Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
was ist den nun los

was ist den nun los


Plagegeister aller Art und deren Bekämpfung: was ist den nun los

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 06.06.2008, 11:45   #15
zenx
 
was ist den nun los - Standard

was ist den nun los


hier nun die logs

muss leider immer ne neue antwort machen da sonst zuviel zeichen sind sorry

Main.txt :

Deckard's System Scanner v20071014.68
Run by mpi on 2008-06-07 10:43:50
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 4 Restore Point(s) --
4: 2008-06-07 08:43:53 UTC - RP270 - Deckard's System Scanner Restore Point
3: 2008-06-07 08:30:54 UTC - RP269 - ComboFix created restore point
2: 2008-05-29 15:53:48 UTC - RP268 - Systemprüfpunkt
1: 2008-05-28 13:03:44 UTC - RP267 - Software Distribution Service 3.0


Backed up registry hives.
Performed disk cleanup.

System Drive C: has 0.69 GiB (less than 15%) free.


-- HijackThis (run as mpi.exe) -------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 10:44:39, on 07.06.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
D:\Programme\QuickTime\qttask.exe
d:\Programme\Logitech\MouseWare\system\em_exec.exe
D:\Programme\Winamp\winampa.exe
F:\Programme\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
C:\Programme\Gemeinsame Dateien\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\MSN Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Dokumente und Einstellungen\mpi\Desktop\dss.exe
C:\DOKUME~1\mpi\Desktop\mpi.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = fritz.box
R3 - URLSearchHook: UR-Radio Toolbar - {9b166607-8e4a-409d-bcc7-b319cb9d304a} - C:\Programme\UR-Radio\tbUR-0.dll
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: MorpheusToolbar BHO - {3F3714A1-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Programme\MorpheusBar\bar\1.bin\MORPHBAR.DLL
O2 - BHO: Burn4Free Toolbar Helper - {60BF5EE3-0105-4858-AD98-17C19F86B042} - C:\Programme\Burn4Free Toolbar\v3.3.0.0\Burn4Free_Toolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: UR-Radio Toolbar - {9b166607-8e4a-409d-bcc7-b319cb9d304a} - C:\Programme\UR-Radio\tbUR-0.dll
O3 - Toolbar: UR-Radio Toolbar - {9b166607-8e4a-409d-bcc7-b319cb9d304a} - C:\Programme\UR-Radio\tbUR-0.dll
O3 - Toolbar: Morpheus Toolbar - {3F3714A9-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Programme\MorpheusBar\bar\1.bin\MORPHBAR.DLL
O3 - Toolbar: Burn4Free Toolbar - {55FAF0F2-44D4-425F-B5F5-6B275B621EAB} - C:\Programme\Burn4Free Toolbar\v3.3.0.0\Burn4Free_Toolbar.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Verknüpfung mit der High Definition Audio-Eigenschaftenseite] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "D:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] d:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CloneCDTray] "d:\Programme\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [Corel File Shell Monitor] F:\Programme\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Windows Messanger Control Center] svchosl.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Programme\Gemeinsame Dateien\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ICQ] "D:\ICQ6\ICQ.exe" silent
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\programme\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - h**p://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://h**p://messenger.zone.msn.com.../GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1169724472421
O16 - DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} (Navigram Control) - h**p://www.navigram.com/engine/v910/Navigram.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://h**p://messenger.zone.msn.com...t.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe


-- HijackThis Fixed Entries (C:\DOKUME~1\mpi\Desktop\backups\) -----------------

backup-20080606-125231-214 O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe (file missing)
backup-20080606-125231-225 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
backup-20080606-125231-370 R3 - URLSearchHook: (no name) - {D73F49B6-B51B-4d32-A3B7-BD04B8342F53} - (no file)
backup-20080606-125231-400 O2 - BHO: (no name) - {D73F49B1-B51B-4d32-A3B7-BD04B8342F53} - (no file)

-- File Associations -----------------------------------------------------------

.js - jsfile - DefaultIcon - "G:\Dreamweaver cs3\****\Dreamweaver.exe",7
.js - jsfile - shell\open\command - "G:\Dreamweaver cs3\*****\Dreamweaver.exe","%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfvfs02 (StarForce Protection VFS Driver (version 2.x)) - c:\windows\system32\drivers\sfvfs02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sisidex - c:\windows\system32\drivers\sisidex.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
R0 sisperf (Add Performance Filter Driver) - c:\windows\system32\drivers\sisperf.sys <Not Verified; Silicon Integrated Systems Corp.; SiS Filer Driver>
R2 ACEDRV07 - c:\windows\system32\drivers\acedrv07.sys <Not Verified; Protect Software GmbH; >
R2 ElbyCDIO (ElbyCDIO Driver) - c:\windows\system32\drivers\elbycdio.sys <Not Verified; Elaborate Bytes AG; CDRTools>
R3 3xHybrid (Pinnacle PCTV 300i Stereo DVB-T) - c:\windows\system32\drivers\3xhybrid.sys <Not Verified; Philips Semiconductors GmbH; Philips Semiconductors 3xHybrid>
R3 cmudax (C-Media High Definition Audio Interface) - c:\windows\system32\drivers\cmudax.sys <Not Verified; C-Media Inc; C-Media Audio Driver (WDM)>
R3 ElbyCDFL - c:\windows\system32\drivers\elbycdfl.sys <Not Verified; SlySoft, Inc.; CloneCD>

S3 AVMUNET (AVM FRITZ!Box) - c:\windows\system32\drivers\avmunet.sys <Not Verified; AVM GmbH; AVM USB Network-Driver>
S3 Bridge (MAC-Brücke) - c:\windows\system32\drivers\bridge.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 BridgeMP (MAC-Brückenminiport) - c:\windows\system32\drivers\bridge.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 MPE (BDA MPE Filter) - c:\windows\system32\drivers\mpe.sys <Not Verified; Microsoft Corporation; Microsoft(R) Windows(R) Operating System>
S3 WpdUsb - c:\windows\system32\drivers\wpdusb.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 AntiVirScheduler (AntiVir PersonalEdition Classic Planer) - c:\programme\antivir personaledition classic\sched.exe <Not Verified; Avira GmbH; AntiVir Workstation>
R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - c:\programme\bonjour\mdnsresponder.exe <Not Verified; Apple Computer, Inc.; Bonjour>
R2 UxTuneUp (TuneUp Designerweiterung) - c:\windows\system32\svchost.exe -k netsvcs <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>

S3 FLEXnet Licensing Service - "c:\programme\gemeinsame dateien\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S3 usprserv (User Privilege Service) - c:\windows\system32\svchost.exe -k netsvcs <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-05-30 17:16:26 392 --a------ C:\WINDOWS\Tasks\1-Klick-Wartung.job


-- Files created between 2008-05-07 and 2008-06-07 -----------------------------

2008-06-14 00:49:05 0 d-------- C:\backups
2008-06-07 10:30:20 68096 --a------ C:\WINDOWS\zip.exe
2008-06-07 10:30:20 49152 --a------ C:\WINDOWS\VFind.exe
2008-06-07 10:30:20 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-06-07 10:30:20 98816 --a------ C:\WINDOWS\sed.exe
2008-06-07 10:30:20 80412 --a------ C:\WINDOWS\grep.exe
2008-06-07 10:30:20 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-06-07 10:30:19 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-06-07 10:30:19 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-06-06 12:56:42 0 d-------- C:\Programme\Malwarebytes' Anti-Malware
2008-06-05 22:30:20 3652 --a------ C:\stealer.exe


-- Find3M Report ---------------------------------------------------------------

2008-06-13 23:16:04 0 d-------- C:\Programme\MSN Messenger
2008-06-07 10:35:48 0 d-------- C:\Programme\ICQToolbar
2008-06-06 12:56:44 0 d-------- C:\Dokumente und Einstellungen\mpi\Anwendungsdaten\Malwarebytes
2008-05-26 22:51:11 421618 --a------ C:\WINDOWS\system32\perfh007.dat
2008-05-26 22:51:11 76906 --a------ C:\WINDOWS\system32\perfc007.dat
2008-05-23 17:14:29 0 d-------- C:\Dokumente und Einstellungen\mpi\Anwendungsdaten\dvdcss
2008-05-08 14:49:10 0 d-------- C:\Dokumente und Einstellungen\mpi\Anwendungsdaten\Adobe
2008-04-11 00:37:56 2828 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-04-11 00:37:52 88 -r-hs---- C:\WINDOWS\system32\FB43B021D1.sys
2008-03-20 10:03:19 1845376 --a------ C:\WINDOWS\system32\win32k.sys <Not Verified; Microsoft Corporation; Betriebssystem Microsoft® Windows®>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9b166607-8e4a-409d-bcc7-b319cb9d304a}]
18.02.2008 13:04 1555480 --a------ C:\Programme\UR-Radio\tbUR-0.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{9B166607-8E4A-409D-BCC7-B319CB9D304A}"= C:\Programme\UR-Radio\tbUR-0.dll [18.02.2008 13:04 1555480]

[-HKEY_CLASSES_ROOT\CLSID\{9B166607-8E4A-409D-BCC7-B319CB9D304A}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [22.10.2006 13:22]
"Verknüpfung mit der High Definition Audio-Eigenschaftenseite"="HDAudPropShortcut.exe" [17.03.2004 17:10 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"Logitech Utility"="Logi_MwX.Exe" [11.12.2003 10:50 C:\WINDOWS\LOGI_MWX.EXE]
"avgnt"="C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" [08.05.2008 09:19]
"QuickTime Task"="D:\Programme\QuickTime\qttask.exe" [22.02.2007 21:13]
"WinampAgent"="d:\Programme\Winamp\winampa.exe" [15.05.2007 00:22]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09.07.2001 11:50]
"CloneCDTray"="d:\Programme\SlySoft\CloneCD\CloneCDTray.exe" [27.12.2004 21:14]
"Corel File Shell Monitor"="F:\Programme\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [30.10.2007 20:52]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" []
"Windows Messanger Control Center"="svchosl.exe" []
"Corel Photo Downloader"="C:\Programme\Gemeinsame Dateien\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [31.10.2007 02:52]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04.08.2004 01:57]
"msnmsgr"="C:\Programme\MSN Messenger\MsnMsgr.exe" [19.01.2007 12:55]
"MSMSGS"="C:\Programme\Messenger\msmsgs.exe" [13.10.2004 18:24]
"ICQ"="D:\ICQ6\ICQ.exe" [01.04.2008 12:40]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoUserNameInStartMenu"=1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe
"MsnMsgr"="C:\Programme\MSN Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Photo Downloader"="D:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
"QuickTime Task"="D:\Programme\QuickTime\qttask.exe" -atboottime
"SunJavaUpdateSched"="C:\Programme\Java\jre1.5.0_11\bin\jusched.exe"
"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
"Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd
"nwiz"=nwiz.exe /install

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{92cec2b8-c4da-11db-9154-a88e1673701a}]
AutoRun\command- I:\preinst.exe

*Newly Created Service* - CATCHME



-- End of Deckard's System Scanner: finished at 2008-06-07 10:45:10 ------------[/QUOTE]

 

Themen zu was ist den nun los
abgesicherten modus, adobe, antivir, auf einmal, avg, avira, bho, bonjour, computer, control center, exe, explorer, google, helfen, hijack, hijackthis, internet, internet explorer, object, problem, rundll, software, starten, system, unknown file in winsock lsp, urlsearchhook, virus, windows, windows xp, wurm


« TR/VB.aqt.24 und W32.Fakerecy - wie entfernen ???? | Warning Spayware detectet... »


Zum Thema was ist den nun los - hier nun die logs muss leider immer ne neue antwort machen da sonst zuviel zeichen sind sorry Main.txt : Deckard's System Scanner v20071014.68 Run by mpi on 2008-06-07 10:43:50 Computer - was ist den nun los...
Archiv
Du betrachtest: was ist den nun los auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19