUNDMAN.EXE] "AGRSMMSG"="AGRSMMSG.exe" [25.07.2003 11:22 C:\WINDOWS\AGRSMMSG.exe] "LtMoh"="C:\Programme\ltmoh\Ltmoh.exe" [28.04.2003 15:08] "LManager"="C:\PROGRA~1\LAUNCH~1\CPLBCL53.EXE" [15.12.2003 17:30] "RemoteControl"="C:\Programme\CyberLink\PowerDVD\PDVDServ.exe" [21.10.2003 11:52] "SynTPLpr"="C:\Programme\Synaptics\SynTP\SynTPLpr.exe" [09.01.2004 14:09] "SynTPEnh"="C:\Programme\Synaptics\SynTP\SynTPEnh.exe" [09.01.2004 14:09] "SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_03\bin\jusched.exe" [25.09.2007 01:11] "FreePDF Assistant"="C:\Programme\FreePDF_XP\fpassist.exe" [27.05.2005 11:24] "EPSON Stylus DX4000 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.exe" [21.02.2006 05:00] "avgnt"="C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" [10.10.2007 22:42] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09.07.2001 10:50] "XTNDConnect PC - ErPhn2"="C:\PROGRA~1\GEMEIN~1\XCPCSync\TRANSL~1\ErPhn2\ErTray.exe" [13.02.2003 09:41] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04.08.2004 08:57] "BitTorrent"="C:\Programme\BitTorrent\bittorrent.exe" [] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe" [28.10.2005 16:25] "JavaCore"="C:\Programme\JavaCore\JavaCore.exe" [] "SpybotSD TeaTimer"="C:\Programme\Spybot - Search & Destroy\TeaTimer.exe" [28.01.2008 11:43] "SUPERAntiSpyware"="C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe" [28.02.2008 14:23] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run] "SystemManager"=C:\WINDOWS\system32\msgina2.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programme\SUPERAntiSpyware\SASSEH.DLL [20.12.2006 12:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Programme\SUPERAntiSpyware\SASWINLO.dll 19.04.2007 12:41 294912 C:\Programme\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 C:\WINDOWS\system32\tussr.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" -- Hosts ----------------------------------------------------------------------- 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 8002 more entries in hosts file. -- End of Deckard's System Scanner: finished at 2008-02-29 15:45:20 ------------ |
|
29.02.2008, 16:16
| #12 |
| | logs teil 2 extra Code:
ATTFilter Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: German
CPU 0: Intel(R) Pentium(R) M processor 1500MHz
Percentage of Memory in Use: 27%
Physical Memory (total/avail): 511.48 MiB / 369.06 MiB
Pagefile Memory (total/avail): 1250.54 MiB / 1151.05 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1917.06 MiB
C: is Fixed (FAT32) - 55.91 GiB total, 10.38 GiB free.
D: is CDROM (No Media)
\\.\PHYSICALDRIVE0 - SAMSUNG MP0603H - 55.93 GiB - 1 partition
\PARTITION0 (bootable) - Unknown - 55.93 GiB - C:
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.
AV: Avira AntiVir PersonalEdition Classic v 7.0.2.192
(Avira GmbH) Disabled
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Programme\\Mozilla Firefox\\firefox.exe"="C:\\Programme\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Programme\\Trillian\\trillian.exe"="C:\\Programme\\Trillian\\trillian.exe:*:Enabled:Trillian"
"C:\\Programme\\BitTorrent\\bittorrent.exe"="C:\\Programme\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Programme\\Azureus\\Azureus.exe"="C:\\Programme\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Programme\\BitTyrant\\Azureus.exe"="C:\\Programme\\BitTyrant\\Azureus.exe:*:Enabled:Azureus"
"C:\\Programme\\LeechFTP\\Leechftp.exe"="C:\\Programme\\LeechFTP\\Leechftp.exe:*:Enabled:LeechFTP"
"C:\\Programme\\SopCast\\SopCast.exe"="C:\\Programme\\SopCast\\SopCast.exe:*:Enabled:SopCast"
"C:\\Dokumente und Einstellungen\\Vias\\Anwendungsdaten\\SopCast\\adv\\SopAdver.exe"="C:\\Dokumente und Einstellungen\\Vias\\Anwendungsdaten\\SopCast\\adv\\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\\Programme\\Sprite Software\\Sprite Backup\\SpriteService.exe"="C:\\Programme\\Sprite Software\\Sprite Backup\\SpriteService.exe:*:Enabled:Sprite Backup PC Service"
"C:\\WINDOWS\\System32\\dpvsetup.exe"="C:\\WINDOWS\\System32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\System32\\rundll32.exe"="C:\\WINDOWS\\System32\\rundll32.exe:*:Enabled:Eine DLL-Datei als Anwendung ausführen"
"C:\\Programme\\Skype\\Phone\\Skype.exe"="C:\\Programme\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath "
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Dokumente und Einstellungen\All Users
APPDATA=C:\Dokumente und Einstellungen\Vias\Anwendungsdaten
CommonProgramFiles=C:\Programme\Gemeinsame Dateien
COMPUTERNAME=ATOMATE
ComSpec=C:\WINDOWS\system32\cmd.exe
DEFAULT_CA_NR=CA8
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Dokumente und Einstellungen\Vias
LOGONSERVER=\\ATOMATE
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Programme\ATI Technologies\ATI Control Panel;C:\Programme\Mozilla Firefox;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Programme\ATI Technologies\ATI Control Panel;C:\Programme\Gemeinsame Dateien\Teleca Shared
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 9 Stepping 5, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0905
ProgramFiles=C:\Programme
PROMPT=$P$G
SAFEBOOT_OPTION=NETWORK
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOKUME~1\Vias\LOKALE~1\Temp
TMP=C:\DOKUME~1\Vias\LOKALE~1\Temp
USERDOMAIN=ATOMATE
USERNAME=Vias
USERPROFILE=C:\Dokumente und Einstellungen\Vias
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
Vias (admin)
Administrator (new local, admin)
-- Add/Remove Programs ---------------------------------------------------------
--> C:\Programme\DivX\DivXConverterUninstall.exe /CONVERTER
--> C:\Programme\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\IsUninst.exe -f"C:\Programme\Acer Inc.\Acer German GUIDE LINK\Uninst.isu"
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Photoshop 7.0 --> C:\WINDOWS\ISUN0407.EXE -f"C:\Programme\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Programme\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Reader 7.0.9 - Deutsch --> MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A70900000002}
Advanced Archive Password Recovery --> C:\PROGRA~1\ARCHPR\UNWISE.EXE C:\PROGRA~1\ARCHPR\INSTALL.LOG
Advanced Archive Password Recovery --> C:\Programme\ElcomSoft\Advanced Archive Password Recovery\uninstall.exe
Advanced RAR Password Recovery (remove only) --> C:\Programme\ElcomSoft\ARPR\uninstall.exe
AFPL Ghostscript 8.53 --> C:\Programme\gs\uninstgs.exe "C:\Programme\gs\gs8.53\uninstal.txt"
AFPL Ghostscript Fonts --> C:\Programme\gs\uninstgs.exe "C:\Programme\gs\fonts\uninstal.txt"
Agere Systems AC'97 Modem --> agrsmdel
Application Suite --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{57E2D4ED-6101-406F-938D-D234FC1FE912}\Setup.exe" -l0x7
ATI - Dienstprogramm zur Deinstallation der Software --> C:\Programme\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Avira AntiVir PersonalEdition Classic --> C:\Programme\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
BitTyrant --> C:\Programme\BitTyrant\Uninstall.exe
DivX Codec --> C:\Programme\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Programme\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Programme\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Programme\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Programme\DivX\DivXWebPlayerUninstall.exe /PLUGIN
dtv-Lexikon 1.0 --> "C:\Programme\dtv-lexikon\das neue dtv-lexikon\unins000.exe"
DVD Shrink 3.2 --> "C:\Programme\DVD Shrink\unins000.exe"
EPSON-Drucker-Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Attach To Email --> C:\Programme\Gemeinsame Dateien\InstallShield\Driver\8\Intel 32\IDriver.exe /M{20C45B32-5AB6-46A4-94EF-58950CAF05E5} /l1033 ADDREMOVEDLG
EPSON Copy Utility 3 --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{67EDD823-135A-4D59-87BD-950616D6E857}\SETUP.EXE" -l0x7 -UnInstall
EPSON Easy Photo Print --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{BC69DDB8-4840-4D9B-BB31-0D4DB2BA1312}\SETUP.EXE" -l0x7 UNINST
EPSON File Manager --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{E86BC406-944E-41F6-ADE6-2C136734C96B}\Setup.exe" -l0x7 UNINST
EPSON Scan --> C:\Programme\epson\escndv\setup\setup.exe /r
EPSON Scan Assistant --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}\Setup.exe" -l0x7 -u
EPSON Web-To-Page --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}\SETUP.EXE" -l0x7 -anything
ESDX4000_4050_CX3900 --> C:\Programme\EPSON\TPMANUAL\ESDX4000_4050_CX3900\USE_G\DOCUNINS.EXE
FreePDF XP (Remove only) --> C:\Programme\FreePDF_XP\fpsetup.exe /r
Google Earth --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x7 -removeonly
HijackThis 1.99.1 --> C:\DOKUME~1\Vias\LOKALE~1\Temp\Rar$EX02.023\HijackThis.exe /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Indeo® Software --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Ligos\Indeo\Uninst.isu"
IrCOMM2k 1.2.1 --> %windir%\IrCOMM2k-Setup.exe
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
Java 2 Runtime Environment, SE v1.4.2_01 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142010}
Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
JavaCore --> C:\Programme\JavaCore\UnInstall.exe
Launch Manager --> C:\WINDOWS\UnInst32.exe CPLBCL53.UNI
LeechFTP --> C:\WINDOWS\eraser.exe KILL "C:\Programme\LeechFTP\uninstall.uif"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110407-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Mozilla Firefox (2.0.0.12) --> C:\Programme\Mozilla Firefox\uninstall\helper.exe
Nero 7 Demo --> MsiExec.exe /I{84B2CF01-194D-2284-B313-F2E0D78D1031}
NTI CD & DVD-Maker 6.5 Gold --> C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{C438B7C4-B4F8-49C5-A4DF-FF6F1F242778} /l1031 AnyText
OpenOffice.org 2.2 --> MsiExec.exe /I{E7DA9B23-5715-45D8-965E-E76688A2B948}
PIF DESIGNER --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{B90450DF-E781-46FD-B1F1-0C86DA40E443}\SETUP.EXE" -l0x7 anything
PL-2303 USB-to-Serial --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}\Setup.exe" -l0x9 Installed
PowerDVD --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
Real Alternative 1.43 --> "C:\Programme\Real Alternative\unins000.exe"
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
RedMon - Redirection Port Monitor --> C:\WINDOWS\system32\unredmon.exe
Ruhe V 0.09 --> C:\Programme\Ruhe\unins000.exe
Sicherheitsupdate für Windows XP (KB890046) --> "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB893756) --> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB896358) --> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB896423) --> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB896424) --> "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB896428) --> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB899587) --> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB899591) --> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB900725) --> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB901017) --> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB901214) --> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB902400) --> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB904706) -->
Sicherheitsupdate für Windows XP (KB905414) --> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB905749) --> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB908519) --> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB911562) --> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB911927) --> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB912919) --> "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB913580) --> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB914388) --> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB914389) --> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB917344) --> "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB917422) --> "C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB917953) --> "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB918118) --> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB919007) --> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB920213) --> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB920670) --> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB920683) --> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB920685) --> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB921398) --> "C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB921503) --> "C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB921883) --> "C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB922616) --> "C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB922819) --> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923191) --> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923414) --> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923694) --> "C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923789) --> C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Sicherheitsupdate für Windows XP (KB923980) --> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB924191) --> "C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB924270) --> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB924496) --> "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB924667) --> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB925902) --> "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB926255) --> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB926436) --> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB927779) --> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB927802) --> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB928090) --> "C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB928255) --> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB928843) --> "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB929123) --> "C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB929969) --> "C:\WINDOWS\$NtUninstallKB929969$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB930178) --> "C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB931261) --> "C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB931768) --> "C:\WINDOWS\$NtUninstallKB931768$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB931784) --> "C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB932168) --> "C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB933566) --> "C:\WINDOWS\$NtUninstallKB933566$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB933729) --> "C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB935839) --> "C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB935840) --> "C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB936021) --> "C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB937143) --> "C:\WINDOWS\$NtUninstallKB937143$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB938127) --> "C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB938829) --> "C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB939653) --> "C:\WINDOWS\$NtUninstallKB939653$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB941202) --> "C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB941568) --> "C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB941569) --> "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB941644) --> "C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB942615) --> "C:\WINDOWS\$NtUninstallKB942615$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB943055) --> "C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB943460) --> "C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB943485) --> "C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB944533) --> "C:\WINDOWS\$NtUninstallKB944533$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB944653) --> "C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB946026) --> "C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Skype™ 3.6 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Sony Ericsson Communications Suite --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{B8BC806D-0703-11D4-BB23-006008676AF8}\setup.exe" -l0x7 -l0007 --remove=y
Spybot - Search & Destroy --> "C:\Programme\Spybot - Search & Destroy\unins000.exe"
Spyware Doctor 5.5 --> C:\Programme\Spyware Doctor\unins000.exe /LOG
Stickies 6.0b --> "C:\WINDOWS\lsb_un20.exe" /C=UC /N=Stickies 6.0b
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Synaptics Pointing Device Driver --> rundll32.exe "C:\Programme\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TravelMate 290 --> C:\Programme\TravelMate 290\uninstall.exe
Trillian --> C:\Programme\Trillian\trillian.exe /uninstall
Update für Windows XP (KB898461) --> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update für Windows XP (KB900485) --> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update für Windows XP (KB908531) --> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Update für Windows XP (KB910437) --> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update für Windows XP (KB911280) --> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Update für Windows XP (KB916595) --> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update für Windows XP (KB920872) --> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update für Windows XP (KB922582) --> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update für Windows XP (KB927891) --> "C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update für Windows XP (KB929338) --> "C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
Update für Windows XP (KB930916) --> "C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update für Windows XP (KB931836) --> "C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Update für Windows XP (KB933360) --> "C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Update für Windows XP (KB936357) --> "C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Update für Windows XP (KB938828) --> "C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update für Windows XP (KB942763) --> "C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update für Windows XP (KB942840) --> "C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.exe"
Update für Windows XP (KB946627) --> "C:\WINDOWS\$NtUninstallKB946627$\spuninst\spuninst.exe"
VideoLAN VLC media player 0.8.5 --> C:\Programme\VideoLAN\VLC\uninstall.exe
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows XP-Hotfix - KB873339 --> C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP-Hotfix - KB885835 --> C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP-Hotfix - KB885836 --> C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP-Hotfix - KB886185 --> C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP-Hotfix - KB887472 --> C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP-Hotfix - KB888302 --> C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP-Hotfix - KB890859 --> "C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP-Hotfix - KB891781 --> C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
WinRAR archiver --> C:\Programme\WinRAR\uninstall.exe
XTNDConnect PC --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{D5CF3710-211B-11D4-B9B9-00105AE05C5D}\setup.exe" UNINSTALL
ZIP PASSWORD FINDER --> C:\WINDOWS\UnGins.exe "C:\Programme\ZIP PASSWORD FINDER\install.log"
|
|
29.02.2008, 16:17
| #13 |
| | logs teil 3Code:
ATTFilter -- Application Event Log -------------------------------------------------------
Event Record #/Type2382 / Error
Event Submitted/Written: 02/29/2008 10:54:17 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Stillstehende Anwendung Azureus.exe, Version 1.0.0.0, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Event Record #/Type2381 / Error
Event Submitted/Written: 02/29/2008 10:54:10 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Stillstehende Anwendung Azureus.exe, Version 1.0.0.0, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Event Record #/Type2379 / Warning
Event Submitted/Written: 02/29/2008 09:01:10 AM
Event ID/Source: 4113 / H+BEDV AntiVir
Event Description:
AntiVir erkannte in der Datei
C:\WINDOWS\system32\worsock.dll
verdächtigen Code mit der Bezeichnung 'TR/PSW.Agent.YR'!
Event Record #/Type2378 / Warning
Event Submitted/Written: 02/29/2008 09:01:08 AM
Event ID/Source: 4113 / H+BEDV AntiVir
Event Description:
AntiVir erkannte in der Datei
C:\WINDOWS\system32\worsock.dll
verdächtigen Code mit der Bezeichnung 'TR/PSW.Agent.YR'!
Event Record #/Type2377 / Warning
Event Submitted/Written: 02/29/2008 09:01:03 AM
Event ID/Source: 4113 / H+BEDV AntiVir
Event Description:
AntiVir erkannte in der Datei
C:\WINDOWS\system32\worsock.dll
verdächtigen Code mit der Bezeichnung 'TR/PSW.Agent.YR'!
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type11279 / Error
Event Submitted/Written: 02/29/2008 03:43:45 PM
Event ID/Source: 10005 / DCOM
Event Description:
Bei DCOM ist der Fehler "%%1084" aufgetreten, als der Dienst "StiSvc" mit den Argumenten ""
gestartet wurde, um den folgenden Server zu verwenden:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}
Event Record #/Type11278 / Error
Event Submitted/Written: 02/29/2008 03:43:41 PM
Event ID/Source: 10005 / DCOM
Event Description:
Bei DCOM ist der Fehler "%%1084" aufgetreten, als der Dienst "StiSvc" mit den Argumenten ""
gestartet wurde, um den folgenden Server zu verwenden:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}
Event Record #/Type11277 / Error
Event Submitted/Written: 02/29/2008 03:20:05 PM
Event ID/Source: 10005 / DCOM
Event Description:
Bei DCOM ist der Fehler "%%1084" aufgetreten, als der Dienst "EventSystem" mit den Argumenten ""
gestartet wurde, um den folgenden Server zu verwenden:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
Event Record #/Type11268 / Error
Event Submitted/Written: 02/29/2008 03:14:16 PM
Event ID/Source: 10005 / DCOM
Event Description:
Bei DCOM ist der Fehler "%%1084" aufgetreten, als der Dienst "EventSystem" mit den Argumenten ""
gestartet wurde, um den folgenden Server zu verwenden:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
Event Record #/Type11262 / Error
Event Submitted/Written: 02/29/2008 02:56:14 PM
Event ID/Source: 10005 / DCOM
Event Description:
Bei DCOM ist der Fehler "%%1084" aufgetreten, als der Dienst "EventSystem" mit den Argumenten ""
gestartet wurde, um den folgenden Server zu verwenden:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
-- End of Deckard's System Scanner: finished at 2008-02-29 15:45:20 ------------
|
|
29.02.2008, 16:24
| #14 |
| | ganz viele trojaner, bitte um hilfe Hi, nur kurz was dazwischen, Virtumundo ist nicht das (ganze) Problem: @BataAlexander: Das sollte "gekillt" werden.... O2 - BHO: Gamburg provider - {0CA10898-7F98-4709-A479-B8134AB3D9F3} - klsock.dll (file missing) O2 - BHO: (no name) - {2C0AD99D-B8D2-47A0-95BE-B56E1253585E} - C:\WINDOWS\system32\tussr.dll (file missing) O4 - HKLM\..\Policies\Explorer\Run: [SystemManager] C:\WINDOWS\system32\msgina2.exe O4 - HKCU\..\Run: [JavaCore] C:\Programme\JavaCore\JavaCore.exe O23 - Service: Microsoft security update service (msupdate) - Unknown owner - C:\WINDOWS\system32\msvcrtd.exe WinSock per LSP-fix reparieren! O10 - Unknown file in Winsock LSP: C:\WINDOWS\system32\worsock.dll chris, auf dem Weg zur Autowerkstatt....
__________________  Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden  ) |
|
29.02.2008, 16:25
| #15 |
| > MalwareDB | ganz viele trojaner, bitte um hilfe Nun mal ein ernstes Wort, die Kiste ist immer noch voll bis oben hin mit Schädlingen, diverese Backdoors etc. Ich sehe auch das Du einige P2P Software installiert hast und vermute das der Befall daher kommt. Sinn macht ein Reinigung unter den Umständen meiner Meinung nach nicht! Versuchen kann man es, damit Du z.B. ein vernünftiges Backuo machen kannst. Deine Entscheidung, wenn weiter, dann so Combofix - Download ComboFix von hier oder hier auf Deinen Desktop. - Mache einen Doppelklick auf combofix.exe - Wenn combofix fertig ist, legt es ein Logfile an. Poste dieses Logfile und ein neues HJT Logfile als nächste Antwort Achtung: Während Combofix läuft klicke nichts an, und benutze den Rechner nicht. Edit: Das es hier mehr als einen Schädling geht haben alle beteiligten gemerkt  Hallo Chris4You Geändert von BataAlexander (29.02.2008 um 16:33 Uhr) |
|
| Themen zu ganz viele trojaner, bitte um hilfe |
| ad-aware, adobe, antivir, avg, avira, bho, bitte um hilfe, c:\windows\temp, drivers, excel, explorer, firefox, helfen, helper, hijack, hijackthis, internet, internet explorer, launch, mein log, microsoft security, mozilla, mozilla firefox, pieps, programme, quara, security, security update, software, superantispyware, system, temp, torrent.exe, trojaner, windows, windows xp, windows\temp |
Linear-Darstellung
