Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
AntiSpyCheck:Infiltration Alert, Antivirus Scan, Trojaner usw

AntiSpyCheck:Infiltration Alert, Antivirus Scan, Trojaner usw


Plagegeister aller Art und deren Bekämpfung: AntiSpyCheck:Infiltration Alert, Antivirus Scan, Trojaner usw

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 10.07.2008, 19:43   #1
ryan
 
AntiSpyCheck:Infiltration Alert, Antivirus Scan, Trojaner usw - Standard

AntiSpyCheck:Infiltration Alert, Antivirus Scan, Trojaner usw


Hallo Allerseits,
habe mich etwas belesen hier im Board und einige Posts zu dem Thema gefunden.
Mein Rechner ist total lahm geworden, ständig poppen Fenster auf rechts unten oder in der mitte von AntiSpyCheck etc. die vor Trojanern warnen. Ich habe mit einem Mal ein "Security Toolbar 7.1" in der Taskleiste oben, meine Startseite ist weg usw usw Ich habe also langsam das Gefühl nicht mehr Herr meines Rechners zu sein.
Habe den "SPYWAREfighter" installiert und gestern einen Check machen lassen, der aber nichts brachte..
Die Empfehlung im Board ist immer "HighJackThis" und " Malwarebytes Anti-Malware " durchzuführen und den Report zu posten.
Das werde ich jetzt mal machen und hoffen, dass mir einer sagt, was ich damit dann anfangen kann.
Ich bin ein passabler Computeranwender, aber kein Checker, also bitte ich schon jetzt um Nachsicht.
Gruß und schonmal Danke im voraus
ryan

Edit:
also hier der HJT Log File:

Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:29:27, on 10.07.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\Apps\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe
C:\Programme\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Apps\Softex\OmniPass\OPXPApp.exe
C:\Programme\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programme\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe
c:\Programme\ATI Technologies\ATI.ACE\CLI.EXE
C:\Programme\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe
C:\Apps\Softex\OmniPass\scureapp.exe
C:\APPS\Powercinema\PCMService.exe
C:\apps\ABoard\ABoard.exe
C:\Programme\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\Twain_32\FlatBed\HotKey.exe
C:\apps\ABoard\AOSD.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe
C:\Programme\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe
C:\Programme\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\SPYWAREfighter\spftray.exe
C:\APPS\SMP\SmpSys.exe
C:\Programme\ASC 2.1\asc 2.1.exe
C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE
C:\Programme\SPYWAREfighter\spfprc.exe
C:\WINDOWS\system32\Macromed\Shockwave 10\PostUpdate.exe
c:\Programme\ATI Technologies\ATI.ACE\cli.exe
c:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\kernel.exe
C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\sc_watch.exe
C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis2\PROFIL~1.EXE
C:\PROGRA~1\T-Online\T-ONLI~1\Notifier\Notifier.exe
C:\PROGRAMME\INTERNET EXPLORER\IEXPLORE.EXE
C:\Programme\Trend Micro\HijackThis\HijackThis.exe
C:\Programme\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = h**p://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = h**p://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = h**p://internetsearchservice.com/ie6.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://internetsearchservice.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = h**p://internetsearchservice.com/ie6.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://internetsearchservice.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = h**p://internetsearchservice.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = h**p://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: 734914 helper - {0BD071A6-C989-49E8-9B8E-80F92A868E26} - C:\WINDOWS\system32\734914\734914.dll
O2 - BHO: ASCWarningBHO Class - {58472BC6-BEA3-42d4-8917-7A8BCB0711B5} - C:\Programme\ASC 2.1\ASCWarning32.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {E2090673-256B-4632-94EE-FEC7F551543C} - C:\Programme\Web Technologies\iebt.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Internet Service - {1C56E97B-A95F-47B2-93C0-3FEED24479A7} - C:\Programme\Web Technologies\iebr.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ATICCC] "c:\Programme\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Vade Retro Outlook Express] "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"
O4 - HKLM\..\Run: [DetectorApp] C:\Programme\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [OmniPass] C:\Apps\Softex\OmniPass\scureapp.exe
O4 - HKLM\..\Run: [PCMService] "c:\APPS\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Programme\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [HotKey] C:\WINDOWS\Twain_32\FlatBed\HotKey.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ToADiMon.exe] C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe -TOnlineAutodialStart
O4 - HKLM\..\Run: [Ulead Photo Express 5 SE Calendar Checker] C:\Programme\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe
O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Programme\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [asc32] "C:\Programme\ASC 2.1\asc 2.1.exe"
O4 - HKLM\..\Run: [spywarefighterguard] C:\Programme\SPYWAREfighter\spftray.exe
O4 - HKCU\..\Run: [SmpcSys] C:\APPS\SMP\SmpSys.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [AUTORUN_VAL] C:\Programme\ASC 2.1\asc 2.1.exe 
O4 - HKCU\..\RunOnce: [SWHelper] "C:\WINDOWS\system32\Macromed\Shockwave 10\PostUpdate.exe" 1010011
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Programme\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - h**p://www.gateforietool.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - h**p://www.gateforietool.com/redirect.php (file missing)
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\ger.htm
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - h**p://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1169222261706
O17 - HKLM\System\CCS\Services\Tcpip\..\{A3057967-1F6D-4DD6-9E06-AF83B63B073E}: NameServer = 217.237.151.142 217.237.150.188
O18 - Protocol: haufereader - (no CLSID) - (no file)
O22 - SharedTaskScheduler: enation - {629340b5-8df6-4211-9245-a86563a35792} - C:\WINDOWS\system32\gnmguxh.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: T-Online WLAN Adapter Steuerungsdienst (MZCCntrl) - Deutsche Telekom AG, Marmiko IT-Solutions GmbH - C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Apps\Softex\OmniPass\Omniserv.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Programme\SPYWAREfighter\spfprc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Programme\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe

--
End of file - 14011 bytes
Geändert von ryan (10.07.2008 um 19:55 Uhr)

Alt 10.07.2008, 20:48   #2
ryan
 
AntiSpyCheck:Infiltration Alert, Antivirus Scan, Trojaner usw - Standard

AntiSpyCheck:Infiltration Alert, Antivirus Scan, Trojaner usw


So und nun der Log File von Malwarebytes:
Code:
ATTFilter
Malwarebytes' Anti-Malware 1.20
Datenbank Version: 937
Windows 5.1.2600 Service Pack 3

21:43:05 10.07.2008
mbam-log-7-10-2008 (21-43-05).txt

Scan Art: Komplett Scan (C:\|)
Objekte gescannt: 150823
Scan Dauer: 39 minute(s), 3 second(s)

Infizierte Speicher Prozesse: 1
Infizierte Speicher Module: 4
Infizierte Registrierungsschlüssel: 25
Infizierte Registrierungswerte: 22
Infizierte Datei Objekte der Registrierung: 14
Infizierte Verzeichnisse: 3
Infizierte Dateien: 21

Infizierte Speicher Prozesse:
C:\Programme\ASC 2.1\asc 2.1.exe (Rogue.VirusHeat) -> Unloaded process successfully.

Infizierte Speicher Module:
C:\WINDOWS\system32\734914\734914.dll (Trojan.BHO) -> Unloaded module successfully.
C:\Programme\Web Technologies\iebr.dll (Trojan.Zlob) -> Unloaded module successfully.
C:\WINDOWS\system32\gnmguxh.dll (Trojan.Zlob) -> Unloaded module successfully.
C:\Programme\Web Technologies\iebt.dll (Trojan.Zlob) -> Unloaded module successfully.

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\TypeLib\{e63648f7-3933-440e-b4f6-a8584dd7b7eb} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0bd071a6-c989-49e8-9b8e-80f92a868e26} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0bd071a6-c989-49e8-9b8e-80f92a868e26} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{629340b5-8df6-4211-9245-a86563a35792} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{967a494a-6aec-4555-9caf-fa6eb00acf91} (Rogue.PestPatrol) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{9692be2f-eb8f-49d9-a11c-c24c1ef734d5} (Rogue.PestPatrol) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{a8954909-1f0f-41a5-a7fa-3b376d69e226} (Rogue.PestPatrol) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f7d09218-46d7-4d3d-9b7f-315204cd0836} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\e405.e405mgr (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\e405.e405mgr.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d2608046-dd09-a225-01bf-70c1edd8b2e8} (Rogue.AntiSpyCheck) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1c56e97b-a95f-47b2-93c0-3feed24479a7} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e2090673-256b-4632-94ee-fec7f551543c} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e2090673-256b-4632-94ee-fec7f551543c} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ascwarning32.warningbho (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ascwarning32.warningbho.1 (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{58472bc6-bea3-42d4-8917-7a8bcb0711b5} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{58472bc6-bea3-42d4-8917-7a8bcb0711b5} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\asc 2.1 (Rogue.AntiSpyCheck) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Safety Alert (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Web Technologies (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\e405.e405mgr (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\videoPl.chl (Trojan.Zlob) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\asc32 (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{629340b5-8df6-4211-9245-a86563a35792} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\autorun_val (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{1c56e97b-a95f-47b2-93c0-3feed24479a7} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{1c56e97b-a95f-47b2-93c0-3feed24479a7} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search\searchassistant (Trojan.Zlob) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\searchassistant (Trojan.Zlob) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\search page (Trojan.Zlob) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\search bar (Trojan.Zlob) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\searchmigrateddefaulturl (Trojan.Zlob) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\default_search_url (Trojan.Zlob) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Trojan.Zlob) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\searchurl (Trojan.Zlob) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\default_search_url (Trojan.Zlob) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\search page (Trojan.Zlob) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\search bar (Trojan.Zlob) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\searchmigrateddefaulturl (Trojan.Zlob) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Trojan.Zlob) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\searchurl (Trojan.Zlob) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> Quarantined and deleted successfully.

Infizierte Datei Objekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Hijack.Search) -> Bad: (http://internetsearchservice.com/search?q=%s) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Hijack.Search) -> Bad: (http://internetsearchservice.com/search?q=%s) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchURL (Hijack.Search) -> Bad: (http://internetsearchservice.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchURL (Hijack.Search) -> Bad: (http://internetsearchservice.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search\SearchAssistant (Hijack.Search) -> Bad: (http://internetsearchservice.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\SearchAssistant (Hijack.Search) -> Bad: (http://internetsearchservice.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Page (Hijack.Search) -> Bad: (http://internetsearchservice.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.Search) -> Bad: (http://internetsearchservice.com/ie6.html) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Hijack.Search) -> Bad: (http://internetsearchservice.com/search?q={searchTerms}) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Search_URL (Hijack.Search) -> Bad: (http://internetsearchservice.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Search Page (Hijack.Search) -> Bad: (http://internetsearchservice.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.Search) -> Bad: (http://internetsearchservice.com/ie6.html) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Hijack.Search) -> Bad: (http://internetsearchservice.com/search?q={searchTerms}) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Search_URL (Hijack.Search) -> Bad: (http://internetsearchservice.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
C:\Programme\ASC 2.1 (Rogue.AntiSpyCheck) -> Delete on reboot.
C:\Programme\Web Technologies (Trojan.Zlob) -> Delete on reboot.
C:\WINDOWS\system32\734914 (Trojan.BHO) -> Delete on reboot.

Infizierte Dateien:
C:\Programme\ASC 2.1\asc 2.1.exe (Rogue.VirusHeat) -> Delete on reboot.
C:\WINDOWS\system32\734914\734914.dll (Trojan.BHO) -> Delete on reboot.
C:\WINDOWS\system32\gnmguxh.dll (Trojan.Zlob) -> Delete on reboot.
C:\Programme\ASC 2.1\asc 2.1.exe  (Rogue.VirusHeat) -> Delete on reboot.
C:\Programme\Web Technologies\iebr.dll (Trojan.Zlob) -> Delete on reboot.
C:\Programme\Web Technologies\iebt.dll (Trojan.Zlob) -> Delete on reboot.
C:\Dokumente und Einstellungen\Addi\Lokale Einstellungen\Temporary Internet Files\Content.IE5\X10Q6K6N\setup_246_509_[1].exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Programme\Web Technologies\iebtm.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Programme\Web Technologies\iebtmm.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Programme\Web Technologies\myd.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Programme\Web Technologies\mym.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Programme\Web Technologies\myp.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Programme\Web Technologies\myv.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Programme\Web Technologies\ot.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Programme\Web Technologies\ts.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Programme\Web Technologies\wcm.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Programme\Web Technologies\wcs.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Addi\Lokale Einstellungen\Temp\zfe2.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Addi\Favoriten\Antivirus Scan.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\All Users\Startmenü\Antivirus Scan.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\All Users\Startmenü\Online Spyware Test.url (Trojan.Zlob) -> Quarantined and deleted successfully.
Ich hatte dabei schon 74 Einträge!!!!!
Einige werden erst nach Neustart gelöscht, also mach ich das jetzt.

Wäre schön, wenn sich dann ein Fachmann meines Problems annehmen könnte....
__________________
Alt 11.07.2008, 09:10   #3
Silent sharK
 
AntiSpyCheck:Infiltration Alert, Antivirus Scan, Trojaner usw - Standard

AntiSpyCheck:Infiltration Alert, Antivirus Scan, Trojaner usw


Du bist mit einem Trojaner infiziert aus der Zlob Familie
Diese sind sehr schwer zu entfernen, deshalb rate ich dir dein System genau
nach der Anleitung neuaufzusetzen: Neuaufsetzen

Da deine Variante möglicherweise Backdoorfunktionalitäten hat, solltest du deine Zugangsdaten und Passwörter von einem sauberen System ändern

mfg
__________________
Alt 11.07.2008, 09:16   #4
myrtille
/// TB-Ausbilder
 
AntiSpyCheck:Infiltration Alert, Antivirus Scan, Trojaner usw - Standard

AntiSpyCheck:Infiltration Alert, Antivirus Scan, Trojaner usw


Der Rechner ist doch schon so gut wie sauber.

Ich hätte zwar zuerst noch Smitfraudfix empfohlen, der die Zlobvarianten in der Regel komplett entfernt, aber Malwarebytes scheint auch gute Arbeit zu machen.

Poste bitte ein Log von DSS
  • Lade dir DSS
  • Schließe alle Anwendungen und führe DSS.exe dann mit einem Doppelklick aus
  • Führe während DSS arbeitet bitte keine anderen Aktionen durch
  • Am Ende öffnen sich 2 Datein main.txt und extra.txt
  • Poste den Inhalt beider Dateien hier

lg myrtille
__________________
Anfragen per Email, Profil- oder privater Nachricht werden ignoriert!
Hilfe gibts NUR im Forum!

Wer nach 24 Stunden keine weitere Antwort von mir bekommen hat, schickt bitte eine PM

Spelling mistakes? Never, but keybaord malfunctions constantly!
Alt 11.07.2008, 10:47   #5
ryan
 
AntiSpyCheck:Infiltration Alert, Antivirus Scan, Trojaner usw - Standard

AntiSpyCheck:Infiltration Alert, Antivirus Scan, Trojaner usw


Im Moment bin ich beim Schaffen, also nicht an dem "Problemcomputer".
Allerdings hat der Rechner Gestern Abend nach dem Neustart wirklich gut funktioniert, die komische Zeile in der Taskleiste des IE war weg, keine Pop-ups mehr und ein enormer Geschwindigkeitsanstieg
Ich werde heute Abend nochmal den Test machen mit DSS (was auch immer das nun wieder ist)

Sollte ich wirklich ALLE Passwörter usw ändern und das ganze System neu installieren? Das ist immer soooo aufwändig). Hab es bei diesem Rechner auch noch nie machen müssen, das kann dauern...


Alt 11.07.2008, 11:02   #6
myrtille
/// TB-Ausbilder
 
AntiSpyCheck:Infiltration Alert, Antivirus Scan, Trojaner usw - Standard

AntiSpyCheck:Infiltration Alert, Antivirus Scan, Trojaner usw


Hi
Zitat:
Ich werde heute Abend nochmal den Test machen mit DSS (was auch immer das nun wieder ist )
Du wirst begeistert sein. Ewig lange Logs auf denen jede Menge Sachen stehen.

Achte bitte darauf, dass dein vollständiger Namen nicht auftaucht und alle Links editiert sind http->h**p

Zitat:
Sollte ich wirklich ALLE Passwörter usw ändern und das ganze System neu installieren? Das ist immer soooo aufwändig). Hab es bei diesem Rechner auch noch nie machen müssen, das kann dauern...
Das ist die einzige wirklich sichere Variante.
Im Endeffekt musst du entscheiden, wieviel Risiko du eingehen willst.

lg myrtille
__________________
--> AntiSpyCheck:Infiltration Alert, Antivirus Scan, Trojaner usw

Alt 11.07.2008, 17:09   #7
ryan
 
AntiSpyCheck:Infiltration Alert, Antivirus Scan, Trojaner usw - Standard

AntiSpyCheck:Infiltration Alert, Antivirus Scan, Trojaner usw


DSS hat folgendes ausgespuckt:
main.txt:
Code:
ATTFilter
Deckard's System Scanner v20071014.68
Run by **** on 2008-07-11 17:59:22
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
84: 2008-07-11 15:59:27 UTC - RP424 - Deckard's System Scanner Restore Point
83: 2008-07-10 18:31:11 UTC - RP423 - Removed SPYWAREfighter.
82: 2008-07-09 18:49:40 UTC - RP422 - Installed SPYWAREfighter.
81: 2008-07-09 18:42:23 UTC - RP421 - Software Distribution Service 3.0
80: 2008-07-09 18:21:05 UTC - RP420 - Software Distribution Service 3.0


-- First Restore Point -- 
1: 2008-04-12 17:09:42 UTC - RP341 - Systemprüfpunkt


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as ****.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:01:16, on 11.07.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\Apps\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe
C:\Programme\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Apps\Softex\OmniPass\OPXPApp.exe
C:\Programme\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Programme\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe
c:\Programme\ATI Technologies\ATI.ACE\CLI.EXE
C:\Programme\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe
C:\Apps\Softex\OmniPass\scureapp.exe
C:\APPS\Powercinema\PCMService.exe
C:\apps\ABoard\ABoard.exe
C:\Programme\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\Twain_32\FlatBed\HotKey.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\apps\ABoard\AOSD.exe
C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programme\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\APPS\SMP\SmpSys.exe
C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\Macromed\Shockwave 10\PostUpdate.exe
c:\Programme\ATI Technologies\ATI.ACE\cli.exe
c:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Dokumente und Einstellungen\****\Desktop\dss.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\kernel.exe
C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\sc_watch.exe
C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis2\PROFIL~1.EXE
C:\PROGRA~1\T-Online\T-ONLI~1\Notifier\Notifier.exe
C:\PROGRAMME\T-ONLINE\T-ONLINE_SOFTWARE_6\BASIS-SOFTWARE\BASIS2\UPDATE.EXE
C:\PROGRA~1\TRENDM~1\HIJACK~1\****.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ATICCC] "c:\Programme\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Vade Retro Outlook Express] "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"
O4 - HKLM\..\Run: [DetectorApp] C:\Programme\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [OmniPass] C:\Apps\Softex\OmniPass\scureapp.exe
O4 - HKLM\..\Run: [PCMService] "c:\APPS\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Programme\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [HotKey] C:\WINDOWS\Twain_32\FlatBed\HotKey.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ToADiMon.exe] C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe -TOnlineAutodialStart
O4 - HKLM\..\Run: [Ulead Photo Express 5 SE Calendar Checker] C:\Programme\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe
O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Programme\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [SmpcSys] C:\APPS\SMP\SmpSys.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\RunOnce: [SWHelper] "C:\WINDOWS\system32\Macromed\Shockwave 10\PostUpdate.exe" 1010011
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Programme\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\ger.htm
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - h**p://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1169222261706
O17 - HKLM\System\CCS\Services\Tcpip\..\{A3057967-1F6D-4DD6-9E06-AF83B63B073E}: NameServer = 217.237.151.142 217.237.150.188
O18 - Protocol: haufereader - (no CLSID) - (no file)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: T-Online WLAN Adapter Steuerungsdienst (MZCCntrl) - Deutsche Telekom AG, Marmiko IT-Solutions GmbH - C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Apps\Softex\OmniPass\Omniserv.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Programme\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe

--
End of file - 11710 bytes

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*
.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
R2 lirsgt - c:\windows\system32\drivers\lirsgt.sys
R3 MTOnlPktAlyX (MTOnlPktAlyX NDIS Protocol Driver) - c:\programme\t-online\t-online_software_6\basis-software\basis1\mtonlpktalyx.sys <Not Verified; Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH; T-Online Dialer Module>
R3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys <Not Verified; America Online, Inc.; Wan Miniport (ATW)>

S3 CoachUsb (Coach Digital Camera on USB) - c:\windows\system32\drivers\85447usb.sys <Not Verified; FotoNation Ltd.; USB Driver for Digital Camera>
S3 CoachVc (Coach Video Capture) - c:\windows\system32\drivers\85447vc.sys <Not Verified; Accapella Ltd.; Video Capture Minidriver for Digital Camera>
S3 MACNDIS5 (MACNDIS5 NDIS Protocol Driver) - c:\programme\gemeinsame dateien\marmiko shared\macndis5.sys <Not Verified; Marmiko IT-Solutions GmbH; Marmiko NDis Helper for Windows>
S3 MIINPazX (MIINPazX NDIS Protocol Driver) - c:\programme\gemeinsame dateien\marmiko shared\minfrais\miinpazx.sys <Not Verified; Deutsche Telekom AG, Marmiko IT-Solutions GmbH; Marmiko InfraIS Module>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 CLCapSvc (CyberLink Background Capture Service (CBCS)) - "c:\apps\powercinema\kernel\tv\clcapsvc.exe" <Not Verified; ; CLCapSvc Module>
R2 CLSched (CyberLink Task Scheduler (CTS)) - "c:\apps\powercinema\kernel\tv\clsched.exe" <Not Verified; ; CLSched Module>
R2 CyberLink Media Library Service - "c:\apps\powercinema\kernel\clml_ntservice\clmlserver.exe" <Not Verified; Cyberlink; Cyberlink Media Library Server>
R2 MZCCntrl (T-Online WLAN Adapter Steuerungsdienst) - c:\programme\gemeinsame dateien\marmiko shared\mzccntrl.exe <Not Verified; Deutsche Telekom AG, Marmiko IT-Solutions GmbH; T-Online WLAN Adapter Steuerung>
R2 USBDeviceService - c:\programme\sonic\digitalmedia le v7\mydvd le\usbdeviceservice.exe <Not Verified; ; USBDeviceService Module>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-07-11 18:00:54       394 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job
2008-07-09 21:35:46       518 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Meinen Computer prüfen - ****.job
2008-06-18 16:37:00       566 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Meinen Computer prüfen.job


-- Files created between 2008-06-11 and 2008-07-11 -----------------------------

2008-07-10 21:01:36         0 d-------- C:\Programme\Malwarebytes' Anti-Malware
2008-07-10 20:28:56         0 d-------- C:\Programme\Trend Micro
2008-07-09 20:37:24         0 d-------- C:\WINDOWS\Prefetch
2008-07-09 20:31:26         0 d-------- C:\WINDOWS\system32\de
2008-07-09 20:31:26         0 d-------- C:\WINDOWS\system32\bits
2008-07-09 20:31:26         0 d-------- C:\WINDOWS\l2schemas
2008-07-09 20:29:47         0 d-------- C:\WINDOWS\ServicePackFiles
2008-07-09 20:24:24         0 d-------- C:\WINDOWS\EHome
2008-07-09 20:05:27     53248 -ra------ C:\WINDOWS\UpdtNv28.exe
2008-07-09 17:43:38         0 d-------- C:\Programme\Enigma Software Group


-- Find3M Report ---------------------------------------------------------------

2008-07-11 07:34:08         0 d-------- C:\Programme\Gemeinsame Dateien
2008-07-10 21:01:40         0 d-------- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Malwarebytes
2008-07-09 20:39:41    463100 --a------ C:\WINDOWS\system32\perfh007.dat
2008-07-09 20:39:41     85902 --a------ C:\WINDOWS\system32\perfc007.dat
2008-07-09 20:36:55         0 d-------- C:\Programme\Messenger
2008-07-09 20:36:50         0 d-------- C:\Programme\Norton AntiVirus
2008-07-09 20:31:26         0 d-------- C:\Programme\Movie Maker
2008-07-09 20:29:32         0 d-------- C:\Programme\Windows NT
2008-07-09 20:05:32         0 d-------- C:\Programme\Gemeinsame Dateien\Symantec Shared
2008-07-08 11:14:58         0 d-------- C:\Programme\Full Tilt Poker.Net
2008-06-10 13:34:48         0 d-------- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Skype
2008-06-09 20:16:19         0 d-------- C:\Programme\The Witcher
2008-06-09 20:10:24         0 d--h----- C:\Programme\InstallShield Installation Information
2008-06-09 19:50:57         0 d-------- C:\Dokumente und Einstellungen\****\Anwendungsdaten\OpenOffice.org2
2008-05-17 20:24:57         0 d-------- C:\Dokumente und Einstellungen\****\Anwendungsdaten\AdobeUM


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [04.08.2004 14:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [04.08.2004 14:00]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [07.01.2005 17:07 C:\WINDOWS\system32\HdAShCut.exe]
"RTHDCPL"="RTHDCPL.EXE" [09.12.2005 16:49 C:\WINDOWS\RTHDCPL.exe]
"Alcmtr"="ALCMTR.EXE" [03.05.2005 18:43 C:\WINDOWS\Alcmtr.exe]
"ATICCC"="c:\Programme\ATI Technologies\ATI.ACE\CLIStart.exe" [10.05.2006 11:12]
"SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_05\bin\jusched.exe" [22.02.2008 04:25]
"Vade Retro Outlook Express"="C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe" [04.10.2004 13:03]
"DetectorApp"="C:\Programme\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe" [20.10.2005 06:15]
"ISUSPM Startup"="C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\isuspm.exe" [16.06.2004 06:03]
"ISUSScheduler"="C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" [16.06.2004 06:03]
"OmniPass"="C:\Apps\Softex\OmniPass\scureapp.exe" [30.01.2006 09:56]
"PCMService"="c:\APPS\Powercinema\PCMService.exe" [23.02.2006 12:08]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [04.08.2004 14:00]
"ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [02.05.2003 11:31]
"IntelliPoint"="C:\Programme\Microsoft IntelliPoint\point32.exe" [16.05.2003 01:41]
"HotKey"="C:\WINDOWS\Twain_32\FlatBed\HotKey.exe" [10.12.2002 08:50]
"ccApp"="C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" [30.03.2006 16:46]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [20.01.2007 15:22]
"ToADiMon.exe"="C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe" [15.02.2007 11:04]
"Ulead Photo Express 5 SE Calendar Checker"="C:\Programme\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe" [12.01.2004 20:40]
"Ulead AutoDetector"="C:\Programme\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe" [19.11.2003 13:03]
"QuickTime Task"="C:\Programme\QuickTime\qttask.exe" [17.08.2006 08:32]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [11.09.2002 18:01]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="C:\APPS\SMP\SmpSys.exe" [17.11.2005 09:51]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [14.04.2008 04:22]
"updateMgr"="C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [30.03.2006 16:45]
"H/PC Connection Agent"="C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE" [09.02.2004 11:32]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"SWHelper"="C:\WINDOWS\system32\Macromed\Shockwave 10\PostUpdate.exe" 1010011

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"T-Online_Software_6\WLAN-Access Finder"=C:\Programme\T-Online\WLAN-Access Finder\ToWLaAcF.exe /StartMinimized
"swg"=C:\Programme\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
"ALUAlert"=C:\Programme\Symantec\LiveUpdate\ALUNotify.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy] 
C:\WINDOWS\System32\dimsntfy.dll 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina] 
C:\Apps\Softex\OmniPass\opxpgina.dll 30.01.2006 08:53 49152 C:\APPS\Softex\OmniPass\OPXPGina.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders	msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs	eaphost
dot3svc	dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
napagent
hkmsvc




-- End of Deckard's System Scanner: finished at 2008-07-11 18:04:19 ------------

Alt 11.07.2008, 17:13   #8
ryan
 
AntiSpyCheck:Infiltration Alert, Antivirus Scan, Trojaner usw - Standard

AntiSpyCheck:Infiltration Alert, Antivirus Scan, Trojaner usw


...und extra.txt:
Code:
ATTFilter
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 3.0
Architecture: X86; Language: German

CPU 0: Intel(R) Pentium(R) D CPU 2.80GHz
Percentage of Memory in Use: 30%
Physical Memory (total/avail): 2046.48 MiB / 1421.41 MiB
Pagefile Memory (total/avail): 3938.68 MiB / 3389.93 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1904.31 MiB

C: is Fixed (NTFS) - 232.88 GiB total, 182.72 GiB free. 
D: is CDROM (CDFS)
E: is CDROM (No Media)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
J: is Removable (FAT32)

\\.\PHYSICALDRIVE0 - ST3250824AS - 232.88 GiB - 1 partition
  \PARTITION0 (bootable) - Installierbares Dateisystem - 232.88 GiB - C:

\\.\PHYSICALDRIVE2 - Generic USB CF Reader USB Device

\\.\PHYSICALDRIVE4 - Generic USB MS Reader USB Device

\\.\PHYSICALDRIVE1 - Generic USB SD Reader USB Device

\\.\PHYSICALDRIVE3 - Generic USB SM Reader USB Device

\\.\PHYSICALDRIVE5 - USB Flash Disk USB Device - 494.19 MiB - 1 partition
  \PARTITION0 - 16-Bit FAT - 497 MiB - J:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Dokumente und Einstellungen\All Users
APPDATA=C:\Dokumente und Einstellungen\****\Anwendungsdaten
CommonProgramFiles=C:\Programme\Gemeinsame Dateien
COMPUTERNAME=ADRIAN
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Dokumente und Einstellungen\****
LOGONSERVER=\\ADRIAN
NewEnvironment1=c:\Programme\ATI Technologies\ATI.ACE\
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Apps\Softex\OmniPass;C:\Programme\Gemeinsame Dateien\Ulead Systems\MPEG;C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\;C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD;C:\Programme\Haufe\iDesk\iDeskService\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 6 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0604
ProgramFiles=C:\Programme
PROMPT=$P$G
SESSIONNAME=Console
SonicCentral=C:\Programme\Gemeinsame Dateien\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOKUME~1\****\LOKALE~1\Temp
TMP=C:\DOKUME~1\****\LOKALE~1\Temp
USERDOMAIN=ADRIAN
USERNAME=****
USERPROFILE=C:\Dokumente und Einstellungen\****
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI 


-- User Profiles ---------------------------------------------------------------

**** (admin)
Andrea (admin)


-- Add/Remove Programs ---------------------------------------------------------

 --> "c:\apps\skype\phone\unins000.exe"
 --> "C:\Programme\Gemeinsame Dateien\AOL\ACS\AcsUninstall.exe" /c
 --> "C:\Programme\Gemeinsame Dateien\aolshare\Coach\AolCInUn.exe" -lang="de-de"
 --> C:\PROGRA~1\GOTOSO~1\VADERE~1\UNWISE.EXE C:\PROGRA~1\GOTOSO~1\VADERE~1\INSTALL.LOG
 --> C:\PROGRA~1\Norman\NORMAN~1\UNWISE.EXE C:\PROGRA~1\Norman\NORMAN~1\INSTALL.LOG
 --> C:\Programme\Gemeinsame Dateien\AOL\Screensaver\uninst_ygpss.exe
 --> C:\Programme\Gemeinsame Dateien\aolshare\Aolunins_de.exe
 --> C:\Programme\Gemeinsame Dateien\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
 --> C:\Programme\Learn2.com\StRunner\stuninst.exe
 --> C:\Programme\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
 --> C:\WINDOWS\IsUn0407.exe -fC:\WINDOWS\orun32.isu
 --> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
 --> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
 --> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
 --> msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
 --> MsiExec.exe /I{8B543A39-9401-44F4-B572-069E64C15189}
 --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\Setup.exe"  -uninstall
 --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{2638924D-DC58-4C40-BB1C-48C2B24B7B1B}\Setup.exe" -L0x7
 --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{52739387-B81C-4C55-9593-EB7A1044A657}\Setup.exe" -L0x7
 --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{3F9CFBD8-8F77-4DCD-8CB5-CDD5F653C872}\setup.exe" -l0x7 
 --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{F4E57F49-84B4-4CF2-B0A1-8CA1752BDF7E}\setup.exe" -l0x7 
 --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUN0407.EXE -f"C:\Programme\Gemeinsame Dateien\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Programme\Gemeinsame Dateien\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0.9 - Deutsch --> MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A70900000002}
ATI - Software Uninstall Utility --> C:\Programme\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center --> MsiExec.exe /I{2852AC2C-B2FC-4F4A-A573-D466C872E688}
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
CC_ccStart --> MsiExec.exe /I{D6414CC7-F215-467F-88B1-546ED863F35B}
ccCommon --> MsiExec.exe /I{DC367608-64A7-4BF7-92F4-8BAA25BA02DB}
DEMO - Bärenhöhle --> "C:\Programme\DEMO - Bärenhöhle\Uninstall.exe"
Digital Image Recovery 1.47 --> "C:\Programme\Digital Image Recovery\unins000.exe"
EPSON-Drucker-Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Attach To Email --> C:\Programme\Gemeinsame Dateien\InstallShield\Driver\8\Intel 32\IDriver.exe /M{20C45B32-5AB6-46A4-94EF-58950CAF05E5} /l1033 ADDREMOVEDLG
EPSON Easy Photo Print --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{5DA7BC15-18D3-41A0-9F59-838DA3EAEF17}\SETUP.EXE" -l0x7 UNINST
EPSON File Manager --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{E86BC406-944E-41F6-ADE6-2C136734C96B}\Setup.exe" -l0x7 UNINST
EPSON Scan Assistant --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}\Setup.exe" -l0x7 -u
EPSON Web-To-Page --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}\SETUP.EXE" -l0x7 -anything
ESD68 Benutzerhandbuch --> C:\Programme\EPSON\TPMANUAL\ESD68\USE_G\DOCUNINS.EXE
Far Cry --> C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC} 
Full Tilt Poker.Net --> "C:\Programme\InstallShield Installation Information\{E07B7A31-E160-466D-A003-3BB7B8989D52}\setup.exe" -runfromtemp -l0x0007 -removeonly
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\programme\google\googletoolbar2.dll"
Gothic III Release Update --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{1998BD34-1AAB-4169-ACFF-67342E2AF9B4}\setup.exe" -l0x7  -removeonly
Haufe iDesk-Browser --> MsiExec.exe /X{043671DC-DE3A-4A5B-B7A2-34F7DF6F5523}
Haufe iDesk-Service --> MsiExec.exe /X{A4E86B6A-6EEC-41FD-8960-26947F0E3353}
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2 --> "C:\Programme\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150040}
Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
LiveReg (Symantec Corporation) --> C:\Programme\Gemeinsame Dateien\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 1.90 (Symantec Corporation) --> C:\Programme\Symantec\LiveUpdate\LSETUP.EXE /U
Macromedia Flash Player 8 --> MsiExec.exe /X{5E8A1B08-0FBD-4543-9646-F2C2D0D05750}
Macromedia Shockwave Player --> MsiExec.exe /X{7D1D6A24-65D4-454C-8815-4F08A5FFF12C}
Malwarebytes' Anti-Malware --> "C:\Programme\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft-Basissmartcard-Kryptografiedienstanbieterpaket --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft ActiveSync 3.7 --> "C:\WINDOWS\ISUN0407.EXE" -f"C:\Programme\Microsoft ActiveSync\DeIsL1.isu" -c"C:\Programme\Microsoft ActiveSync\ceuninst.dll"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office 2000 Premium --> MsiExec.exe /I{00000407-78E1-11D2-B60F-006097C998E7}
Microsoft Office Standard Edition 2003 --> MsiExec.exe /I{91120407-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works --> MsiExec.exe /I{B26E3B0D-C2FA-4370-B068-7C476766F029}
MSRedist --> MsiExec.exe /I{FC37ABD0-2108-4beb-B010-1254E0662B5A}
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Nero - Burning Rom (Web installer) --> C:\WINDOWS\UNNERO.exe /UNINSTALL
Norton AntiVirus 2004 --> MsiExec.exe /X{C6F5B6CF-609C-428E-876F-CA83176C021B}
Norton AntiVirus 2004 (Symantec Corporation) --> C:\Programme\Gemeinsame Dateien\Symantec Shared\SymSetup\{C6F5B6CF-609C-428E-876F-CA83176C021B}.exe /X
Norton AntiVirus Parent MSI --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton WMI Update --> MsiExec.exe /X{1526D87C-A955-4FAB-BF18-697BA457E352}
OpenOffice.org 2.3 --> MsiExec.exe /I{DD5B65F7-7CA5-4DE4-AEE7-7E8F26BF78F5}
PC Inspector smart recovery --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{C9A87D86-FDFD-418B-BF96-EF09320973B3}\Setup.exe" -l0x7 
Psychonauts --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{A129D1F2-CAC4-4AD7-B26D-3C6411B87DCC}\setup.exe" -l0x7  -removeonly
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
REALTEK GbE & FE Ethernet PCI NIC Driver --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}\SETUP.exe" -l0x7  -removeonly
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x7  -removeonly
Sicherheitsupdate für Step by Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Sicherheitsupdate für Step by Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB941569) --> "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950760) --> "C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950762) --> "C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951376-v2) --> "C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951376) --> "C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951698) --> "C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951748) --> "C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
SmartSound Quicktracks Plugin --> C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E} 
Sonic Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD LE --> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow Audio --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Splinter Cell Pandora Tomorrow --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{084A9731-D05B-4ADA-B4A0-0ADD25FD7152}\Setup.exe" -l0x7 
Steuer 2007 --> C:\Programme\InstallShield Installation Information\{5E8C42DD-7E43-462C-84CC-99E5BBE3E101}\Setup.exe -runfromtemp -l0x0007 -removeonly
Steuer Hilfesammlung --> MsiExec.exe /X{B754B683-E23C-4583-9312-50AD86836B42}
Symantec Script Blocking Installer --> MsiExec.exe /I{D327AFC9-7BAA-473A-8319-6EB7A0D40138}
SymNet --> MsiExec.exe /I{E47EE8FB-ACC0-4608-859C-4E2851B18A6A}
T-Online 6.0 --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{B1275E23-717A-4D52-997A-1AD1E24BC7F3}\setup.exe" CPAS
T-Online WLAN-Access Finder --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{295C31E5-3F91-498E-9623-DA24D2FA2B6A}\Setup.exe" -L0x7
The Witcher --> "C:\Programme\InstallShield Installation Information\{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}\setup.exe" -runfromtemp -l0x0007 -removeonly
Ulead Photo Explorer 8.0 SE Basic --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{D271DAE0-8D68-4C97-8356-A126D48A1D8C}\Setup.exe" -l0x7 
Ulead Photo Express 5 SE --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{31383A1D-FAE6-435A-9DBD-FDB61C7C8EC9}\Setup.exe" -l0x7 
Ulead PhotoImpact 10 SE --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{5A065EA0-0EEC-4E94-A2A0-40812576C122}\setup.exe" -l0x7 
Ulead VideoStudio 9.0 SE DVD --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{8EAB2384-C794-40ED-A9DD-3270A0D2BB76}\setup.exe" -l0x7 
Update für Windows XP (KB951978) --> "C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
USB Scanner --> C:\WINDOWS\RunUnDrv.exe C:\WINDOWS\Twain_32\FlatBed\PmxScan.INF DefaultUnInstall.USB.NTX86
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Encoder 9-Reihe --> MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Presentation Foundation Language Pack (DEU) --> MsiExec.exe /X{92DF2F1B-F63C-4D9A-B3E1-B2D11AE29790}
Windows Workflow Foundation DE Language Pack --> MsiExec.exe /I{7228FD8C-3B9E-4204-AE36-8A466107685B}
Windows XP Service Pack 3 --> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Programme\WinRAR\uninstall.exe
XML Paper Specification Shared Components Language Pack 1.0 --> "C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"
XML Paper Specification Shared Components Pack 1.0 --> 
Zero Assumption Recovery Version 8.3 --> "C:\Programme\ZAR\unins000.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type11079 / Warning
Event Submitted/Written: 07/09/2008 08:32:04 PM
Event ID/Source: 63 / WinMgmt
Event Description:
Ein Anbieter, HiPerfCooker_v1, wurde im WMI-Namespace, Root\WMI, zum Verwenden des Kontos "LocalSystem" registriert. Dieses Konto ist ein bevorzugtes Konto, d.h. der Anbieter kann Sicherheitsverletzungen verursachen, falls Benutzeranfragen nicht richtig verarbeitet werden.

Event Record #/Type11055 / Error
Event Submitted/Written: 07/09/2008 05:55:47 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Stillstehende Anwendung SpyHunter3.exe, Version 1.0.30.0, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

Event Record #/Type11031 / Error
Event Submitted/Written: 07/09/2008 00:47:13 PM
Event ID/Source: 1000 / Application Error
Event Description:
Fehlgeschlagene Anwendung wcs.exe, Version 0.0.0.0, fehlgeschlagenes Modul unknown, Version 0.0.0.0, Fehleradresse 0x00000000.
Das medienspezifische Ereignis für [wcs.exe!ws!] wird verarbeitet.

Event Record #/Type11030 / Error
Event Submitted/Written: 07/09/2008 00:45:57 PM
Event ID/Source: 1000 / Application Error
Event Description:
Fehlgeschlagene Anwendung wcs.exe, Version 0.0.0.0, fehlgeschlagenes Modul unknown, Version 0.0.0.0, Fehleradresse 0x00000000.
Das medienspezifische Ereignis für [wcs.exe!ws!] wird verarbeitet.

Event Record #/Type11029 / Error
Event Submitted/Written: 07/09/2008 00:45:47 PM
Event ID/Source: 1000 / Application Error
Event Description:
Fehlgeschlagene Anwendung wcs.exe, Version 0.0.0.0, fehlgeschlagenes Modul unknown, Version 0.0.0.0, Fehleradresse 0x00000000.
Das medienspezifische Ereignis für [wcs.exe!ws!] wird verarbeitet.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type30913 / Error
Event Submitted/Written: 07/10/2008 08:30:39 PM
Event ID/Source: 7034 / Service Control Manager
Event Description:
Dienst "SPYWAREfighterRP" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Event Record #/Type30764 / Warning
Event Submitted/Written: 07/09/2008 08:37:35 PM
Event ID/Source: 20 / Print
Event Description:
Druckertreiber Microsoft XPS Document Writer für Windows NT x86 Version-3 wurde hinzugefügt oder aktualisiert. Dateien:- %4.

Event Record #/Type30485 / Error
Event Submitted/Written: 07/07/2008 07:31:02 PM
Event ID/Source: 10010 / DCOM
Event Description:
Der Server "{F3A614DC-ABE0-11D2-A441-00C04F795683}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Event Record #/Type30454 / Warning
Event Submitted/Written: 07/07/2008 06:24:53 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Der Computer konnte die Netzwerkadresse, die durch den DHCP-Server für die
Netzwerkkarte mit der Netzwerkadresse 0016E61F2A9D zugeteilt wurde, nicht erneuern. Der
folgende Fehler ist aufgetreten: 
%%1223.
Es wird weiterhin im Hintergrund versucht, eine Adresse vom
Netzwerkadressserver (DHCP) zu erhalten.

Event Record #/Type30451 / Warning
Event Submitted/Written: 07/07/2008 01:42:48 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Der Computer konnte die Netzwerkadresse, die durch den DHCP-Server für die
Netzwerkkarte mit der Netzwerkadresse 0016E61F2A9D zugeteilt wurde, nicht erneuern. Der
folgende Fehler ist aufgetreten: 
%%1223.
Es wird weiterhin im Hintergrund versucht, eine Adresse vom
Netzwerkadressserver (DHCP) zu erhalten.



-- End of Deckard's System Scanner: finished at 2008-07-11 18:04:19 ------------

Alt 11.07.2008, 17:41   #9
myrtille
/// TB-Ausbilder
 
AntiSpyCheck:Infiltration Alert, Antivirus Scan, Trojaner usw - Standard

AntiSpyCheck:Infiltration Alert, Antivirus Scan, Trojaner usw


Hi,
Zitat:
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 4
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) SE Runtime Environment 6 Update 1
Du hast noch jede Menge alte Javaversionen auf deinem Rechner. Bitte deinstalliere diese und lade dir danach die neueste Version von Sun

Außerdem ist deine Adobe veraltet. Das bitte auch aktualisieren.

Ansonsten siehts gut aus
Hast du noch Probleme?

lg myrtille
__________________
Anfragen per Email, Profil- oder privater Nachricht werden ignoriert!
Hilfe gibts NUR im Forum!

Wer nach 24 Stunden keine weitere Antwort von mir bekommen hat, schickt bitte eine PM

Spelling mistakes? Never, but keybaord malfunctions constantly!
Alt 11.07.2008, 17:50   #10
ryan
 
AntiSpyCheck:Infiltration Alert, Antivirus Scan, Trojaner usw - Standard

AntiSpyCheck:Infiltration Alert, Antivirus Scan, Trojaner usw


Nee, also eigentlich ist jetzt alles mindestens so gut wie vor dem ganzen Ärger.

Superklasse, der Service hier.
vielen vielen Dank und bis irgendwann mal wieder (oder hoffentlich nicht)

Alt 11.07.2008, 20:14   #11
EvilSoldier
 
AntiSpyCheck:Infiltration Alert, Antivirus Scan, Trojaner usw - Standard

AntiSpyCheck:Infiltration Alert, Antivirus Scan, Trojaner usw


Ich hab auch Probleme mit AntiSpyCheck



[edit]

Bitte eröffne, wie jeder andere hier auch, für dein Problem einen eigenen Beitrag.
Nur so wird sichergestellt as jedem User übersichtlich und individuell geholfen werden kann.


Danke.

[/edit]
Geändert von Sunny (11.07.2008 um 20:31 Uhr)

Antwort

Themen zu AntiSpyCheck:Infiltration Alert, Antivirus Scan, Trojaner usw
adobe, alert, antivirus, antivirus scan, autorun, bho, drivers, excel, google, helper, highjackthis, hijack, hijackthis, hkus\s-1-5-18, infiltration alert, internet, internet explorer, langsam, log file, malwarebytes anti-malware, outlook express, scan, security, shortcut, software, symantec, system, t-online, taskleiste, trojaner, uleadburninghelper, windows, windows xp, windows xp sp3, wlan, xp sp3


« uEXci4uY.exe kommt immer wieder | Malware auf dem PC nd keine AHnugn was zu tun ist... »


Ähnliche Themen: AntiSpyCheck:Infiltration Alert, Antivirus Scan, Trojaner usw


  1. antivirus scan
    Plagegeister aller Art und deren Bekämpfung - 16.01.2011 (1)
  2. AntiVirus Software Alert / Windows Security Alert
    Plagegeister aller Art und deren Bekämpfung - 15.01.2011 (19)
  3. Windows Security Alert / AV Security Suite / Antivirus Software Alert
    Plagegeister aller Art und deren Bekämpfung - 08.01.2011 (1)
  4. Windows antivirus software alert
    Log-Analyse und Auswertung - 30.12.2010 (15)
  5. Antivirus software alert/windows sacurity alert
    Plagegeister aller Art und deren Bekämpfung - 14.12.2010 (3)
  6. Meldung Windows Security Alert / AV Security Suite / Antivirus Software Alert
    Plagegeister aller Art und deren Bekämpfung - 17.09.2010 (26)
  7. Windows Security Alert / AV Security Suite / Antivirus Software Alert / gefakter AV lähmt PC
    Plagegeister aller Art und deren Bekämpfung - 09.09.2010 (3)
  8. Mcafee antivirus software alert
    Plagegeister aller Art und deren Bekämpfung - 31.08.2010 (5)
  9. Antivirus Software Alert -Virus
    Plagegeister aller Art und deren Bekämpfung - 16.08.2010 (11)
  10. selbe problem mit Windows Security Alert - Antivirus Software Alert
    Plagegeister aller Art und deren Bekämpfung - 15.08.2010 (3)
  11. Windows Security Alert / AV Security Suite / Antivirus Software Alert
    Plagegeister aller Art und deren Bekämpfung - 26.07.2010 (21)
  12. nochmal Antivirus Software Alert
    Plagegeister aller Art und deren Bekämpfung - 24.07.2010 (4)
  13. Windows Security Alert / AV Security Suite / Antivirus Software Alert// Ohne Internet
    Plagegeister aller Art und deren Bekämpfung - 21.07.2010 (1)
  14. Virus - Security Warning/Antivirus Software Alert
    Plagegeister aller Art und deren Bekämpfung - 20.07.2010 (3)
  15. Antivirus 2009 Alert
    Plagegeister aller Art und deren Bekämpfung - 24.10.2008 (8)
  16. Vista AntiVirus 2008 - Virus Alert in der Taskleiste
    Plagegeister aller Art und deren Bekämpfung - 10.08.2008 (46)
  17. XP Antivirus 2008 und AntiSpyCheck
    Plagegeister aller Art und deren Bekämpfung - 22.07.2008 (3)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema AntiSpyCheck:Infiltration Alert, Antivirus Scan, Trojaner usw - Hallo Allerseits, habe mich etwas belesen hier im Board und einige Posts zu dem Thema gefunden. Mein Rechner ist total lahm geworden, ständig poppen Fenster auf rechts unten oder in - AntiSpyCheck:Infiltration Alert, Antivirus Scan, Trojaner usw...
Archiv
Du betrachtest: AntiSpyCheck:Infiltration Alert, Antivirus Scan, Trojaner usw auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55