Hallo ich brauche hälfe bitte.

Mein Problem is das ich mir vor einiger zeit das Pogram Vista Virus 2008 eingefangen habe seit. Ich habe ihn zwar wieder runtergekommen aber seit dem geht mein pc nich richtig er is viel langsamer als vorher und hängt sich auch mal weg.

Bitte kann mir da jemand helfen hab auch schon einen log erstellt


Mein Problem is das ich mir vor einiger zeit das Pogram Vista Virus 2008 eingefangen habe seit. Ich habe ihn zwar wieder runtergekommen aber seit dem geht mein pc nich richtig er is viel langsamer als vorher und hängt sich auch mal weg.

Bitte kann mir da jemand helfen hab auch schon einen log erstellt

Hoffe es is richtig so .

Code: Alles auswählenAufklappen

ATTFilter

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:00:33, on 15.07.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\Avira Premium Security Suite\sched.exe
C:\WINDOWS\system32\PackethSvc.exe
C:\Programme\Avira\Avira Premium Security Suite\avguard.exe
C:\Programme\Avira\Avira Premium Security Suite\avesvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Avira\Avira Premium Security Suite\avmailc.exe
C:\Programme\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Programme\Gemeinsame Dateien\AOL\1141629514\ee\AOLSoftware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\AOL 9.0 VR\waol.exe
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
C:\Programme\AOL 9.0 VR\shellmon.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Microsoft Office\Office\WINWORD.EXE
C:\WINDOWS\msagent\AgentSvr.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.prosieben.de/index.php?icqpath=icq
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R3 - URLSearchHook: (no name) - {1CFFA392-0898-4b1c-89D1-6E98F9D8EF78} - (no file)
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
R3 - URLSearchHook: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: XTTBPos00 Class - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Programme\AOL\AOL Toolbar 4.0\aoltb.dll
O2 - BHO: QXK Olive - {BDF21582-F109-4BAB-A660-437476CF0D2A} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Programme\AOL\AOL Toolbar 4.0\aoltb.dll
O4 - HKLM\..\Run: [HostManager] C:\Programme\Gemeinsame Dateien\AOL\1141629514\ee\AOLSoftware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Programme\AOL 9.0 VR\AOL.EXE" -b
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: DSL-Manager.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &AOL Toolbar-Suche - c:\programme\aol\aol toolbar 4.0\resources\de-DE\local\search.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - http://kp.bar.need2find.com/KP/menusearch.html?p=KP
O8 - Extra context menu item: Easy-WebPrint Drucken - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Schnelldruck - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Vorschau - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Zu Druckliste hinzufügen - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Programme\AOL\AOL Toolbar 4.0\aoltb.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Programme\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: Phlinx by pogo - http://game1.pogo.com/applet-6.3.4.64/flinger/flinger-ob-assets.cab
O16 - DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} (AOL Pictures Uploader Class) - http://o.aolcdn.com/pictures/ap/Resources/2.0.0.51/cab/aolpPlugins.10.2.0.0.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-18.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1207316332258
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cab
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - https://bellerock.microgaming.com/freeplay/FlashAX2.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: tuvWolmj - tuvWolmj.dll (file missing)
O21 - SSODL: qegbdmwf - {AAED555D-A882-4FD0-99F0-0F5C6B09138A} - (no file)
O23 - Service: Avira Premium Security Suite Firewall (AntiVirFirewallService) - Avira GmbH - C:\Programme\Avira\Avira Premium Security Suite\avfwsvc.exe
O23 - Service: Avira Premium Security Suite MailGuard (AntiVirMailService) - Avira GmbH - C:\Programme\Avira\Avira Premium Security Suite\avmailc.exe
O23 - Service: Avira Premium Security Suite Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\Avira Premium Security Suite\sched.exe
O23 - Service: Avira Premium Security Suite Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\Avira Premium Security Suite\avguard.exe
O23 - Service: Avira Premium Security Suite WebGuard (antivirwebservice) - Avira GmbH - C:\Programme\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
O23 - Service: Avira Premium Security Suite MailGuard Hilfsdienst (AVEService) - Avira GmbH - C:\Programme\Avira\Avira Premium Security Suite\avesvc.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Programme\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Hotspot Manager (HotSpotFSvc) - Unknown owner - C:\Programme\Gemeinsame Dateien\T-COM\HotspotMgr\HotSpotFSvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\system32\PackethSvc.exe
O23 - Service: DSL-Manager (TDslMgrService) - T-Systems Enterprise Services GmbH - C:\Programme\DSL-Manager\DslMgrSvc.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 9090 bytes
         

Hi yuri und

Starte Hijackthis, klicke do a system scan only und setze einen Haken vor folgende Kästchen:

Code: Alles auswählenAufklappen

ATTFilter

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R3 - URLSearchHook: (no name) - {1CFFA392-0898-4b1c-89D1-6E98F9D8EF78} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: QXK Olive - {BDF21582-F109-4BAB-A660-437476CF0D2A} - (no file)
O8 - Extra context menu item: &Search - http://kp.bar.need2find.com/KP/menusearch.html?p=KP
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Programme\AWS\WeatherBug\Weather.exe (file missing) (HKCU)

alle O16 Einträge

O20 - Winlogon Notify: tuvWolmj - tuvWolmj.dll (file missing)
O21 - SSODL: qegbdmwf - {AAED555D-A882-4FD0-99F0-0F5C6B09138A} - (no file)
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm
         

Schliesse den Webbrowser und klicke auf fix checked.

=========================================================

Bereinige deinen Rechner mit dem Ccleaner, wie in der Anleitung angegeben.

=========================================================

Lasse Malwarebytes Antimalware Dein System scannen, alle Funde löschen, Log hier posten.

=========================================================

Lade das SmitfraudFix von S!Ri runter: SmitfraudFix
Anwendung:

Reinigung:

• Starte deinen Rechner in den abgesicherten Modus neu auf (bevor das Windows Bild erscheint, die F8 Taste eindrücken, immer wieder F8 drücken)
• Mach einen Doppelklick auf SmitfraudFix.exe
• Wähle die 2 und drücke auf Enter um die infizierten Dateien zu löschen
• Du wirst dann gefragt: Do you want to clean the registry ? antworte mit Y (ja) und drücke auf Enter um das Desktop Bild zu entfernen und die Registry Schlüssel der Infektion zu bereinigen.
• Das Programm wird nun überprüfen, ob die wininet.dll infiziert ist. Du wirst möglicherweise gefragt, die infizierte Datei entfernen zu lassen (wenn sie gefunden wird): Replace infected file ? antworte Y (ja) und drücke auf Enter um eine saubere Datei zu bekommen.
• Du solltest deinen Rechner nun neu aufstarten, um den Reinigung[U]sprozess zu beenden. Das Logfile solltest du speichern, als C:\rapport.txt

=========================================================

lade bitte den Deckard's System Scanner (DSS) herunter und speichere ihn auf deinem Desktop.
NB: Du musst mit Administrator-Rechten angemeldet sein, um dieses Programm laufen lassen zu können.

1. Schließe ALLE Anwendungen und Fenster.
2. Mach einen Doppelklick auf die dss.exe um sie auszuführen und folge den Prompts.
3. Wenn der Scan vollendet ist, werden sich zwei Textdateien öffnen -

main.txt <- dieses wird maximiert dargestellt und
extra.txt <- dieses wird als minmierte Datei dargestellt
4. Kopiere (STRG+A und STRG+C) und füge (STRG+V) den Inhalt von main.txt und den Inhalt von extra.txt in deine nächste Antwort.

Die Logdateien können sehr lang werden.



gruß

schrauber

Code: Alles auswählenAufklappen

ATTFilter

Malwarebytes' Anti-Malware 1.20
Datenbank Version: 957
Windows 5.1.2600 Service Pack 2

01:44:11 16.07.2008
mbam-log-7-16-2008 (01-44-11).txt

Scan Art: Komplett Scan (C:\|)
Objekte gescannt: 121879
Scan Dauer: 1 hour(s), 8 minute(s), 35 second(s)

Infizierte Speicher Prozesse: 0
Infizierte Speicher Module: 0
Infizierte Registrierungsschlüssel: 20
Infizierte Registrierungswerte: 5
Infizierte Datei Objekte der Registrierung: 0
Infizierte Verzeichnisse: 15
Infizierte Dateien: 31

Infizierte Speicher Prozesse:
(Keine Malware Objekte gefunden)

Infizierte Speicher Module:
(Keine Malware Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\mysearchtoolbar.settingsplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mysearchtoolbar.settingsplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{014da6cb-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{014da6c1-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{014da6c4-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{014da6c6-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{014da6ca-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{014da6cc-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{014da6c0-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2f4b2f9e-6e2d-4fcc-a0ac-10b97b0bec38} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{fcec91ba-d0aa-4c87-ac80-45891152c8bd} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{53600c72-ac0c-4766-bd48-b5f3530eb5e5} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f712b746-2cb5-4c3a-bcdd-7c26bd4dac97} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{78e1b695-9027-496a-99dc-f3f340f4b6f0} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{014da6c9-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MySearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Adsl Software Ltd (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{d2eeb637-a4a5-4bbb-8c0c-96af821110c2} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{014da6c9-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Products\rdomain (Rogue.PCVirusless) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Products\prodname (Rogue.PCVirusless) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Products\compname (Rogue.PCVirusless) -> Quarantined and deleted successfully.

Infizierte Datei Objekte der Registrierung:
(Keine Malware Objekte gefunden)

Infizierte Verzeichnisse:
C:\Programme\PCHealthCenter (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Programme\MySearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MySearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MySearch\bar\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MySearch\bar\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MySearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWay (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Programme\MyWay\myBar (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Programme\MyWay\myBar\1.bin (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Programme\MyWay\myBar\Cache (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Programme\MyWay\myBar\History (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Programme\MyWay\myBar\Settings (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Programme\VAV (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ADSL Software Ltd (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ADSL Software Ltd\WinSpywareProtect (Rogue.Multiple) -> Quarantined and deleted successfully.

Infizierte Dateien:
C:\Programme\PCHealthCenter\0.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Programme\PCHealthCenter\1.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Programme\PCHealthCenter\2.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Programme\PCHealthCenter\3.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Programme\PCHealthCenter\sc.html (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Programme\PCHealthCenter\sex1.ico (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Programme\PCHealthCenter\sex2.ico (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Programme\MySearch\bar\1.bin\MYSEARCHPLUGINPROXY.CLASS (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MySearch\bar\Cache\files.ini (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MySearch\bar\History\search (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWay\myBar\1.bin\MYWAYPLUGINPROXY.CLASS (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Programme\MyWay\myBar\1.bin\PARTNER.BMP (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Programme\MyWay\myBar\1.bin\PARTNER.DAT (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Programme\MyWay\myBar\1.bin\PARTNER2.DAT (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Programme\MyWay\myBar\1.bin\PARTNER3.DAT (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Programme\MyWay\myBar\1.bin\PARTNER4.DAT (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Programme\MyWay\myBar\1.bin\PARTNER5.DAT (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Programme\MyWay\myBar\1.bin\PARTNER6.DAT (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Programme\MyWay\myBar\Cache\00031BD4 (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Programme\MyWay\myBar\Cache\005776FC (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Programme\MyWay\myBar\Cache\0057A71A.bin (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Programme\MyWay\myBar\Cache\0057B65B.bin (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Programme\MyWay\myBar\Cache\0057BA13.bin (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Programme\MyWay\myBar\History\search (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Programme\MyWay\myBar\Settings\prevcfg.htm (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Programme\VAV\vav0.dat (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.
C:\Programme\VAV\vav1.dat (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sex1.ico (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sex2.ico (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\acrsecB.fon (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\acrsecI.fon (Trojan.Agent) -> Quarantined and deleted successfully.
         

Code: Alles auswählenAufklappen

ATTFilter

Deckard's System Scanner v20071014.68
Run by Bunge on 2008-07-16 02:18:20
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
5: 2008-07-16 00:18:55 UTC - RP5 - Deckard's System Scanner Restore Point
4: 2008-07-15 11:53:04 UTC - RP4 - Windows XP KB885295 wurde installiert.
3: 2008-07-15 07:15:03 UTC - RP3 - Systemprüfpunkt
2: 2008-07-14 06:39:52 UTC - RP2 - Removed SweetIM Toolbar for Internet Explorer 3.1
1: 2008-07-14 06:23:25 UTC - RP1 - Systemprüfpunkt


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 224 MiB (512 MiB recommended).


-- HijackThis (run as Bunge.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:23:52, on 16.07.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\Avira Premium Security Suite\sched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\PackethSvc.exe
C:\Programme\Avira\Avira Premium Security Suite\avguard.exe
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
C:\Programme\Avira\Avira Premium Security Suite\avesvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Avira\Avira Premium Security Suite\avmailc.exe
C:\Programme\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Dokumente und Einstellungen\Bunge\Desktop\dss.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Programme\CCleaner\CCleaner.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Bunge.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.prosieben.de/index.php?icqpath=icq
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Programme\AOL\AOL Toolbar 4.0\aoltb.dll
O2 - BHO: QXK Olive - {BDF21582-F109-4BAB-A660-437476CF0D2A} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Programme\AOL\AOL Toolbar 4.0\aoltb.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: DSL-Manager.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &AOL Toolbar-Suche - c:\programme\aol\aol toolbar 4.0\resources\de-DE\local\search.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Easy-WebPrint Drucken - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Schnelldruck - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Vorschau - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Zu Druckliste hinzufügen - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Programme\AOL\AOL Toolbar 4.0\aoltb.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: Phlinx by pogo - http://game1.pogo.com/applet-6.3.4.64/flinger/flinger-ob-assets.cab
O16 - DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} (AOL Pictures Uploader Class) - http://o.aolcdn.com/pictures/ap/Resources/2.0.0.51/cab/aolpPlugins.10.2.0.0.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-18.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1207316332258
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cab
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - https://bellerock.microgaming.com/freeplay/FlashAX2.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira Premium Security Suite Firewall (AntiVirFirewallService) - Avira GmbH - C:\Programme\Avira\Avira Premium Security Suite\avfwsvc.exe
O23 - Service: Avira Premium Security Suite MailGuard (AntiVirMailService) - Avira GmbH - C:\Programme\Avira\Avira Premium Security Suite\avmailc.exe
O23 - Service: Avira Premium Security Suite Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\Avira Premium Security Suite\sched.exe
O23 - Service: Avira Premium Security Suite Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\Avira Premium Security Suite\avguard.exe
O23 - Service: Avira Premium Security Suite WebGuard (antivirwebservice) - Avira GmbH - C:\Programme\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
O23 - Service: Avira Premium Security Suite MailGuard Hilfsdienst (AVEService) - Avira GmbH - C:\Programme\Avira\Avira Premium Security Suite\avesvc.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Programme\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Hotspot Manager (HotSpotFSvc) - Unknown owner - C:\Programme\Gemeinsame Dateien\T-COM\HotspotMgr\HotSpotFSvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\system32\PackethSvc.exe
O23 - Service: DSL-Manager (TDslMgrService) - T-Systems Enterprise Services GmbH - C:\Programme\DSL-Manager\DslMgrSvc.exe

--
End of file - 7648 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080716-001903-212 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
backup-20080716-001903-389 O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
backup-20080716-001903-419 O8 - Extra context menu item: &Search - http://kp.bar.need2find.com/KP/menusearch.html?p=KP
backup-20080716-001903-758 O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
backup-20080716-001903-908 O2 - BHO: XTTBPos00 Class - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
backup-20080716-001903-979 R3 - URLSearchHook: (no name) - {1CFFA392-0898-4b1c-89D1-6E98F9D8EF78} - (no file)
backup-20080716-001904-662 O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Programme\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
backup-20080716-001904-967 O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
backup-20080716-001905-452 O21 - SSODL: qegbdmwf - {AAED555D-A882-4FD0-99F0-0F5C6B09138A} - (no file)
backup-20080716-001905-709 O20 - Winlogon Notify: tuvWolmj - tuvWolmj.dll (file missing)
backup-20080716-001906-772 O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 SSHDRV85 - c:\windows\system32\drivers\sshdrv85.sys <Not Verified; ; ProtectCD>
R1 ssmdrv - c:\windows\system32\drivers\ssmdrv.sys <Not Verified; AVIRA GmbH; >
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>
R3 TSMPacket (DSL-Manager Service) - c:\windows\system32\drivers\tsmpkt.sys <Not Verified; T-Systems; T-DSL Manager>
R3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys <Not Verified; America Online, Inc.; Wan Miniport (ATW)>

S2 OMSCAN - \sys'z????? (file missing)
S3 BulkUsb (VoIPUSBDriver.sys) - c:\windows\system32\drivers\voipusbdriver.sys (file missing)
S3 CoachUsb (Coach Digital Camera on USB) - c:\windows\system32\drivers\coachusb.sys <Not Verified; FotoNation Ltd.; USB Driver for Digital Camera>
S3 CoachVc (Coach Video Capture) - c:\windows\system32\drivers\coachvc.sys <Not Verified; Accapella Ltd.; Video Capture Minidriver for Digital Camera>
S3 hwdatacard (Huawei DataCard USB Modem and USB Serial) - c:\windows\system32\drivers\ewusbmdm.sys (file missing)
S3 Profos - c:\programme\gemeinsame dateien\bitdefender\bitdefender threat scanner\profos.sys (file missing)
S3 Trufos - c:\programme\gemeinsame dateien\bitdefender\bitdefender threat scanner\trufos.sys (file missing)
S3 USBIO (USBIO Driver (usbio.sys)) - c:\windows\system32\drivers\usbio.sys <Not Verified; Thesycon GmbH, Germany; Universal USB Device Driver>
S3 ZSMC301b (ZSMC USB PC Camera) - c:\windows\system32\drivers\usbvm31b.sys <Not Verified; VM; >


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 AntiVirFirewallService (Avira Premium Security Suite Firewall) - "c:\programme\avira\avira premium security suite\avfwsvc.exe" <Not Verified; Avira GmbH; AntiVir Workstation>
R2 AntiVirMailService (Avira Premium Security Suite MailGuard) - "c:\programme\avira\avira premium security suite\avmailc.exe" <Not Verified; Avira GmbH; AntiVir Workstation>
R2 AntiVirScheduler (Avira Premium Security Suite Planer) - "c:\programme\avira\avira premium security suite\sched.exe" <Not Verified; Avira GmbH; AntiVir Workstation>
R2 antivirwebservice (Avira Premium Security Suite WebGuard) - "c:\programme\avira\avira premium security suite\avwebgrd.exe" <Not Verified; Avira GmbH; AntiVir Workstation>
R2 AVEService (Avira Premium Security Suite MailGuard Hilfsdienst) - "c:\programme\avira\avira premium security suite\avesvc.exe" <Not Verified; Avira GmbH; AntiVir Workstation>
R2 PackethSvc (Virtual NIC Service) - c:\windows\system32\packethsvc.exe <Not Verified; America Online, Inc.; America Online>

S3 HotSpotFSvc (Hotspot Manager) - "c:\programme\gemeinsame dateien\t-com\hotspotmgr\hotspotfsvc.exe" (file missing)
S3 TDslMgrService (DSL-Manager) - "c:\programme\dsl-manager\dslmgrsvc.exe" <Not Verified; T-Systems Enterprise Services GmbH; DSL-Manager>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-07-13 17:18:30       396 --a------ C:\WINDOWS\Tasks\1-Klick-Wartung.job


-- Files created between 2008-06-16 and 2008-07-16 -----------------------------

2008-07-16 00:31:48         0 d-------- C:\Programme\Malwarebytes' Anti-Malware
2008-07-16 00:24:15         0 dr-h----- C:\Dokumente und Einstellungen\Bunge\Recent
2008-07-15 13:48:39         0 d-------- C:\Programme\AOL 9.0 VR
2008-07-15 13:01:32     24642 --a------ C:\WINDOWS\system32\aolddial.dll <Not Verified; America Online; AOLDDial Custom Dialer Module>
2008-07-15 13:01:32         0 d-------- C:\Programme\Gemeinsame Dateien\aolshare
2008-07-15 13:01:31    153088 --a------ C:\WINDOWS\system32\jgdwmie.dll <Not Verified; America Online; JG Decoder>
2008-07-15 13:01:09         0 d-------- C:\Programme\AOL 6.0
2008-07-13 17:16:29         0 d-------- C:\Programme\TuneUp Utilities 2007
2008-07-13 17:15:14         0 d-------- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2008-07-13 15:46:57         0 d-------- C:\Programme\Trend Micro
2008-07-12 14:04:42         0 d-------- C:\Programme\NOS
2008-07-12 01:40:04         0 d-------- C:\Programme\CCleaner
2008-07-12 01:31:34     57344 --a------ C:\WINDOWS\system32\GkSui16.EXE
2008-07-12 01:31:34         0 d-------- C:\Programme\FreeMem Standard
2008-07-12 01:21:36         0 d-------- C:\WINDOWS\pss
2008-07-10 21:52:05         0 d-------- C:\WINDOWS\system32\CatRoot_bak
2008-07-10 21:15:42       172 --a------ C:\WINDOWS\advacc1.dat
2008-07-10 21:15:33         0 d-------- C:\Programme\BoostKit
2008-07-07 23:19:27         0 d-------- C:\Programme\NGD Studios
2008-07-06 22:28:00         0 d-------- C:\Programme\gamigo
2008-07-06 22:08:34         0 d-------- C:\GAMIGO
2008-07-02 20:49:07         0 d-------- C:\Programme\Avira
2008-07-01 18:06:19     81984 --a------ C:\WINDOWS\system32\bdod.bin
2008-07-01 02:58:51         0 d-------- C:\Programme\BitDefender
2008-07-01 02:48:45         0 d-------- C:\Programme\Gemeinsame Dateien\BitDefender
2008-06-30 19:19:19     43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2008-06-30 15:42:57         0 d-------- C:\Programme\AWS
2008-06-30 00:00:28         0 d-------- C:\Programme\Gemeinsame Dateien\Symantec Shared
2008-06-29 14:46:13         0 d-------- C:\Programme\Enigma Software Group
2008-06-29 14:12:26    113931 --ahs---- C:\WINDOWS\system32\RAcLRqru.ini2
2008-06-29 13:55:46    107483 --ahs---- C:\WINDOWS\system32\tCLklnmp.ini2
2008-06-29 13:49:42         0 d-------- C:\WINDOWS\system32\NtmsData
2008-06-28 22:56:47   9175040 --a------ C:\Dokumente und Einstellungen\Bunge\ntuser.dat
2008-06-24 17:38:01        56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-06-24 17:33:15         0 d-------- C:\Programme\Skype
2008-06-24 17:33:14         0 d-------- C:\Programme\Gemeinsame Dateien\Skype
2008-06-23 23:29:51         0 d-------- C:\Programme\ICQToolbar
2008-06-23 22:48:56         0 d-------- C:\Programme\ICQ6


-- Find3M Report ---------------------------------------------------------------

2008-07-16 00:31:58         0 d-------- C:\Dokumente und Einstellungen\Bunge\Anwendungsdaten\Malwarebytes
2008-07-15 14:01:37         0 d-------- C:\Dokumente und Einstellungen\Bunge\Anwendungsdaten\AOL
2008-07-15 13:56:57         0 d-------- C:\Programme\Gemeinsame Dateien\aol
2008-07-15 13:01:32         0 d-------- C:\Programme\Gemeinsame Dateien
2008-07-15 12:40:24         0 d-------- C:\Dokumente und Einstellungen\Bunge\Anwendungsdaten\eMule
2008-07-14 08:12:51         0 d-------- C:\Programme\QuickTime
2008-07-13 17:17:58         0 d-------- C:\Dokumente und Einstellungen\Bunge\Anwendungsdaten\TuneUp Software
2008-07-12 14:41:48         0 d-------- C:\Dokumente und Einstellungen\Bunge\Anwendungsdaten\DivX
2008-07-12 14:33:59         0 d-------- C:\Programme\Gemeinsame Dateien\Adobe
2008-07-12 14:07:57         0 d-------- C:\Programme\DivX
2008-07-12 14:02:19         0 d-------- C:\Dokumente und Einstellungen\Bunge\Anwendungsdaten\Adobe
2008-07-12 01:46:57         0 d-------- C:\Dokumente und Einstellungen\Bunge\Anwendungsdaten\UpdateStar
2008-07-11 14:13:31         0 d-------- C:\Dokumente und Einstellungen\Bunge\Anwendungsdaten\Skype
2008-07-11 14:13:16         0 d-------- C:\Dokumente und Einstellungen\Bunge\Anwendungsdaten\skypePM
2008-07-10 21:38:39         0 d--h----- C:\Programme\InstallShield Installation Information
2008-07-10 21:35:17    428814 --a------ C:\WINDOWS\system32\perfh007.dat
2008-07-10 21:35:17     80892 --a------ C:\WINDOWS\system32\perfc007.dat
2008-07-10 16:54:18         0 d-------- C:\Programme\WinAce
2008-07-07 21:03:22         0 d-------- C:\Dokumente und Einstellungen\Bunge\Anwendungsdaten\UseNeXT
2008-07-05 17:53:38         0 d-------- C:\Programme\Google
2008-07-04 14:38:13         0 d-------- C:\Dokumente und Einstellungen\Bunge\Anwendungsdaten\Avira
2008-07-02 23:13:51         0 d-------- C:\Dokumente und Einstellungen\Bunge\Anwendungsdaten\AVGTOOLBAR
2008-07-01 02:29:33        12 --a------ C:\Dokumente und Einstellungen\Bunge\Anwendungsdaten\slicktionary.df
2008-06-26 21:06:19         0 d-------- C:\Dokumente und Einstellungen\Bunge\Anwendungsdaten\Identities
2008-06-26 21:06:17         0 d-------- C:\Dokumente und Einstellungen\Bunge\Anwendungsdaten\Zylom
2008-06-26 19:55:36         0 d-------- C:\Dokumente und Einstellungen\Bunge\Anwendungsdaten\SecondLife
2008-06-23 18:15:46         0 d-------- C:\Programme\DSL-Manager
2008-06-20 22:41:06         0 d-------- C:\Programme\UseNeXT
2008-06-19 18:33:15         0 d-------- C:\Dokumente und Einstellungen\Bunge\Anwendungsdaten\Mozilla
2008-06-19 18:27:44         0 d-------- C:\Dokumente und Einstellungen\Bunge\Anwendungsdaten\Google
2008-06-19 18:27:15         0 d-------- C:\Dokumente und Einstellungen\Bunge\Anwendungsdaten\Talkback
2008-06-14 21:16:35         0 d-------- C:\Dokumente und Einstellungen\Bunge\Anwendungsdaten\ICQ
2008-06-11 02:07:20   3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-06-11 02:03:26    196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-06-11 02:03:26     81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-06-11 02:03:20    802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-06-11 02:03:20    823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-06-11 02:03:20    815104 --a------ C:\WINDOWS\system32\divx_xx0a.dll <Not Verified; DivX, Inc.; DivX®>
2008-06-11 02:03:20    823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-06-11 02:03:18    683520 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-06-07 20:04:03         0 d-------- C:\Dokumente und Einstellungen\Bunge\Anwendungsdaten\ICQ Toolbar
2008-05-26 22:28:22         0 d-------- C:\Dokumente und Einstellungen\Bunge\Anwendungsdaten\Real
2008-05-26 22:10:38         0 d-------- C:\Programme\Gemeinsame Dateien\xing shared
2008-05-26 22:10:16         0 d-------- C:\Programme\Gemeinsame Dateien\Real
2008-05-26 21:56:44      3469 --a------ C:\WINDOWS\mozver.dat
2008-05-25 14:44:16         0 d-------- C:\Programme\CyberLink DVD Solution
2008-05-25 14:38:24         0 d-------- C:\Programme\Ubisoft
2008-05-25 14:20:09         0 d-------- C:\Programme\Real
2008-05-23 00:18:54     12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2008-05-17 00:06:40         0 d-------- C:\Dokumente und Einstellungen\Bunge\Anwendungsdaten\Yahoo!
2008-04-21 15:45:06    540672 --a------ C:\WINDOWS\uninstal.exe
2008-04-20 19:45:16       103 --a------ C:\WINDOWS\popcinfo.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
11.06.2008 22:33	75128	--a------	C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BDF21582-F109-4BAB-A660-437476CF0D2A}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04.08.2004 09:57]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"=0 (0x0)
"NoLowDiskSpaceChecks"=0 (0x0)
"MaxRecentDocs"=6 (0x6)
"NoRecentDocsNetHood"=1 (0x1)
"NoExpandedNewMenu"=0 (0x0)
"NoRecentDocsHistory"=1 (0x1)
"NoUserNameInStartMenu"=1 (0x1)
"NoTrayItemsDisplay"=00000000
"ClearRecentDocsOnExit"=0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\urqRLcAR

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders	msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
"C:\Programme\Avira\Avira Premium Security Suite\avgnt.exe" /min

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
"C:\Programme\ICQ6\ICQ.exe" silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstallProgram]
C:\DOKUME~1\Bunge\LOKALE~1\Temp\lprn32.exe------------
         

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Programme\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
"C:\Programme\Ahead\Nero BackItUp\NBJ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Programme\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"UpdateStar"=C:\Dokumente und Einstellungen\Bunge\Anwendungsdaten\UpdateStar\UpdateStar.exe -A
"AOL Fast Start"="C:\Programme\AOL 9.0 VR\AOL.EXE" -b

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"HostManager"=C:\Programme\Gemeinsame Dateien\AOL\1141629514\ee\AOLSoftware.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{06024810-fa93-11dc-b763-00038a000015}]
AutoRun\command- D:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{06024812-fa93-11dc-b763-00038a000015}]
AutoRun\command- D:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86b51fd7-f76d-11dc-b75a-00038a000015}]
AutoRun\command- D:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86b51fdd-f76d-11dc-b75a-00038a000015}]
AutoRun\command- D:\AutoRun.exe




-- End of Deckard's System Scanner: finished at 2008-07-16 02:25:55

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: German

CPU 0: Intel(R) Celeron(R) CPU 1.70GHz
Percentage of Memory in Use: 70%
Physical Memory (total/avail): 223.49 MiB / 66.26 MiB
Pagefile Memory (total/avail): 545.51 MiB / 233.78 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1931.22 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 111.79 GiB total, 77.22 GiB free.
D: is CDROM (No Media)
F: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST3120022A - 111.79 GiB - 1 partition
\PARTITION0 (bootable) - Installierbares Dateisystem - 111.79 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is set to notify before install.
Windows Internal Firewall is disabled.

FW: Avira Firewall v8.0.1.18 (Avira GmbH)
AV: Bitdefender Antivirus v8.0 (BitDefender) Disabled
AV: Avira Premium Security Suite v8.0.1.18 (Avira GmbH) Outdated

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Programme\\AOL 9.0c\\waol.exe"="C:\\Programme\\AOL 9.0c\\waol.exe:*:Enabled:AOL"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Programme\\AOL 9.0\\waol.exe"="C:\\Programme\\AOL 9.0\\waol.exe:*:Enabled:AOL"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\program files\\Real\\RealPlayer\\realplay.exe"="C:\\program files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"C:\\Programme\\eMule\\emule.exe"="C:\\Programme\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Programme\\ICQ6\\ICQ.exe"="C:\\Programme\\ICQ6\\ICQ.exe:*:Enabled:ICQ6"
"C:\\Programme\\Gemeinsame Dateien\\aol\\1141629514\\ee\\aolsoftware.exe"="C:\\Programme\\Gemeinsame Dateien\\aol\\1141629514\\ee\\aolsoftware.exe:*isabled:AOL Services"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Programme\\DivX\\eMule\\emule.exe"="C:\\Programme\\DivX\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Dokumente und Einstellungen\\Bunge\\Lokale Einstellungen\\Temp\\~AceTemp\\eMule.0.48a.Razorback3.Next.Generation.v4.31.Mod-Binary.(fast.and.xtreme)\\emule.exe"="C:\\Dokumente und Einstellungen\\Bunge\\Lokale Einstellungen\\Temp\\~AceTemp\\eMule.0.48a.Razorback3.Next.Generation.v4.31.Mod-Binary.(fast.and.xtreme)\\emule.exe:*:Enabled:eMule"
"C:\\Dokumente und Einstellungen\\Bunge\\Lokale Einstellungen\\Temp\\WZSE0.TMP\\symnrt.exe"="C:\\Dokumente und Einstellungen\\Bunge\\Lokale Einstellungen\\Temp\\WZSE0.TMP\\symnrt.exe:*:Enabled:Symantec Removal Utility"
"C:\\Programme\\Skype\\Phone\\Skype.exe"="C:\\Programme\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Programme\\AOL 9.0 VR\\waol.exe"="C:\\Programme\\AOL 9.0 VR\\waol.exe:*:Enabled:AOL"
"C:\\Programme\\Gemeinsame Dateien\\aol\\TopSpeed\\3.0\\aoltpsd3.exe"="C:\\Programme\\Gemeinsame Dateien\\aol\\TopSpeed\\3.0\\aoltpsd3.exe:*:Enabled:AOL TopSpeed"
"C:\\Programme\\Gemeinsame Dateien\\aol\\1141629514\\ee\\AOLServiceHost.exe"="C:\\Programme\\Gemeinsame Dateien\\aol\\1141629514\\ee\\AOLServiceHost.exe:*:Enabled:AOL"
"C:\\Programme\\Gemeinsame Dateien\\aol\\Loader\\aolload.exe"="C:\\Programme\\Gemeinsame Dateien\\aol\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Programme\\Gemeinsame Dateien\\aol\\System Information\\sinf.exe"="C:\\Programme\\Gemeinsame Dateien\\aol\\System Information\\sinf.exe:*:Enabled:AOL System Information"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Dokumente und Einstellungen\All Users
APPDATA=C:\Dokumente und Einstellungen\Bunge\Anwendungsdaten
CLASSPATH=C:\Programme\Java\jre1.6.0_02\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Programme\Gemeinsame Dateien
COMPUTERNAME=ELSA
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Dokumente und Einstellungen\Bunge
LOGONSERVER=\\ELSA
MOZ_CRASHREPORTER_DATA_DIRECTORY=C:\Dokumente und Einstellungen\Bunge\Anwendungsdaten\Mozilla\Firefox\Crash Reports
MOZ_CRASHREPORTER_RESTART_ARG_0=C:\Programme\Mozilla Firefox\firefox.exe
MOZ_CRASHREPORTER_STRINGS_OVERRIDE=C:\Programme\Mozilla Firefox\crashreporter-override.ini
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Programme\Mozilla Firefox;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\WBEM;C:\Programme\Gemeinsame Dateien\Ulead Systems\MPEG;C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD;C:\Programme\Gemeinsame Dateien\GIS\Tools;C:\Programme\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 1 Stepping 3, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0103
ProgramFiles=C:\Programme
PROMPT=$P$G
QTJAVA=C:\Programme\Java\jre1.6.0_02\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOKUME~1\Bunge\LOKALE~1\Temp
TMP=C:\DOKUME~1\Bunge\LOKALE~1\Temp
USERDOMAIN=ELSA
USERNAME=Bunge
USERPROFILE=C:\Dokumente und Einstellungen\Bunge
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Bunge (admin)
Administrator.ELSA.001 (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Programme\AOL\AOL Toolbar 4.0\uninstall.exe"
--> C:\Programme\DivX\DivXConverterUninstall.exe /CONVERTER
--> C:\Programme\Gemeinsame Dateien\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9 - Deutsch --> MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A90000000001}
AOL Deinstallation --> C:\Programme\Gemeinsame Dateien\AOL\uninstaller.exe
AOL Installations-Manager --> C:\Programme\AOL\AOL Installations-Manager\uninst.exe
Avira Premium Security Suite --> C:\Programme\Avira\Avira Premium Security Suite\SETUP.EXE /REMOVE
CardRd81 --> MsiExec.exe /I{54C8FE84-89C4-40E8-976C-439EB0729BD6}
CCleaner (remove only) --> "C:\Programme\CCleaner\uninst.exe"
CCScore --> MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
Corel Applications --> C:\WINDOWS\Corel\Uninst32.exe
CR2 --> MsiExec.exe /I{432C3720-37BF-4BD7-8E49-F38E090246D0}
Cute Kitties Screen Saver --> sstunst3.exe Cute Kitties
DFÜ-Speed --> "C:\Programme\DFÜ-Speed\Uninstall DFÜ-Speed.exe"
Digital Camera Driver --> MsiExec.exe /I{E92C762B-B53C-11D8-819A-0050BA2738EF}
DivX Codec --> C:\Programme\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter --> C:\Programme\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Programme\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Programme\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DSL-Manager --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{90A455A7-0FC8-4508-B7FA-8F135B8F041A}\Setup.exe" -l0x7
DVD Solution --> C:\Programme\Uninstall_CDS.exe
Easy-WebPrint --> C:\WINDOWS\IsUn0407.exe -fC:\Programme\Canon\Easy-WebPrint\Uninst.isu
ESSBrwr --> MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCDBK --> MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore --> MsiExec.exe /I{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}
ESSCT --> MsiExec.exe /I{8BB4B58A-A402-4DE8-8FCD-287E60B88DD8}
ESSEMAIL --> MsiExec.exe /I{FEDE2483-87B7-44C1-A5BB-D75AEB8B6340}
ESSgui --> MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESShelp --> MsiExec.exe /I{87843A41-7808-4F2E-B13F-25C1E67CF2FD}
ESSini --> MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD --> MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSPDock --> MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091}
ESSSONIC --> MsiExec.exe /I{4F677FC7-7AA8-412B-A957-F13CBE1C7331}
ESSTOOLS --> MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589}
ESSTUTOR --> MsiExec.exe /I{CA60320D-6A16-49C8-A34F-84EEF4799567}
essvcpt --> MsiExec.exe /I{D1973749-F5E7-40EB-B528-F2B78685B9FF}
ESSvpaht --> MsiExec.exe /I{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}
ESSvpot --> MsiExec.exe /I{48C82F7A-F100-4DAB-A310-8E18BF2159E1}
EVEREST Home Edition v2.20 --> "C:\Programme\Lavalys\EVEREST Home Edition\unins000.exe"
getPlus(R) --> "C:\Programme\NOS\bin\getPlus_HelperSvc.exe" /UninstallGet1
HijackThis 2.0.2 --> "C:\Programme\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HLPIndex --> MsiExec.exe /I{38441BE7-79B0-42B8-8297-833704F949FE}
HLPPDOCK --> MsiExec.exe /I{154508C0-07C5-4659-A7A0-E49968750D21}
HLPSFO --> MsiExec.exe /I{8DD94CA3-BCD2-49C0-B537-F3B5D95FF0C8}
ICQ Toolbar --> regsvr32 /u /s "C:\PROGRA~1\ICQTOO~1\toolbaru.dll"
ICQ Toolbar --> regsvr32 /u /s "C:\Programme\ICQToolbar\toolbaru.dll"
ICQ6 --> "C:\Programme\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly
iPlayer Mass Storage Driver V3.1 --> C:\WINDOWS\iun6002.exe "C:\Programme\iPlayer Mass Storage Driver V3.1\irunin.ini"
IsoBuster 1.3 --> "C:\Programme\Smart Projects\IsoBuster\Uninst\unins000.exe"
J2SE Runtime Environment 5.0 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150050}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
KSU --> MsiExec.exe /I{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}
LastChaos --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{99A37AC7-E724-4621-B167-500B5A52B69C}\setup.exe" -l0x9 -removeonly
Learn2 Player (Uninstall Only) --> C:\Programme\Learn2.com\StRunner\stuninst.exe
LifeView Suite --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{1E3F48D8-92BB-49C6-A520-50582793BA81}\Setup.exe" -l0x9
Macromedia Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Malwarebytes' Anti-Malware --> "C:\Programme\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Word 2000 --> MsiExec.exe /I{00170407-78E1-11D2-B60F-006097C998E7}
Mozilla Firefox (3.0) --> C:\Programme\Mozilla Firefox\uninstall\helper.exe
Multimedia Launcher --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
Nero OEM --> C:\Programme\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NeroVision Express 3 --> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
Notifier --> MsiExec.exe /I{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}
OfotoXMI --> MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}
OTtBP --> MsiExec.exe /I{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}
OTtBPSDK --> MsiExec.exe /I{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}
Personal ID --> "C:\Programme\Coolspot\Personal ID\Uninstall.exe" "C:\Programme\Coolspot\Personal ID\install.log" -u
PowerDVD --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PowerProducer --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
QuickTime --> C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{3868A8EE-5051-4DB0-8DF6-4F4B8A98D083} /l1031
RealPlayer --> C:\Programme\Gemeinsame Dateien\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
SFR --> MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B}
SHASTA --> MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237}
SKIN0001 --> MsiExec.exe /I{FDF9943A-3D5C-46B3-9679-586BD237DDEE}
SKINXSDK --> MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}
Skype™ 3.8 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SnapStream PVS v1 beta 4a (freeware) --> C:\PROGRA~1\SNAPST~1\UNWISE.EXE C:\PROGRA~1\SNAPST~1\INSTALL.LOG
T-Online 6.0 --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{B1275E23-717A-4D52-997A-1AD1E24BC7F3}\Setup.exe" CPAS
TuneUp Utilities 2007 --> MsiExec.exe /I{C8BB4912-12D9-42AE-B571-E580D8CD1B5B}
Ulead COOL 360 1.0 --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{3CEA4CA8-CDD4-451C-B673-E8F17BE01B15}\Setup.exe" -l0x7 -uninst
Ulead VideoStudio 7 SE VCD --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{757AD3D4-036B-42FA-B0A4-96BD6F4605A0}\Setup.exe" -l0x7
UpdateStar --> MsiExec.exe /X{541F7939-F5E3-46E0-A81C-5479F9C120B2}
UseNeXT --> "C:\Programme\UseNeXT\unins000.exe"
VIA Audio Driver Setup Program --> RunDll32.exe UnAudioNT.dll,UninstallAudio C:\WINDOWS\IsUninst.exe -f"C:\PROGRA~1\VIATEC~1\VIAAUD~1/Uninst.isu"
VideoLAN VLC media player 0.8.6f --> C:\Programme\VideoLAN\VLC\uninstall.exe
Viewpoint Media Player --> C:\Programme\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Vista Transformation Pack 4.0 --> C:\WINDOWS\System32\vimc.exe
VPRINTOL --> MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
WinAce Archiver --> C:\Programme\WinAce\SXUNINST.EXE C:\Programme\WinAce\SXUNINST.INI
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WIRELESS --> MsiExec.exe /I{F9593CFB-D836-49BC-BFF1-0E669A411D9F}


-- Application Event Log -------------------------------------------------------

Event Record #/Type4207 / Error
Event Submitted/Written: 07/16/2008 02:13:50 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Stillstehende Anwendung explorer.exe, Version 6.0.2900.3156, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

Event Record #/Type4201 / Error
Event Submitted/Written: 07/15/2008 09:10:07 PM
Event ID/Source: 1000 / Application Error
Event Description:
Fehlgeschlagene Anwendung nksp.exe, Version 0.0.0.0, fehlgeschlagenes Modul entitiesmp.dll, Version 0.0.0.0, Fehleradresse 0x0004eb09.
Das medienspezifische Ereignis für [nksp.exe!ws!] wird verarbeitet.

Event Record #/Type4170 / Error
Event Submitted/Written: 07/14/2008 08:13:31 AM
Event ID/Source: 1008 / MsiInstaller
Event Description:
Die Installation von C:\WINDOWS\Installer\dcc15.msi ist aufgrund eines Fehlers in der Verarbeitung der Richtlinie für Softwareeinschränkungen nicht zugelassen. Das Objekt ist nicht vertrauenswürdig.

Event Record #/Type4169 / Error
Event Submitted/Written: 07/14/2008 08:13:31 AM
Event ID/Source: 1008 / MsiInstaller
Event Description:
Die Installation von C:\WINDOWS\Installer\dcc15.msi ist aufgrund eines Fehlers in der Verarbeitung der Richtlinie für Softwareeinschränkungen nicht zugelassen. Das Objekt ist nicht vertrauenswürdig.

Event Record #/Type4168 / Error
Event Submitted/Written: 07/14/2008 08:13:31 AM
Event ID/Source: 1008 / MsiInstaller
Event Description:
Die Installation von C:\WINDOWS\Installer\56733.msi ist aufgrund eines Fehlers in der Verarbeitung der Richtlinie für Softwareeinschränkungen nicht zugelassen. Das Objekt ist nicht vertrauenswürdig.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


------------

-- System Event Log ------------------------------------------------------------

Event Record #/Type90718 / Warning
Event Submitted/Written: 07/16/2008 02:11:57 AM
Event ID/Source: 1007 / Dhcp
Event Description:
Die IP-Adresse für die Netzwerkkarte mit der Netzwerkadresse 00038A000011
wurde automatisch durch diesen Computer konfiguriert. Die verwendete IP-Adresse ist 169.254.101.152.

Event Record #/Type90714 / Error
Event Submitted/Written: 07/16/2008 02:04:43 AM
Event ID/Source: 10005 / DCOM
Event Description:
Bei DCOM ist der Fehler "%%1084" aufgetreten, als der Dienst "netman" mit den Argumenten ""
gestartet wurde, um den folgenden Server zu verwenden:
{BA126AE5-2166-11D1-B1D0-00805FC1270E}

Event Record #/Type90713 / Error
Event Submitted/Written: 07/16/2008 02:04:36 AM
Event ID/Source: 10005 / DCOM
Event Description:
Bei DCOM ist der Fehler "%%1084" aufgetreten, als der Dienst "EventSystem" mit den Argumenten ""
gestartet wurde, um den folgenden Server zu verwenden:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Event Record #/Type90708 / Error
Event Submitted/Written: 07/16/2008 02:01:36 AM
Event ID/Source: 10005 / DCOM
Event Description:
Bei DCOM ist der Fehler "%%1084" aufgetreten, als der Dienst "EventSystem" mit den Argumenten ""
gestartet wurde, um den folgenden Server zu verwenden:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Event Record #/Type90707 / Error
Event Submitted/Written: 07/16/2008 01:58:53 AM
Event ID/Source: 10005 / DCOM
Event Description:
Bei DCOM ist der Fehler "%%1084" aufgetreten, als der Dienst "EventSystem" mit den Argumenten ""
gestartet wurde, um den folgenden Server zu verwenden:
{1BE1F766-5536-11D1-B726-00C04FB926AF}



-- End of Deckard's System Scanner: finished at 2008-07-16 02:25:55

Hi,

Wo ist das Log von Smitfraudfix?

gruß

schrauber

Zitat:

Zitat von schrauber26

Hi,

Wo ist das Log von Smitfraudfix?

gruß

schrauber

Smitfraudfix geht nich auf .

Ich hab alles so gemacht wie es da stand aber der pc mach nix weis nich warum .
LG yuri

Wie geht nicht auf??

Warst Du im abgesicherten Modus??

[QUOTE=schrauber26;354747]Wie geht nicht auf??

Zitat:

Also, ich habe das Pogram runtergezogen aber da is dann ein Ortner von Smitfraudfix wen ich den auf mache kommen diese Dateien

was für ein Ordner??

Ich hab Dir nen Link zu ner exe-Datei gegeben, laden und einfach Doppelklicken, aber im abgesicherten Modus.

gruß

schrauber

Zitat:

Zitat von schrauber26

Wie geht nicht auf??

Warst Du im abgesicherten Modus??

ja ich war im abgesicherten Modus .
Also, ich habe das Pogram runtergezogen aber da is dann ein Ortner von Smitfraudfix wen ich den auf mache kommen diese Dateien
404fix.exe Dumphive.exe Exit.exe GenericRenosFix.exe HostsChk.exe IEDFix.C.exe IEDFix.exe Policies.exe Process.exe Reboot.exe restart.exe
SmitfraudFix.cmd SmiUpdate.exe SrchSTS.exe swreg.exe swsc.exe swxcacls.exe UIFix.exe unzip.exe VACFix.exe VCCLSID.exe WS2Fix.exe


Ich weis ja nich ich stele mich mal wieder Blöd an .

Zitat:

Zitat von yuri

ja ich war im abgesicherten Modus .
Also, ich habe das Pogram runtergezogen aber da is dann ein Ortner von Smitfraudfix wen ich den auf mache kommen diese Dateien
404fix.exe Dumphive.exe Exit.exe GenericRenosFix.exe HostsChk.exe IEDFix.C.exe IEDFix.exe Policies.exe Process.exe Reboot.exe restart.exe
SmitfraudFix.cmd SmiUpdate.exe SrchSTS.exe swreg.exe swsc.exe swxcacls.exe UIFix.exe unzip.exe VACFix.exe VCCLSID.exe WS2Fix.exe


Ich weis ja nich ich stele mich mal wieder Blöd an .

ok ich mach es noch mal

so hoffe nun is es richtig .

SmitFraudFix v2.329

Scan done at 20:32:30,47, 16.07.2008
Run from C:\Dokumente und Einstellungen\Bunge\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri