| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Windows Warnig Message & NT-Autorität/systemWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
10.09.2008, 09:26
| #1 |
 |  Windows Warnig Message & NT-Autorität/system Hallo leute ich habe mir vorgestern Nacht nen Trojaner eingefangen. Gemeldet wurde da mit einer Windows Warning Message. Sie warnte mich vor Datein mit den Namen: Win32/Adware.Virtumonde und Win32/PrivacyRemover.M64 Mein Betribssytem ist noch XP. Habe Sofort GData TotalCare alle wichtigen Verzeichnisse prüfen lassen. Ergebnis: Virenprüfung mit G DATA AntiVirus Version 18.3.7338.740 Virensignaturen vom 08.09.2008 Startzeit: 09.09.2008 00:12 Engine(s): Engine A (AVK 19.387), Engine B (AVB 19.21) Heuristik: Ein Archive: Ein Systembereiche: Ein Prüfung der Systembereiche... Prüfung folgender Verzeichnisse und Dateien: C:\Programme\ C:\WINDOWS\ D:\ Objekt: F3REPROX.DLL Pfad: C:\Programme\!MyWebSearch\bar\4.bin Status: Virus, Datei gelöscht Virus: not-a-virus:AdTool.Win32.MyWebSearch.cy (Engine A) Passwortgeschützt: TopSearches.7z/TopSearches.xml Pfad: C:\Programme\ICQ6\ConfigFiles Passwortgeschützt: TopSearchesDe.7z/TopSearchesDe.xml Pfad: C:\Programme\ICQ6\ConfigFiles Objekt: a.exe Pfad: C:\WINDOWS\system32 Status: Virus, Datei gelöscht Virus: Trojan-Downloader.Win32.Small.acza (Engine A) Objekt: blphccokj0el8v.scr Pfad: C:\WINDOWS\system32 Status: Virus, Datei gelöscht Virus: Win32:Trojan-gen {Other} (Engine B) Zugriff verweigert: edb.log Pfad: C:\WINDOWS\system32\CatRoot2 Zugriff verweigert: tmp.edb Pfad: C:\WINDOWS\system32\CatRoot2 Zugriff verweigert: catdb Pfad: C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE} Zugriff verweigert: catdb Pfad: C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE} Zugriff verweigert: DEFAULT Pfad: C:\WINDOWS\system32\config Zugriff verweigert: default.LOG Pfad: C:\WINDOWS\system32\config Zugriff verweigert: SAM Pfad: C:\WINDOWS\system32\config Zugriff verweigert: SAM.LOG Pfad: C:\WINDOWS\system32\config Zugriff verweigert: SECURITY Pfad: C:\WINDOWS\system32\config Zugriff verweigert: SECURITY.LOG Pfad: C:\WINDOWS\system32\config Zugriff verweigert: SOFTWARE Pfad: C:\WINDOWS\system32\config Zugriff verweigert: software.LOG Pfad: C:\WINDOWS\system32\config Zugriff verweigert: SYSTEM Pfad: C:\WINDOWS\system32\config Zugriff verweigert: system.LOG Pfad: C:\WINDOWS\system32\config Zugriff verweigert: JET6F11.tmp Pfad: C:\WINDOWS\Temp Zugriff verweigert: JET7BD2.tmp Pfad: C:\WINDOWS\Temp Zugriff verweigert: JET7E81.tmp Pfad: C:\WINDOWS\Temp Zugriff verweigert: JET822C.tmp Pfad: C:\WINDOWS\Temp Zugriff verweigert: JET823B.tmp Pfad: C:\WINDOWS\Temp Zugriff verweigert: JET8BB0.tmp Pfad: C:\WINDOWS\Temp Zugriff verweigert: sqlite_y0kjiknZeYnTAbu Pfad: C:\WINDOWS\Temp Analyse vollständig durchgeführt: 09.09.2008 02:00 64088 Dateien überprüft 3 infizierte Dateien gefunden 0 verdächtige Dateien gefunden Nachdem das geschen war habe ich nochmal mit dem Total Comander den kompletten Computer ach Datein mit win32 im namen suchen lassen und auch alles was er gefunden hat nochmal prüfen lassen. Kein weiterer fund. Dennoch die Verweigerung auf die Datein immernoch, ist das richtig? Virenprüfung mit G DATA AntiVirus Version 18.3.7338.740 Virensignaturen vom 08.09.2008 Startzeit: 09.09.2008 10:53 Engine(s): Engine A (AVK 19.387), Engine B (AVB 19.21) Heuristik: Ein Archive: Ein Systembereiche: Ein Prüfung der Systembereiche... Prüfung folgender Verzeichnisse und Dateien: C:\GAMES\Moorhuhn-Total 3\Spiele\Moorhuhn im Anflug Demo\ C:\Programme\Gemeinsame Dateien\GTK\2.0\bin\ C:\Programme\Gemeinsame Dateien\Java\ C:\Programme\Java\ C:\Programme\Transcribe\ C:\Programme\Trymedia\ C:\WINDOWS\java\ C:\WINDOWS\SoftwareDistribution\Download\ C:\WINDOWS\system32\ C:\WINDOWS\SoftwareDistribution\ReportingEvents.log C:\WINDOWS\0.log C:\WINDOWS\AC3API.INI C:\WINDOWS\ACD Wallpaper.cmp C:\WINDOWS\AKDeInstall.exe C:\WINDOWS\ALCMTR.EXE C:\WINDOWS\ALCWZRD.EXE C:\WINDOWS\Angler.bmp C:\WINDOWS\AquaReal.scr C:\WINDOWS\ARJ.PIF C:\WINDOWS\BJPSUNST.EXE C:\WINDOWS\Blade.acl C:\WINDOWS\Blade8.xlb C:\WINDOWS\Blaue Spitzen 16.bmp C:\WINDOWS\bootstat.dat C:\WINDOWS\cdplayer.ini C:\WINDOWS\clock.avi C:\WINDOWS\Clony2.ini C:\WINDOWS\ClonyCDs.ini C:\WINDOWS\control.ini C:\WINDOWS\CTCCW.DLL C:\WINDOWS\Ctregrun.exe C:\WINDOWS\CTRES.DLL C:\WINDOWS\d3dx.dat C:\WINDOWS\desktop.ini C:\WINDOWS\Die große PC-Spielesammlung Sudoku Uninstaller.exe C:\WINDOWS\dlb.ini C:\WINDOWS\doom3.ini C:\WINDOWS\eReg.dat C:\WINDOWS\eSellerateEngine.dll C:\WINDOWS\explorer.exe C:\WINDOWS\explorer.scf C:\WINDOWS\Feder.bmp C:\WINDOWS\Fächer.bmp C:\WINDOWS\Granit.bmp C:\WINDOWS\HDReg.ini C:\WINDOWS\hh.exe C:\WINDOWS\INRES.DLL C:\WINDOWS\IsUn0407.exe C:\WINDOWS\IsUninst.exe C:\WINDOWS\Kaffeetasse.bmp C:\WINDOWS\LHA.PIF C:\WINDOWS\Lister.exe C:\WINDOWS\lister.ini C:\WINDOWS\Lister.txt C:\WINDOWS\LOGI_MWX.EXE C:\WINDOWS\MGXCLEAN.DAT C:\WINDOWS\mgxclean.exe C:\WINDOWS\Mgxclean.sys C:\WINDOWS\mozver.dat C:\WINDOWS\msdfmap.ini C:\WINDOWS\MSO97.ACL C:\WINDOWS\NeroDigital.ini C:\WINDOWS\NOCLOSE.PIF C:\WINDOWS\NOTEPAD.EXE C:\WINDOWS\nsreg.dat C:\WINDOWS\NVIDIA.ICO C:\WINDOWS\ODBC.INI C:\WINDOWS\ODBCINST.INI C:\WINDOWS\orun32.ini C:\WINDOWS\orun32.isu C:\WINDOWS\PhotoFiltre-Wallpaper.bmp C:\WINDOWS\PKUNZIP.PIF C:\WINDOWS\PKZIP.PIF C:\WINDOWS\Präriewind.bmp C:\WINDOWS\QTFont.for C:\WINDOWS\QTFont.qfn C:\WINDOWS\RAR.PIF C:\WINDOWS\regedit.exe C:\WINDOWS\REGLOCS.OLD C:\WINDOWS\RESTORE.INS C:\WINDOWS\Rhododendron.bmp C:\WINDOWS\RSoftInfo.dat C:\WINDOWS\RTHDCPL.exe C:\WINDOWS\RTLCPL.EXE C:\WINDOWS\Santa Fe-Stuck.bmp C:\WINDOWS\SBWIN.INI C:\WINDOWS\SchedLgU.Txt C:\WINDOWS\Seifenblase.bmp C:\WINDOWS\setupapi.log.0.old C:\WINDOWS\SIGVERIF.TXT C:\WINDOWS\smscfg.ini C:\WINDOWS\SNVerifyDLL.dll C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\Sti_Trace.log C:\WINDOWS\system.ini C:\WINDOWS\system32CmdLineExt.dll C:\WINDOWS\TASKMAN.EXE C:\WINDOWS\twain.dll C:\WINDOWS\twain_32.dll C:\WINDOWS\twunk_16.exe C:\WINDOWS\twunk_32.exe C:\WINDOWS\UA000059.DLL C:\WINDOWS\UC.PIF C:\WINDOWS\UniFish3.exe C:\WINDOWS\unins000.dat C:\WINDOWS\unins000.exe C:\WINDOWS\uninst.exe C:\WINDOWS\UninstallFirefox.exe C:\WINDOWS\UNNeroVision.cfg C:\WINDOWS\UNNeroVision.exe C:\WINDOWS\unvise32.exe C:\WINDOWS\Updreg.EXE C:\WINDOWS\UPGRADE.TXT C:\WINDOWS\vb.ini C:\WINDOWS\vbaddin.ini C:\WINDOWS\vmmreg32.dll C:\WINDOWS\wiadebug.log C:\WINDOWS\wiaservc.log C:\WINDOWS\win.ini C:\WINDOWS\winamp.ini C:\WINDOWS\wincmd.ini C:\WINDOWS\WindowsShell.Manifest C:\WINDOWS\WindowsUpdate.log C:\WINDOWS\winhelp.exe C:\WINDOWS\winhlp32.exe C:\WINDOWS\wiso.ini C:\WINDOWS\wmprfDEU.prx C:\WINDOWS\WMSysPr9.prx C:\WINDOWS\Zapotek.bmp C:\WINDOWS\_default.pif C:\Programme\INSTALL.LOG Zugriff verweigert: DEFAULT Pfad: C:\WINDOWS\system32\config Zugriff verweigert: default.LOG Pfad: C:\WINDOWS\system32\config Zugriff verweigert: SAM Pfad: C:\WINDOWS\system32\config Zugriff verweigert: SAM.LOG Pfad: C:\WINDOWS\system32\config Zugriff verweigert: SECURITY Pfad: C:\WINDOWS\system32\config Zugriff verweigert: SECURITY.LOG Pfad: C:\WINDOWS\system32\config Zugriff verweigert: SOFTWARE Pfad: C:\WINDOWS\system32\config Zugriff verweigert: software.LOG Pfad: C:\WINDOWS\system32\config Zugriff verweigert: SYSTEM Pfad: C:\WINDOWS\system32\config Zugriff verweigert: system.LOG Pfad: C:\WINDOWS\system32\config Analyse vollständig durchgeführt: 09.09.2008 11:17 6839 Dateien überprüft 0 infizierte Dateien gefunden 0 verdächtige Dateien gefunden Könnte da noch irgendwo ein Trojaner versteckt sein? und mein zweites Problem: Ich bekomme dieses Windows Massge ding nicht weg. wie bekomm ich es wieder weg? drittes Problem: Seit dem Trojaner und dem Fund und die Löschung fängt Windows zwischen durch an einen Condown abzuzählen von einer Minute mit der Meldung das Windowas runtergefahen werden muss weil ein problem festgestellt wurde. Gestartet wird das von einer Datei namens NT-AUTORITÄT/SYSTEM Was hat das zu bedeuten und wie bekomm ich es wieder weg? Bitte helft mir, am besten erklärt es wie für blöde bin in solchen sachen ein wenig schwer von begriff. Ich danke schon mal im Vorraus für eure Antworten. Gruß Angie |
|
10.09.2008, 11:20
| #2 |
| |  Windows Warnig Message & NT-Autorität/system Zusatz zu Problem 3
__________________Meldung ist ne andere hab mich vertahn sorry. Windows muss heruntergefahren werden weil der Dienst DCOM-Server-Prozessstart unerwartet beendet wurde. Und gestartet wurd die Aktion dann durch Nt-Autorität/system Weiß jemand rat? |
|
10.09.2008, 11:28
| #3 |
| /// TB-Ausbilder     | Windows Warnig Message & NT-Autorität/system Hi,
__________________bereinige deinen Rechner bitte mit Malwarebytes und poste das Log dann hier. Erstelle bitte ein Log mit RSIT. Es werden 2 Dateien erstellt (log.txt und info.txt). Poste den Inhalt beider Dateien hier. lg myrtille
__________________ |
|
10.09.2008, 11:54
| #4 |
| | Windows Warnig Message & NT-Autorität/system hi danke für die Antwort nun leider noch ein klitzekleines Problem seit dem befall bekomm ich manche Seiten einfach nich mehr auf im net. Leider ist die Download Seite die hier im Forum verlinkt ist leider so eine....  Weißt du vielleicht den Dirktlink zum Download oder noch eine andere Seite wo man es downloaden kann? Auch google spielt bei mir verrückt und gibt mir nie die Seiten die ich anklicke. Gruß Angie EDIT: Hab doch noch ne Seite bei Google gefunden die er richtig aufgemacht hat.....werde es jetzt installieren und durchlaufen lassen. Geändert von Angie29 (10.09.2008 um 12:00 Uhr) |
|
10.09.2008, 14:34
| #5 |
| | Windows Warnig Message & NT-Autorität/system hmm ganz rot werd und schämen tu..... ich glaub ich hab beim erstellen der log datein was falsch gemacht.... ich hab erst scannen lassen dann log datein erstellt, dann erst das gefundene löschen lassen...dann wollte das programm ne neustartung die ich gemacht habe wobei ich vergass die log datein zu speichern vorher und dann hab ich anschließend nochmal die datein erstelln lassen wobei dann auch leider derinfo text fehlt....Sorry war falsch oder? Naja hier die ergebnisse: Bericht vom suchprogramm: Malwarebytes' Anti-Malware 1.28 Datenbank Version: 1136 Windows 5.1.2600 Service Pack 2 10.09.2008 14:27:21 mbam-log-2008-09-10 (14-27-21).txt Scan-Methode: Vollständiger Scan (C:\|G:\|H:\|I:\|J:\|) Durchsuchte Objekte: 238075 Laufzeit: 1 hour(s), 10 minute(s), 59 second(s) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 74 Infizierte Registrierungswerte: 10 Infizierte Dateiobjekte der Registrierung: 4 Infizierte Verzeichnisse: 8 Infizierte Dateien: 24 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CLASSES_ROOT\toolband.xttbpos00 (Adware.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{77d6ddfa-7834-4541-b2b3-a8b0fb0e3924} (Adware.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{7558e739-8e7c-44bb-bce7-1bf0d72b7026} (Adware.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Adware.BHO) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Adware.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{4bd2d6c3-31dc-b947-23d0-dc52ec4f0c4c} (Adware.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{855f3b16-6d32-4fe6-8a56-bbb695989046} (Adware.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\toolband.xttbpos00.1 (Adware.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{2763e333-b168-41a0-a112-d35f96f410c0} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{07b18ea0-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{29d67d3c-509a-4544-903f-c8c1b8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{3e720450-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{621feacd-8857-43a6-ae26-451d670d5370} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{8ca01f0e-987c-49c3-b852-2f1ac4a7094c} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{8e6f1830-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{855f3b16-6d32-4fe6-8a56-bbb695989046} (Adware.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{855f3b16-6d32-4fe6-8a56-bbb695989046} (Adware.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{855f3b16-6d32-4fe6-8a56-bbb695989046} (Adware.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\ (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Malware.Trace) -> Data: c:\windows\system32\ -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Malware.Trace) -> Data: system32\ -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Infizierte Verzeichnisse: C:\Programme\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programme\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programme\MyWebSearch\bar\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programme\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programme\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programme\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programme\FunWebProducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programme\FunWebProducts\Shared\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully. Infizierte Dateien: C:\Programme\ICQToolbar\toolbaru.dll (Adware.BHO) -> Quarantined and deleted successfully. C:\Programme\!MyWebSearch\bar\4.bin\F3CJPEG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programme\!MyWebSearch\bar\4.bin\M3SKPLAY.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programme\FunWebProducts\Shared\Cache\CursorManiaBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programme\FunWebProducts\Shared\Cache\FunBuddyIconBtn-new.html (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programme\FunWebProducts\Shared\Cache\FunBuddyIconBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programme\FunWebProducts\Shared\Cache\MailStampBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programme\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programme\FunWebProducts\Shared\Cache\MyStationeryBtn-new.html (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programme\FunWebProducts\Shared\Cache\MyStationeryBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programme\FunWebProducts\Shared\Cache\SmileyCentralBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\WINDOWS\system32\casino1.ico (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\casino2.ico (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\casino3.ico (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\tdssadw.dll (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\tdssl.dll (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\tdssmain.dll (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\tdssinit.dll (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\tdsslog.dll (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\tdssservers.dat (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\drivers\tdssserv.sys (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\lphccokj0el8v.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\system32\phccokj0el8v.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. |
|
10.09.2008, 14:36
| #6 |
| | Windows Warnig Message & NT-Autorität/system Log datei: Logfile of random's system information tool (written by random/random) Run by Blade at 2008-09-10 14:34:53 Microsoft Windows XP Home Edition Service Pack 2 System drive C: has 97 GB (51%) free of 191 GB Total RAM: 511 MB (14% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:35:12, on 10.09.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programme\G DATA TotalCare\AVK\AVKService.exe C:\Programme\G DATA TotalCare\AVK\AVKWCtl.exe C:\Programme\Bonjour\mDNSResponder.exe C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Programme\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe C:\Programme\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLService.exe c:\APPS\HIDSERVICE\HIDSERVICE.exe C:\WINDOWS\system32\nvsvc32.exe C:\Apps\Softex\OmniPass\Omniserv.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe C:\Programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLSched.exe C:\Programme\G DATA TotalCare\Firewall\GDFwSvc.exe C:\Apps\Softex\OmniPass\OPXPApp.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\ALCWZRD.EXE C:\Programme\Java\jre1.5.0_02\bin\jusched.exe C:\Apps\Softex\OmniPass\scureapp.exe C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\monitor.exe C:\apps\ABoard\ABoard.exe C:\Programme\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe C:\WINDOWS\system32\RunDll32.exe C:\apps\ABoard\AOSD.exe C:\Programme\AnyDVD\AnyDVD.exe C:\Programme\G DATA TotalCare\Firewall\GDFirewallTray.exe C:\Programme\Logitech\MouseWare\system\em_exec.exe C:\Programme\G DATA TotalCare\AVKTray\AVKTray.exe C:\Programme\QuickTime\QTTask.exe C:\Programme\iTunes\iTunesHelper.exe C:\Programme\WinEject\WinEject.exe C:\Programme\iPod\bin\iPodService.exe C:\Programme\G DATA TotalCare\AVKTuner\AVKTunerService.exe C:\Programme\totalcmd\TOTALCMD.EXE D:\RSIT.exe C:\Programme\trend micro\Blade.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.arcor.de R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yodl.de R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.arcor.de R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.arcor.de R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.arcor.de R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.arcor.de R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.arcor.de R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.arcor.de R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.ulead.com.tw/uleadAp/Push/doPush.cfm?SN=781A2-98000-91739917&LN=22&TYPE=260103 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Arcor AG & Co. KG R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file) O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll O2 - BHO: G DATA WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G DATA TotalCare\Webfilter\AVKWebIE.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Programme\Canon\Easy-WebPrint\EWPBrowseLoader.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: G DATA WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G DATA TotalCare\Webfilter\AVKWebIE.dll O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_02\bin\jusched.exe O4 - HKLM\..\Run: [OmniPass] C:\Apps\Softex\OmniPass\scureapp.exe O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\monitor.exe O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe O4 - HKLM\..\Run: [CTSysVol] C:\Programme\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [SbUsb AudCtrl] RunDll32 sbusbdll.dll,RCMonitor O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [AnyDVD] C:\Programme\AnyDVD\AnyDVD.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [GDFirewallTray] C:\Programme\G DATA TotalCare\Firewall\GDFirewallTray.exe O4 - HKLM\..\Run: [AVKTray] "C:\Programme\G DATA TotalCare\AVKTray\AVKTray.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [WinEjectAutoStart1] C:\Programme\WinEject\WinEject.exe -instance:1 O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: G DATA Firewall Tray.lnk = ? O8 - Extra context menu item: &Download by Orbit - res://C:\Programme\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://C:\Programme\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\I C Q\ICQToolbar\toolbaru.dll/SEARCH.HTML O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Programme\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://C:\Programme\Orbitdownloader\orbitmxt.dll/202 O8 - Extra context menu item: Easy-WebPrint - Drucken - res://C:\Programme\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - res://C:\Programme\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint - Vorschau - res://C:\Programme\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - res://C:\Programme\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe (file missing) O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe (file missing) O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing) O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing) O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\ger.htm O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: G DATA AntiVirus Proxy (AVKProxy) - G DATA Software AG - C:\Programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe O23 - Service: AVK Service (AVKService) - G DATA Software AG - C:\Programme\G DATA TotalCare\AVK\AVKService.exe O23 - Service: AVK Wächter (AVKWCtl) - G DATA Software AG - C:\Programme\G DATA TotalCare\AVK\AVKWCtl.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLSched.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programme\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe O23 - Service: G DATA Tuner Service - G DATA Software AG - C:\Programme\G DATA TotalCare\AVKTuner\AVKTunerService.exe O23 - Service: G DATA Personal Firewall (GDFwSvc) - G DATA Software AG - C:\Programme\G DATA TotalCare\Firewall\GDFwSvc.exe O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Apps\Softex\OmniPass\Omniserv.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe O24 - Desktop Component 1: PC Aquarium Deluxe - 7db39a0d-580f-4be9-9195-8bfcd226f6c2 -- End of file - 11621 bytes Registry dump [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}] Octh Class - C:\Programme\Orbitdownloader\orbitcth.dll [2008-04-02 187512] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0124123D-61B4-456f-AF86-78C53A0790C5}] G DATA WebFilter - C:\Programme\G DATA TotalCare\Webfilter\AVKWebIE.dll [2007-12-19 656968] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] AcroIEHlprObj Class - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{68F9551E-0411-48E4-9AAF-4BC42A6A46BE}] EWPBrowseObject Class - C:\Programme\Canon\Easy-WebPrint\EWPBrowseLoader.dll [2006-04-18 34304] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Programme\Canon\Easy-WebPrint\Toolband.dll [2006-04-18 552960] {0124123D-61B4-456f-AF86-78C53A0790C5} - G DATA WebFilter - C:\Programme\G DATA TotalCare\Webfilter\AVKWebIE.dll [2007-12-19 656968] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168] "PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2005-08-02 7110656] "nwiz"=C:\WINDOWS\system32\nwiz.exe [2005-08-02 1519616] "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2005-08-02 86016] "SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-09-10 77824] "AlcWzrd"=C:\WINDOWS\ALCWZRD.EXE [2004-09-15 2557952] "Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2004-07-20 57344] "SunJavaUpdateSched"=C:\Programme\Java\jre1.5.0_02\bin\jusched.exe [2005-03-04 36975] "OmniPass"=C:\Apps\Softex\OmniPass\scureapp.exe [2005-08-12 1859584] "Ulead AutoDetector v2"=C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\monitor.exe [2004-11-26 90112] "ACTIVBOARD"=c:\apps\ABoard\ABoard.exe [2003-05-02 24576] "CTSysVol"=C:\Programme\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe [2003-09-17 57344] "SbUsb AudCtrl"=RunDll32 sbusbdll.dll [] "UpdReg"=C:\WINDOWS\UpdReg.EXE [2000-05-11 90112] "Logitech Utility"=C:\WINDOWS\Logi_MwX.Exe [2003-11-07 19968] "NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648] "AnyDVD"=C:\Programme\AnyDVD\AnyDVD.exe [2005-03-01 280576] "KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k [] "GDFirewallTray"=C:\Programme\G DATA TotalCare\Firewall\GDFirewallTray.exe [2007-10-25 1189552] "AVKTray"=C:\Programme\G DATA TotalCare\AVKTray\AVKTray.exe [2007-12-04 603720] "QuickTime Task"=C:\Programme\QuickTime\QTTask.exe [2008-01-10 385024] "iTunesHelper"=C:\Programme\iTunes\iTunesHelper.exe [2008-01-15 267048] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "WinEjectAutoStart1"=C:\Programme\WinEject\WinEject.exe [2001-05-10 96768] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox] C:\Programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE [2004-01-14 409600] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] C:\Programme\Messenger\msmsgs.exe [2004-08-04 1667584] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\4.bin\mwsoemon.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService] C:\Programme\CyberLink\PowerCinema\PCMService.exe [2005-08-23 139264] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe -osboot [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^MyWebSearch Email Plugin.lnk] C:\Programme\MyWebSearch\bar\1.bin\MWSOEMON.EXE [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^Blade^Startmenü^Programme^Autostart^MyWebSearch Email Plugin.lnk] C:\Programme\MyWebSearch\bar\1.bin\MWSOEMON.EXE [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^Blade^Startmenü^Programme^Autostart^WISO Bewerbung 2007 Reminder.lnk] C:\PROGRA~1\WISO\BEWERB~1\KCREMI~1.EXE [2006-06-07 1236480] C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart G DATA Firewall Tray.lnk - C:\Programme\G DATA TotalCare\Firewall\GDFirewallTray.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\OPXPGina] C:\Apps\Softex\OmniPass\opxpgina.dll [2005-08-12 49152] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{FBF23B40-E3F0-101B-8488-00AA003E56F8}"=C:\WINDOWS\system32\shdocvw.dll [2004-08-04 1483776] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TDSSserv.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TDSSserv.sys] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System] "NoDispScrSavPage"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%ProgramFiles%\AOL 9.0\aol.exe"="%ProgramFiles%\AOL 9.0\aol.exe:*:Enabled:AOL" "%ProgramFiles%\Ahead\SIPPS\SIPPS.exe"="%ProgramFiles%\Ahead\SIPPS\SIPPS.exe:*:Enabled:SIPPS" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Programme\ICQLite\ICQLite.exe"="C:\Programme\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite" "C:\Programme\MSN Messenger\msnmsgr.exe"="C:\Programme\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5" "C:\Programme\I C Q\ICQLite\ICQLite.exe"="C:\Programme\I C Q\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite" "C:\Programme\Orbitdownloader\orbitdm.exe"="C:\Programme\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit" "C:\Programme\Orbitdownloader\orbitnet.exe"="C:\Programme\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit" "C:\Programme\Bonjour\mDNSResponder.exe"="C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour" "C:\Programme\iTunes\iTunes.exe"="C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes" "C:\Programme\ICQ6\ICQ.exe"="C:\Programme\ICQ6\ICQ.exe:*:Enabled:ICQ6" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Programme\MSN Messenger\msnmsgr.exe"="C:\Programme\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5" List of files/folders created in the last three months 2008-09-10 14:25:22 ----D---- C:\Programme\trend micro 2008-09-10 14:25:18 ----D---- C:\rsit 2008-09-10 13:00:45 ----D---- C:\Dokumente und Einstellungen\Blade\Anwendungsdaten\Malwarebytes 2008-09-10 13:00:38 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes 2008-09-10 13:00:37 ----D---- C:\Programme\Malwarebytes' Anti-Malware 2008-09-08 23:20:23 ----A---- C:\WINDOWS\system32\tdsspopup.dll 2008-07-06 12:27:09 ----D---- C:\Programme\ICQToolbar 2008-07-06 12:09:38 ----D---- C:\Programme\ICQ6 List of drivers R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 40192] R1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848] R2 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2005-01-02 9728] R2 GDTdiInterceptor;GDTdiInterceptor; \??\C:\WINDOWS\system32\drivers\GDTdiIcpt.sys [] R2 Nsynas32;Nsynas32; C:\WINDOWS\system32\drivers\Nsynas32.sys [2000-06-16 17784] R2 PfModNT;PfModNT; \??\C:\WINDOWS\system32\drivers\PfModNT.sys [] R3 AnyDVD;AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [2005-03-01 18048] R3 Arp1394;1394-ARP-Clientprotokoll; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800] R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys [2004-04-26 130384] R3 ElbyDelay;ElbyDelay; C:\WINDOWS\System32\Drivers\ElbyDelay.sys [2005-01-02 3968] R3 GDMnIcpt;GDMnIcpt; \??\C:\WINDOWS\system32\drivers\MiniIcpt.sys [] R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664] R3 HidUsb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600] R3 HookCentre;HookCentre; \??\C:\WINDOWS\system32\drivers\HookCentre.sys [] R3 LHidFlt2;Logitech HID/USB Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFlt2.Sys [2003-11-07 25502] R3 LHidUsb;Logitech USB Receiver device driver; C:\WINDOWS\System32\Drivers\LHidUsb.Sys [2003-11-07 37884] R3 LMouFlt2;Logitech Mouse Class Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFlt2.Sys [2003-11-07 70798] R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-18 12288] R3 NIC1394;1394-Netzwerktreiber; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2005-08-02 3198560] R3 odysseyIM3;Odyssey Network Services Miniport; C:\WINDOWS\system32\DRIVERS\odysseyIM3.sys [2003-05-14 62673] R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\DRIVERS\ctoss2k.sys [2004-04-26 178736] R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2005-11-14 9856] R3 RTL8023;Realtek RTL8139/810x/8169/8110 all in one NDIS NT Driver; C:\WINDOWS\system32\DRIVERS\Rtlnic51.sys [2003-12-31 69504] R3 sbusb;Sound Blaster USB Audio Driver; C:\WINDOWS\system32\DRIVERS\sbusb.sys [2004-07-27 1643648] R3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616] R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624] R3 usbhub;Microsoft USB-Standardhubtreiber; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600] R3 usbscan;USB-Scannertreiber; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104] R3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496] R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480] R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588] S3 CBTNDIS5;CBTNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\CBTNDIS5.SYS [] S3 HdAudAddService;Microsoft UAA-Funktionstreiber für den High Definition Audio-Dienst; C:\WINDOWS\system32\drivers\HdAudio.sys [2004-03-17 113664] S3 HDAudBus;Microsoft UAA-Bustreiber für High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-03-17 135168] S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2004-09-16 2257920] S3 L8042pr2;Logitech PS/2 Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\L8042pr2.Sys [2003-11-07 51486] S3 RT25USBAP;Nintendo Wi-Fi USB Connector Service; C:\WINDOWS\system32\DRIVERS\rt25usbap.sys [2006-04-10 162816] S3 RT73;LevelOne WNC-0301USB Wireless Adapter Driver; C:\WINDOWS\system32\DRIVERS\rt73.sys [] S3 SONYPVU1;Sony USB-Filtertreiber (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552] S3 usbaudio;USB-Audiotreiber (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-04 59264] S3 usbohci;Miniporttreiber für Microsoft USB Open Host-Controller; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024] S3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856] S3 ZD1211U(ZyXEL);ZyAIR G-220 IEEE 802.11b+g Wireless LAN Driver (USB)(ZyXEL); C:\WINDOWS\system32\DRIVERS\zd1211u.sys [2004-12-10 237568] S3 ZDPNDIS5;ZDPNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\ZDPNDIS5.SYS [] |
|
10.09.2008, 14:37
| #7 |
| | Windows Warnig Message & NT-Autorität/system List of services R2 AOL ACS;AOL Connectivity Service; C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe [2004-11-09 1140312] R2 Apple Mobile Device;Apple Mobile Device; C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-01-15 110592] R2 AVKProxy;G DATA AntiVirus Proxy; C:\Programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe [2007-12-04 722504] R2 AVKService;AVK Service; C:\Programme\G DATA TotalCare\AVK\AVKService.exe [2007-12-04 427592] R2 AVKWCtl;AVK Wächter; C:\Programme\G DATA TotalCare\AVK\AVKWCtl.exe [2007-12-11 1095240] R2 Bonjour Service;Bonjour-Dienst; C:\Programme\Bonjour\mDNSResponder.exe [2007-07-24 229376] R2 CLCapSvc;CyberLink Background Capture Service (CBCS); C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe [2005-08-23 249954] R2 CLSched;CyberLink Task Scheduler (CTS); C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLSched.exe [2005-08-23 114784] R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.EXE [1999-12-13 44032] R2 CyberLink Media Library Service;CyberLink Media Library Service; C:\Programme\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe [2005-08-23 61440] R2 GenericHidService;Generic Service for HID Keyboard Input Collections; c:\APPS\HIDSERVICE\HIDSERVICE.exe [2005-01-07 49152] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2005-08-02 127043] R2 omniserv;Softex OmniPass Service; C:\Apps\Softex\OmniPass\Omniserv.exe [2005-08-12 32768] R2 UleadBurningHelper;Ulead Burning Helper; C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe [2004-02-26 49152] R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-10 38912] R3 G DATA Tuner Service;G DATA Tuner Service; C:\Programme\G DATA TotalCare\AVKTuner\AVKTunerService.exe [2007-12-11 792136] R3 GDFwSvc;G DATA Personal Firewall; C:\Programme\G DATA TotalCare\Firewall\GDFwSvc.exe [2007-12-12 1496648] R3 iPod Service;iPod-Dienst; C:\Programme\iPod\bin\iPodService.exe [2008-01-15 504104] S3 Adobe LM Service;Adobe LM Service; C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-09-22 72704] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240] S3 IDriverT;InstallDriver Table Manager; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728] S3 ose;Office Source Engine; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] -----------------EOF----------------- Info fehlt Hoffe das die Infos jetzt nicht unbrauchbar sind... Ps die Windows Massage hat sich nachdem Scan in Luft aufgelöst Gruß Angie |
|
10.09.2008, 14:41
| #8 |
| /// TB-Ausbilder | Windows Warnig Message & NT-Autorität/system Hi, die Logs sind so wie ich sie haben wollte.  Anleitung Avenger (by swandog46) Lade dir das Tool Avenger und speichere es auf dem Desktop:
Code:
ATTFilter Files to delete:
C:\WINDOWS\system32\tdsspopup.dll
Weißt du zufällig genau wie du dir die Malware eingefangen hast? lg myrtille
__________________ Anfragen per Email, Profil- oder privater Nachricht werden ignoriert! Hilfe gibts NUR im Forum! Wer nach 24 Stunden keine weitere Antwort von mir bekommen hat, schickt bitte eine PM Spelling mistakes? Never, but keybaord malfunctions constantly! |
|
10.09.2008, 15:49
| #9 |
| | Windows Warnig Message & NT-Autorität/system So alles gemacht wie gewünscht hoffe ich Wo ich mir den Mist eingefangen habe weiß ich leider nich Text: Logfile of The Avenger Version 2.0, (c) by Swandog46 http://swandog46.geekstogo.com Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! File "C:\WINDOWS\system32\tdsspopup.dll" deleted successfully. Completed script processing. ******************* Finished! Terminate. |
|
10.09.2008, 16:42
| #10 |
| /// TB-Ausbilder | Windows Warnig Message & NT-Autorität/system Hi, aktualisiere bitte Malwarebytes und lasse es nochmal deinen Rechner scannen. Poste das Ergebnis dann erneut hier.  Eigentlich dürften nur noch Reste gefunden werden. lg myrtille
__________________ Anfragen per Email, Profil- oder privater Nachricht werden ignoriert! Hilfe gibts NUR im Forum! Wer nach 24 Stunden keine weitere Antwort von mir bekommen hat, schickt bitte eine PM Spelling mistakes? Never, but keybaord malfunctions constantly! |
|
| Themen zu Windows Warnig Message & NT-Autorität/system |
| c:\windows, computer, datei, dateien, festgestellt, folge, g data, gdata, icq, infizierte, infizierte dateien, java, leute, meldung, mywebsearch, namen, not-a-virus, problem, programme, prüfen, spiele, suche, trojan-gen, trojaner, trymedia, warning, wieder weg, win32:trojan-gen, win32:trojan-gen {other}, windows |
Linear-Darstellung
