Befall mit Antivirus XP 2008 und UPS-Virus

29.08.2008, 18:43

Hallo liebe Helfer,
erst einmal herzlichen Dank für dieses wundervolle Forum, wo sich auch ungeübte Benutzer wohl fühlen können.

Mein Problem sind UPS-Virus (ich wartete dringend auf ein Paket) und Antivirus XP 2008 (an diesem Tag suchte ich nur eine Telefonnummer). Ich hatte einen Bildschirmschoner, der einen Windows-Absturz simulierte, diverse Fenster mit Warnhinweisen, lästige Fenster mit Kaufofferten. Eine Systemwiederherstellung klappte ebenso nicht wie Löschungen im abgesicherten Modus (nach Selbsthilfeanleitungen aus dem Internet).

Auf meinem PC läuft Windows XP SP2, Internet Explorer 6.0, AntiVir für KEN als Lizenz. AntiVir konnte mir nicht helfen aber zunächst scheinbar Ad-Aware Se personal und Spybot Search & Destroy. Beim nächsten Scan war jedoch vieles wieder da.

In Ihrem Forum las ich von Malwarebytes' Anti-Malware. Ich habe es zweimal laufen lassen, anschließend HijackThis. Könnten Sie sich bitte die beigefügten drei Logfiles ansehen, ob bei mir jetzt alles in Ordnung ist? Danke schon einmal im voraus.

Herzliche Grüße
Ulla

PS: Ich versuche, die Logfiles als Code einzufügen, in der Vorschau schaut es nicht so aus, als habe ich es richtig gemacht?

Malwarebytes' Anti-Malware 1.25
Datenbank Version: 1089
Windows 5.1.2600 Service Pack 2

19:55:33 27.08.2008
mbam-log-08-27-2008 (19-55-33).txt

Scan-Methode: Vollständiger Scan (C:\|)
Durchsuchte Objekte: 80916
Laufzeit: 26 minute(s), 37 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 2
Infizierte Registrierungsschlüssel: 50
Infizierte Registrierungswerte: 3
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 5
Infizierte Dateien: 13

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
C:\WINDOWS\system32\suzkaco.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\blphcgsgj0eg4c.scr (Trojan.FakeAlert) -> Delete on reboot.

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\suzkaco (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ratoolbar.ietoolbar (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ratoolbar.ietoolbar.1 (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ratoolbar.ratoolbar (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ratoolbar.ratoolbar.3 (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\tbsb00001.tbsb00001 (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\tbsb00001.tbsb00001.3 (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\urlsearchhook.toolbarurlsearchhook (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{09fc30bb-8163-4211-9ad5-e394bb821dd4} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0abf2ab4-f61f-4034-9120-d8b81a61a476} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0b15a970-3600-484c-ad29-da866e7b14fd} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0ce76896-b612-465d-a5b8-a07dc1f2f596} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{119ddd5b-7b88-41d5-9156-ce69030afe61} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1882370d-c294-4607-9ecf-2c3f0bc3fd23} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{25b18194-40d4-4640-86e2-548caeda81be} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{337740e2-8d2c-49e9-b93e-9cb52e65bd87} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{36e4149a-0923-4735-895b-1c02c410a00d} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6ac7595f-094e-47f6-8578-39f105349fe6} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7a8236e2-565e-44fd-9f81-9c8686365613} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8a077461-06f2-4a9f-940e-9428ea8accbe} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{94d2ffc4-186e-4061-864e-41502c792bf0} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9c3cf303-9d50-476d-bcc3-13e664e73a2c} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a6d1f76e-ba02-4e05-9835-567a555e5312} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a72cddcc-8026-489a-b6e2-11639f15760b} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ae0e943e-37ba-405d-a2c7-1db44d3b9707} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b42989c4-38cc-425b-95ee-26c3b34e113a} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b511a4e5-82dc-40bb-ac16-c7af39e50b11} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{be383095-ee2d-4202-8314-02d7801bc1c2} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c8ebda8c-2aad-4695-921c-d4c388199cce} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ca3eb689-8f09-4026-aa10-b9534c691ce0} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d631e193-5223-4079-adea-1f72b2a8cc3e} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{eac65987-4ff5-46da-9168-fb9667153b84} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ebd5ffc6-b42a-4eb0-a72d-0ee23d3aeb65} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{18d4ca2d-e313-49c5-8b15-65ded4540663} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7e9746a6-fcd9-468c-8e65-84fb7571703e} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{4509d3cc-b642-4745-b030-645b79522c6d} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4897bba6-48d9-468c-8efa-846275d7701b} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\urlsearchhook.toolbarurlsearchhook.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xbtb03004.ietoolbar (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xbtb03004.ietoolbar.1 (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xbtb03004.xbtb03004 (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xbtb03004.xbtb03004.3 (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{00bbc39a-b87b-4d5b-82fd-15bfb89be9a0} (Adware.DosPopToolbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{055cd4ae-97b0-40c3-ba50-ba24084b43de} (Adware.DosPopToolbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{165cc0ae-37b0-49c3-bacf-bad4080b432d} (Adware.DosPopToolbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{9ebb289a-2d7b-465b-825f-1530b813e95a} (Adware.DosPopToolbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cd5c92ae-97b0-4bc3-ba65-ba0308d543bf} (Adware.DosPopToolbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f5bb069a-a87b-485b-82da-155ab8d7e94b} (Adware.DosPopToolbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tcpsr (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphcgsgj0eg4c (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\inrhclsgj0eg4c (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\rhclsgj0eg4c (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\rhclsgj0eg4c\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\rhclsgj0eg4c\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\rhclsgj0eg4c\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\rhclsgj0eg4c\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.

Infizierte Dateien:
C:\WINDOWS\system32\suzkaco.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\blphcgsgj0eg4c.scr (Trojan.FakeAlert) -> Delete on reboot.
C:\Programme\RA-MICRO\RAToolbar\tbhelper.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lphcgsgj0eg4c.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\phcgsgj0eg4c.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pphcgsgj0eg4c.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\.ttC.tmp.exe (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\Temp\.tt4.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\.tt5.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\.tt7.tmp (Trojan.Downloader) -> Delete on reboot.
C:\WINDOWS\Temp\.tt8.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\.ttC.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\.ttE.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

Malwarebytes' Anti-Malware 1.25
Datenbank Version: 1089
Windows 5.1.2600 Service Pack 2

15:03:46 29.08.2008
mbam-log-08-29-2008 (15-03-46).txt

Scan-Methode: Vollständiger Scan (C:\|)
Durchsuchte Objekte: 81168
Laufzeit: 25 minute(s), 18 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tcpsr (Rootkit.Agent) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:01:16, on 29.08.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir fuer KEN!\avguard.exe
C:\Programme\AntiVir fuer KEN!\sched.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe
C:\PROGRA~1\Borland\INTERB~1\Bin\IBGuard.EXE
C:\Programme\KEN!\KENCLI.EXE
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Sage\SageDB 5.0\bin\mysqld-nt.exe
C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Borland\INTERB~1\Bin\ibserver.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\htpatch.exe
C:\Programme\AntiVir fuer KEN!\avgnt.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\ScanSoft\PaperPort\pptd40nt.exe
C:\Programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Programme\KEN!\kentbcli.exe
C:\Programme\Nero\Nero 7\InCD\NBHGui.exe
C:\Programme\Nero\Nero 7\InCD\InCD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\TeaTimer.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Programme\FRITZ!\IWatch.exe
C:\Programme\WinZip\WZQKPICK.EXE
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Programme\Java\jre1.5.0_06\bin\jucheck.exe
C:\Programme\Nero\Nero 7\Core\nero.exe
C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://192.168.22.220:3128/ken.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=192.168.22.220:3128;https=192.168.22.220:3128;ftp=192.168.22.220:3128;socks=192.168.22.220:1080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: XBTB03004 - {C543F87B-D228-466C-8432-A6F7D1C44565} - C:\Programme\RA-MICRO\RAToolbar\ramicro_toolbar.dll
O2 - BHO: RAToolbar - {EF8E1F96-FF80-4E85-AD4F-0F19166E21DB} - C:\Programme\RA-MICRO\RAToolbar\ramicro_toolbar.dll
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\system32\khooker.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir fuer KEN!\avgnt.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Programme\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Programme\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Programme\Brother\Brmfl04e\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Programme\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [FineReader7NewsReaderPro] "C:\Programme\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [KEN Taskbar Client] "C:\Programme\KEN!\kentbcli.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Programme\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Programme\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: ISDNWatch.lnk = C:\Programme\FRITZ!\IWatch.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programme\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://192.168.22.220:3128/ken.html
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1209107514531
O17 - HKLM\System\CCS\Services\Tcpip\..\{AC6A699E-A510-4E98-A740-7E4218267C53}: NameServer = 192.168.22.220,192.168.22.1
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programme\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AntiVir für KEN! Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir fuer KEN!\sched.exe
O23 - Service: AntiVir für KEN! Guard (AntiVirService) - Avira GmbH - C:\Programme\AntiVir fuer KEN!\avguard.exe
O23 - Service: pcAnywhere Host-Modul (awhost32) - Symantec Corporation - C:\Programme\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: InterBaseGuardian - Inprise Corporation - C:\PROGRA~1\Borland\INTERB~1\Bin\IBGuard.EXE
O23 - Service: InterBaseServer - Inprise Corporation - C:\PROGRA~1\Borland\INTERB~1\Bin\ibserver.exe
O23 - Service: AVM KEN Klient (KEN Client Service) - AVM Berlin - C:\Programme\KEN!\KENCLI.EXE
O23 - Service: NBService - Nero AG - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe
O23 - Service: SageDB 5.0 - Unknown owner - C:\Programme\Sage\SageDB 5.0\bin\mysqld-nt.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 8224 bytes

Befall mit Antivirus XP 2008 und UPS-Virus

Plagegeister aller Art und deren Bekämpfung: Befall mit Antivirus XP 2008 und UPS-Virus

Befall mit Antivirus XP 2008 und UPS-Virus

Ähnliche Themen: Befall mit Antivirus XP 2008 und UPS-Virus