ich weiß nicht mehr weiter =(

benn1990 · 22.06.2008, 10:20

hallo,

Hallo,
ich hab folgendes Problem und hoffe hier endlich ne Lösung zu finden.
Nun ja es öffnet sich andauernd Internetseiten automatisch im schnitt jede 2 min wenn ich im web unterwegs bin sogar wenn ich nur aufen Desktop bin passiert das,
hab nach gegoogelt gibt viele mit dem selben Problem aber nirgens fand ich ne globale Lösung dafür.
Persönlich hab ich 2 Viereprogramme die stänstig am laufen sind einmal AVAST und dann noch Spyrware Doctor, trotzallem passiert das,

naja ich wird ja auch den rechner einfach Formatieren aber hab damals den PC gekauft wo Vista schon draufinstaliert war und mir liegen halt keine Vista-Instalations CD's vor deswegen währs schön wenn ich die scheiße auch so weg bekommen würde.

Zumindestens hab ich rausbekommen was es warscheinlich ist, seihe hier: http://www.trojaner-board.de/28388-a...n-swizzor.html

naja hab net so viel Ahnung aber ich poste mal "mein LogFile"

Logfile of Trend Micro HijackThis v2.0.2

[edit]
bitte editiere zukünftig deine links, wie es dir u.a. hier angezeigt wird:
http://www.trojaner-board.de/22771-a...tml#post171958

danke
GUA

[/edit]

nochdigger · 22.06.2008, 11:25

Hallo

Zitat:

Zumindestens hab ich rausbekommen was es warscheinlich ist...

gut, dann suche bitte unter Programme nach CID-Helper oder CID-Sponsorenprogramm o.ä. und deinstalliere dies.
Im besten Fall könnte es das schon gewesen sein, wenn nicht erstelle ein frisches HijackThis Log nach Anleitung wie Gua es verlinkt hat.

MFG

benn1990 · 22.06.2008, 12:17

hi,

ich hab nun mal alle verdächtigen und nutzlosen Programme entfernt,
mir ist zwar kein Programm namens CID-Helper oder CID-Sponsorenprogramm aufgefahlen aber naja,

hier mein neues HijackThis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:13:13, on 22.06.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.17184)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\buffed\BLASC.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Xfire\xfire.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\***\Desktop\Neuer Ordner\HijackThis.exe
C:\Windows\system32\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (file missing)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [Software4u-UpdateServer] C:\Program Files\S.A.D\Registry CleanUP 2008\Software4u.UpdateServer.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [fsc-reg] C:\ProgramData\fsc-reg\fscreg.exe 20080611
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BLASC] "C:\Program Files\buffed\BLASC.exe" silent
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: FSCLBaseUpdaterService - Unknown owner - c:\Program Files\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 7418 bytes

ich hoffe jemand hat ne lösung,

ich danke vielmals

nochdigger · 22.06.2008, 12:50

Hallo

Hast du einen Fujitsu Siemens Computer?

Lass bitte diese Datei
C:\Program Files\S.A.D\Registry CleanUP 2008\Software4u.UpdateServer.exe
mal hier Virustotal, hier virscan.org
oder hier Jotti überprüfen (kann einige Minuten dauern),
poste die Ergebnisse mit der Angabe der Größe der hochgeladenen Datei sowie die MD5 und SHA1 Angaben,
bitte auch wenn nichts gefunden wurde.

Dann bitte DSS ausführen
Deckards System Scanner (DSS)

Hier gibt es das Tool -> dss.exe

* Schließe alle Anwendungen
* Doppelklicke dss.exe um das Programm zu starten
* Wenn der Scan abgeschlossen ist wird sich ein Notepad mit dem Inhalt
der main.txt öffnen.
Ein weiteres Logfile, die extra.txt liegt im Verzeichnis
c:\Deckard\SystemScanner\extra.txt
* Kopiere den Inhalt der beiden Logfiles in diesen Thread, bitte als ['CODE]['/CODE] das ist das Rautesymbol # in der Antwortbox

Was Deckards System Scanner macht:

* Es Erstellt einen System Wiederherstellungspunkt
* es säubert die temporären Dateien, Downloaded Program Files, Internet
Cache Dateien und es leert den Mülleimer auf allen Lauferken.

MFG

benn1990 · 22.06.2008, 13:33

hi,

hab das so gemacht wie du beschrieben hast, alle 3 haben "leider" nix gefunden hier die ergebnisse:

Dateiname : Software4u.UpdateServer.exe
Größe : 36864 byte
Typ : MS Windows PE 32-bit Intel 80386 GUI executable
MD5 : 65e1ca3b0e909dcb8804ec2dd358d284
SHA1 : d00f9786bf2824e7fad13da640c8ea86e0f32db1

deine Vermutung war korrekt hab einen Fujitsu Siemens Computer,

Code:

ATTFilter

Deckard's System Scanner v20071014.68
Run by Conan on 2008-06-22 14:20:15
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 2 Restore Point(s) --
2: 2008-06-22 11:36:26 UTC - RP270 - Windows Live Anmelde-Assistent wird entfernt
1: 2008-06-22 11:23:59 UTC - RP269 - Removed Microsoft Office Enterprise 2007


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Conan.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:23:52, on 22.06.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.17184)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
c:\Program Files\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\system32\conime.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\System32\mobsync.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Conan\AppData\Local\ucsesai.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\Conan\Desktop\dss.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Conan\Desktop\NEUERO~1\Conan.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (file missing)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [Software4u-UpdateServer] C:\Program Files\S.A.D\Registry CleanUP 2008\Software4u.UpdateServer.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [fsc-reg] C:\ProgramData\fsc-reg\fscreg.exe 20080611
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BLASC] "C:\Program Files\buffed\BLASC.exe" silent
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ucsesai] c:\users\conan\appdata\local\ucsesai.exe ucsesai
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O13 - Gopher Prefix: 
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: FSCLBaseUpdaterService - Unknown owner - c:\Program Files\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 9298 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

S3 MOUSEWDFilter - \??\c:\windows\system32\drivers\mousewd.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 FSCLBaseUpdaterService - "c:\program files\fujitsu siemens computers\fsclounge\fscwbaseupdaterservice\2\fscwbaseupdaterservice.exe" <Not Verified; ; FSCWBaseUpdaterService>

S2 CLTNetCnService (Symantec Lic NetConnect service) - "c:\program files\common files\symantec shared\ccsvchst.exe" /h cccommon (file missing)
S3 gusvc (Google Updater Service) - "c:\program files\google\common\google updater\googleupdaterservice.exe" (file missing)
S3 ServiceLayer - "c:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-06-20 16:31:59       408 --a------ C:\Windows\Tasks\Norton Security Scan.job


-- Files created between 2008-05-22 and 2008-06-22 -----------------------------

2008-06-22 11:54:00         0 d-------- C:\Users\All Users\Office Genuine Advantage
2008-06-22 11:10:40         0 d-------- C:\Program Files\Panda Security
2008-06-22 10:38:30     21129 --a------ C:\Windows\system32\msdx92.dll
2008-06-22 10:38:30         0 d-------- C:\Users\All Users\Software4u
2008-06-22 10:38:15         0 d-------- C:\Program Files\S.A.D
2008-06-22 10:18:24         0 d-------- C:\!KillBox
2008-06-17 13:29:23        23 --ahs---- C:\Windows\system32\dadbd_g.dll
2008-06-17 13:00:39         0 d-------- C:\Program Files\Web Photo Album
2008-06-17 13:00:36         0 d-------- C:\Program Files\Jpeg Enhancer
2008-06-14 16:37:54         0 d-------- C:\Program Files\Common Files\SWF Studio
2008-06-14 16:37:52   1305232 --a------ C:\Windows\ZDFheute_Bildschirmschoner.scr <Not Verified; ZDF; ZDFheute Bildschirmschoner>
2008-06-14 16:37:52     45056 --a------ C:\Windows\NCUNINST.EXe <Not Verified; Northern Codeworks; Uninstall>
2008-06-14 16:37:52     69632 --a------ C:\Windows\NCLAUNCH.EXe <Not Verified; Northcode Inc.; SWF Studio Launcher>
2008-06-06 19:36:11         0 d-------- C:\Users\Conan\Application Data
2008-06-06 19:36:11         0 d-------- C:\Users\Conan\Application Data\Adobe
2008-06-06 19:36:06         0 d-------- C:\Program Files\Adobe Media Player


-- Find3M Report ---------------------------------------------------------------

2008-06-22 14:13:19         0 d-------- C:\Users\Conan\AppData\Roaming\StarOffice8
2008-06-22 13:59:10         0 d-------- C:\Users\Conan\AppData\Roaming\Xfire
2008-06-22 13:56:11        12 --a------ C:\Windows\bthservsdp.dat
2008-06-22 13:52:24         0 d-------- C:\Users\Conan\AppData\Roaming\uTorrent
2008-06-22 12:16:40         0 d-------- C:\Users\Conan\AppData\Roaming\OpenOffice.org2
2008-06-22 12:14:44         0 --a------ C:\Users\Conan\AppData\Roaming\wklnhst.dat
2008-06-22 10:38:28         0 d-------- C:\Users\Conan\AppData\Roaming\Software4u
2008-06-22 10:32:43         0 d-------- C:\Program Files\Windows Live
2008-06-22 05:32:21         0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-06-20 20:03:40         0 d-------- C:\Program Files\Spyware Doctor
2008-06-20 19:59:45    618192 --a------ C:\Windows\system32\perfh007.dat
2008-06-20 19:59:45    122442 --a------ C:\Windows\system32\perfc007.dat
2008-06-20 15:00:00         0 d-------- C:\Program Files\Norton Security Scan
2008-06-19 18:36:26         0 d-------- C:\Users\Conan\AppData\Roaming\teamspeak2
2008-06-17 13:01:54         0 d-------- C:\Users\Conan\AppData\Roaming\PanoramaStudio
2008-06-14 16:37:54         0 d-------- C:\Program Files\Common Files
2008-06-13 13:27:25         0 d-------- C:\Program Files\Windows Mail
2008-06-10 12:50:53         0 d-------- C:\Program Files\Xfire
2008-06-07 21:44:01         0 d-------- C:\Program Files\Common Files\Adobe
2008-06-07 17:42:43         0 d-------- C:\Program Files\Google
2008-06-06 19:35:33         0 d-------- C:\Users\Conan\AppData\Roaming\Adobe
2008-05-20 18:04:49         0 d-------- C:\Program Files\buffed
2008-05-10 19:14:00         0 d-------- C:\Program Files\ICQLite
2008-05-01 20:48:28         0 d-------- C:\Program Files\Common Files\xing shared
2008-05-01 20:48:23         0 d-------- C:\Program Files\Common Files\Real
2008-04-26 20:48:51         0 d-------- C:\Users\Conan\AppData\Roaming\Nokia
2008-04-26 20:35:29         0 d-------- C:\Users\Conan\AppData\Roaming\Nokia Multimedia Player
2008-04-26 20:33:56         0 d-------- C:\Users\Conan\AppData\Roaming\PC Suite
2008-04-26 20:31:34         0 d-------- C:\Program Files\Common Files\Nokia
2008-04-26 20:31:32         0 d-------- C:\Program Files\Common Files\PCSuite
2008-04-26 20:31:28         0 d-------- C:\Program Files\Nokia
2008-04-26 20:31:18         0 d-------- C:\Program Files\DIFX
2008-04-26 20:30:25         0 d-------- C:\Program Files\PC Connectivity Solution
2008-04-22 23:15:45         0 d-------- C:\Program Files\Winamp Remote


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [19.01.2008 09:38]
"RtHDVCpl"="RtHDVCpl.exe" [01.10.2007 11:53 C:\Windows\RtHDVCpl.exe]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [26.02.2007 21:46]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22.02.2008 05:25]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [16.05.2008 01:19]
"ICQ Lite"="C:\Program Files\ICQLite\ICQLite.exe" [11.07.2006 12:15]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [24.08.2007 08:00]
"Skytel"="Skytel.exe" [03.08.2007 13:22 C:\Windows\SkyTel.exe]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [06.11.2007 21:00]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [06.11.2007 21:00]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [06.11.2007 21:00]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [01.05.2008 20:47]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11.01.2008 22:16]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [01.02.2008 12:55]
"Software4u-UpdateServer"="C:\Program Files\S.A.D\Registry CleanUP 2008\Software4u.UpdateServer.exe" [28.05.2008 14:41]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [19.01.2008 09:33]
"fsc-reg"="C:\ProgramData\fsc-reg\fscreg.exe" [08.11.2007 15:38]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [19.01.2008 09:33]
"BLASC"="C:\Program Files\buffed\BLASC.exe" [20.05.2008 18:05]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [19.01.2008 09:33]
"ucsesai"="c:\users\conan\appdata\local\ucsesai.exe" [20.06.2008 12:33]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"ICQ Lite"=C:\Program Files\ICQLite\ICQLite.exe -trayboot

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

C:\Users\Conan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Xfire.lnk - C:\Program Files\Xfire\xfire.exe [03.06.2008 02:56:46]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableUIADesktopToggle"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService	nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE Mcx2Svc WebClient SstpSvc
LocalSystemNetworkRestricted	hidserv WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum UxSms
bthsvcs	BthServ


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- Hosts -----------------------------------------------------------------------

127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com

8032 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-06-22 14:25:43 ------------

benn1990 · 22.06.2008, 13:34

hat nicht beides aufgepasst also hier ist teil 2 der "extra.txt"

Code:

ATTFilter

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Home Premium  (build 6001) SP 1.0
Architecture: X86; Language: German

CPU 0: Intel(R) Core(TM)2 Quad CPU    Q6600  @ 2.40GHz
Percentage of Memory in Use: 42%
Physical Memory (total/avail): 2046.58 MiB / 1168.19 MiB
Pagefile Memory (total/avail): 4334.22 MiB / 3260.23 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1885.2 MiB

C: is Fixed (NTFS) - 216.41 GiB total, 45.07 GiB free. 
D: is Fixed (NTFS) - 107.22 GiB total, 16.76 GiB free. 
E: is CDROM (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
J: is Removable (No Media)
K: is Removable (No Media)

\\.\PHYSICALDRIVE0 - ST3360320AS ATA Device - 335.35 GiB - 3 partitions
  \PARTITION0 - Unknown - 11.72 GiB
  \PARTITION1 (bootable) - Installierbares Dateisystem - 216.41 GiB - C:
  \PARTITION2 - Installierbares Dateisystem - 107.22 GiB - D:

\\.\PHYSICALDRIVE1 - Generic 2.0 Reader    -0 USB Device

\\.\PHYSICALDRIVE2 - Generic 2.0 Reader    -1 USB Device

\\.\PHYSICALDRIVE3 - Generic 2.0 Reader    -2 USB Device

\\.\PHYSICALDRIVE4 - Generic 2.0 Reader    -3 USB Device

\\.\PHYSICALDRIVE5 - Generic 2.0 Reader    -4 USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AV: avast! antivirus 4.8.1201 [VPS 080621-0] v4.8.1201 (ALWIL Software)
AS: Spyware Doctor v5.5.0.204 (PC Tools)
AS: Windows-Defender v1.1.1505.0 (Microsoft Corporation)
AS: avast! antivirus 4.8.1201 [VPS 080621-0] v4.8.1201 (ALWIL Software)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Conan\AppData\Roaming
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=HOME
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\Conan
LOCALAPPDATA=C:\Users\Conan\AppData\Local
LOGONSERVER=\\HOME
NUMBER_OF_PROCESSORS=4
OS=Windows_NT
Path=C:\Program Files\PC Connectivity Solution\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\Common Files\Ulead Systems\MPEG
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 11, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f0b
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\Conan\AppData\Local\Temp
TMP=C:\Users\Conan\AppData\Local\Temp
USERDOMAIN=Home
USERNAME=Conan
USERPROFILE=C:\Users\Conan
windir=C:\Windows


-- User Profiles ---------------------------------------------------------------

Conan


-- Add/Remove Programs ---------------------------------------------------------

 --> "C:\Program Files\InstallShield Installation Information\{BB8AE808-F003-4C7F-B56B-8C80EEAFFE23}\setup.exe" --u:{BB8AE808-F003-4C7F-B56B-8C80EEAFFE23}
 --> C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
 --> C:\Windows\UNNeroMediaHome.exe /UNINSTALL
 --> C:\Windows\UNNeroShowTime.exe /UNINSTALL
 --> C:\Windows\UNNeroVision.exe /UNINSTALL
 --> C:\Windows\UNRecode.exe /UNINSTALL
 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34449598-3F4B-43B5-A996-84A7345FD15F}\setup.exe" -l0x9 
 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B95708FA-609B-4F7F-A50C-76D2338464AE}\setup.exe" -l0x9 
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
Activation Assistant for the 2007 Microsoft Office suites --> "C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Media Player --> MsiExec.exe /I{1EBB57D4-63FF-87CC-A0F0-D73982CF6008}
Adobe Reader 8.1.2 - Deutsch --> MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A81200000003}
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
avast! Antivirus --> C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
BLASC 2.0 --> C:\Program Files\buffed\UnInstaller.exe
Free Video to Mp3 Converter version 2.8 --> "C:\Program Files\DVDVideoSoft\Free Video to Mp3 Converter\unins000.exe"
Free YouTube to Mp3 Converter version 2.4 --> "C:\Program Files\DVDVideoSoft\Free YouTube to Mp3 Converter\unins000.exe"
FSCLounge --> MsiExec.exe /I{9A3BC157-B94F-4EFD-ABA9-1E56DEB00655}
HijackThis 2.0.2 --> "C:\Users\Conan\Desktop\Neuer Ordner\HijackThis.exe" /uninstall
HyperMediaCenter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AE9C8073-B7CA-4BE3-BC3A-8797109343BE}\Setup.exe" -l0x7 
ICQ 5.1 --> C:\Program Files\ICQLite\ICQLiteUninstall.EXE
InstallRTC --> MsiExec.exe /X{200F584F-848D-4B6B-B1A1-C74D735F18A4}
Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Kaspersky Online Scanner --> C:\Windows\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint Viewer 2007 (German) --> MsiExec.exe /X{95120000-00AF-0407-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works --> MsiExec.exe /I{39D0E034-1042-4905-BECB-5502909FCB7C}
MobMap 1.58 --> "C:\Users\Conan\Saved Games\World of Warcraft\Interface\AddOns\MobMapUpdater\unins000.exe"
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVC80_x86 --> MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
Nero 7 Essentials --> MsiExec.exe /X{81CD6232-10F5-4832-B3DA-1B88B1571031}
Nokia Connectivity Cable Driver --> MsiExec.exe /X{4F1DCA42-2030-437C-A94E-736692A499C1}
Nokia Multimedia Factory --> "C:\ProgramData\Installations\{4CFB3821-1582-4f3b-BF8D-30986923B36B}\Nokia_Multimedia_Factory_2_0.exe" /MAINTENANCE /SILENT="SWLPCER" /LANG="2057" /MSI_COMMON_OPTIONS="PCSLANG= MMFLANG=eng"
Nokia Multimedia Factory --> MsiExec.exe /I{4CFB3821-1582-4F3B-BF8D-30986923B36B}
Nokia PC Suite --> C:\ProgramData\Installations\{9C05FA75-0337-4523-AA57-9D3511018887}\Nokia_PC_Suite_rel_6_86_9_3_ger_web.exe
Nokia PC Suite --> MsiExec.exe /I{9C05FA75-0337-4523-AA57-9D3511018887}
Nokia Video Manager --> "C:\ProgramData\Installations\{B1B4E612-9ACC-4fab-BD04-1721D9503266}\NokiaVideoManager1.6.exe" /MAINTENANCE /SILENT="SGWLRPFCE" /LANG="1031" /O=";EXTUNINSTALL=1"
Nokia Video Manager --> MsiExec.exe /I{B1B4E612-9ACC-4FAB-BD04-1721D9503266}
Norton Security Scan --> MsiExec.exe /I{D4D9F101-9C35-477E-88FC-935415CD9916}
NVIDIA Drivers --> C:\Windows\system32\NVUNINST.EXE UninstallGUI
OpenOffice.org 2.3 --> MsiExec.exe /I{DD5B65F7-7CA5-4DE4-AEE7-7E8F26BF78F5}
PC Connectivity Solution --> MsiExec.exe /I{AC599724-5755-48C1-ABE7-ABB857652930}
Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe"
Realtek High Definition Audio Driver --> RtlUpd.exe -r -m
Registry CleanUP 2008 --> "C:\Program Files\S.A.D\Registry CleanUP 2008\unins000.exe"
RegSupreme --> "C:\Program Files\RegSupreme\unins000.exe"
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Excel 2007 (KB946974) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Microsoft Office Publisher 2007 (KB950114) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB951808) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office Word 2007 (KB950113) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Office 2007 (KB947801) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for Outlook 2007 (KB946983) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {66B9496E-C0C3-4065-9868-85CCA92126C3}
Security Update for Visio 2007 (KB947590) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
Spyware Doctor 5.5 --> C:\Program Files\Spyware Doctor\unins000.exe /LOG
StarOffice 8 --> MsiExec.exe /I{0ED5C5EF-1BA0-4289-B71F-BACBE1F7EEAE}
StarOffice 8 Product Update 9 --> MsiExec.exe /X{EDB8BB14-ED14-4AEF-BACC-DE952E56F57E}
TeamSpeak 2 RC2 --> "C:\Program Files\Teamspeak2_RC2\unins000.exe"
Update for Office 2007 (KB946691) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb950378) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F6296086-AED5-4EC0-938B-08EA0254F20E}
Vista Codec Package --> MsiExec.exe /I{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}
Winamp --> "C:\Program Files\Winamp\UninstWA.exe"
Windows-Treiberpaket - Nokia Modem (03/05/2008 3.7) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nokia_bluetooth.inf_ce5ad925\nokia_bluetooth.inf
Windows-Treiberpaket - Nokia Modem (03/13/2008 6.86.0.1) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nokbtmdm.inf_674398ba\nokbtmdm.inf
Windows-Treiberpaket - Nokia pccsmcfd (10/12/2007 6.85.4.0) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\system32\DRVSTORE\pccsmcfd_4A1E30386F4D0DEC8F5DF262CFBD8845EEBAB175\pccsmcfd.inf
Windows Installer Clean Up --> MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52}
Windows Live installer --> MsiExec.exe /X{7A7B0BF3-2F00-4F03-8A9B-6ABCC07B90C6}
Windows Live OneCare safety scanner --> MsiExec.exe /X{FE0646A7-19D0-41B4-A2BB-2C35D644270D}
Windows Media Player Firefox Plugin --> MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows Media Tools 4.0 --> C:\Program Files\Windows Media Components\Tools\_insttoo.exe /U
WinRAR --> C:\Program Files\WinRAR\uninstall.exe
World of Warcraft --> C:\Program Files\Common Files\Blizzard Entertainment\WORLD OF WARCRAFT\Uninstall.exe
Xfire (remove only) --> "C:\Program Files\Xfire\uninst.exe"
Zoom Player (remove only) --> "C:\Program Files\Zoom Player\uninstall.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type25358 / Success
Event Submitted/Written: 06/22/2008 01:57:18 PM
Event ID/Source: 5617 / WinMgmt
Event Description:


Event Record #/Type25357 / Success
Event Submitted/Written: 06/22/2008 01:57:15 PM
Event ID/Source: 5615 / WinMgmt
Event Description:


Event Record #/Type25354 / Success
Event Submitted/Written: 06/22/2008 01:57:11 PM
Event ID/Source: 902 / Software Licensing Service
Event Description:
Der Softwarelizenzierungsdienst wurde gestartet.

Event Record #/Type25340 / Warning
Event Submitted/Written: 06/22/2008 01:56:01 PM
Event ID/Source: 1530 / profsvc
Event Description:
Es wurde festgestellt, dass Ihre Registrierungsdatei noch von anderen Anwendungen oder Diensten verwendet wird. Die Datei wird nun entladen. Die Anwendungen oder Dienste, die Ihre Registrierungsdatei anhalten, funktionieren anschließend u. U. nicht mehr ordnungsgemäß.  

 DETAIL - 
 1 user registry handles leaked from \Registry\User\S-1-5-21-1436272777-3953240225-3870684877-1000_Classes:
Process 932 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1436272777-3953240225-3870684877-1000_CLASSES

Event Record #/Type25339 / Warning
Event Submitted/Written: 06/22/2008 01:55:59 PM
Event ID/Source: 1530 / profsvc
Event Description:
Es wurde festgestellt, dass Ihre Registrierungsdatei noch von anderen Anwendungen oder Diensten verwendet wird. Die Datei wird nun entladen. Die Anwendungen oder Dienste, die Ihre Registrierungsdatei anhalten, funktionieren anschließend u. U. nicht mehr ordnungsgemäß.  

 DETAIL - 
 1 user registry handles leaked from \Registry\User\S-1-5-21-1436272777-3953240225-3870684877-1000:
Process 932 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1436272777-3953240225-3870684877-1000



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type54792 / Error
Event Submitted/Written: 06/22/2008 01:57:10 PM
Event ID/Source: 15016 / HTTP
Event Description:
\Device\Http\ReqQueueKerberos

Event Record #/Type54776 / Warning
Event Submitted/Written: 06/22/2008 01:56:16 PM
Event ID/Source: 4001 / Microsoft-Windows-WLAN-AutoConfig
Event Description:


Event Record #/Type54753 / Warning
Event Submitted/Written: 06/22/2008 01:55:47 PM
Event ID/Source: 3004 / WinDefend
Event Description:
Vom %Home27-Echtzeitschutz-Agent wurden Änderungen erkannt. Microsoft empfiehlt, die Software, die diese Änderungen vorgenommen hat, zu analysieren, um potenzielle Risiken festzustellen. Sie können anhand der Informationen über die Funktionsweise dieser Programme entscheiden, ob die Software ausgeführt werden kann oder vom Computer entfernt werden soll. Lassen Sie nur Änderungen zu, wenn das Programm oder der Softwareherausgeber vertrauenswürdig ist. %Home27 kann Änderungen, die Sie zugelassen haben, nicht mehr rückgängig machen.

Weitere Informationen finden Sie im Folgenden:
%Home275

	Scan-ID: {C130A8F8-91D0-4520-844E-4CED24D78661}
 
	Benutzer: Home\Conan

	Name: %Home271

	ID: %Home272

	Schweregrad-ID: %Home273

	Kategorie-ID: %Home274

	Gefundener Pfad: %Home276

	Warnungsart: %Home278

	Feststellungstyp:  1.1.1600.02

Event Record #/Type54752 / Warning
Event Submitted/Written: 06/22/2008 01:55:47 PM
Event ID/Source: 3004 / WinDefend
Event Description:
Vom %Home27-Echtzeitschutz-Agent wurden Änderungen erkannt. Microsoft empfiehlt, die Software, die diese Änderungen vorgenommen hat, zu analysieren, um potenzielle Risiken festzustellen. Sie können anhand der Informationen über die Funktionsweise dieser Programme entscheiden, ob die Software ausgeführt werden kann oder vom Computer entfernt werden soll. Lassen Sie nur Änderungen zu, wenn das Programm oder der Softwareherausgeber vertrauenswürdig ist. %Home27 kann Änderungen, die Sie zugelassen haben, nicht mehr rückgängig machen.

Weitere Informationen finden Sie im Folgenden:
%Home275

	Scan-ID: {C43C793C-65DC-4249-B789-B84DEAF3FE29}
 
	Benutzer: Home\Conan

	Name: %Home271

	ID: %Home272

	Schweregrad-ID: %Home273

	Kategorie-ID: %Home274

	Gefundener Pfad: %Home276

	Warnungsart: %Home278

	Feststellungstyp:  1.1.1600.02

Event Record #/Type54751 / Error
Event Submitted/Written: 06/22/2008 01:55:47 PM
Event ID/Source: 10010 / DCOM
Event Description:
{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}



-- End of Deckard's System Scanner: finished at 2008-06-22 14:25:43 ------------

benn1990 · 22.06.2008, 22:21

hat wer noch ne idee?

nochdigger · 22.06.2008, 22:41

Hallo

Zitat:

hat wer noch ne idee?

nur nicht drängeln und so schnell geb ich nicht auf

Lass diese Dateien
C:\Users\Conan\AppData\Local\ucsesai.exe
C:\Windows\system32\dadbd_g.dll
bitte ebenfalls auswerten und poste das Ergebnis.

MFG

benn1990 · 23.06.2008, 10:05

danke dir

bin froh das mir überhaupt jemand hilft,

hab die daten mal gescannt und hier die Ergebnisse:

Datei ucsesai.exe empfangen 2008.06.23 10:54:10 (CET)
Status: Laden ... Wartend Warten Überprüfung Beendet Nicht gefunden Gestoppt
Ergebnis: 3/33 (9.1%)
Ikarus T3.1.1.26.0 2008.06.23 Trojan.Win32.Skintrim.B
Kaspersky 7.0.0.125 2008.06.23 -
McAfee 5322 2008.06.20 -
Microsoft 1.3604 2008.06.23 Trojan:Win32/Skintrim.B
Webwasher-Gateway 6.6.2 2008.06.23 Win32.Vulnerable.gen!High (suspicious)

File size: 364544 bytes
MD5...: b90e613c2cac384dd622012af67e31c6
SHA1..: ea7889760d6f71dca9fa4c4823aed7b719deccd3

sieht aus das bei der ersten Datei was gefunden worden ist,
bei der zweiten dagegen sieht clear aus

Dateiname : dadbd_g.dll
Größe : 23 byte
Typ : data
MD5 : b38bae23dc16b37944699b0d24226d24
SHA1 : 075090987ca389e40ac44d39cab8054e54d74e64
Ergebnis: 0/33 (0%)

öhm ich hab von jemand anderen gehört das es sich auch um "navipromo" handeln könnte,
keine ahung was das genau ist aber vllt hilft dir der tipp weiter

nochdigger · 23.06.2008, 13:30

Hallo

lass bitte navilog dein System untersuchen.
(Anleitung bei myrtille entliehen

)

Zitat:

Hinweis:
Navilog1.exe wir von einigen Antivirenprogrammen als bösartig erkannt deaktiviere daher zuerst den Hintergrundwächter deines Antivirenprogramms

Bitte lade Dir Navilog1 von IL-MAFIOSO herunter.

Führe die Datei navilog1.exe aus, eine Installationsroutine wird beginnen.
Sollte das Programm nach Abschluß der Installation nicht automatisch gestartet werden, führe es bitte per
Doppelklick auf das Navilog1-Shortcut auf deinem Desktop aus.
Wähle E für Englisch im Sprachenmenü
Wähle 1 im nächsten Menü um "Suche" auszuwählen. Bestätige mit Enter.
Die Dauer des Scans kann variieren, bitte abwarten. Wenn du aufgefordert wirst, eine Taste zu drücken, tue dies bitte.
Ein neues Dokument sollte erstellt und geöffnet werden: fixnavi.txt.
Bitte füge den Inhalt dieser Datei in deine nächste Antwort ein.

Der Bericht wird außerdem im Hauptverzeichnis (z.B.: "C:\") erstellt.

MFG