| |
| |||||||
Log-Analyse und Auswertung: Mailde.de sagt virus o.OWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
28.07.2008, 13:33
| #16 |
 |  Mailde.de sagt virus o.O doch sicher hab ich dne gelesen nur wenn ich dann # drücker passiert nichts sondern die raute bleibt einfach so da stehen xD deswegen hab ich ka was ich machen soll |
|
28.07.2008, 13:36
| #17 |
  | Mailde.de sagt virus o.OHTML-Code: [code]Text[/code] 
__________________ |
|
28.07.2008, 13:37
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™  |  Mailde.de sagt virus o.O Hast Du überhaupt schonmal einen Text markiert? Man markiert den zu formatierenden Text und drückt dann den jew. Button oben. Erzähl mir nicht daß Dir das zu schwer ist...
__________________
__________________ |
|
28.07.2008, 13:37
| #19 |
| | Mailde.de sagt virus o.OCode:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:25:59, on 28.07.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: K:\WINDOWS\System32\smss.exe K:\WINDOWS\system32\winlogon.exe K:\WINDOWS\system32\services.exe K:\WINDOWS\system32\lsass.exe K:\WINDOWS\system32\Ati2evxx.exe K:\WINDOWS\system32\svchost.exe K:\WINDOWS\System32\svchost.exe K:\WINDOWS\system32\Ati2evxx.exe K:\WINDOWS\system32\spoolsv.exe K:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe K:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe K:\xampp\apache\bin\apache.exe K:\Programme\avmwlanstick\WlanNetService.exe K:\Programme\Videoload Manager\ContentManager.exe K:\xampp\mysql\bin\mysqld-nt.exe K:\xampp\apache\bin\apache.exe K:\WINDOWS\Explorer.EXE K:\Programme\Messenger\msmsgs.exe K:\WINDOWS\system32\wuauclt.exe K:\Programme\Windows Live\Messenger\usnsvc.exe K:\PROGRA~1\MOZILL~1\FIREFOX.EXE K:\Programme\ICQ6\ICQ.exe K:\Programme\avmwlanstick\WLanGUI.exe K:\WINDOWS\system32\wuauclt.exe K:\Programme\Trend Micro\HijackThis\HijackThis.exe O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - K:\Programme\TechSmith\SnagIt 8\SnagItBHO.dll (file missing) O2 - BHO: Download Manager Browser Helper Object - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - K:\PROGRA~1\GEMEIN~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - K:\Programme\TechSmith\SnagIt 8\SnagItIEAddin.dll (file missing) O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - K:\Programme\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O4 - HKLM\..\Run: [ZoneAlarm Client] "K:\Programme\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [AVMWlanClient] K:\Programme\avmwlanstick\wlangui.exe O4 - HKLM\..\Run: [BootSkin Startup Jobs] "K:\Programme\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs O4 - HKLM\..\Run: [Ashampoo FireWall] "K:\Programme\Ashampoo\Ashampoo FireWall\FireWall.exe" -TRAY O4 - HKCU\..\Run: [MSMSGS] "K:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Veoh] "K:\Programme\Veoh Networks\Veoh\VeohClient.exe" /VeohHide O4 - HKCU\..\Run: [Eraser] K:\Programme\Eraser\eraser.exe -hide O4 - HKCU\..\Run: [Skype] "K:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [msnmsgr] "K:\Programme\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] K:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] K:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] K:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] K:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: OpenOffice.org 2.4.lnk = K:\Programme\OpenOffice.org 2.4\program\quickstart.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - K:\Programme\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - K:\Programme\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - K:\Programme\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - K:\Programme\ICQ6\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - K:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - K:\Programme\Messenger\msmsgs.exe O9 - Extra button: Klicke hier um das Projekt xp-AntiSpy zu unterstützen - {0e921e80-267a-42aa-aee4-60b9a1222a44} - K:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU) O9 - Extra 'Tools' menuitem: Unterstützung für xp-AntiSpy - {0e921e80-267a-42aa-aee4-60b9a1222a44} - K:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU) O18 - Protocol: fluxhttp - {8E2D00A0-82C6-4821-90BC-07F290841BB6} - K:\Programme\Gemeinsame Dateien\fluxDVD\Lib\XEB\xebnavigation.ax O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - K:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O23 - Service: Avira AntiVir Personal – Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - K:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - K:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apache2.2 - Apache Software Foundation - K:\xampp\apache\bin\apache.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - K:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - K:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVM WLAN Connection Service - AVM Berlin - K:\Programme\avmwlanstick\WlanNetService.exe O23 - Service: CaCCProvSP - Unknown owner - K:\Programme\CA\CA Internet Security Suite\ccprovsp.exe (file missing) O23 - Service: Content Management Service (ContentMgrService) - ACE GmbH - K:\Programme\Videoload Manager\ContentManager.exe O23 - Service: mysql - Unknown owner - K:\xampp\mysql\bin\mysqld-nt.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - K:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 5419 bytes |
|
28.07.2008, 13:38
| #20 |
| | Mailde.de sagt virus o.O so dad war HijackThis und das was jetzt kommt is silent runners |
|
28.07.2008, 13:40
| #21 |
| | Mailde.de sagt virus o.OCode:
ATTFilter "Silent Runners.vbs", revision 58, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"MSMSGS" = ""K:\Programme\Messenger\msmsgs.exe" /background" [MS]
"Veoh" = ""K:\Programme\Veoh Networks\Veoh\VeohClient.exe" /VeohHide" ["Veoh Networks"]
"(Default)" = "(empty string)" [file not found]
"Eraser" = "K:\Programme\Eraser\eraser.exe -hide" ["The Eraser Project"]
"Skype" = ""K:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."]
"msnmsgr" = ""K:\Programme\Windows Live\Messenger\msnmsgr.exe" /background" [MS]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"ZoneAlarm Client" = ""K:\Programme\Zone Labs\ZoneAlarm\zlclient.exe"" ["Zone Labs, LLC"]
"AVMWlanClient" = "K:\Programme\avmwlanstick\wlangui.exe" ["AVM Berlin"]
"BootSkin Startup Jobs" = ""K:\Programme\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs" [empty string]
"Ashampoo FireWall" = ""K:\Programme\Ashampoo\Ashampoo FireWall\FireWall.exe" -TRAY" [null data]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{00C6482D-C502-44C8-8409-FCE54AD9C208}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SnagIt Toolbar Loader"
\InProcServer32\(Default) = "K:\Programme\TechSmith\SnagIt 8\SnagItBHO.dll" [file not found]
{19C8E43B-07B3-49CB-BFFC-6777B593E6F8}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Download Manager Browser Helper Object"
\InProcServer32\(Default) = "K:\PROGRA~1\GEMEIN~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL" ["Protect Software GmbH"]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "CPL-Erweiterung für Anzeigeverschiebung"
-> {HKLM...CLSID} = "CPL-Erweiterung für Anzeigeverschiebung"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Erweiterung für HyperTerminal-Icons"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "K:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{5E2121EE-0300-11D4-8D3B-444553540000}" = "Catalyst Context Menu extension"
-> {HKLM...CLSID} = "SimpleShlExt Class"
\InProcServer32\(Default) = "K:\Programme\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll" [null data]
"{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" = "Shell Extension for Malware scanning"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
\InProcServer32\(Default) = "K:\Programme\Avira\AntiVir PersonalEdition Classic\shlext.dll" ["Avira GmbH"]
"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"
-> {HKLM...CLSID} = "Meine freigegebenen Ordner"
\InProcServer32\(Default) = "K:\Programme\Windows Live\Messenger\fsshext.8.5.1302.1018.dll" [MS]
"{D9872D13-7651-4471-9EEE-F0A00218BEBB}" = "Multiscan"
-> {HKLM...CLSID} = "ZLAVShExt Class"
\InProcServer32\(Default) = "K:\Programme\Zone Labs\ZoneAlarm\zlavscan.dll" ["Zone Labs, LLC"]
"{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3}" = "SnagIt"
-> {HKLM...CLSID} = "SnagIt"
\InProcServer32\(Default) = "K:\Programme\TechSmith\SnagIt 8\SnagItIEAddin.dll" [file not found]
"{CF74B903-3389-469c-B3B6-0204D204FCBD}" = "SnagIt Shell Extension"
-> {HKLM...CLSID} = "SnagItShellExt Class"
\InProcServer32\(Default) = "K:\Programme\TechSmith\SnagIt 8\SnagItShellExt.dll" [file not found]
"{8BE13461-936F-11D1-A87D-444553540000}" = "Eraser Shell Extension"
-> {HKCU...CLSID} = "ErasextMenu"
\InProcServer32\(Default) = "K:\WINDOWS\system32\erasext.dll" ["-"]
-> {HKLM...CLSID} = "Eraser Shell Extension"
\InProcServer32\(Default) = "K:\WINDOWS\system32\erasext.dll" ["-"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "K:\Programme\WinRAR\rarext.dll" [null data]
"{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" = "OpenOffice.org Column Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = ""K:\Programme\OpenOffice.org 2.4\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
"{087B3AE3-E237-4467-B8DB-5A38AB959AC9}" = "OpenOffice.org Infotip Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = ""K:\Programme\OpenOffice.org 2.4\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
"{63542C48-9552-494A-84F7-73AA6A7C99C1}" = "OpenOffice.org Property Sheet Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = ""K:\Programme\OpenOffice.org 2.4\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
"{3B092F0C-7696-40E3-A80F-68D74DA84210}" = "OpenOffice.org Thumbnail Viewer"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = ""K:\Programme\OpenOffice.org 2.4\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
"{C9CF278C-460E-4917-BC43-3F75E6E47D3D}" = "fluxDVD Shell Extension"
-> {HKLM...CLSID} = "fluxDVD Shell Information Extractor"
\InProcServer32\(Default) = "K:\PROGRA~1\GEMEIN~1\fluxDVD\Lib\XEB\XEBShell.dll" ["ACE GmbH"]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
-> {HKLM...CLSID} = "WPDShServiceObj Class"
\InProcServer32\(Default) = "K:\WINDOWS\system32\WPDShServiceObj.dll" [MS]
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]
HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\(Default) = "OpenOffice.org Column Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = ""K:\Programme\OpenOffice.org 2.4\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
\InProcServer32\(Default) = "K:\Programme\Avira\AntiVir PersonalEdition Classic\shlext.dll" ["Avira GmbH"]
SnagItMainShellExt\(Default) = "{CF74B903-3389-469c-B3B6-0204D204FCBD}"
-> {HKLM...CLSID} = "SnagItShellExt Class"
\InProcServer32\(Default) = "K:\Programme\TechSmith\SnagIt 8\SnagItShellExt.dll" [file not found]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "K:\Programme\WinRAR\rarext.dll" [null data]
ZLAVShExt\(Default) = "{D9872D13-7651-4471-9EEE-F0A00218BEBB}"
-> {HKLM...CLSID} = "ZLAVShExt Class"
\InProcServer32\(Default) = "K:\Programme\Zone Labs\ZoneAlarm\zlavscan.dll" ["Zone Labs, LLC"]
HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\
SnagItMainShellExt\(Default) = "{CF74B903-3389-469c-B3B6-0204D204FCBD}"
-> {HKLM...CLSID} = "SnagItShellExt Class"
\InProcServer32\(Default) = "K:\Programme\TechSmith\SnagIt 8\SnagItShellExt.dll" [file not found]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "K:\Programme\WinRAR\rarext.dll" [null data]
HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
Erasext\(Default) = "{8BE13461-936F-11D1-A87D-444553540000}"
-> {HKCU...CLSID} = "ErasextMenu"
\InProcServer32\(Default) = "K:\WINDOWS\system32\erasext.dll" ["-"]
-> {HKLM...CLSID} = "Eraser Shell Extension"
\InProcServer32\(Default) = "K:\WINDOWS\system32\erasext.dll" ["-"]
Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
\InProcServer32\(Default) = "K:\Programme\Avira\AntiVir PersonalEdition Classic\shlext.dll" ["Avira GmbH"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "K:\Programme\WinRAR\rarext.dll" [null data]
ZLAVShExt\(Default) = "{D9872D13-7651-4471-9EEE-F0A00218BEBB}"
-> {HKLM...CLSID} = "ZLAVShExt Class"
\InProcServer32\(Default) = "K:\Programme\Zone Labs\ZoneAlarm\zlavscan.dll" ["Zone Labs, LLC"]
Group Policies {policy setting}:
--------------------------------
Note: detected settings may not have any effect.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\
"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001
{Shutdown: Allow system to be shut down without having to log on}
"undockwithoutlogon" = (REG_DWORD) dword:0x00000001
{Devices: Allow undock without having to log on}
Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "K:\WINDOWS\web\wallpaper\Grüne Idylle.bmp"
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "K:\Dokumente und Einstellungen\janusz\Anwendungsdaten\Mozilla\Firefox\Desktop Hintergrund.bmp"
Enabled Screen Saver:
---------------------
HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "K:\WINDOWS\system32\logon.scr" [MS]
Windows Portable Device AutoPlay Handlers
-----------------------------------------
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\
AVSDVDMovieOnArrival\
"Provider" = "AVS DVD Player"
"InvokeProgID" = "DVD"
"InvokeVerb" = "PlayWithAVSDVDPlayer"
HKLM\SOFTWARE\Classes\DVD\shell\PlayWithAVSDVDPlayer\Command\(Default) = ""K:\Programme\AVSMedia\DVDPlayer\AVSDVDPlayer.EXE" "%L"" ["Online Media Technologies Ltd."]
MSWPDShellNamespaceHandler\
"Provider" = "@%SystemRoot%\System32\WPDShextRes.dll,-501"
"CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}"
"InitCmdLine" = " "
-> {HKLM...CLSID} = "WPDShextAutoplay"
\LocalServer32\(Default) = "K:\WINDOWS\system32\WPDShextAutoplay.exe" [MS]
Startup items in "janusz" & "All Users" startup folders:
--------------------------------------------------------
K:\Dokumente und Einstellungen\janusz\Startmenü\Programme\Autostart
"OpenOffice.org 2.4" -> shortcut to: "K:\Programme\OpenOffice.org 2.4\program\quickstart.exe" [null data]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
K:\Programme\Ashampoo\Ashampoo FireWall\spi.dll [null data], 01 - 05, 16
%SystemRoot%\system32\mswsock.dll [MS], 06 - 15, 17 - 19
%SystemRoot%\system32\rsvpsp.dll [MS], 20 - 21
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\
"{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3}" = (no title provided)
-> {HKLM...CLSID} = "SnagIt"
\InProcServer32\(Default) = "K:\Programme\TechSmith\SnagIt 8\SnagItIEAddin.dll" [file not found]
"{D0943516-5076-4020-A3B5-AEFAF26AB263}" = "Veoh Browser Plug-in"
-> {HKLM...CLSID} = "Veoh Browser Plug-in"
\InProcServer32\(Default) = "K:\Programme\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll" ["Veoh Networks Inc"]
Extensions (Tools menu items, main toolbar menu buttons)
HKCU\Software\Microsoft\Internet Explorer\Extensions\
{0E921E80-267A-42AA-AEE4-60B9A1222A44}\
"ButtonText" = "Klicke hier um das Projekt xp-AntiSpy zu unterstützen"
"MenuText" = "Unterstützung für xp-AntiSpy"
"Exec" = "K:\Programme\xp-AntiSpy\sponsoring\sponsor.html" [null data]
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Konsole"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC}"
-> {HKLM...CLSID} = "Java Plug-in 1.5.0"
\InProcServer32\(Default) = "K:\Programme\Java\jre1.5.0\bin\npjpi150.dll" ["Sun Microsystems, Inc."]
{E59EB121-F339-4851-A3BA-FE49C35617C2}\
"ButtonText" = "ICQ6"
"MenuText" = "ICQ6"
"Exec" = "K:\Programme\ICQ6\ICQ.exe" ["ICQ, Inc."]
{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "K:\Programme\Messenger\msmsgs.exe" [MS]
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
Apache2.2, Apache2.2, ""K:\xampp\apache\bin\apache.exe" -k runservice" ["Apache Software Foundation"]
Ati HotKey Poller, Ati HotKey Poller, "K:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."]
Avira AntiVir Personal – Free Antivirus Guard, AntiVirService, ""K:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe"" ["Avira GmbH"]
Avira AntiVir Personal – Free Antivirus Planer, AntiVirScheduler, ""K:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe"" ["Avira GmbH"]
AVM WLAN Connection Service, AVM WLAN Connection Service, "K:\Programme\avmwlanstick\WlanNetService.exe" ["AVM Berlin"]
Content Management Service, ContentMgrService, "K:\Programme\Videoload Manager\ContentManager.exe" ["ACE GmbH"]
Messenger USN Journal Reader-Service für freigegebene Ordner, usnjsvc, ""K:\Programme\Windows Live\Messenger\usnsvc.exe"" [MS]
mysql, mysql, "K:\xampp\mysql\bin\mysqld-nt.exe --defaults-file=k:\xampp\mysql\bin\my.cnf mysql" [null data]
---------- (launch time: 2008-07-28 13:24:30)
<<!>>: Suspicious data at a malware launch point.
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 44 seconds, including 17 seconds for message boxes)
 |
|
28.07.2008, 21:51
| #22 |
| | Mailde.de sagt virus o.O Hallo? Wasn jetzt mit dem dings was ich da gepostet hab ? |
|
29.07.2008, 12:46
| #23 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Mailde.de sagt virus o.OCode:
ATTFilter O4 - HKLM\..\Run: [Ashampoo FireWall] "K:\Programme\Ashampoo\Ashampoo FireWall\FireWall.exe" -TRAY
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - K:\WINDOWS\system32\ZoneLabs\vsmon.exe
Code:
ATTFilter O23 - Service: Content Management Service (ContentMgrService) - ACE GmbH - K:\Programme\Videoload Manager\ContentManager.exe
Anzeichen für Befall seh ich jedenfalls nicht.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
29.07.2008, 15:18
| #24 |
| | Mailde.de sagt virus o.O also Zone alarm is seit dem letzten windows update verbuggt , fährt aber bei jedem start mit hoch . Hab vergessen das abzustellen . Und nein der pc steht nicht in einem büro , warum ? Das prog is von der seite www.videoload.de bin bei t-online kunde und kann da so direkt bezahlen , is einfach einfacher mit dem ding die filme anzuschauen :P |
|
| Themen zu Mailde.de sagt virus o.O |
| account, aktivitäten, emails, ferngesteuert, gemein, illegale, ip-adresse, kaspersky, kostenlos, melde, meldung, neue, schutz, sinnvoll, spam-mails, spammer, spionagesoftware, systeme, unerwünschte, versenden, virenschutz, virus, voll, wahrscheinlich, warnung, wissen |
Linear-Darstellung
