Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Malware, Laggs, ... Bitte checken

Malware, Laggs, ... Bitte checken


Log-Analyse und Auswertung: Malware, Laggs, ... Bitte checken

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Seite 1 von 2 1 2
Alt 19.07.2008, 21:09   #1
Hello World-Programm
 
Malware, Laggs, ... Bitte checken - Standard

Malware, Laggs, ... Bitte checken


hallo
Ich bin's mal wieder

Ich scanne sehr unregelmaessig, letztens aber erst scannen lassen, mit Avast; hmm... 4776 infizierte Dateien (lassen sich nicht per Avast loeschen, geschweige denn reparieren.
Seit vorgestern kommt beim Starten von Opera eine Meldung, er habe Malware oder sowas gefunden, und ich kann nicht starten, erst wenn ich auf "no action" klicke.
Ich kann jegliche Seiten von Google nicht mehr benuetzen, wie ich zudem festgestellt habe, auch keine andere Suchmaschine, wie Altavista, Yahoo etc.
Wikipedia und andere Seiten gehen ohne Probleme.

Vorher mal CD eingeschoben und "repariert", weiss nicht ob es was gebracht hat. Wollte eigentlich rebooten, nur stand da kein "Drueck D zum Loeschen".

Und nun ein Problem mehr. Das allgemeine Benutzen des CPUs ist langsamer geworden, es laggt und will manchmal nicht...

Nun hoffe ich, ihr koennt mir Rat geben.


Hier der HiJackThis-Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:50:34, on 19.07.2008
Platform: Windows XP SP1 (WinNT 5.01.2600) (Hatte mal SP2, muss ich wohl wieder neu aufsetzen.)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) (IE7 scheint auch weg zu sein.)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Bonjour\mDNSResponder.exe (Das File bekomme ich seit laengerem nicht mehr runter per Control Panel.)
C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\Rundll32.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\Documents and Settings\***\Desktop\ccsetup209.exe
C:\Program Files\Opera\Opera.exe
C:\Documents and Settings\***\Local Settings\Application Data\Opera\Opera\profile\cache4\temporary_download\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://deutsch.eazel.com/de/index.php?rvs=hompag&d=79919281
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = h**ps://pansalto.cablecom.ch/wizlet/ReportAgent/reportAgentPrepare.do?embedded=false
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: {5fcc3769-b680-46c9-63d4-776bfa1e9050} - {0509e1af-b677-4d36-9c64-086b9673ccf5} - C:\WINDOWS\system32\eygqav.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {434480C0-E75B-4338-8BCC-B7299A8F4902} - C:\WINDOWS\system32\khfETllk.dll
O2 - BHO: (no name) - {46632180-53B9-4AC3-AB03-F061C4A85B8B} - C:\WINDOWS\system32\hgGWpoPg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [BMb7adb38f] Rundll32.exe "C:\WINDOWS\system32\uqsogikm.dll",s
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - h**p://messenger.zone.msn.com/DE-CH/a-UNO1/GAME_UNO1.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - h**p://**********.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - h**p://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - h**p://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - h**p://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O20 - Winlogon Notify: hgGWpoPg - C:\WINDOWS\SYSTEM32\hgGWpoPg.dll
O20 - Winlogon Notify: tuvSmlLe - tuvSmlLe.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InCD Helper (InCDsrvR) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 10161 bytes

Alt 19.07.2008, 21:12   #2
Silent sharK
 
Malware, Laggs, ... Bitte checken - Standard

Malware, Laggs, ... Bitte checken


Bei Service Pack 1 brauchst du nichts bereinigen, da so gut wie jeder Schädling auf dein System kann, auch Sasser und Mydoom.
Daher: Image mit integr. SP3 drüberspielen.

mfg
__________________

__________________
Alt 19.07.2008, 21:15   #3
Hello World-Programm
 
Malware, Laggs, ... Bitte checken - Standard

Malware, Laggs, ... Bitte checken


Zitat:
Zitat von Dark Viruz Beitrag anzeigen
Bei Service Pack 1 brauchst du nichts bereinigen, da so gut wie jeder Schädling auf dein System kann, auch Sasser und Mydoom.
Daher: Image mit integr. SP3 drüberspielen.

mfg
Danke, aber ich bin mir sicher, ich hab, bevor ich die CD eingelegt habe, SP2 draufgehabt.

Werd mal SP3 einspielen.

Auch wenn ich SP1 seit laengerem benutze, die Probleme tauchten erst vorgestern auf, wieso denn das?
__________________
Alt 19.07.2008, 21:20   #4
Silent sharK
 
Malware, Laggs, ... Bitte checken - Standard

Malware, Laggs, ... Bitte checken


Zitat:
Auch wenn ich SP1 seit laengerem benutze, die Probleme tauchten erst vorgestern auf, wieso denn das?
Hattest du wohl Glück
__________________
mfg, Patrick


Technische Kompromittierung
=> Tatort Internet
Keine Windows-CD? Selbst brennen.

Alt 19.07.2008, 21:25   #5
Hello World-Programm
 
Malware, Laggs, ... Bitte checken - Standard

Malware, Laggs, ... Bitte checken


Zitat:
Zitat von Dark Viruz Beitrag anzeigen
Hattest du wohl Glück
Kann doch nicht sein?! Ich durchforste google und andere Seiten waehrend mehr als 4 Stunden pro Tag, an Wochenenden weitaus mehr.

Hab eben SP3 eingespielt. (Wieso zeigt mir HJT, dass ich immer noch SP1 benutze?)


Alt 19.07.2008, 21:28   #6
Silent sharK
 
Malware, Laggs, ... Bitte checken - Standard

Malware, Laggs, ... Bitte checken


Ich bin auf meinem Test-PC 2 Jahre ohne jeden Patch gesurft und blieb von diversen Würmern verschont.
Das Einzigste was ich bisher hatte, war ein Trojan.Inject, mehr auch nicht.

Führe mal die genaue Anweisungen von Malwarebytes durch, Link in meiner Signatur.
mfg
__________________
--> Malware, Laggs, ... Bitte checken

Alt 20.07.2008, 01:02   #7
Hello World-Programm
 
Malware, Laggs, ... Bitte checken - Standard

Malware, Laggs, ... Bitte checken


Nach geschlagenen dreizehn Viertelstunden kann man schonmal durchdrehen...

Hier der Log:

Malwarebytes' Anti-Malware 1.21
Datenbank Version: 967
Windows 5.1.2600 Service Pack 1

01:51:52 20.07.2008
mbam-log-7-20-2008 (01-51-52).txt

Scan-Methode: Vollständiger Scan (C:\|)
Durchsuchte Objekte: 143648
Laufzeit: 3 hour(s), 15 minute(s), 45 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 3
Infizierte Registrierungsschlüssel: 17
Infizierte Registrierungswerte: 3
Infizierte Dateiobjekte der Registrierung: 2
Infizierte Verzeichnisse: 3
Infizierte Dateien: 29

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
C:\WINDOWS\system32\khfETllk.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\eygqav.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\hgGWpoPg.dll (Trojan.Vundo) -> Unloaded module successfully.

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0509e1af-b677-4d36-9c64-086b9673ccf5} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0509e1af-b677-4d36-9c64-086b9673ccf5} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{434480c0-e75b-4338-8bcc-b7299a8f4902} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{434480c0-e75b-4338-8bcc-b7299a8f4902} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{46632180-53b9-4ac3-ab03-f061c4a85b8b} (Trojan.BHO) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{46632180-53b9-4ac3-ab03-f061c4a85b8b} (Trojan.BHO) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{62d6dda7-8fe9-47f1-b8e9-d1d0d3d9ff3a} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Bifrost (Backdoor.Bifrose) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Nvchost (Trojan.Goldun) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\hggwpopg (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{62d6dda7-8fe9-47f1-b8e9-d1d0d3d9ff3a} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bmb7adb38f (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{46632180-53b9-4ac3-ab03-f061c4a85b8b} (Trojan.Vundo) -> Delete on reboot.

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\khfetllk -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\khfetllk -> Delete on reboot.

Infizierte Verzeichnisse:
C:\Program Files\Helper (Adware.BHO) -> Quarantined and deleted successfully.
C:\Program Files\FBrowserAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\' (Trojan.Agent) -> Quarantined and deleted successfully.

Infizierte Dateien:
C:\WINDOWS\system32\eygqav.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\khfETllk.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\kllTEfhk.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kllTEfhk.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wvUoNHyv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vyHNoUvw.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vyHNoUvw.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hgGWpoPg.dll (Trojan.BHO) -> Delete on reboot.
C:\WINDOWS\system32\geBtqNdc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\orqkbjrq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\WhoisCL.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tuvVMfcc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\***\Local Settings\Temp\tem1DE.tmp.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\***\Local Settings\Temporary Internet Files\Content.IE5\GVHQ3G2K\AV2009Install_77052205[1].exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\***\Local Settings\Temporary Internet Files\Content.IE5\22UPC4G0\kb767887[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\***\Local Settings\Temporary Internet Files\Content.IE5\22UPC4G0\css4[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\b.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uqsogikm.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\cmd.com (Worm.Alcra) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\netstat.com (Worm.Alcra) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ping.com (Worm.Alcra) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\regedit.com (Worm.Alcra) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tasklist.com (Worm.Alcra) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tracert.com (Worm.Alcra) -> Quarantined and deleted successfully.
C:\WINDOWS\BMb7adb38f.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BMb7adb38f.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fccyvULe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\***\Local Settings\Temp\software.php (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Soll ich nun nochmal Avast drueberjagen oder HJT?
_________________________________________________

Edit: HJT-Log (nach Restart):

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:09:40, on 20.07.2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\RTHDCPL.EXE (sieht suspekt aus)
C:\WINDOWS\SOUNDMAN.EXE (dito)
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\***\Local Settings\Application Data\Opera\Opera\profile\cache4\temporary_download\HiJackThis (2).exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://deutsch.eazel.com/de/index.php?rvs=hompag&d=79919281
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = h**ps://pansalto.cablecom.ch/wizlet/ReportAgent/reportAgentPrepare.do?embedded=false
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - h**p://messenger.zone.msn.com/DE-CH/a-UNO1/GAME_UNO1.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - h**p://*******.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - h**p://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - h**p://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://h**p://messenger.zone.msn.com...r.cab56986.cab
O20 - Winlogon Notify: tuvSmlLe - tuvSmlLe.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InCD Helper (InCDsrvR) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 9643 bytes
Geändert von Hello World-Programm (20.07.2008 um 01:19 Uhr)

Alt 20.07.2008, 01:13   #8
myrtille
/// TB-Ausbilder
 
Malware, Laggs, ... Bitte checken - Standard

Malware, Laggs, ... Bitte checken


Hi,
  • Lade dir DSS
  • Schließe alle Anwendungen und führe DSS.exe dann mit einem Doppelklick aus
  • Führe während DSS arbeitet bitte keine anderen Aktionen durch
  • Am Ende öffnen sich 2 Datein main.txt und extra.txt
  • Poste den Inhalt beider Dateien hier, sollten die Dateien zu groß sein, benutze bitte file-upload und poste die Links hier.
*vordrängel*

Ich würd gern etwas überprüfen. Wegen dem SP1/SP3-Problem.

lg myrtille
__________________
Anfragen per Email, Profil- oder privater Nachricht werden ignoriert!
Hilfe gibts NUR im Forum!

Wer nach 24 Stunden keine weitere Antwort von mir bekommen hat, schickt bitte eine PM

Spelling mistakes? Never, but keybaord malfunctions constantly!
Alt 20.07.2008, 01:29   #9
Silent sharK
 
Malware, Laggs, ... Bitte checken - Standard

Malware, Laggs, ... Bitte checken


Darfst du, myrtille

Hab da was entdeckt, wo mich an das Problem von undoreal (http://www.trojaner-board.de/56162-r...tml#post355766) erinnert:
Zitat:
C:\WINDOWS\system32\regedit.com (Worm.Alcra) -> Quarantined and deleted successfully.
mfg
__________________
mfg, Patrick


Technische Kompromittierung
=> Tatort Internet
Keine Windows-CD? Selbst brennen.

Alt 20.07.2008, 01:37   #10
Hello World-Programm
 
Malware, Laggs, ... Bitte checken - Standard

Malware, Laggs, ... Bitte checken


hallo myrtille
Erstmal danke, dass du mir helfen willst.

Tut mir leid, ich war wie immer ein wenig ungeduldig.
IE offen > dss.exe gestartet > 2 Logfiles geclosed > IE geclosed > dss.exe gestartet > nur noch ein Log

__________________________________________

Deckard's System Scanner v20071014.68
Run by xxx on 2008-07-20 02:21:31
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as xxx.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:21:32, on 20.07.2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\Documents and Settings\xxx\Desktop\dss.exe
C:\DOCUME~1\xxx\LOCALS~1\APPLIC~1\Opera\Opera\profile\cache4\TEMPOR~1\xxx.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://deutsch.eazel.com/de/index.php?rvs=hompag&d=79919281
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = hxxps://pansalto.cablecom.ch/wizlet/ReportAgent/reportAgentPrepare.do?embedded=false
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - hxxp://messenger.zone.msn.com/DE-CH/a-UNO1/GAME_UNO1.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - hxxp://xxxxxxxxxxx.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - hxxp://messenger.zone.msn.com/binary...o.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O20 - Winlogon Notify: tuvSmlLe - tuvSmlLe.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InCD Helper (InCDsrvR) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 9450 bytes

-- Files created between 2008-06-20 and 2008-07-20 -----------------------------

2011-11-23 10:24:15 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2011-11-23 10:23:44 0 d-------- C:\Documents and Settings\xxx\Application Data\WLInstaller
2011-11-20 02:56:35 0 d-------- C:\Program Files\Dcads Advanced Toolbar
2008-07-19 22:41:59 0 d-------- C:\Documents and Settings\xxx\Application Data\Sun
2008-07-19 22:30:19 0 d-------- C:\Documents and Settings\xxx\Application Data\Malwarebytes
2008-07-19 22:30:16 0 d-------- C:\Documents and Settings\xxx\Application Data\Malwarebytes
2008-07-19 22:30:15 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-19 20:58:07 245760 --a------ C:\Program Files\Uninstall Ask Toolbar.dll <Not Verified; Ask.com; Ask Toolbar for Internet Explorer>
2008-07-19 20:33:18 0 d-------- C:\WINDOWS\Prefetch
2008-07-19 17:44:06 25936 --a------ C:\WINDOWS\System32\hgGWpoPg.dll
2008-07-19 15:24:59 2240917 --ahs---- C:\WINDOWS\System32\shdgcvoc.ini2
2008-07-18 20:23:58 102912 --a------ C:\WINDOWS\System32\eygqav.dll
2008-07-18 20:20:58 93696 -----n--- C:\WINDOWS\System32\uqsogikm.dll
2008-07-18 15:37:26 0 d-------- C:\Documents and Settings\xxx\Application Data\MSN6
2008-07-18 15:24:04 0 d-------- C:\Documents and Settings\xxx\Application Data\Opera
2008-07-18 03:26:25 0 d-------- C:\Documents and Settings\xxx\Application Data\Thinstall
2008-07-18 02:44:55 0 d-------- C:\Program Files\coolpro2
2008-07-18 01:46:42 0 d-------- C:\Documents and Settings\xxx\Application Data\Audacity
2008-07-18 00:47:34 0 d-------- C:\Program Files\Common Files\SWF Studio
2008-07-17 11:27:05 0 d-------- C:\Documents and Settings\xxx\Application Data\MSN6
2008-07-15 14:24:05 0 d-------- C:\Documents and Settings\xxx\Application Data\Macromedia
2008-07-15 14:08:08 0 d-------- C:\Documents and Settings\xxx\Application Data\Yahoo!
2008-07-15 14:07:38 0 d-------- C:\Documents and Settings\xxx\Application Data\Real
2008-07-15 14:07:38 0 d-------- C:\Documents and Settings\xxx\Application Data\Nero
2008-07-15 14:07:22 0 d-------- C:\Documents and Settings\xxx\Application Data\Identities
2008-07-15 14:07:08 0 d--h----- C:\Documents and Settings\xxx\Templates
2008-07-15 14:07:08 0 dr------- C:\Documents and Settings\xxx\Start Menu
2008-07-15 14:07:08 0 dr-h----- C:\Documents and Settings\xxx\SendTo
2008-07-15 14:07:08 0 dr-h----- C:\Documents and Settings\xxx\Recent
2008-07-15 14:07:08 0 d--h----- C:\Documents and Settings\xxx\PrintHood
2008-07-15 14:07:08 1310720 --ah----- C:\Documents and Settings\xxx\NTUSER.DAT
2008-07-15 14:07:08 0 d--h----- C:\Documents and Settings\xxx\NetHood
2008-07-15 14:07:08 0 dr------- C:\Documents and Settings\xxx\My Documents
2008-07-15 14:07:08 0 d--h----- C:\Documents and Settings\xxx\Local Settings
2008-07-15 14:07:08 0 dr------- C:\Documents and Settings\xxx\Favorites
2008-07-15 14:07:08 0 d-------- C:\Documents and Settings\xxx\Desktop
2008-07-15 14:07:08 0 d--hs---- C:\Documents and Settings\xxx\Cookies
2008-07-15 14:07:08 0 dr-h----- C:\Documents and Settings\xxx\Application Data
2008-07-15 14:07:08 0 d---s---- C:\Documents and Settings\xxx\Application Data\Microsoft
2008-07-14 13:28:02 0 d-------- C:\Documents and Settings\xxx\Application Data\Yahoo!
2008-07-11 23:16:12 0 d-------- C:\Documents and Settings\xxx\Application Data\Macromedia
2008-07-11 23:16:12 0 d-------- C:\Documents and Settings\xxx\Application Data\Adobe
2008-07-11 23:04:16 0 d-------- C:\Documents and Settings\xxx\Application Data\WinRAR
2008-07-11 22:54:48 0 d-------- C:\Documents and Settings\xxx\Application Data\Blender Foundation
2008-07-11 22:54:48 0 d-------- C:\Documents and Settings\xxx\Application Data\Blender Foundation
2008-07-11 22:43:40 0 d-------- C:\Documents and Settings\xxx\Application Data\DivX
2008-07-11 22:30:39 0 d-------- C:\Documents and Settings\xxx\Application Data\Apple Computer
2008-07-11 22:23:19 0 d-------- C:\Documents and Settings\xxx\Contacts
2008-07-11 22:19:53 0 d-------- C:\Documents and Settings\xxx\Application Data\Opera
2008-07-11 22:16:46 0 d-------- C:\Documents and Settings\xxx\Application Data\Nero
2008-07-11 22:16:44 0 d-------- C:\Documents and Settings\xxx\Application Data\Real
2008-07-11 22:16:34 0 d-------- C:\Documents and Settings\xxx\Application Data\Identities
2008-07-11 22:16:20 0 d--h----- C:\Documents and Settings\xxx\Templates
2008-07-11 22:16:20 0 dr------- C:\Documents and Settings\xxx\Start Menu
2008-07-11 22:16:20 0 dr-h----- C:\Documents and Settings\xxx\SendTo
2008-07-11 22:16:20 0 dr-h----- C:\Documents and Settings\xxx\Recent
2008-07-11 22:16:20 0 d--h----- C:\Documents and Settings\xxx\PrintHood
2008-07-11 22:16:20 2621440 --ah----- C:\Documents and Settings\xxx\NTUSER.DAT
2008-07-11 22:16:20 0 d--h----- C:\Documents and Settings\xxx\NetHood
2008-07-11 22:16:20 0 dr------- C:\Documents and Settings\xxx\My Documents
2008-07-11 22:16:20 0 d--h----- C:\Documents and Settings\xxx\Local Settings
2008-07-11 22:16:20 0 dr------- C:\Documents and Settings\xxx\Favorites
2008-07-11 22:16:20 0 d-------- C:\Documents and Settings\xxx\Desktop
2008-07-11 22:16:20 0 d---s---- C:\Documents and Settings\xxx\Cookies
2008-07-11 22:16:20 0 dr-h----- C:\Documents and Settings\xxx\Application Data
2008-07-09 17:16:31 0 d-------- C:\Documents and Settings\xxx\Application Data\Nero
2008-07-09 17:12:37 0 d-------- C:\Program Files\AskTBar
2008-07-09 16:45:01 0 d-------- C:\Program Files\Common Files\Nero
2008-06-25 14:31:33 0 d-------- C:\Program Files\MobMapUpdater
2008-06-20 19:30:02 0 d-------- C:\Logs


-- Find3M Report ---------------------------------------------------------------

2008-07-19 21:07:38 0 d-------- C:\Program Files\Yahoo!
2008-07-19 21:00:32 0 d-------- C:\Program Files\DivX
2008-07-19 20:40:15 0 d--h----- C:\Program Files\WindowsUpdate
2008-07-19 20:20:54 0 d-------- C:\Program Files\Movie Maker
2008-07-19 20:20:07 23348 --a------ C:\WINDOWS\System32\emptyregdb.dat
2008-07-19 20:19:55 0 d-------- C:\Program Files\Windows NT
2008-07-18 20:54:28 0 d-------- C:\Program Files\Circle Developement
2008-07-18 02:44:15 0 d-------- C:\Program Files\Common Files\Download Manager
2008-07-18 00:47:34 0 d-------- C:\Program Files\Common Files
2008-07-17 17:21:22 0 d-------- C:\Program Files\Opera
2008-07-11 22:34:31 0 d-------- C:\Program Files\Apple Software Update
2008-07-09 16:56:18 0 d-------- C:\Program Files\Nero
2008-07-09 16:47:57 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-07-05 13:19:25 0 d-------- C:\Program Files\LimeWire
2008-06-25 12:19:35 0 d-------- C:\Program Files\Common Files\Motive
2008-06-18 21:06:45 0 d-------- C:\Program Files\Blender Foundation
2008-06-17 20:42:28 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-17 19:54:22 0 d-------- C:\Program Files\Plug-ins
2008-06-11 02:07:20 3596288 --a------ C:\WINDOWS\System32\qt-dx331.dll
2008-06-11 02:03:26 196608 --a------ C:\WINDOWS\System32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-06-11 02:03:26 81920 --a------ C:\WINDOWS\System32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-06-11 02:03:20 802816 --a------ C:\WINDOWS\System32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-06-11 02:03:20 823296 --a------ C:\WINDOWS\System32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-06-11 02:03:20 815104 --a------ C:\WINDOWS\System32\divx_xx0a.dll <Not Verified; DivX, Inc.; DivX®>
2008-06-11 02:03:20 823296 --a------ C:\WINDOWS\System32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-06-11 02:03:18 683520 --a------ C:\WINDOWS\System32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-23 12:07:41 0 d-------- C:\Program Files\Messenger Plus! Live
2008-05-23 00:18:54 12288 --a------ C:\WINDOWS\System32\DivXWMPExtType.dll
2008-05-22 18:45:34 0 d-------- C:\Program Files\ICQ6


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [12.04.2007 17:44]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [29.06.2007 06:24]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [16.05.2008 01:19]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10.10.2007 20:51]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25.09.2007 02:11]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [28.01.2008 22:53]
"SecurDisc"="C:\Program Files\Nero\Nero8\InCD\NBHGui.exe" [28.02.2008 17:39]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [28.04.2008 17:14]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [18.02.2008 17:29]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [15.08.2007 20:15]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [31.03.2003 14:00]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [31.03.2003 14:00]
"MSPY2002"="C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe" [31.03.2003 14:00]
"PHIME2002ASync"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [31.03.2003 14:00]
"PHIME2002A"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [31.03.2003 14:00]
"nwiz"="nwiz.exe" [12.04.2007 17:44 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [12.04.2007 17:44]
"RTHDCPL"="RTHDCPL.EXE" [18.12.2006 10:00 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [16.05.2006 10:00 C:\WINDOWS\SkyTel.exe]
"SoundMan"="SOUNDMAN.EXE" [21.07.2006 10:00 C:\WINDOWS\SoundMan.exe]
"AlcWzrd"="ALCWZRD.EXE" [04.05.2006 10:00 C:\WINDOWS\alcwzrd.exe]
"Alcmtr"="ALCMTR.EXE" [03.05.2005 10:00 C:\WINDOWS\Alcmtr.exe]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [28.02.2008 18:07]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [18.10.2007 12:34]
"ctfmon.exe"="C:\WINDOWS\System32\ctfmon.exe" [31.03.2003 14:00]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [13.10.2004 18:24]

C:\Documents and Settings\xxx\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [13.02.2001 01:01:04]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvSmlLe]
tuvSmlLe.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"




-- End of Deckard's System Scanner: finished at 2008-07-20 02:21:53 ------------

btw/ot: uff... Wie heisst denn die Funktion im Word, mit dem man Zeichen mit Zeichen ersetzen kann? (Engl. wie alles bei mir.)

Edit: @Dark Viruz: Danke, ich les es mir mal durch.

Edit 2: Danke Dark Viruz, danke myrtille. Es laggt gar nicht mehr und per Google lassen sich die Seiten auch wieder aufrufen.

Aber so ganz sicher bin ich mir nicht, da ist bestimmt noch was auf der Kiste. :P
Geändert von Hello World-Programm (20.07.2008 um 01:47 Uhr)

Alt 20.07.2008, 01:48   #11
Silent sharK
 
Malware, Laggs, ... Bitte checken - Standard

Malware, Laggs, ... Bitte checken


Mach bitte mal folgendes:

Dateien Online überprüfen lassen:
  • Suche die Seite Virtustotal auf, klicke auf den Button „Durchsuchen“ und suche folgende Datei/Dateien:
Code:
ATTFilter
C:\WINDOWS\System32\hgGWpoPg.dll
C:\WINDOWS\System32\eygqav.dll
C:\WINDOWS\System32\uqsogikm.dll
  • Lade nun nacheinander jede/alle Datei/Dateien hoch, und warte bis der Scan vorbei ist. (kann bis zu 2 Minuten dauern.)
  • Poste im Anschluss das Ergebnis der Auswertung, alles abkopieren und in einen Beitrag einfügen.
  • Wichtig: Auch die Größenangabe sowie den HASH mit kopieren!
mfg
__________________
mfg, Patrick


Technische Kompromittierung
=> Tatort Internet
Keine Windows-CD? Selbst brennen.

Alt 20.07.2008, 01:58   #12
Hello World-Programm
 
Malware, Laggs, ... Bitte checken - Standard

Malware, Laggs, ... Bitte checken


C:\WINDOWS\System32\hgGWpoPg.dll

Code:
ATTFilter
Antivirus Version letzte aktualisierung Ergebnis 
AhnLab-V3 2008.7.17.0 2008.07.18 - 
AntiVir 7.8.1.11 2008.07.19 TR/Killav.28714 
Authentium 5.1.0.4 2008.07.20 - 
Avast 4.8.1195.0 2008.07.19 - 
AVG 8.0.0.130 2008.07.19 - 
BitDefender 7.2 2008.07.20 Trojan.Vundo.FBB 
CAT-QuickHeal 9.50 2008.07.18 - 
ClamAV 0.93.1 2008.07.20 - 
DrWeb 4.44.0.09170 2008.07.19 - 
eSafe 7.0.17.0 2008.07.17 - 
eTrust-Vet 31.6.5966 2008.07.18 - 
Ewido 4.0 2008.07.19 - 
F-Prot 4.4.4.56 2008.07.20 - 
F-Secure 7.60.13501.0 2008.07.20 - 
Fortinet 3.14.0.0 2008.07.19 - 
GData 2.0.7306.1023 2008.07.20 - 
Ikarus T3.1.1.34.0 2008.07.20 - 
Kaspersky 7.0.0.125 2008.07.20 - 
McAfee 5342 2008.07.18 - 
Microsoft 1.3704 2008.07.20 - 
NOD32v2 3282 2008.07.19 - 
Norman 5.80.02 2008.07.18 - 
Panda 9.0.0.4 2008.07.19 - 
Prevx1 V2 2008.07.20 - 
Rising 20.53.52.00 2008.07.19 - 
Sophos 4.31.0 2008.07.19 - 
Sunbelt 3.1.1536.1 2008.07.18 - 
Symantec 10 2008.07.20 - 
TheHacker 6.2.96.385 2008.07.19 - 
TrendMicro 8.700.0.1004 2008.07.18 - 
VBA32 3.12.8.1 2008.07.19 - 
VirusBuster 4.5.11.0 2008.07.19 - 
Webwasher-Gateway 6.6.2 2008.07.20 Trojan.Killav.28714 
weitere Informationen 
File size: 25936 bytes 
MD5...: 276ff18fc055e61c76b1e50f50b7ff98 
SHA1..: b0120b853b35feee6883d60a022fb4012e61fc70 
SHA256: 81bcf2922eeb4229eed4fc2ae1aeb306a4f836929e1c63c2551bbc6396969cfc 
SHA512: 611fc0bd1c93592baea821df4eed98ee7541bf7319e8bd0654c0598e7868b753
d6f811c15256d66cf9e7a63646a5d91d9a5ac6435c11a5a8e22df00d22d34307 
PEiD..: - 
PEInfo: -
--------------------
C:\WINDOWS\System32\eygqav.dll

Code:
ATTFilter
Antivirus Version letzte aktualisierung Ergebnis 
AhnLab-V3 2008.7.17.0 2008.07.18 - 
AntiVir 7.8.1.11 2008.07.19 TR/Trash.Gen 
Authentium 5.1.0.4 2008.07.20 - 
Avast 4.8.1195.0 2008.07.19 - 
AVG 8.0.0.130 2008.07.19 - 
BitDefender 7.2 2008.07.20 - 
CAT-QuickHeal 9.50 2008.07.18 - 
ClamAV 0.93.1 2008.07.20 - 
DrWeb 4.44.0.09170 2008.07.19 - 
eSafe 7.0.17.0 2008.07.17 - 
eTrust-Vet 31.6.5966 2008.07.18 - 
Ewido 4.0 2008.07.19 - 
F-Prot 4.4.4.56 2008.07.20 - 
F-Secure 7.60.13501.0 2008.07.20 - 
Fortinet 3.14.0.0 2008.07.19 - 
GData 2.0.7306.1023 2008.07.20 - 
Ikarus T3.1.1.34.0 2008.07.20 - 
Kaspersky 7.0.0.125 2008.07.20 - 
McAfee 5342 2008.07.18 - 
Microsoft 1.3704 2008.07.20 - 
NOD32v2 3282 2008.07.19 - 
Norman 5.80.02 2008.07.18 - 
Panda 9.0.0.4 2008.07.19 - 
Prevx1 V2 2008.07.20 - 
Rising 20.53.52.00 2008.07.19 - 
Sophos 4.31.0 2008.07.19 - 
Sunbelt 3.1.1536.1 2008.07.18 - 
Symantec 10 2008.07.20 - 
TheHacker 6.2.96.385 2008.07.19 - 
TrendMicro 8.700.0.1004 2008.07.18 - 
VBA32 3.12.8.1 2008.07.19 - 
VirusBuster 4.5.11.0 2008.07.19 - 
Webwasher-Gateway 6.6.2 2008.07.20 Trojan.Trash.Gen 
weitere Informationen 
File size: 102912 bytes 
MD5...: ea1d3ab4d14352e4fe7548b94389b8e1 
SHA1..: a38a23d19f42e98b5c6ea3c80189605fdfebcf6a 
SHA256: 2dca883ae2274e43323a775f55a683c1d3e7c136be86a1c05ca19f2b1363675d 
SHA512: ebdf8fc13f1b40db263202caddff99625a1a3bafb417c5d4488971dd7b969948
6cd4018aafdd38a9c9d39056601c70c0d61dfe24bcdc89196df88e1c0c2bbca0 
PEiD..: - 
PEInfo: -
-------------------
C:\WINDOWS\System32\uqsogikm.dll

Code:
ATTFilter
Antivirus Version letzte aktualisierung Ergebnis 
AhnLab-V3 2008.7.17.0 2008.07.18 - 
AntiVir 7.8.1.11 2008.07.19 TR/Trash.Gen 
Authentium 5.1.0.4 2008.07.20 - 
Avast 4.8.1195.0 2008.07.19 - 
AVG 8.0.0.130 2008.07.19 - 
BitDefender 7.2 2008.07.20 - 
CAT-QuickHeal 9.50 2008.07.18 - 
ClamAV 0.93.1 2008.07.20 - 
DrWeb 4.44.0.09170 2008.07.19 - 
eSafe 7.0.17.0 2008.07.17 - 
eTrust-Vet 31.6.5966 2008.07.18 - 
Ewido 4.0 2008.07.19 - 
F-Prot 4.4.4.56 2008.07.20 - 
F-Secure 7.60.13501.0 2008.07.20 - 
Fortinet 3.14.0.0 2008.07.19 - 
GData 2.0.7306.1023 2008.07.20 - 
Ikarus T3.1.1.34.0 2008.07.20 - 
Kaspersky 7.0.0.125 2008.07.20 - 
McAfee 5342 2008.07.18 - 
Microsoft 1.3704 2008.07.20 - 
NOD32v2 3282 2008.07.19 - 
Norman 5.80.02 2008.07.18 - 
Panda 9.0.0.4 2008.07.19 - 
Prevx1 V2 2008.07.20 - 
Rising 20.53.52.00 2008.07.19 - 
Sophos 4.31.0 2008.07.19 - 
Sunbelt 3.1.1536.1 2008.07.18 - 
Symantec 10 2008.07.20 - 
TheHacker 6.2.96.385 2008.07.19 - 
TrendMicro 8.700.0.1004 2008.07.18 - 
VBA32 3.12.8.1 2008.07.19 - 
VirusBuster 4.5.11.0 2008.07.19 - 
Webwasher-Gateway 6.6.2 2008.07.20 Trojan.Trash.Gen 
weitere Informationen 
File size: 93696 bytes 
MD5...: 99d6b811bff0cd5dc662ad79c7248316 
SHA1..: a26846f5f0d1dda4ac8fbdcbdd20cf2249cc9e1a 
SHA256: 484b9bfaec4069a751aa04947bd0a28fbc8ad047505b247cdb8a7e05f0bab15b 
SHA512: 8d1a12b118a036db18590fff9217980d4a2ce78e43309f8d0bc4d93d81284cac
fe8ffa49ec0248170f6175474721f1fbf4888ccd61a09d289c0656e565fe3b0b 
PEiD..: - 
PEInfo: -

Alt 20.07.2008, 02:01   #13
myrtille
/// TB-Ausbilder
 
Malware, Laggs, ... Bitte checken - Standard

Malware, Laggs, ... Bitte checken


Genau das 2. Log hätte ich aber gern gehabt.

Entweder unter C:\deckard\systemscanner\ oder einem der unter ordner nach einer Datei names extra.txt schauen und diese dann hier posten.

Oder:
dss.exe auf den Desktop legen, unter Start->Ausführen->"%userprofile%\Desktop\dss.exe" /config eingeben.
Dann unten rechts auf Check All klicken und anschließend auf Scan.
Dann sollten zum Schluss des Scans 2 Dateien angezeigt werden.
lg myrtille
__________________
Anfragen per Email, Profil- oder privater Nachricht werden ignoriert!
Hilfe gibts NUR im Forum!

Wer nach 24 Stunden keine weitere Antwort von mir bekommen hat, schickt bitte eine PM

Spelling mistakes? Never, but keybaord malfunctions constantly!
Alt 20.07.2008, 02:08   #14
Hello World-Programm
 
Malware, Laggs, ... Bitte checken - Standard

Malware, Laggs, ... Bitte checken


Tut mir leid, hier der Log:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 1.0
Architecture: X86; Language: English

CPU 0: Intel(R) Core(TM)2 CPU 6320 @ 1.86GHz
CPU 1: Intel(R) Core(TM)2 CPU 6320 @ 1.86GHz
Percentage of Memory in Use: 20%
Physical Memory (total/avail): 2047.17 MiB / 1622.4 MiB
Pagefile Memory (total/avail): 3943.53 MiB / 3529.78 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1920.29 MiB

A: is Removable (Unformatted)
C: is Fixed (NTFS) - 232.88 GiB total, 167.02 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - Hitachi HDT725025VLA380 - 232.88 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 232.88 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.


-- Environment Variables -------------------------------------------------------

xxxSPROFILE=C:\Documents and Settings\xxx
APPDATA=C:\Documents and Settings\xxx\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=xxx-5SFZCG
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\xxx
LOGONSERVER=\\xxx-5SFZCG
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\WBEM;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Internet Explorer;
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f06
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
RNLOG_BASEKEY=Software\RealNetworks\RealPlayer\6.0\Preferences\BrowserRecordPluginLog
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\xxx\LOCALS~1\Temp
TMP=C:\DOCUME~1\xxx\LOCALS~1\Temp
USERDOMAIN=Jxxx-5SFZCG
USERNAME=xxx
USERPROFILE=C:\Documents and Settings\xxx
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

xxx (admin)
xxx (admin)
xxx (admin)
xxx (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings --> MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Photoshop CS3 --> C:\Program Files\Common Files\Adobe\Installers\2ac78060bc5856b0c1cf873bb919b58\Setup.exe
Adobe Photoshop CS3 --> MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Reader 8.1.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Adobe Setup --> MsiExec.exe /I{D1BB4446-AE9C-4256-9A7F-4D46604D2462}
Adobe Stock Photos 1.0 --> MsiExec.exe /I{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}
Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3 --> MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Apple Mobile Device Support --> MsiExec.exe /I{763E8D6C-0098-4FF4-801A-3F311D2D9D80}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
avast! Antivirus --> C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
BearShare MediaBar --> regsvr32 /u /s "C:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll"
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Command and Conquer Generals --> MsiExec.exe /I{E652CD92-FB19-40A4-B978-8453094F4EF5}
GPL MPEG-1/2 DirectShow Decoder Filter --> MsiExec.exe /I{870815CA-6B60-47B6-88DD-A67F42D2F03E}
HijackThis 2.0.2 --> "C:\Documents and Settings\xxx\Local Settings\Application Data\Opera\Opera\profile\cache4\temporary_download\HijackThis.exe" /uninstall
HP Image Zone 3.5 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP PSC & OfficeJet 3.5 --> "C:\Program Files\HP\Digital Imaging\{18E0918E-1060-48f3-925C-56C82E88551B}\setup\hpzscr01.exe" -datfile hposcr03.dat
HP Software Update --> MsiExec.exe /X{34957B51-9676-41CE-9E52-44AE91B73F1C}
ICQ6 --> C:\Program Files\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe -runfromtemp -l0x0009 -removeonly
InCD Reader --> MsiExec.exe /X{A27281BC-98AA-4DC8-AA39-20B9E27B1033}
iTunes --> MsiExec.exe /I{974C05A0-C76C-4724-A9A2-11D5D1355729}
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
LimeWire 4.18.2 --> "C:\Program Files\LimeWire\uninstall.exe"
Macromedia Dreamweaver 8 --> MsiExec.exe /I{0837A661-FEC3-48B3-876C-91E7D32048A9}
Macromedia Extension Manager --> MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Messenger Plus! Live & Sponsor (CiD) --> "C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Text-to-Speech Engine 4.0 (English) --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msTTS.inf, Uninstall
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Windows Journal Viewer --> MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA8}
Mouse Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2EBA5473-558B-462C-AEE4-FE50FA799F2A}\Setup.exe"
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Nero 8 Trial --> MsiExec.exe /X{3C5F1B30-B10B-4579-86DD-D00F662E2052}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NVIDIA Drivers --> C:\WINDOWS\System32\nvudisp.exe UninstallGUI
Opera 9.24 --> MsiExec.exe /X{16913489-B5E3-403E-AFD3-2B19BBE464D4}
Opera 9.51 --> MsiExec.exe /X{179624B1-2683-45ED-965A-B72189EB5820}
PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
Quick Video Converter 3.50 --> "C:\Program Files\Quick Video Converter\unins000.exe"
QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver --> RtlUpd.exe -r -m
TMPGEnc DVD Author 3 with DivX Authoring Testversion --> MsiExec.exe /I{001B3D0B-07E2-411A-B849-797A1630600C}
USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C8F7C1E5-0150-11D6-A96C-00D05908F85D}\Setup.exe" -l0x7
VideoLAN VLC media player 0.8.6c --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Vtune 5.1 --> "C:\Program Files\Vtune\unins000.exe"
Windows Communication Foundation --> MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live Anmelde-Assistent --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Live installer --> MsiExec.exe /X{7A7B0BF3-2F00-4F03-8A9B-6ABCC07B90C6}
Windows Live Mail --> MsiExec.exe /I{82F2B38B-1426-443D-874C-AC25675E7BEB}
Windows Live Messenger --> MsiExec.exe /X{2B091530-69AA-442E-AB09-39ED06B58220}
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation --> MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
WinRAR --> C:\Program Files\WinRAR\uninstall.exe
WinZip 11.1 --> MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}
Wisdom-soft ScreenHunter 4.0 Free --> C:\PROGRA~1\WISDOM~1\UNWISE.EXE C:\PROGRA~1\WISDOM~1\INSTALL.LOG
XML Paper Specification Shared Components Pack 1.0 -->


-- Application Event Log -------------------------------------------------------

No Errors/Warnings found.


-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

No Errors/Warnings found.


-- End of Deckard's System Scanner: finished at 2008-07-20 02:21:18 ------------

Alt 20.07.2008, 02:22   #15
myrtille
/// TB-Ausbilder
 
Malware, Laggs, ... Bitte checken - Standard

Malware, Laggs, ... Bitte checken


Hi,
@log:
Kein Thema. Ich hätt ja auch gleich dazusagen können, dass das Extralog nur beim ersten Mal erstellt wird.

Wann hast du denn das SP3 installiert?

Wirklich ALLES in deinem Log, deutet darauf hin, dass du nur das SP1 installiert hast.

WindowsUpdates besuchen und schauen ob es Aktualisierungen gibt, die du installieren kannst. (Bitte den Internet Explorer benutzen)

@Word
weiß nicht genau was du meinst... Suchen und Ersetzen, vielleicht? Das könntest du dann mit strg +H aufrufen.

@darkviruz
Ja, ohne dein Post hätte ich mich aber auch nicht daran erinnert, dass gewisse Antivirenprogramme gelegentlich auch ein paar Dateien ungefragt erstellen.

lg myrtille
__________________
Anfragen per Email, Profil- oder privater Nachricht werden ignoriert!
Hilfe gibts NUR im Forum!

Wer nach 24 Stunden keine weitere Antwort von mir bekommen hat, schickt bitte eine PM

Spelling mistakes? Never, but keybaord malfunctions constantly!
Antwort
Seite 1 von 2 1 2

Themen zu Malware, Laggs, ... Bitte checken
adobe, antivirus, application, avast, avast!, bho, bonjour, ccsetup, computer, desktop, excel, explorer, google, heulen, hijack, infizierte, infizierte dateien, internet, internet explorer, malware, nicht starten, registry, rundll, scan, seiten, software, starten, suchmaschine, system, urlsearchhook, windows, windows xp


« Antispycheck aus der Taskleiste löschen ! | Virusbefall-Anitivir steigt aus »


Ähnliche Themen: Malware, Laggs, ... Bitte checken


  1. Laggs bei banalen Dingen, Logfile checken
    Log-Analyse und Auswertung - 22.12.2010 (16)
  2. Bitte log checken
    Log-Analyse und Auswertung - 11.10.2009 (35)
  3. Malware... :( Bitte logs checken...
    Log-Analyse und Auswertung - 21.09.2009 (5)
  4. Hilfe! Probleme mit Malware bitte checken (security-notifications.com)
    Log-Analyse und Auswertung - 09.09.2008 (7)
  5. Bitte mal checken
    Log-Analyse und Auswertung - 31.08.2008 (7)
  6. Bitte um Auswertung (kleine laggs)
    Log-Analyse und Auswertung - 02.02.2008 (0)
  7. Bitte mal checken!
    Mülltonne - 23.01.2008 (0)
  8. HJT log Bitte checken
    Mülltonne - 07.09.2007 (0)
  9. SCVHOST.EXE Log file bitte checken! Bitte um hilfe
    Log-Analyse und Auswertung - 06.06.2007 (8)
  10. HJT Log checken bitte
    Log-Analyse und Auswertung - 16.03.2007 (6)
  11. Bitte checken
    Log-Analyse und Auswertung - 13.12.2006 (4)
  12. bitte mal checken
    Log-Analyse und Auswertung - 13.01.2006 (7)
  13. Bitte Checken!!
    Log-Analyse und Auswertung - 05.09.2005 (4)
  14. Bitte checken
    Log-Analyse und Auswertung - 27.05.2005 (1)
  15. log checken bitte
    Log-Analyse und Auswertung - 21.03.2005 (13)
  16. Bitte Log checken
    Log-Analyse und Auswertung - 23.02.2005 (4)
  17. Bitte checken
    Log-Analyse und Auswertung - 16.06.2004 (4)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Malware, Laggs, ... Bitte checken - hallo Ich bin's mal wieder Ich scanne sehr unregelmaessig, letztens aber erst scannen lassen, mit Avast; hmm... 4776 infizierte Dateien (lassen sich nicht per Avast loeschen, geschweige denn reparieren. Seit - Malware, Laggs, ... Bitte checken...
Archiv
Du betrachtest: Malware, Laggs, ... Bitte checken auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55