| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Ständige Meldung "System Error !"Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
30.06.2008, 19:31
| #1 |
| |  Ständige Meldung "System Error !" Seit ein einigen stunden habe ich so eine fehlermeldung. Egal was ich mache ,immer kommt die fehler meldung! Im Explorer wenn ich Ordner vor und zurück gehe kommt diese Meldung ich weiss nicht was ich machen soll.# Habe Spyware Doctor,CCleaner,Spybot - Search & Destroy und Norton durchlaufen lassen,NIX gefunden. Bitte Helft mir ich kenne mich mit sowas nicht aus. P.S. Bin neu bei euch Hier die Fehlermeldung http://www.imgbox.de/users/public/images/t41457t129.jpg Hier mein Logfile Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:43:17, on 30.06.2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Unable to get Internet Explorer version! Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Windows\system32\DllHost.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://www.asus.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O1 - Hosts: ::1 localhost O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Spybot-S&D IE Protection - {B1892F58-1116-4DEC-92AA-577872EC3D3D} - C:\Windows\system32\oggsys.dll O2 - BHO: ASUS Security Protect Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll O3 - Toolbar: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O9 - Extra button: ASUS Security Protect Manager-e-Wallet - {1009C944-97D5-44A9-9E32-DFF54F498968} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWallet.dll O9 - Extra 'Tools' menuitem: ASUS Security Protect Manager-e-&Wallet - {1009C944-97D5-44A9-9E32-DFF54F498968} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWallet.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O13 - Gopher Prefix: O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - h**p://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O20 - AppInit_DLLs: APSHook.dll O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe O23 - Service: SpyHunter3 Service - Unknown owner - C:\Program Files\Enigma Software Group\SpyHunter\SHService.exe (file missing) O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe -- End of file - 6321 bytes Geändert von darkmarkus (30.06.2008 um 19:50 Uhr) |
|
30.06.2008, 19:58
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Ständige Meldung "System Error !" Hier stimmt was nicht. Die Liste der laufenden Prozesse ist m.M. nach viel zu klein. Folge mal bitte dem DSS-Link in meiner Signatur und beachte die Anweisungen.
__________________C:\Windows\system32\oggsys.dll Werte diese Datei bei virustotal.com aus und poste alle Ergebnisse.
__________________ |
|
30.06.2008, 20:06
| #3 |
| | Ständige Meldung "System Error !"Code:
ATTFilter Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft® Windows Vista™ Home Premium (build 6001) SP 1.0
Architecture: X86; Language: German
CPU 0: Intel(R) Core(TM)2 Duo CPU T8300 @ 2.40GHz
Percentage of Memory in Use: 62%
Physical Memory (total/avail): 2046.48 MiB / 777.48 MiB
Pagefile Memory (total/avail): 4336 MiB / 2651.95 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1883.91 MiB
C: is Fixed (NTFS) - 19.53 GiB total, 4.93 GiB free.
D: is Fixed (NTFS) - 213.34 GiB total, 98.46 GiB free.
E: is CDROM (UDF)
G: is CDROM (No Media)
\\.\PHYSICALDRIVE0 - ST9250827AS - 232.88 GiB - 2 partitions
\PARTITION0 (bootable) - Installierbares Dateisystem - 19.53 GiB - C:
\PARTITION1 - Erweitert mit Int 13 (erweitert) - 213.34 GiB - D:
\\.\PHYSICALDRIVE1 - IMD-0 - 512.86 MiB - 0 partitions
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.
FW: Norton Internet Security v2007 (Symantec Corporation)
AV: Norton Internet Security v2007 (Symantec Corporation)
AS: Spybot - Search and Destroy v1.0.0.5 (Safer Networking Ltd.) Disabled
AS: Windows-Defender v1.1.1505.0 (Microsoft Corporation) Disabled
AS: Norton Internet Security v2007 (Symantec Corporation)
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Admin\AppData\Roaming
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=ADMIN-ASUSPC
ComSpec=C:\Windows\system32\cmd.exe
configsetroot=C:\Windows\ConfigSetRoot
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\Admin
LOCALAPPDATA=C:\Users\Admin\AppData\Local
LOGONSERVER=\\ADMIN-ASUSPC
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\bin
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 23 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=1706
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\Admin\AppData\Local\Temp
TMP=C:\Users\Admin\AppData\Local\Temp
USERDOMAIN=Admin-AsusPC
USERNAME=Admin
USERPROFILE=C:\Users\Admin
windir=C:\Windows
-- User Profiles ---------------------------------------------------------------
Admin
-- Add/Remove Programs ---------------------------------------------------------
--> C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\Windows\UNNeroBackItUp.exe /UNINSTALL
--> C:\Windows\UNNeroMediaHome.exe /UNINSTALL
--> C:\Windows\UNNeroShowTime.exe /UNINSTALL
--> C:\Windows\UNNeroVision.exe /UNINSTALL
--> C:\Windows\UNRecode.exe /UNINSTALL
7-Zip 4.58 beta --> "C:\Program Files\7-Zip\Uninstall.exe"
Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Advanced CAB Repair v1.0 --> C:\PROGRA~1\ACR\UNWISE.EXE C:\PROGRA~1\ACR\INSTALL.LOG
AppCore --> MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
ASUS CopyProtect --> C:\Program Files\InstallShield Installation Information\{2396F815-84E0-4353-83D7-8B190556DA42}\SETUP.exe -runfromtemp -l0x0007 -removeonly
ASUS InstantFun --> MsiExec.exe /I{57B15AD4-8C9D-4164-82BB-E33D8644E757}
ASUS LifeFrame3 --> MsiExec.exe /I{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}
ASUS Live Update --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}\setup.exe" -l0x9
ASUS Security Protect Manager --> rundll32.exe "C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\SetupHelper.dll",ExecMain /Uninstall {D8D4AF9A-6ADE-4B14-A7F5-BA858792729E}
ASUS SmartLogon --> MsiExec.exe /I{64452561-169F-4A36-A2FF-B5E118EC65F5}
ASUS Splendid Video Enhancement Technology --> C:\Program Files\InstallShield Installation Information\{C0FC1C14-4824-4A73-87A6-9E888C9C3102}\SETUP.exe -runfromtemp -l0x0007 -removeonly
Asus_Camera_ScreenSaver --> "C:\Windows\ASUS Camera ScreenSaver Uninstaller.exe"
ATK Generic Function Service --> C:\Program Files\InstallShield Installation Information\{D3D54F3E-C5C3-443D-978F-87A72E5616E8}\setup.exe -runfromtemp -l0x0007 -removeonly
ATK Hotkey --> C:\Program Files\InstallShield Installation Information\{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}\SETUP.exe -runfromtemp -l0x0007 -removeonly
ATK Media --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{139B0FFA-187E-4BA1-BCA6-6B56B2B6AB8C}\SETUP.EXE" -l0x9
ATKOSD2 --> C:\Program Files\InstallShield Installation Information\{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}\SETUP.exe -runfromtemp -l0x0009 -removeonly
AuthenTec Fingerprint Sensor Minimum Install --> MsiExec.exe /I{EB4DF30B-102B-4F0C-927A-D50E037A325D}
AV --> MsiExec.exe /I{F4DB525F-A986-4249-B98B-42A8066251CA}
ccCommon --> MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Command & Conquer 3 --> MsiExec.exe /I{B0C30E93-D3D9-4F04-A2AC-54749B573275}
Command & Conquer™ 3: Kanes Rache --> MsiExec.exe /I{CC2422C9-F7B5-4175-B295-5EC2283AA674}
Crysis(R) --> MsiExec.exe /I{000E79B7-E725-4F01-870A-C12942B7F8E4}
Dungeon Siege 2 --> "D:\Spiele\Dungeon Siege 2\UNINSTAL.EXE" /runtemp /uninstall
Dungeon Siege 2 Broken World --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A563C4F4-BE36-4956-BA0B-E02BDD9F70D5}\setup.exe" -l0x7 -removeonly
Game Cam 2.1 --> D:\Program Files\Game Cam V2\uninst.exe
Gothic III --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{02B244A2-7F6A-42E8-A36F-8C385D7A1625}\setup.exe" -l0x7 -removeonly
GUILD WARS --> "D:\Spiele\GUILD WARS\Gw.exe" -uninstall
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Intel(R) PROSet/Wireless Software --> C:\Windows\Installer\iProInst.exe
Intel® Turbo Memory und Intel® Matrix Storage Manager --> C:\Windows\system32\imsmudlg.exe -uninstall
Kane and Lynch: Dead Men --> MsiExec.exe /X{A66C4716-7E10-4A53-8101-00C3C11D6A9C}
LiveUpdate 3.2 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
LiveUpdate Notice (Symantec Corporation) --> MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Mass Effect --> C:\Program Files\Common Files\BioWare\Uninstall Mass Effect.exe
MCE Software Encoder 1.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7655E113-C306-11D9-A373-0050BAE317E1}\SETUP.EXE" -uninstall
mCore --> MsiExec.exe /I{F5D7FAB5-A1FD-4DD3-983E-4155B09D7102}
mDriver --> MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}
mHelp --> MsiExec.exe /I{8C6BB412-D3A8-4AAE-A01B-35B681789D68}
Microsoft Games for Windows - LIVE Redistributable --> MsiExec.exe /X{D1B01DC9-CBAF-45F9-A387-7D00C11B630E}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 --> MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
mMHouse --> MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Morrowind --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Spiele\Morrowind\MWUninstall\setup.exe" -l0x7
Mozilla Firefox (3.0) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
mPfMgr --> MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
MSRedist --> MsiExec.exe /I{B7C61755-DB48-4003-948F-3D34DB8EAF69}
MSXML 4.0 SP2 (KB927978) --> MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
NB Probe --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}\setup.exe" -l0x9
Need for Speed™ ProStreet --> MsiExec.exe /X{2E1A71D5-7897-4F3F-B0E3-B412C86A646D}
Nero 8 --> MsiExec.exe /X{8AEA4BE2-2B52-41C0-BB7D-9F2D17AF1031}
Norton AntiVirus --> MsiExec.exe /X{830D8CBD-C668-49e2-A969-C2C2106332E0}
Norton Confidential Browser Component --> MsiExec.exe /I{4843B611-8FCB-4428-8C23-31D0A5EAE164}
Norton Confidential Web Protection Component --> MsiExec.exe /I{D353CC51-430D-4C6F-9B7E-52003DA1E05A}
Norton Internet Security --> MsiExec.exe /I{3672B097-EA69-4bfe-B92F-29AE6D9D2B34}
Norton Internet Security --> MsiExec.exe /I{48185814-A224-447A-81DA-71BD20580E1B}
Norton Internet Security --> MsiExec.exe /I{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}
Norton Internet Security --> MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}
Norton Internet Security --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton Internet Security (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}_10_2_0_30\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}.exe" /X
Norton Protection Center --> MsiExec.exe /I{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}
NVIDIA Drivers --> C:\Windows\system32\NVUNINST.EXE UninstallGUI
Panda ActiveScan 2.0 --> C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
Power4Gear eXtreme --> C:\Program Files\InstallShield Installation Information\{8CFEBE9C-F29F-4C49-80E0-7106970F8734}\SETUP.exe -runfromtemp -l0x0007 -removeonly
Realtek High Definition Audio Driver --> RtlUpd.exe -r -m
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\SETUP.EXE" -l0x7 anything
S.T.A.L.K.E.R. - Shadow of Chernobyl [v1.0005] --> "D:\Spiele\S.T.A.L.K.E.R. - Shadow of Chernobyl\unins000.exe"
SPBBC 32bit --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spyware Doctor 6.0 --> C:\Program Files\Spyware Doctor\unins000.exe /LOG
SymNet --> MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
TeamSpeak 2 RC2 --> "C:\Program Files\Teamspeak2_RC2\unins000.exe"
TES Construction Set --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Spiele\Morrowind\CSUninstall\Setup.exe" -l0x7
TuneUp Utilities 2008 --> MsiExec.exe /I{5888428E-699C-4E71-BF71-94EE06B497DA}
USB 2.0 1.3M UVC WebCam --> C:\Windows\snuninst.exe /name='USB 2.0 1.3M UVC WebCam'
VideoLAN VLC media player 0.8.6h --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Media Player Firefox Plugin --> MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinFlash --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DE10AB76-4756-4913-BE25-55D1C1051F9A}\setup.exe" -l0x9
WinRAR --> C:\Program Files\WinRAR\uninstall.exe
Wireless Console 2 --> C:\Program Files\InstallShield Installation Information\{83F73CB1-7705-49D1-9852-84D839CA2A45}\SETUP.exe -runfromtemp -l0x0007 -removeonly
Yahoo! Install Manager --> C:\Windows\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Toolbar mit Pop-Up-Blocker --> C:\PROGRA~1\Yahoo!\Common\unyt.exe
-- Application Event Log -------------------------------------------------------
Event Record #/Type3259 / Warning
Event Submitted/Written: 06/30/2008 08:01:53 PM
Event ID/Source: 1530 / profsvc
Event Description:
Es wurde festgestellt, dass Ihre Registrierungsdatei noch von anderen Anwendungen oder Diensten verwendet wird. Die Datei wird nun entladen. Die Anwendungen oder Dienste, die Ihre Registrierungsdatei anhalten, funktionieren anschließend u. U. nicht mehr ordnungsgemäß.
DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-2963251165-2687488450-1242399824-1000:
Process 4784 (\Device\HarddiskVolume1\Program Files\Spyware Doctor\pctsSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-2963251165-2687488450-1242399824-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
Event Record #/Type3245 / Success
Event Submitted/Written: 06/30/2008 07:53:36 PM
Event ID/Source: 5617 / WinMgmt
Event Description:
Event Record #/Type3244 / Success
Event Submitted/Written: 06/30/2008 07:53:33 PM
Event ID/Source: 5615 / WinMgmt
Event Description:
Event Record #/Type3233 / Success
Event Submitted/Written: 06/30/2008 07:52:44 PM
Event ID/Source: 902 / Software Licensing Service
Event Description:
Der Softwarelizenzierungsdienst wurde gestartet.
Event Record #/Type3215 / Warning
Event Submitted/Written: 06/30/2008 07:51:43 PM
Event ID/Source: 6000 / Wlclntfy
Event Description:
Der Winlogon-Benachrichtigungsabonnent <GPClient> war nicht verfügbar, um das Benachrichtigungsereignis zu verarbeiten.
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type22332 / Error
Event Submitted/Written: 06/30/2008 07:54:17 PM
Event ID/Source: 10001 / DCOM
Event Description:
"C:\Program Files\Internet Explorer\IEUser.exe" -Embedding3{300165D9-44B1-4C7A-AD58-4A9E7200E2E8}
Event Record #/Type22303 / Error
Event Submitted/Written: 06/30/2008 07:53:38 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
SpyHunter3 Service%%3
Event Record #/Type22231 / Error
Event Submitted/Written: 06/30/2008 07:52:42 PM
Event ID/Source: 15016 / HTTP
Event Description:
\Device\Http\ReqQueueKerberos
Event Record #/Type22209 / Error
Event Submitted/Written: 06/30/2008 07:51:15 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
NetzwerklistendienstNLA (Network Location Awareness)%%1068
Event Record #/Type22208 / Error
Event Submitted/Written: 06/30/2008 07:51:15 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
NetzwerklistendienstNLA (Network Location Awareness)%%1068
-- End of Deckard's System Scanner: finished at 2008-06-30 21:02:52 ------------
Geändert von darkmarkus (30.06.2008 um 20:30 Uhr) |
|
30.06.2008, 20:11
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ |  Ständige Meldung "System Error !" Mach das ganze bitte mit Code-Tags, das ist übersichtlicher!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
30.06.2008, 20:31
| #5 |
| | Ständige Meldung "System Error !"Code:
ATTFilter Deckard's System Scanner v20071014.68 Run by Admin on 2008-06-30 20:59:14 Computer is in Normal Mode. -------------------------------------------------------------------------------- Backed up registry hives. Performed disk cleanup. -- HijackThis (run as Admin.exe) ----------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:00:06, on 30.06.2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Unable to get Internet Explorer version! Boot mode: Normal Running processes: C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Windows\system32\WLANExt.exe C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe C:\Program Files\ATK Hotkey\ASLDRSrv.exe C:\Program Files\ATKGFNEX\GFNEXSrv.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe C:\Windows\system32\taskeng.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Windows\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\Windows\system32\PnkBstrA.exe C:\Windows\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\Windows\System32\svchost.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\Windows\system32\csrss.exe C:\Windows\system32\winlogon.exe C:\Program Files\P4G\BatteryLife.exe C:\Windows\system32\taskeng.exe C:\Program Files\ATK Hotkey\Hcontrol.exe C:\Program Files\ATKOSD2\ATKOSD2.exe C:\Windows\system32\Dwm.exe C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe C:\Program Files\Wireless Console 2\wcourier.exe C:\Program Files\ASUS\ASUS CopyProtect\aspg.exe C:\Program Files\ASUS\Splendid\ACMON.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Windows\System32\ACEngSvr.exe C:\Program Files\ASUS\ASUS Live Update\ALU.exe C:\Program Files\ASUS\SmartLogon\sensorsrv.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\Program Files\ATK Hotkey\ATKOSD.exe C:\Program Files\ATK Hotkey\KBFiltr.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\conime.exe C:\Windows\system32\DllHost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Users\Admin\Desktop\dss.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\vssvc.exe C:\Windows\System32\svchost.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\Admin.exe C:\Windows\system32\NOTEPAD.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O1 - Hosts: ::1 localhost O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Spybot-S&D IE Protection - {B1892F58-1116-4DEC-92AA-577872EC3D3D} - C:\Windows\system32\oggsys.dll O2 - BHO: ASUS Security Protect Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll O3 - Toolbar: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O13 - Gopher Prefix: O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O20 - AppInit_DLLs: APSHook.dll O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe O23 - Service: SpyHunter3 Service - Unknown owner - C:\Program Files\Enigma Software Group\SpyHunter\SHService.exe (file missing) O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe -- End of file - 8788 bytes -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R2 atksgt - c:\windows\system32\drivers\atksgt.sys R2 lirsgt - c:\windows\system32\drivers\lirsgt.sys -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 ASLDRService (ASLDR Service) - c:\program files\atk hotkey\asldrsrv.exe <Not Verified; ; ADSMSrv> R2 ATKGFNEXSrv (ATKGFNEX Service) - c:\program files\atkgfnex\gfnexsrv.exe <Not Verified; ; GFNEXSrv> R2 Nero BackItUp Scheduler 3 - c:\program files\nero\nero8\nero backitup\nbservice.exe R2 RegSrvc (Intel(R) PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; Intel(R) PROSet/Wireless Registry Service> S2 SpyHunter3 Service - "c:\program files\enigma software group\spyhunter\shservice.exe" (file missing) -- Device Manager: Disabled ---------------------------------------------------- No disabled devices found. -- Scheduled Tasks ------------------------------------------------------------- 2008-06-30 21:00:01 500 --a------ C:\Windows\Tasks\1-Klick-Wartung.job 2008-06-30 20:01:48 546 --a------ C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - Admin.job -- Files created between 2008-05-30 and 2008-06-30 ----------------------------- 2008-06-30 20:40:25 0 d-------- C:\Program Files\Trend Micro 2008-06-30 20:22:38 0 d-------- C:\Program Files\Panda Security 2008-06-30 20:05:57 0 d-------- C:\327882R2FWJFW 2008-06-30 19:54:05 0 d-a------ C:\Users\All Users\TEMP 2008-06-30 19:54:00 0 d-------- C:\Program Files\Spyware Doctor 2008-06-30 19:47:07 214 --a------ C:\Windows\system32\tmp.reg 2008-06-30 19:25:33 546 --a------ C:\Windows\system32\ABM51Sn.DAT 2008-06-30 19:25:31 0 -rahs---- C:\MSDOS.SYS 2008-06-30 19:25:31 0 -rahs---- C:\IO.SYS 2008-06-30 18:57:31 0 d-------- C:\Users\All Users\Yahoo! Companion 2008-06-30 18:42:02 0 d-------- C:\Users\All Users\Spybot - Search & Destroy 2008-06-30 18:28:58 0 d-------- C:\Program Files\Yahoo! 2008-06-30 18:28:52 0 d-------- C:\Program Files\CCleaner 2008-06-30 18:06:39 26624 --a------ C:\Windows\system32\oggsys.dll 2008-06-30 18:06:26 26624 --a------ C:\Windows\system32\oggwin.dll 2008-06-30 16:41:34 0 d-------- C:\PerfLogs 2008-06-30 15:23:00 0 d-------- C:\Program Files\Common Files\BioWare 2008-06-29 23:10:58 0 d-------- C:\Program Files\Teamspeak2_RC2 2008-06-27 21:46:12 271360 --a------ C:\Windows\system32\drivers\atksgt.sys 2008-06-27 21:46:07 18048 --a------ C:\Windows\system32\drivers\lirsgt.sys 2008-06-25 16:57:11 0 d-------- C:\Users\All Users\Nero 2008-06-25 16:57:11 0 d-------- C:\Program Files\Nero 2008-06-25 16:57:11 0 d-------- C:\Program Files\Common Files\Nero 2008-06-24 17:40:21 0 d-------- C:\Users\All Users\Test Drive Unlimited 2008-06-23 19:30:33 0 d-------- C:\Users\All Users\Media Center Programs 2008-06-23 19:14:25 0 d-------- C:\Program Files\ACR 2008-06-23 16:47:40 45056 --a------ C:\Windows\system32\acovcnt.exe 2008-06-23 16:15:52 33136 --a------ C:\Windows\ASScrPro.exe 2008-06-23 16:15:41 503808 --a------ C:\Windows\Asus_Camera_ScreenSaver.scr <Not Verified; ScreenTime Media; ScreenTime For Flash> 2008-06-23 16:15:41 4814371 --a------ C:\Windows\ASUS Camera ScreenSaver.exe <Not Verified; Macromedia, Inc.; Shockwave Flash> 2008-06-23 16:15:41 274800 --a------ C:\Windows\ASUS Camera ScreenSaver Uninstaller.exe <Not Verified; ASUSTeK Computer Inc; ASUS Screen Saver Uninstaller> 2008-06-23 16:15:41 37232 --a------ C:\Windows\ASScrProlog.exe 2008-06-23 16:15:39 12288 --a------ C:\Windows\impborl.dll 2008-06-23 16:15:39 606848 --a------ C:\Windows\flashax.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(R) Operating System> 2008-06-23 16:15:39 0 d-------- C:\Windows\Asus_Camera_ScreenSaver dir 2008-06-23 16:15:20 155648 --a------ C:\Windows\system32\ACEngSvr.exe <Not Verified; ASUSTeK; ACEngSvr Module> 2008-06-23 16:12:45 0 d-------- C:\Users\All Users\ASUS 2008-06-23 16:09:00 0 d-------- C:\Program Files\ATKGFNEX 2008-06-23 16:01:53 0 d-------- C:\Program Files\ASUS Security Center 2008-06-23 16:01:15 0 d-------- C:\Program Files\Fingerprint Sensor 2008-06-23 15:57:25 0 d-------- C:\Users\Default\Roaming 2008-06-23 15:57:25 0 d-------- C:\Users\All Users\Roaming 2008-06-23 15:57:03 0 d-------- C:\Users\All Users\Intel 2008-06-23 15:51:41 0 d-------- C:\Windows\system32\DEU 2008-06-23 15:51:21 0 d-------- C:\Windows\system32\Lang 2008-06-23 15:48:22 0 d-------- C:\Program Files\Wireless Console 2 2008-06-23 15:45:05 0 d-------- C:\Program Files\Realtek 2008-06-23 15:44:53 520192 --a------ C:\Windows\RtlExUpd.dll <Not Verified; Realtek Semiconductor Corp.; RtlExUpd Dynamic Link Library> 2008-06-23 15:44:53 315392 --a------ C:\Windows\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program> 2008-06-23 15:36:15 0 d-------- C:\Program Files\Norton Internet Security 2008-06-23 15:34:01 0 d-------- C:\Program Files\Symantec 2008-06-23 15:33:58 0 d-------- C:\Users\All Users\Symantec 2008-06-23 15:33:45 0 d-------- C:\Program Files\Common Files\Symantec Shared 2008-06-23 15:33:21 0 d-------- C:\Program Files\ATKOSD2 2008-06-23 15:32:52 0 d-------- C:\Program Files\ATK Hotkey 2008-06-23 15:22:51 0 d-------- C:\Users\All Users\P4G 2008-06-23 15:22:51 0 d-------- C:\Program Files\Power4Gear eXtreme 2008-06-23 15:22:51 0 d-------- C:\Program Files\P4G 2008-06-23 15:22:33 0 d-------- C:\Program Files\P4P 2008-06-22 13:35:08 0 d-------- C:\Users\All Users\TuneUp Software 2008-06-22 13:34:52 0 d-------- C:\Program Files\TuneUp Utilities 2008 2008-06-22 13:34:05 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-06-22 13:33:30 0 d-------- C:\Program Files\VideoLAN 2008-06-22 12:47:09 413696 --a------ C:\Windows\system32\wrap_oal.dll <Not Verified; Creative Labs; Creative Labs OpenAL32> 2008-06-22 12:47:09 110592 --a------ C:\Windows\system32\OpenAL32.dll <Not Verified; Portions (C) Creative Labs Inc. and NVIDIA Corp.; Standard OpenAL(TM) Library> 2008-06-22 12:45:39 0 d-------- C:\Windows\system32\xlive 2008-06-22 11:59:25 0 d-------- C:\Program Files\CyberLink 2008-06-22 11:59:06 0 d-------- C:\Program Files\Common Files\InstallShield 2008-06-22 07:23:17 81920 --a------ C:\Windows\PGMONITOR.EXE <Not Verified; ; PGMonitor Application> 2008-06-22 07:23:17 12 --a------ C:\RECOVERY.DAT 2008-06-22 07:17:59 1048576 --a------ C:\M51SnAS.BIN 2008-06-22 06:39:37 0 d--hs---- C:\$RECYCLE.BIN 2008-06-22 06:38:11 0 d-------- C:\Program Files\ASUS 2008-06-22 06:35:49 0 d-------- C:\Program Files\Intel 2008-06-22 06:35:44 0 d-------- C:\Intel 2008-06-22 06:29:05 0 d-------- C:\Windows\SoftwareDistribution 2008-06-22 06:24:04 0 d--hs---- C:\System Volume Information 2008-06-22 04:05:01 0 d-------- C:\Program Files\7-Zip 2008-06-21 22:45:22 0 d-------- C:\dokumente und einstellungen 2008-06-21 22:40:33 0 d-------- C:\Program Files\Alcohol Soft 2008-06-21 22:34:26 639224 --a------ C:\Windows\system32\drivers\sptd.sys 2008-06-21 22:19:48 0 d-------- C:\Windows\system32\Macromed 2008-06-21 22:17:49 0 d-------- C:\Windows\system32\directx 2008-06-21 22:07:14 0 d--h----- C:\Program Files\InstallShield Installation Information 2008-06-21 22:05:12 0 d-------- C:\Users\All Users\NVIDIA 2008-06-21 21:57:51 0 d-------- C:\Windows\system32\RTCOM -- Find3M Report --------------------------------------------------------------- 2008-06-30 20:02:34 27839 --a------ C:\Users\Admin\AppData\Roaming\nvModes.001 2008-06-30 19:57:28 618430 --a------ C:\Windows\system32\perfh007.dat 2008-06-30 19:57:28 122648 --a------ C:\Windows\system32\perfc007.dat 2008-06-30 19:54:00 0 d-------- C:\Users\Admin\AppData\Roaming\PC Tools 2008-06-30 19:44:42 12 --a------ C:\Windows\bthservsdp.dat 2008-06-30 16:53:16 174 --ahs---- C:\Program Files\desktop.ini 2008-06-30 16:45:00 0 d-------- C:\Program Files\Windows Sidebar 2008-06-30 16:45:00 0 d-------- C:\Program Files\Windows Calendar 2008-06-30 16:44:59 0 d-------- C:\Program Files\Movie Maker 2008-06-30 16:44:58 0 d-------- C:\Program Files\Windows Mail 2008-06-30 16:44:57 0 d-------- C:\Program Files\Windows Collaboration 2008-06-30 16:44:56 0 d-------- C:\Program Files\Windows Journal 2008-06-30 16:44:55 0 d-------- C:\Program Files\Windows Photo Gallery 2008-06-30 16:44:48 0 d-------- C:\Program Files\Windows Defender 2008-06-30 15:53:39 27839 --a------ C:\Users\Admin\AppData\Roaming\nvModes.dat 2008-06-30 15:23:00 0 d-------- C:\Program Files\Common Files 2008-06-29 23:11:09 0 d-------- C:\Users\Admin\AppData\Roaming\teamspeak2 2008-06-25 17:00:09 0 d-------- C:\Users\Admin\AppData\Roaming\Nero 2008-06-24 16:59:28 0 d-------- C:\Users\Admin\AppData\Roaming\Command & Conquer 3 Tiberium Wars 2008-06-23 15:57:25 0 d-------- C:\Users\Admin\AppData\Roaming\Intel 2008-06-23 15:22:28 0 d-------- C:\Users\Admin\AppData\Roaming\InstallShield 2008-06-22 19:43:45 0 d-------- C:\Users\Admin\AppData\Roaming\vlc 2008-06-22 13:35:57 0 d-------- C:\Users\Admin\AppData\Roaming\TuneUp Software 2008-06-22 12:52:37 0 dr-h----- C:\Users\Admin\AppData\Roaming\SecuROM 2008-06-22 12:41:51 0 d-------- C:\Users\Admin\AppData\Roaming\Command & Conquer 3 Kanes Rache 2008-06-21 23:03:29 0 d-------- C:\Users\Admin\AppData\Roaming\WinRAR 2008-06-21 22:20:01 0 d-------- C:\Users\Admin\AppData\Roaming\Macromedia 2008-06-21 22:20:01 0 d-------- C:\Users\Admin\AppData\Roaming\Adobe 2008-06-21 22:12:49 0 d-------- C:\Users\Admin\AppData\Roaming\Mozilla 2008-06-21 21:53:03 0 d-------- C:\Users\Admin\AppData\Roaming\Identities -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B1892F58-1116-4DEC-92AA-577872EC3D3D}] 30.06.2008 18:06 26624 --a------ C:\Windows\system32\oggsys.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [10.06.2008 21:22] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"=2 (0x2) "EnableUIADesktopToggle"=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "disableregistrytools"=0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"=APSHook.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Notification Packages"= scecli ASWLNPkg [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] @="IEEE 1394 Bus host controllers" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] @="SBP2 IEEE 1394 Devices" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] @="SecurityDevices" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE Mcx2Svc WebClient SstpSvc LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum bthsvcs BthServ Cognizance ASBroker ASChannel GPSvcGroup GPSvc HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{08033a00-4013-11dd-821f-806e6f6e6963}] AutoRun\command- E:\AutoRun.exe install\command- E:\Setup.exe *Newly Created Service* - COMHOST *Newly Created Service* - IKFILESEC *Newly Created Service* - IKSYSFLT *Newly Created Service* - IKSYSSEC *Newly Created Service* - MCHINJDRV [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] C:\Windows\system32\unregmp2.exe /ShowWMP [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI -- Hosts ----------------------------------------------------------------------- 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 8754 more entries in hosts file. -- End of Deckard's System Scanner: finished at 2008-06-30 21:02:52 ------------ |
|
30.06.2008, 20:45
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Ständige Meldung "System Error !"Code:
ATTFilter 2008-06-30 20:05:57 0 d-------- C:\327882R2FWJFW
Code:
ATTFilter 2008-06-30 18:06:39 26624 --a------ C:\Windows\system32\oggsys.dll
2008-06-30 18:06:26 26624 --a------ C:\Windows\system32\oggwin.dll
__________________ --> Ständige Meldung "System Error !" |
|
30.06.2008, 21:08
| #7 |
| | Ständige Meldung "System Error !"Code:
ATTFilter Datei oggsys.dll empfangen 2008.06.30 22:04:36 (CET)
Status: Laden ... Wartend Warten Überprüfung Beendet Nicht gefunden Gestoppt
Ergebnis: 6/33 (18.19%)
Laden der Serverinformationen...
Ihre Datei wartet momentan auf Position: ___.
Geschätzte Startzeit is zwischen ___ und ___ .
Dieses Fenster bis zum Abschluss des Scans nicht schließen.
Der Scanner, welcher momentan Ihre Datei bearbeitet ist momentan gestoppt. Wir warten einige Sekunden um Ihr Ergebnis zu erstellen.
Falls Sie längern als fünf Minuten warten, versenden Sie bitte die Datei erneut.
Ihre Datei wird momentan von VirusTotal überprüft,
Ergebnisse werden sofort nach der Generierung angezeigt.
Filter Filter
Drucken der Ergebnisse Drucken der Ergebnisse
Datei existiert nicht oder dessen Lebensdauer wurde überschritten
Dienst momentan gestoppt. Ihre Datei befindet sich in der Warteschlange (position: ). Diese wird abgearbeitet, wenn der Dienst wieder startet.
SIe können auf einen automatischen reload der homepage warten, oder ihre email in das untere formular eintragen. Klicken Sie auf "Anfragen", damit das System sie benachrichtigt wenn die Überprüfung abgeschlossen ist.
Email:
Antivirus Version letzte aktualisierung Ergebnis
AhnLab-V3 2008.7.1.0 2008.06.30 -
AntiVir 7.8.0.59 2008.06.30 -
Authentium 5.1.0.4 2008.06.29 W32/Adware-RegBHO-based.1!Maximus
Avast 4.8.1195.0 2008.06.30 -
AVG 7.5.0.516 2008.06.30 -
BitDefender 7.2 2008.06.30 -
CAT-QuickHeal 9.50 2008.06.30 -
ClamAV 0.93.1 2008.06.30 -
DrWeb 4.44.0.09170 2008.06.30 -
eSafe 7.0.17.0 2008.06.30 Suspicious File
eTrust-Vet 31.6.5914 2008.06.30 -
Ewido 4.0 2008.06.27 -
F-Prot 4.4.4.56 2008.06.29 W32/Adware-RegBHO-based.1!Maximus
F-Secure 7.60.13501.0 2008.06.26 -
Fortinet 3.14.0.0 2008.06.30 -
GData 2.0.7306.1023 2008.06.30 -
Ikarus T3.1.1.26.0 2008.06.30 -
Kaspersky 7.0.0.125 2008.06.30 -
McAfee 5328 2008.06.30 -
Microsoft 1.3704 2008.06.30 -
NOD32v2 3228 2008.06.30 -
Norman 5.80.02 2008.06.30 -
Panda 9.0.0.4 2008.06.30 -
Prevx1 V2 2008.06.30 Fraudulent Security Program
Rising 20.51.02.00 2008.06.30 -
Sophos 4.30.0 2008.06.30 -
Sunbelt 3.0.1176.1 2008.06.26 -
Symantec 10 2008.06.30 Downloader.MisleadApp
TheHacker 6.2.96.364 2008.06.28 -
TrendMicro 8.700.0.1004 2008.06.30 PAK_Generic.001
VBA32 3.12.6.8 2008.06.30 -
VirusBuster 4.5.11.0 2008.06.30 -
Webwasher-Gateway 6.6.2 2008.06.30 -
weitere Informationen
File size: 26624 bytes
MD5...: 43efa9849ca744cf9de4cf6b0ed035b7
SHA1..: ddd762c031c5892545f495af43f1dd54e1df56ff
SHA256: 241b5a263a8d0a51900332bc7a11e036e5f2aac015c1d89c6d12fc16103422b8
SHA512: 8af68854f2b7763c7215b3d96bbad9d451fdb4added090f85fabf81fb443f12a
bc00063e96e5606dc94a902017fe4a56365727e63f4548ca189a1ac53c2cef31
PEiD..: -
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x100110b0
timedatestamp.....: 0x4867dcea (Sun Jun 29 19:05:14 2008)
machinetype.......: 0x14c (I386)
( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
UPX0 0x1000 0xb000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
UPX1 0xc000 0x6000 0x5400 7.85 8dad7ba8d03da0cc830185f43d5fb737
.rsrc 0x12000 0x1000 0x1000 4.40 6eed400b28aac3b0166ca74c154d55db
( 8 imports )
> KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree
> ADVAPI32.dll: RegCloseKey
> GDI32.dll: BitBlt
> MSVCRT.dll: free
> ole32.dll: CoCreateInstance
> OLEAUT32.dll: -
> SHELL32.dll: ShellExecuteA
> USER32.dll: CharNextA
( 4 exports )
DllCanUnloadNow, DllGetClassObject, DllRegisterServer, DllUnregisterServer
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=84C4E7940020908C68B1003048F8D10041C88D7B
packers (Kaspersky): PE_Patch.UPX, UPX
packers (F-Prot): UPX
Code:
ATTFilter Datei oggwin.dll empfangen 2008.06.30 22:06:58 (CET)
Status: Laden ... Wartend Warten Überprüfung Beendet Nicht gefunden Gestoppt
Ergebnis: 6/33 (18.19%)
Laden der Serverinformationen...
Ihre Datei wartet momentan auf Position: ___.
Geschätzte Startzeit is zwischen ___ und ___ .
Dieses Fenster bis zum Abschluss des Scans nicht schließen.
Der Scanner, welcher momentan Ihre Datei bearbeitet ist momentan gestoppt. Wir warten einige Sekunden um Ihr Ergebnis zu erstellen.
Falls Sie längern als fünf Minuten warten, versenden Sie bitte die Datei erneut.
Ihre Datei wird momentan von VirusTotal überprüft,
Ergebnisse werden sofort nach der Generierung angezeigt.
Filter Filter
Drucken der Ergebnisse Drucken der Ergebnisse
Datei existiert nicht oder dessen Lebensdauer wurde überschritten
Dienst momentan gestoppt. Ihre Datei befindet sich in der Warteschlange (position: ). Diese wird abgearbeitet, wenn der Dienst wieder startet.
SIe können auf einen automatischen reload der homepage warten, oder ihre email in das untere formular eintragen. Klicken Sie auf "Anfragen", damit das System sie benachrichtigt wenn die Überprüfung abgeschlossen ist.
Email:
Antivirus Version letzte aktualisierung Ergebnis
AhnLab-V3 2008.7.1.0 2008.06.30 -
AntiVir 7.8.0.59 2008.06.30 -
Authentium 5.1.0.4 2008.06.29 W32/Adware-RegBHO-based.1!Maximus
Avast 4.8.1195.0 2008.06.30 -
AVG 7.5.0.516 2008.06.30 -
BitDefender 7.2 2008.06.30 -
CAT-QuickHeal 9.50 2008.06.30 -
ClamAV 0.93.1 2008.06.30 -
DrWeb 4.44.0.09170 2008.06.30 -
eSafe 7.0.17.0 2008.06.30 Suspicious File
eTrust-Vet 31.6.5914 2008.06.30 -
Ewido 4.0 2008.06.27 -
F-Prot 4.4.4.56 2008.06.29 W32/Adware-RegBHO-based.1!Maximus
F-Secure 7.60.13501.0 2008.06.26 -
Fortinet 3.14.0.0 2008.06.30 -
GData 2.0.7306.1023 2008.06.30 -
Ikarus T3.1.1.26.0 2008.06.30 -
Kaspersky 7.0.0.125 2008.06.30 -
McAfee 5328 2008.06.30 -
Microsoft 1.3704 2008.06.30 -
NOD32v2 3228 2008.06.30 -
Norman 5.80.02 2008.06.30 -
Panda 9.0.0.4 2008.06.30 -
Prevx1 V2 2008.06.30 Fraudulent Security Program
Rising 20.51.02.00 2008.06.30 -
Sophos 4.30.0 2008.06.30 -
Sunbelt 3.0.1176.1 2008.06.26 -
Symantec 10 2008.06.30 Downloader.MisleadApp
TheHacker 6.2.96.364 2008.06.28 -
TrendMicro 8.700.0.1004 2008.06.30 PAK_Generic.001
VBA32 3.12.6.8 2008.06.30 -
VirusBuster 4.5.11.0 2008.06.30 -
Webwasher-Gateway 6.6.2 2008.06.30 -
weitere Informationen
File size: 26624 bytes
MD5...: 43efa9849ca744cf9de4cf6b0ed035b7
SHA1..: ddd762c031c5892545f495af43f1dd54e1df56ff
SHA256: 241b5a263a8d0a51900332bc7a11e036e5f2aac015c1d89c6d12fc16103422b8
SHA512: 8af68854f2b7763c7215b3d96bbad9d451fdb4added090f85fabf81fb443f12a
bc00063e96e5606dc94a902017fe4a56365727e63f4548ca189a1ac53c2cef31
PEiD..: -
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x100110b0
timedatestamp.....: 0x4867dcea (Sun Jun 29 19:05:14 2008)
machinetype.......: 0x14c (I386)
( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
UPX0 0x1000 0xb000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
UPX1 0xc000 0x6000 0x5400 7.85 8dad7ba8d03da0cc830185f43d5fb737
.rsrc 0x12000 0x1000 0x1000 4.40 6eed400b28aac3b0166ca74c154d55db
( 8 imports )
> KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree
> ADVAPI32.dll: RegCloseKey
> GDI32.dll: BitBlt
> MSVCRT.dll: free
> ole32.dll: CoCreateInstance
> OLEAUT32.dll: -
> SHELL32.dll: ShellExecuteA
> USER32.dll: CharNextA
( 4 exports )
DllCanUnloadNow, DllGetClassObject, DllRegisterServer, DllUnregisterServer
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=84C4E7940020908C68B1003048F8D10041C88D7B
packers (Kaspersky): PE_Patch.UPX, UPX
packers (F-Prot): UPX
|
|
30.06.2008, 21:17
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ |  Ständige Meldung "System Error !" Anleitung Avenger (by swandog46) 1.) Lade dir das Tool Avenger und speichere es auf dem Desktop:  2.) Das Programm so einstellen wie es auf dem Bild zu sehen ist. Kopiere nun folgenden Text in das weiße Feld: (bei -> "input script here") Code:
ATTFilter files to delete:
C:\Windows\system32\oggsys.dll
C:\Windows\system32\oggwin.dll
4.) Um den Avenger zu starten klicke auf -> Execute Dann bestätigen mit "Yes" das der Rechner neu startet! 5.) Nachdem das System neu gestartet ist, findest du hier einen Report vom Avenger -> C:\avenger.txt Öffne die Datei mit dem Editor und kopiere den gesamten Text in deinen Beitrag hier am Trojaner-Board.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
30.06.2008, 21:30
| #9 |
| | Ständige Meldung "System Error !" So habe alles gemacht wie du gesagt hast hier die auswertung Code:
ATTFilter Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com
Platform: Windows Vista
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
File "C:\Windows\system32\oggsys.dll" deleted successfully.
File "C:\Windows\system32\oggwin.dll" deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
|
|
01.07.2008, 17:16
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Ständige Meldung "System Error !" Ok. Mach einen weiteren Durchlauf mit DSS und auch einen mit silentrunners (siehe Signatur). Danach bitte Malwarebytes durchlaufen lassen.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
01.07.2008, 20:59
| #11 |
| | Ständige Meldung "System Error !" Nix gefunden. Ich verzweifel noch. Aber immerhin kommt die fehler meldung nicht mehr |
|
02.07.2008, 21:10
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ |  Ständige Meldung "System Error !" Und wieso macht sich Verzweiflung breit? Fehlermeldung ist weg! Was ist mit den anderen Log um die ich bat??!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Ständige Meldung "System Error !" |
| asus, bho, browser, enigma, error, explorer, firefox, gservice, helper, hijack, hijackthis, internet, internet explorer, internet security, monitor, mozilla, mozilla firefox, object, ordner, pop-up-blocker, registry, safer networking, security, software, spyware, symantec, system, system error, tuneup.defrag, urlsearchhook, vista, windows, yahoo |
Linear-Darstellung
