|
Log-Analyse und Auswertung: internet explorer öffnet ständig neue fenster! virus ?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
05.01.2009, 22:54 | #16 |
| internet explorer öffnet ständig neue fenster! virus ? Logfile of random's system information tool 1.05 (written by random/random) Run by x at 2009-01-05 22:29:43 Microsoft® Windows Vista™ Home Premium Service Pack 1 System drive C: has 40 GB (42%) free of 97 GB Total RAM: 1013 MB (26% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:30:17, on 05.01.2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe C:\Program Files\Sceneo\Bonavista\Services\ODSBC\ODSBCApp.exe C:\Program Files\Lexmark X1100 Series\LXBKbmgr.exe C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Windows\VM_STI.EXE C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Nonoh.net\Nonoh\nonoh.exe C:\Program Files\ICQ6.5\ICQ.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Safari\Safari.exe C:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe C:\Users\RICHARD\Desktop\RSIT.exe C:\Program Files\Trend Micro\HijackThis\RICHARD.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = htp://google.icq.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = htp://www.google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = htp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = htp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Share_Accelerator_MM toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbShar.dll R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O1 - Hosts: ::1 localhost O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Share_Accelerator_MM toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbShar.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Peer2Peer-DE Toolbar - {97ac393a-a525-4cd0-95cf-019b028cc7a4} - C:\Program Files\Peer2Peer-DE\tbPee0.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll O3 - Toolbar: Share_Accelerator_MM toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbShar.dll O3 - Toolbar: Peer2Peer-DE Toolbar - {97ac393a-a525-4cd0-95cf-019b028cc7a4} - C:\Program Files\Peer2Peer-DE\tbPee0.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\Home Cinema\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [TVBroadcast] C:\Program Files\Sceneo\Bonavista\SERVICES\ODSBC\ODSBCApp.exe O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [lxbkbmgr.exe] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" O4 - HKLM\..\Run: [BigDogPath] C:\Windows\VM_STI.EXE Philips SPC 200NC PC Camera O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Nonoh] "C:\Program Files\Nonoh.net\Nonoh\nonoh.exe" -nosplash -minimized O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user') O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe O13 - Gopher Prefix: O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - htp://www.musicnotes.com/download/mnviewer.cab O16 - DPF: {17D667BA-5675-4AAB-9221-08B9379384D4} (Image Uploader Control) - htp://cdnimg.piczo.com/images/uploader/piczo_fast_uploader.cab O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - htp://static.ak.schuelervz.net/photouploader/ImageUploader4.cab?nocache=20071219-1 O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} (Image Uploader Control) - htp://static.pe.schuelervz.net/photouploader/ImageUploader5.cab?nocache=1215634447 O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - htp://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - htp://arcade.icq.com/online/online2/bejeweled2/popcaploader_v6.cab O16 - DPF: {EA6246B4-F380-443F-8727-9AEA3371146C} (CPlayFirstWeddingDashControl Object) - htp://webgames.d.tmsrv.com/c=1e1687785935a05e4d45b708851b80e1/aff=t_25oa_deca_wg/p/release/playfirst/wg_weddingdash/weddingdash/WeddingDash.1.0.0.47.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Avira AntiVir Personal - Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\Windows\System32\LEXBCES.EXE O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: lxbk_device - - C:\Windows\system32\lxbkcoms.exe O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (file missing) O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Sceneo PVR Service (srvcPVR) - Buhl Data Service GmbH - C:\Program Files\Sceneo\Bonavista\Services\PVR\PVRService.exe O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- End of file - 10272 bytes Geändert von 123.wilhelm (05.01.2009 um 23:13 Uhr) |
05.01.2009, 22:55 | #17 |
| internet explorer öffnet ständig neue fenster! virus ? ======Scheduled tasks folder======
__________________C:\Windows\tasks\User_Feed_Synchronization-{A231AF6E-5BE4-472A-95EB-AA58394136DC}.job C:\Windows\tasks\User_Feed_Synchronization-{C8E540D1-FFB8-415D-8E1C-0AB7FD4BF0CE}.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}] &Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4596013b-6c31-408b-a266-deae5c086dc2}] Share_Accelerator_MM toolbar - C:\Program Files\Share_Accelerator_MM\tbShar.dll [2007-05-27 1326104] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-13 320920] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{97ac393a-a525-4cd0-95cf-019b028cc7a4}] Peer2Peer-DE Toolbar - C:\Program Files\Peer2Peer-DE\tbPee0.dll [2008-09-15 1784856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-13 34816] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}] SingleInstance Class - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [2008-07-28 160496] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {4596013b-6c31-408b-a266-deae5c086dc2} - Share_Accelerator_MM toolbar - C:\Program Files\Share_Accelerator_MM\tbShar.dll [2007-05-27 1326104] {97ac393a-a525-4cd0-95cf-019b028cc7a4} - Peer2Peer-DE Toolbar - C:\Program Files\Peer2Peer-DE\tbPee0.dll [2008-09-15 1784856] {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184] "RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2006-11-20 4018176] "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-11-22 815104] "RemoteControl"=C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe [2006-11-23 56928] "LanguageShortcut"=C:\Program Files\Home Cinema\PowerDVD\Language\Language.exe [2006-12-05 54832] "TVBroadcast"=C:\Program Files\Sceneo\Bonavista\SERVICES\ODSBC\ODSBCApp.exe [2007-01-10 824320] "Lexmark X1100 Series"=C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe [2007-01-25 74672] "PCSuiteTrayApplication"=C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe [2007-03-23 227328] "lxbkbmgr.exe"=C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe [2007-01-25 74672] "BigDogPath"=C:\Windows\VM_STI.EXE [2004-06-09 40960] "IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-01-02 141848] "HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-01-02 166424] "Persistence"=C:\Windows\system32\igfxpers.exe [2008-01-02 133656] "NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792] "avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497] "AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-09-03 111936] "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696] "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-13 136600] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184] "Nonoh"=C:\Program Files\Nonoh.net\Nonoh\nonoh.exe [2008-11-07 8945952] "ICQ"=C:\Program Files\ICQ6.5\ICQ.exe [2008-11-30 172792] "ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite] C:\Program Files\ICQLite\ICQLite\ICQLite.exe -minimize [] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\Windows\system32\igfxdev.dll [2008-01-02 200704] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableUIADesktopToggle"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] ======List of files/folders created in the last 1 months====== 2009-01-05 22:29:43 ----D---- C:\rsit 2009-01-05 21:31:04 ----D---- C:\Users\RICHARD\AppData\Roaming\Yahoo! 2009-01-05 21:31:04 ----D---- C:\ProgramData\Yahoo! Companion 2009-01-05 21:31:01 ----D---- C:\Program Files\Yahoo! 2009-01-05 21:30:54 ----D---- C:\Program Files\CCleaner 2009-01-04 23:11:28 ----D---- C:\Program Files\Navilog1 2009-01-04 21:38:58 ----D---- C:\Program Files\Trend Micro 2008-12-29 03:42:46 ----D---- C:\Program Files\UltraStar Deluxe 2008-12-28 02:11:06 ----D---- C:\Program Files\MSECache 2008-12-19 11:59:25 ----A---- C:\Windows\system32\mshtml.dll 2008-12-14 15:22:27 ----A---- C:\MDL 2.0 Debug.txt 2008-12-14 01:29:49 ----D---- C:\Program Files\MessengerDiscovery 2008-12-13 22:50:10 ----A---- C:\Windows\system32\deploytk.dll 2008-12-13 22:50:09 ----A---- C:\Windows\system32\javaws.exe 2008-12-13 22:50:09 ----A---- C:\Windows\system32\javaw.exe 2008-12-13 22:50:09 ----A---- C:\Windows\system32\java.exe 2008-12-13 22:12:53 ----D---- C:\Program Files\Fake Webcam 2008-12-13 22:12:29 ----D---- C:\Program Files\Conduit 2008-12-13 22:12:28 ----D---- C:\Program Files\Peer2Peer-DE 2008-12-13 11:45:48 ----D---- C:\Program Files\ICQ6.5 2008-12-12 12:34:53 ----A---- C:\Windows\system32\urlmon.dll 2008-12-12 12:34:51 ----A---- C:\Windows\system32\ieframe.dll 2008-12-12 12:34:50 ----A---- C:\Windows\system32\wininet.dll 2008-12-12 12:34:50 ----A---- C:\Windows\system32\mstime.dll 2008-12-12 12:34:47 ----A---- C:\Windows\system32\iertutil.dll 2008-12-12 12:34:44 ----A---- C:\Windows\system32\jsproxy.dll 2008-12-11 12:06:09 ----A---- C:\Windows\system32\tzres.dll 2008-12-10 06:33:07 ----A---- C:\Windows\system32\shell32.dll 2008-12-10 06:32:38 ----A---- C:\Windows\system32\gameux.dll 2008-12-10 06:32:38 ----A---- C:\Windows\system32\Apphlpdm.dll 2008-12-10 06:32:37 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll 2008-12-10 06:32:19 ----A---- C:\Windows\system32\gdi32.dll 2008-12-10 06:32:13 ----A---- C:\Windows\explorer.exe 2008-12-10 06:32:01 ----A---- C:\Windows\system32\mf.dll 2008-12-10 06:32:00 ----A---- C:\Windows\system32\WMVCORE.DLL 2008-12-10 06:31:57 ----A---- C:\Windows\system32\WMNetMgr.dll 2008-12-10 06:31:56 ----A---- C:\Windows\system32\logagent.exe ======List of files/folders modified in the last 1 months====== 2009-01-05 22:30:10 ----D---- C:\Windows\Temp 2009-01-05 22:29:54 ----D---- C:\Windows\Prefetch 2009-01-05 21:56:29 ----D---- C:\Windows\system32\LogFiles 2009-01-05 21:40:55 ----D---- C:\Windows\Debug 2009-01-05 21:40:55 ----D---- C:\Windows 2009-01-05 21:40:54 ----D---- C:\Windows\Minidump 2009-01-05 21:31:04 ----HD---- C:\ProgramData 2009-01-05 21:31:01 ----RD---- C:\Program Files 2009-01-05 16:06:18 ----SHD---- C:\System Volume Information 2009-01-05 02:13:07 ----D---- C:\Windows\System32 2009-01-05 02:13:07 ----A---- C:\Windows\system32\PerfStringBackup.INI 2009-01-05 02:13:06 ----D---- C:\Windows\inf 2009-01-04 21:08:20 ----D---- C:\Users\RICHARD\AppData\Roaming\ICQ 2008-12-31 13:58:27 ----SHD---- C:\Windows\Installer 2008-12-31 13:54:24 ----D---- C:\Program Files\Common Files 2008-12-31 13:51:01 ----D---- C:\Program Files\DVDVideoSoft 2008-12-30 18:06:12 ----D---- C:\Windows\system32\catroot2 2008-12-25 22:48:02 ----D---- C:\Users\RICHARD\AppData\Roaming\Skype 2008-12-25 21:48:32 ----D---- C:\Users\RICHARD\AppData\Roaming\skypePM 2008-12-19 12:00:46 ----D---- C:\Windows\winsxs 2008-12-19 12:00:30 ----D---- C:\Windows\system32\catroot 2008-12-14 01:03:38 ----D---- C:\Program Files\Common Files\Wise Installation Wizard 2008-12-14 01:02:58 ----D---- C:\Windows\Tasks 2008-12-14 00:52:30 ----D---- C:\Program Files\Common Files\DVDVideoSoft 2008-12-13 22:43:20 ----D---- C:\Program Files\Java 2008-12-13 22:15:53 ----A---- C:\Windows\NeroDigital.ini 2008-12-13 18:39:02 ----D---- C:\Program Files\ICQ6Toolbar 2008-12-13 11:47:59 ----D---- C:\ProgramData\ICQ 2008-12-11 12:36:20 ----D---- C:\Windows\rescache 2008-12-11 12:16:27 ----D---- C:\Windows\AppPatch 2008-12-11 12:16:26 ----D---- C:\Windows\system32\de-DE 2008-12-10 00:24:37 ----A---- C:\Windows\system32\mrt.exe 2008-12-09 20:04:34 ----D---- C:\Program Files\ICQ6 ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys [2007-02-27 11840] R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2008-11-12 75072] R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2007-11-08 21248] R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2006-11-15 32256] R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2006-11-15 43520] R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2006-11-15 37376] R3 athrusb;Atheros Wireless LAN USB device driver; C:\Windows\system32\DRIVERS\athrusb.sys [2007-01-08 449024] R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys [2008-05-20 52032] R3 CmBatt;Treiber für Microsoft-ACPI-Kontrollmethodenkompatible Batterie; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464] R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-01-02 2016256] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2006-11-23 1652968] R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2006-12-20 67072] R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-19 88576] R3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2006-11-02 1010560] R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2006-11-22 179896] R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-19 11264] R3 X10Hid;X10 Hid Device; C:\Windows\System32\Drivers\x10hid.sys [2006-11-17 13976] R3 XUIF;X10 USB Wireless Transceiver; C:\Windows\System32\Drivers\x10ufx2.sys [2006-11-30 27416] S3 61883;61883-Einheitsgerät; C:\Windows\system32\DRIVERS\61883.sys [2008-01-19 45696] S3 Avc;AVC-Gerät; C:\Windows\system32\DRIVERS\avc.sys [2008-01-19 40448] S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632] S3 FETNDIS;VIA Rhine-Familie--Fast-Ethernet-Adaptertreiberdienst; C:\Windows\system32\DRIVERS\fetnd5.sys [2006-11-02 45568] S3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520] S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-01-02 2016256] S3 MSDV;Microsoft DV Camera and VCR; C:\Windows\system32\DRIVERS\msdv.sys [2008-01-19 52608] S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192] S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888] S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016] S3 nmwcd;Nokia USB Phone Parent; C:\Windows\system32\drivers\nmwcd.sys [2007-02-22 137216] S3 nmwcdc;Nokia USB Generic; C:\Windows\system32\drivers\nmwcdc.sys [2007-02-22 8320] S3 nmwcdcj;Nokia USB Port; C:\Windows\system32\drivers\nmwcdcj.sys [2007-02-22 12288] S3 nmwcdcm;Nokia USB Modem; C:\Windows\system32\drivers\nmwcdcm.sys [2007-02-22 12288] S3 PhilCap;PhilCap service; C:\Windows\system32\DRIVERS\PhilCap.sys [2006-10-12 1053824] S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 2028032] S3 Ser2pl;Prolific Serial port driver; C:\Windows\system32\DRIVERS\ser2pl.sys [2007-07-31 76800] S3 usbscan;USB-Scannertreiber; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328] S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-19 39936] S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328] S3 zlportio;zlportio; \??\C:\Program Files\UltraStar Deluxe\zlportio.sys [] S3 ZSMC301b;Philips SPC 200NC PC Camera; C:\Windows\System32\Drivers\usbVM31b.sys [2005-02-26 91527] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Planer; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-23 68865] R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-23 151297] R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424] R2 Bonjour Service;Bonjour-Dienst; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888] R2 LexBceS;LexBce Server; C:\Windows\System32\LEXBCES.EXE [2003-08-18 303104] R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-10-19 61440] R2 lxbk_device;lxbk_device; C:\Windows\system32\lxbkcoms.exe [2007-01-25 537520] R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2006-12-19 272024] R2 srvcPVR;Sceneo PVR Service; C:\Program Files\Sceneo\Bonavista\Services\PVR\PVRService.exe [2007-01-03 1468928] R2 x10nets;X10 Device Network Service; C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe [2001-11-12 20480] R3 iPod Service;iPod-Dienst; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872] R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2007-03-26 292864] R3 usnjsvc;Messenger USN Journal Reader-Service für freigegebene Ordner; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328] S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632] S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [] S3 UPnPService;UPnPService; C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 544768] S3 usprserv;User Privilege Service; C:\Windows\System32\svchost.exe [2008-01-19 21504] S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [] -----------------EOF----------------- so hier?? ach gott, musste alles mehr mals aufteilen, da es sonst nicht gepasst hätte |
05.01.2009, 23:10 | #18 |
| internet explorer öffnet ständig neue fenster! virus ? ======Scheduled tasks folder======
__________________C:\Windows\tasks\User_Feed_Synchronization-{A231AF6E-5BE4-472A-95EB-AA58394136DC}.job C:\Windows\tasks\User_Feed_Synchronization-{C8E540D1-FFB8-415D-8E1C-0AB7FD4BF0CE}.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}] &Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4596013b-6c31-408b-a266-deae5c086dc2}] Share_Accelerator_MM toolbar - C:\Program Files\Share_Accelerator_MM\tbShar.dll [2007-05-27 1326104] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-13 320920] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{97ac393a-a525-4cd0-95cf-019b028cc7a4}] Peer2Peer-DE Toolbar - C:\Program Files\Peer2Peer-DE\tbPee0.dll [2008-09-15 1784856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-13 34816] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}] SingleInstance Class - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [2008-07-28 160496] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {4596013b-6c31-408b-a266-deae5c086dc2} - Share_Accelerator_MM toolbar - C:\Program Files\Share_Accelerator_MM\tbShar.dll [2007-05-27 1326104] {97ac393a-a525-4cd0-95cf-019b028cc7a4} - Peer2Peer-DE Toolbar - C:\Program Files\Peer2Peer-DE\tbPee0.dll [2008-09-15 1784856] {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184] "RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2006-11-20 4018176] "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-11-22 815104] "RemoteControl"=C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe [2006-11-23 56928] "LanguageShortcut"=C:\Program Files\Home Cinema\PowerDVD\Language\Language.exe [2006-12-05 54832] "TVBroadcast"=C:\Program Files\Sceneo\Bonavista\SERVICES\ODSBC\ODSBCApp.exe [2007-01-10 824320] "Lexmark X1100 Series"=C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe [2007-01-25 74672] "PCSuiteTrayApplication"=C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe [2007-03-23 227328] "lxbkbmgr.exe"=C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe [2007-01-25 74672] "BigDogPath"=C:\Windows\VM_STI.EXE [2004-06-09 40960] "IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-01-02 141848] "HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-01-02 166424] "Persistence"=C:\Windows\system32\igfxpers.exe [2008-01-02 133656] "NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792] "avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497] "AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-09-03 111936] "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696] "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-13 136600] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184] "Nonoh"=C:\Program Files\Nonoh.net\Nonoh\nonoh.exe [2008-11-07 8945952] "ICQ"=C:\Program Files\ICQ6.5\ICQ.exe [2008-11-30 172792] "ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite] C:\Program Files\ICQLite\ICQLite\ICQLite.exe -minimize [] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\Windows\system32\igfxdev.dll [2008-01-02 200704] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableUIADesktopToggle"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] ======List of files/folders created in the last 1 months====== 2009-01-05 22:29:43 ----D---- C:\rsit 2009-01-05 21:31:04 ----D---- C:\Users\RICHARD\AppData\Roaming\Yahoo! 2009-01-05 21:31:04 ----D---- C:\ProgramData\Yahoo! Companion 2009-01-05 21:31:01 ----D---- C:\Program Files\Yahoo! 2009-01-05 21:30:54 ----D---- C:\Program Files\CCleaner 2009-01-04 23:11:28 ----D---- C:\Program Files\Navilog1 2009-01-04 21:38:58 ----D---- C:\Program Files\Trend Micro 2008-12-29 03:42:46 ----D---- C:\Program Files\UltraStar Deluxe 2008-12-28 02:11:06 ----D---- C:\Program Files\MSECache 2008-12-19 11:59:25 ----A---- C:\Windows\system32\mshtml.dll 2008-12-14 15:22:27 ----A---- C:\MDL 2.0 Debug.txt 2008-12-14 01:29:49 ----D---- C:\Program Files\MessengerDiscovery 2008-12-13 22:50:10 ----A---- C:\Windows\system32\deploytk.dll 2008-12-13 22:50:09 ----A---- C:\Windows\system32\javaws.exe 2008-12-13 22:50:09 ----A---- C:\Windows\system32\javaw.exe 2008-12-13 22:50:09 ----A---- C:\Windows\system32\java.exe 2008-12-13 22:12:53 ----D---- C:\Program Files\Fake Webcam 2008-12-13 22:12:29 ----D---- C:\Program Files\Conduit 2008-12-13 22:12:28 ----D---- C:\Program Files\Peer2Peer-DE 2008-12-13 11:45:48 ----D---- C:\Program Files\ICQ6.5 2008-12-12 12:34:53 ----A---- C:\Windows\system32\urlmon.dll 2008-12-12 12:34:51 ----A---- C:\Windows\system32\ieframe.dll 2008-12-12 12:34:50 ----A---- C:\Windows\system32\wininet.dll 2008-12-12 12:34:50 ----A---- C:\Windows\system32\mstime.dll 2008-12-12 12:34:47 ----A---- C:\Windows\system32\iertutil.dll 2008-12-12 12:34:44 ----A---- C:\Windows\system32\jsproxy.dll 2008-12-11 12:06:09 ----A---- C:\Windows\system32\tzres.dll 2008-12-10 06:33:07 ----A---- C:\Windows\system32\shell32.dll 2008-12-10 06:32:38 ----A---- C:\Windows\system32\gameux.dll 2008-12-10 06:32:38 ----A---- C:\Windows\system32\Apphlpdm.dll 2008-12-10 06:32:37 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll 2008-12-10 06:32:19 ----A---- C:\Windows\system32\gdi32.dll 2008-12-10 06:32:13 ----A---- C:\Windows\explorer.exe 2008-12-10 06:32:01 ----A---- C:\Windows\system32\mf.dll 2008-12-10 06:32:00 ----A---- C:\Windows\system32\WMVCORE.DLL 2008-12-10 06:31:57 ----A---- C:\Windows\system32\WMNetMgr.dll 2008-12-10 06:31:56 ----A---- C:\Windows\system32\logagent.exe ======List of files/folders modified in the last 1 months====== 2009-01-05 22:30:10 ----D---- C:\Windows\Temp 2009-01-05 22:29:54 ----D---- C:\Windows\Prefetch 2009-01-05 21:56:29 ----D---- C:\Windows\system32\LogFiles 2009-01-05 21:40:55 ----D---- C:\Windows\Debug 2009-01-05 21:40:55 ----D---- C:\Windows 2009-01-05 21:40:54 ----D---- C:\Windows\Minidump 2009-01-05 21:31:04 ----HD---- C:\ProgramData 2009-01-05 21:31:01 ----RD---- C:\Program Files 2009-01-05 16:06:18 ----SHD---- C:\System Volume Information 2009-01-05 02:13:07 ----D---- C:\Windows\System32 2009-01-05 02:13:07 ----A---- C:\Windows\system32\PerfStringBackup.INI 2009-01-05 02:13:06 ----D---- C:\Windows\inf 2009-01-04 21:08:20 ----D---- C:\Users\RICHARD\AppData\Roaming\ICQ 2008-12-31 13:58:27 ----SHD---- C:\Windows\Installer 2008-12-31 13:54:24 ----D---- C:\Program Files\Common Files 2008-12-31 13:51:01 ----D---- C:\Program Files\DVDVideoSoft 2008-12-30 18:06:12 ----D---- C:\Windows\system32\catroot2 2008-12-25 22:48:02 ----D---- C:\Users\RICHARD\AppData\Roaming\Skype 2008-12-25 21:48:32 ----D---- C:\Users\RICHARD\AppData\Roaming\skypePM 2008-12-19 12:00:46 ----D---- C:\Windows\winsxs 2008-12-19 12:00:30 ----D---- C:\Windows\system32\catroot 2008-12-14 01:03:38 ----D---- C:\Program Files\Common Files\Wise Installation Wizard 2008-12-14 01:02:58 ----D---- C:\Windows\Tasks 2008-12-14 00:52:30 ----D---- C:\Program Files\Common Files\DVDVideoSoft 2008-12-13 22:43:20 ----D---- C:\Program Files\Java 2008-12-13 22:15:53 ----A---- C:\Windows\NeroDigital.ini 2008-12-13 18:39:02 ----D---- C:\Program Files\ICQ6Toolbar 2008-12-13 11:47:59 ----D---- C:\ProgramData\ICQ 2008-12-11 12:36:20 ----D---- C:\Windows\rescache 2008-12-11 12:16:27 ----D---- C:\Windows\AppPatch 2008-12-11 12:16:26 ----D---- C:\Windows\system32\de-DE 2008-12-10 00:24:37 ----A---- C:\Windows\system32\mrt.exe 2008-12-09 20:04:34 ----D---- C:\Program Files\ICQ6 ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys [2007-02-27 11840] R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2008-11-12 75072] R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2007-11-08 21248] R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2006-11-15 32256] R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2006-11-15 43520] R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2006-11-15 37376] R3 athrusb;Atheros Wireless LAN USB device driver; C:\Windows\system32\DRIVERS\athrusb.sys [2007-01-08 449024] R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys [2008-05-20 52032] R3 CmBatt;Treiber für Microsoft-ACPI-Kontrollmethodenkompatible Batterie; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464] R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-01-02 2016256] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2006-11-23 1652968] R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2006-12-20 67072] R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-19 88576] R3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2006-11-02 1010560] R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2006-11-22 179896] R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-19 11264] R3 X10Hid;X10 Hid Device; C:\Windows\System32\Drivers\x10hid.sys [2006-11-17 13976] R3 XUIF;X10 USB Wireless Transceiver; C:\Windows\System32\Drivers\x10ufx2.sys [2006-11-30 27416] S3 61883;61883-Einheitsgerät; C:\Windows\system32\DRIVERS\61883.sys [2008-01-19 45696] S3 Avc;AVC-Gerät; C:\Windows\system32\DRIVERS\avc.sys [2008-01-19 40448] S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632] S3 FETNDIS;VIA Rhine-Familie--Fast-Ethernet-Adaptertreiberdienst; C:\Windows\system32\DRIVERS\fetnd5.sys [2006-11-02 45568] S3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520] S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-01-02 2016256] S3 MSDV;Microsoft DV Camera and VCR; C:\Windows\system32\DRIVERS\msdv.sys [2008-01-19 52608] S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192] S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888] S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016] S3 nmwcd;Nokia USB Phone Parent; C:\Windows\system32\drivers\nmwcd.sys [2007-02-22 137216] S3 nmwcdc;Nokia USB Generic; C:\Windows\system32\drivers\nmwcdc.sys [2007-02-22 8320] S3 nmwcdcj;Nokia USB Port; C:\Windows\system32\drivers\nmwcdcj.sys [2007-02-22 12288] S3 nmwcdcm;Nokia USB Modem; C:\Windows\system32\drivers\nmwcdcm.sys [2007-02-22 12288] S3 PhilCap;PhilCap service; C:\Windows\system32\DRIVERS\PhilCap.sys [2006-10-12 1053824] S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 2028032] S3 Ser2pl;Prolific Serial port driver; C:\Windows\system32\DRIVERS\ser2pl.sys [2007-07-31 76800] S3 usbscan;USB-Scannertreiber; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328] S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-19 39936] S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328] S3 zlportio;zlportio; \??\C:\Program Files\UltraStar Deluxe\zlportio.sys [] S3 ZSMC301b;Philips SPC 200NC PC Camera; C:\Windows\System32\Drivers\usbVM31b.sys [2005-02-26 91527] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Planer; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-23 68865] R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-23 151297] R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424] R2 Bonjour Service;Bonjour-Dienst; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888] R2 LexBceS;LexBce Server; C:\Windows\System32\LEXBCES.EXE [2003-08-18 303104] R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-10-19 61440] R2 lxbk_device;lxbk_device; C:\Windows\system32\lxbkcoms.exe [2007-01-25 537520] R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2006-12-19 272024] R2 srvcPVR;Sceneo PVR Service; C:\Program Files\Sceneo\Bonavista\Services\PVR\PVRService.exe [2007-01-03 1468928] R2 x10nets;X10 Device Network Service; C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe [2001-11-12 20480] R3 iPod Service;iPod-Dienst; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872] R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2007-03-26 292864] R3 usnjsvc;Messenger USN Journal Reader-Service für freigegebene Ordner; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328] S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632] S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [] S3 UPnPService;UPnPService; C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 544768] S3 usprserv;User Privilege Service; C:\Windows\System32\svchost.exe [2008-01-19 21504] S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [] -----------------EOF----------------- so hier?? ach gott, musste alles mehr mals aufteilen, da es sonst nicht gepasst hätte |
05.01.2009, 23:32 | #19 |
| internet explorer öffnet ständig neue fenster! virus ? oh nein, jetzt habe ich manche irgendwie doppelt gepostet und ich weiß nicht wie ich sie löschen kann ! ich hoffe, du kannst dich durchfinden, ansonsten sag bescheid und ich poste die ergebnisse noch einmal der reihe nach ! |
05.01.2009, 23:33 | #20 |
| internet explorer öffnet ständig neue fenster! virus ? Ja, das war der erste Teil, immer weiter. Meine Arbeitsliste ist lang. Ich bin sicher, wenn ich dich nach einigen Programmen fragen würde, die da installiert sind, du nicht einmal weißt, wozu die überhaupt gut sind. Du musst dringend entrümpeln, sprich deinstallieren. ciao, andreas Wie war der Spruch? Der Ordentliche räumt auf, das Genie beherrscht das Chaos. p.s.: Eine wichtige Frage noch. Kannst du sagen, ab wann die Werbefenster kamen? Oder irgendeine Installation, nach der sie erschienen? Geändert von john.doe (05.01.2009 um 23:40 Uhr) |
06.01.2009, 03:28 | #21 |
| internet explorer öffnet ständig neue fenster! virus ? Malwarebytes' Anti-Malware 1.32 Datenbank Version: 1620 Windows 6.0.6001 Service Pack 1 06.01.2009 03:25:26 mbam-log-2009-01-06 (03-25-25).txt Scan-Methode: Vollständiger Scan (C:\|D:\|) Durchsuchte Objekte: 196188 Laufzeit: 3 hour(s), 15 minute(s), 48 second(s) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) hab zuerst den short scan gemacht und es wurden 17 dateien gefunden, die ich dann aber gelöscht habe. danach habe ich einen vollständigen scan durchgeführt und nun wurden keine bösartigen gefunden. blacklight hat bei mir leider nicht funktioniert. |
06.01.2009, 15:31 | #22 |
| internet explorer öffnet ständig neue fenster! virus ? Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:27:55, on 06.01.2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe C:\Program Files\Sceneo\Bonavista\Services\ODSBC\ODSBCApp.exe C:\Program Files\Lexmark X1100 Series\LXBKbmgr.exe C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Windows\VM_STI.EXE C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Nonoh.net\Nonoh\nonoh.exe C:\Program Files\ICQ6.5\ICQ.exe C:\Windows\ehome\ehtray.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Windows\ehome\ehmsas.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe C:\Program Files\Safari\Safari.exe C:\Users\RICHARD\Desktop\qlketzd.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = htp://google.icq.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = htp://www.google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = htp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = htp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = htp://search.bearshare.com/sidebar.html?src=ssb R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Share_Accelerator_MM toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbShar.dll R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O1 - Hosts: ::1 localhost O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Share_Accelerator_MM toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbShar.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Peer2Peer-DE Toolbar - {97ac393a-a525-4cd0-95cf-019b028cc7a4} - C:\Program Files\Peer2Peer-DE\tbPee0.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll O3 - Toolbar: Share_Accelerator_MM toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbShar.dll O3 - Toolbar: Peer2Peer-DE Toolbar - {97ac393a-a525-4cd0-95cf-019b028cc7a4} - C:\Program Files\Peer2Peer-DE\tbPee0.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: (no name) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - (no file) O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\Home Cinema\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [TVBroadcast] C:\Program Files\Sceneo\Bonavista\SERVICES\ODSBC\ODSBCApp.exe O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [lxbkbmgr.exe] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" O4 - HKLM\..\Run: [BigDogPath] C:\Windows\VM_STI.EXE Philips SPC 200NC PC Camera O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Nonoh] "C:\Program Files\Nonoh.net\Nonoh\nonoh.exe" -nosplash -minimized O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user') O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe O13 - Gopher Prefix: O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - htp://www.musicnotes.com/download/mnviewer.cab O16 - DPF: {17D667BA-5675-4AAB-9221-08B9379384D4} (Image Uploader Control) - htp://cdnimg.piczo.com/images/uploader/piczo_fast_uploader.cab O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - htp://static.ak.schuelervz.net/photouploader/ImageUploader4.cab?nocache=20071219-1 O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} (Image Uploader Control) - htp://static.pe.schuelervz.net/photouploader/ImageUploader5.cab?nocache=1215634447 O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - htp://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe O16 - DPF: {EA6246B4-F380-443F-8727-9AEA3371146C} (CPlayFirstWeddingDashControl Object) - htp://webgames.d.tmsrv.com/c=1e1687785935a05e4d45b708851b80e1/aff=t_25oa_deca_wg/p/release/playfirst/wg_weddingdash/weddingdash/WeddingDash.1.0.0.47.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Avira AntiVir Personal - Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\Windows\System32\LEXBCES.EXE O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: lxbk_device - - C:\Windows\system32\lxbkcoms.exe O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (file missing) O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Sceneo PVR Service (srvcPVR) - Buhl Data Service GmbH - C:\Program Files\Sceneo\Bonavista\Services\PVR\PVRService.exe O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- End of file - 10089 bytes |
06.01.2009, 16:48 | #23 | |
| internet explorer öffnet ständig neue fenster! virus ?Zitat:
Wo ist das Log von Superantispyware? Es fehlt auch noch die info.txt von rsit. Das letzte HJT-Log sieht schon etwas freundlicher aus. Installiere http://www.trojaner-board.de/51464-a...-ccleaner.html und säubere dein System. Deinstalliere die Peer2peer und Share Accelerator Toolbars sowie alle Programme, die du nicht unbedingt benötigst. ciao, andreas |
06.01.2009, 20:43 | #24 |
| internet explorer öffnet ständig neue fenster! virus ? na toll. jetzt hatte ich aus versehn "intel graphics media accelerator driver" deinstalliert, was dazu geführt hat, dass die grafik viel zu groß war. hm. dann habe ich das system zurückgesetzt, weil ich glücklicherweise etwa 2 std davor einen neuen systemwiederherstellungspunkt festgelegt hatte. aber als ich nun wieder die peer-to-peer toolbar löschen wollte, was vor der systemwiederherstellung einwandfrei geklappt hat, erscheint nun eine fehlermeldung "die datei istall.log konnte nicht geöffnet werden" oder so. die logs schicke ich gleich dazu. |
06.01.2009, 20:47 | #25 |
| internet explorer öffnet ständig neue fenster! virus ? das müsste die von SUPERAntiSpyware sein, korrigiere mich, wenn nicht: Malwarebytes' Anti-Malware 1.32 Datenbank Version: 1620 Windows 6.0.6001 Service Pack 1 06.01.2009 00:05:45 mbam-log-2009-01-06 (00-05-30).txt Scan-Methode: Quick-Scan Durchsuchte Objekte: 53284 Laufzeit: 7 minute(s), 20 second(s) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 17 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 3 Infizierte Dateien: 2 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/downloaded program files/popcaploader.dll (Adware.PopCap) -> No action taken. HKEY_CLASSES_ROOT\TypeLib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> No action taken. HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> No action taken. HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> No action taken. HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{af2e62b6-f9e1-4d4f-a10a-9dc8e6dcbcc0} (Adware.VideoEgg) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{37b85a21-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{37b85a29-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch (Adware.BookedSpace) -> No action taken. Infizierte Registrierungswerte: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Windows\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> No action taken. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: C:\Program Files\MyGlobalSearch (Adware.MyWebSearch) -> No action taken. C:\Program Files\MyGlobalSearch\bar (Adware.MyWebSearch) -> No action taken. C:\Program Files\MyGlobalSearch\bar\History (Adware.MyWebSearch) -> No action taken. Infizierte Dateien: C:\Windows\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> No action taken. C:\Program Files\MyGlobalSearch\bar\History\search (Adware.MyWebSearch) -> No action taken. |
06.01.2009, 20:51 | #26 |
| internet explorer öffnet ständig neue fenster! virus ? info.txt logfile of random's system information tool 1.05 2009-01-05 22:30:22 ======Uninstall list====== -->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE -->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL -->C:\Windows\UNNeroBackItUp.exe /UNINSTALL -->C:\Windows\UNNeroMediaHome.exe /UNINSTALL -->C:\Windows\UNNeroShowTime.exe /UNINSTALL -->C:\Windows\UNNeroVision.exe /UNINSTALL -->C:\Windows\UNRecode.exe /UNINSTALL Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7} Adobe Flash Player 9 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete Adobe Flash Player Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe Adobe Reader 8.1.2 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A81200000003} Adobe Shockwave Player-->C:\Windows\System32\Macromed\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Macromed\SHOCKW~1\Install.log Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886} Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033} Atheros USB Wireless LAN-->MsiExec.exe /I{B094F9EC-1016-428C-902A-3FF72A5945C0} Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959} CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe" Die Sims 2: Wilde Campus-Jahre-->C:\Program Files\EA GAMES\Die Sims 2 Wilde Campus-Jahre\EAUninstall.exe Die Sims 2-->C:\Program Files\EA GAMES\Die Sims 2\EAUninstall.exe Die Sims™ 2 H&M®-Fashion-Accessoires-->C:\Program Files\EA GAMES\Die Sims 2 H&M®-Fashion-Accessoires\EAUninstall.exe Easy CD-DA Extractor 11-->"C:\Windows\Easy CD-DA Extractor 11.5.3\uninstall.exe" "/U:C:\Program Files\Easy CD-DA Extractor 11\irunin.xml" Favorit-->c:\users\x\appdata\local\sfzfb.bat Firebird SQL Server - MAGIX Edition 2.0.0.1 (D)-->C:\Program Files\MAGIX\Common\Database\uninstall.exe Free YouTube to Mp3 Converter version 2.5-->"C:\Program Files\DVDVideoSoft\Free YouTube to Mp3 Converter\unins000.exe" G DATA Logox4 Speechengine-->C:\Windows\LgxSetup.exe /u C:\PROGRA~1\COMMON~1\LOGOX4~1.0\Log.inf lgx.server lgx4 Google Earth-->MsiExec.exe /I{374F03BB-9C09-4DB3-9C9B-C71E63292950} HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall ICQ6.5-->"C:\Program Files\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly Intel(R) Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371} Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF} LetsTrade Komponenten-->C:\Windows\fpuninst.exe -uninstall:"c:\program files\letstrade\uninst\uninst.ini" Lexmark X1100 Series-->C:\Program Files\Lexmark X1100 Series\Install\x86\Uninst.exe MediaShow 3.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5A9B7C0-8751-11D8-9D75-000129760D75}\setup.exe" -uninstall MessengerDiscovery 1.5.0800-->"C:\Program Files\MessengerDiscovery\unins001.exe" Microsoft Office XP Professional mit FrontPage-->MsiExec.exe /I{90280407-6000-11D3-8CFE-0050048383C9} Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7} MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC} Navilog1 3.7.1-->"C:\Program Files\Navilog1\unins000.exe" Nero 7 Essentials-->MsiExec.exe /I{37BA50EE-C851-4394-93DD-A0A611891031} neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B} Nokia Connectivity Cable Driver-->MsiExec.exe /X{972B1D9B-0EAD-49E8-B7D6-3B83FD5665B1} Nokia PC Suite-->C:\ProgramData\Installations\{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}\Nokia_PC_Suite_683_rel_14_1_ger_web.exe /LANG="1031" Nokia PC Suite-->MsiExec.exe /I{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2} PC Connectivity Solution-->MsiExec.exe /I{066D65EA-ED53-44E4-A96A-F81B6E409D2E} Peer2Peer-DE Toolbar-->C:\PROGRA~1\PEER2P~1\UNWISE.EXE C:\PROGRA~1\PEER2P~1\INSTALL.LOG Philips SPC 200NC PC Camera-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A2646FB-7BAC-451B-BF90-4889C4429C5E}\setup.exe" -l0x7 PL-2303 Vista Driver Installer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EEC010D0-1252-4E1D-BAD9-F1B8F414535C}\setup.exe" -l0x9 -removeonly PowerDirector-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" -uninstall PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall PowerProducer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4} Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista-->C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -l0x0007 -removeonly Realtek High Definition Audio Driver-->RtlUpd.exe -r -m RollerCoaster Tycoon 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}\Setup.exe" -l0x7 Safari-->MsiExec.exe /I{582D2A53-F426-4C5E-A2E6-43C1AB36B907} Sceneo Bonavista-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4C73B683-B15D-4B94-AC7A-520B70C4FFE9}\Setup.exe" Share Accelerator MM Toolbar-->C:\PROGRA~1\SHARE_~1\UNWISE.EXE C:\PROGRA~1\SHARE_~1\INSTALL.LOG SIPPS-->C:\Windows\UNSIPPS.exe /UNINSTALL Skype™ 3.6-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82} Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall Systemsteuerung "MobileMe"-->MsiExec.exe /I{6DA9102E-199F-43A0-A36B-6EF48081A658} Uninstall 1.0.0.0-->"C:\Program Files\Common Files\DVDVideoSoft\unins000.exe" Viewpoint Media Player (Remove Only)-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u Windows Live Messenger-->MsiExec.exe /X{2B091530-69AA-442E-AB09-39ED06B58220} Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4} Windows-Treiberpaket - Nokia Modem (11/03/2006 6.82.0.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nokbtmdm.inf_7dedec2f\nokbtmdm.inf WinRAR-->C:\Program Files\WinRAR\uninstall.exe WinZip 11.1-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5} X10 Hardware(TM)-->C:\Windows\UNWISE.EXE C:\PROGRA~1\X10HAR~1\Install.log Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE ======Security center information====== AS: Spyware Doctor AS: Avira AntiVir PersonalEdition (outdated) AS: Windows-Defender System event log Computer Name: x-PC Event Code: xxxxx Message: DCOM hat den Dienst iPod Service mit den Argumenten "" gestartet, um den Server auszuführen: {063D34A4-BF84-4B8D-B699-E8CA06504DDE} Record Number: 242029 Source Name: Microsoft-Windows-DistributedCOM Time Written: 20090105211127.000000-000 Event Type: Informationen User: Computer Name: x-PC Event Code: xxx Message: Auf diesem Computer konnte kein kompatibles TPM-Sicherheitsgerät (Trusted Platform Module) gefunden werden. TBS konnte nicht gestartet werden. Record Number: 242030 Source Name: Microsoft-Windows-TBS Time Written: 20090105211228.998400-000 Event Type: Informationen User: NT-AUTORITÄT\LOKALER DIENST Computer Name: x-PC Event Code: xxxxx Message: DCOM hat den Dienst TrustedInstaller mit den Argumenten "" gestartet, um den Server auszuführen: {752073A1-23F2-4396-85F0-8FDB879ED0ED} Record Number: 242031 Source Name: Microsoft-Windows-DistributedCOM Time Written: 20090105211655.000000-000 Event Type: Informationen User: Computer Name: x-PC Event Code: xxxxx Message: Der Server "{C2BFE331-6739-4270-86C9-493D9A04CD38}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Record Number: 242032 Source Name: Microsoft-Windows-DistributedCOM Time Written: 20090105212405.000000-000 Event Type: Fehler User: Computer Name: x-PC Event Code: xxxxx Message: DCOM hat den Dienst usnjsvc mit den Argumenten "" gestartet, um den Server auszuführen: {98AC5C33-EE18-4EC2-BE25-3B16EE8F75F1} Record Number: 242033 Source Name: Microsoft-Windows-DistributedCOM Time Written: 20090105212550.000000-000 Event Type: Informationen User: Application event log Computer Name: x-PC Event Code: xxx Message: msnmsgr (3588) \\.\C:\Users\x\AppData\Local\Microsoft\Messenger\x@hotmail.de\SharingMetadata\Working\database_963E_D60B_3ED5_E471\dfsr.db: Das Datenbankmodul (6.00.6001.0000) hat eine neue Instanz gestartet (0). Record Number: 75711 Source Name: ESENT Time Written: 20090105212550.000000-000 Event Type: Informationen User: Computer Name: x-PC Event Code: xxx Message: msnmsgr (3588) \\.\C:\Users\RICHARD\AppData\Local\Microsoft\Messenger\x\SharingMetadata\Working\database_963E_D60B_3ED5_E471\dfsr.db: Das Datenbankmodul initiiert Schritte zur Wiederherstellung. Record Number: 75712 Source Name: ESENT Time Written: 20090105212551.000000-000 Event Type: Informationen User: Computer Name: x-PC Event Code: xxx Message: msnmsgr (3588) \\.\C:\Users\RICHARD\AppData\Local\Microsoft\Messenger\x@hotmail.de\SharingMetadata\Working\database_963E_D60B_3ED5_E471\dfsr.db: Das Datenbankmodul gibt die Protokolldatei \\.\C:\Users\RICHARD\AppData\Local\Microsoft\Messenger\x@hotmail.de\SharingMetadata\Working\database_963E_D60B_3ED5_E471\fsr.log wieder. Record Number: 75713 Source Name: ESENT Time Written: 20090105212552.000000-000 Event Type: Informationen User: Computer Name: x-PC Event Code: xxx Message: msnmsgr (3588) \\.\C:\Users\RICHARD\AppData\Local\Microsoft\Messenger\x@hotmail.de\SharingMetadata\Working\database_963E_D60B_3ED5_E471\dfsr.db: Das Datenbankmodul hat erfolgreich die Schritte zur Wiederherstellung abgeschlossen. Record Number: 75714 Source Name: ESENT Time Written: 20090105212552.000000-000 Event Type: Informationen User: Computer Name: x-PC Event Code: x Message: Unsupported service control request (see data below) Record Number: 75715 Source Name: LightScribeService Time Written: 20090105213020.000000-000 Event Type: Informationen User: Security event log Computer Name: xD-PC Event Code: xxxx Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen. Dateiname: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys Record Number: 111557 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090105213013.705400-000 Event Type: Überwachung gescheitert User: Computer Name: x-PC Event Code: xxxx Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen. Dateiname: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys Record Number: 111558 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090105213013.744400-000 Event Type: Überwachung gescheitert User: Computer Name: x-PC Event Code: xxxx Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen. Dateiname: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys Record Number: 111559 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090105213013.774400-000 Event Type: Überwachung gescheitert User: Computer Name: x-PC Event Code: xxxx Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen. Dateiname: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys Record Number: 111560 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090105213013.805400-000 Event Type: Überwachung gescheitert User: Computer Name: x-PC Event Code: xxxx Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen. Dateiname: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys Record Number: 111561 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090105213013.835400-000 Event Type: Überwachung gescheitert User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "Path"=C:\Program Files\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\ "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC "PROCESSOR_ARCHITECTURE"=x86 "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "USERNAME"=SYSTEM "windir"=%SystemRoot% "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 14 Stepping 8, GenuineIntel "PROCESSOR_REVISION"=0e08 "NUMBER_OF_PROCESSORS"=2 "CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_06\lib\ext\QTJava.zip "QTJAVA"=C:\Program Files\Java\jre1.6.0_06\lib\ext\QTJava.zip -----------------EOF----------------- |
06.01.2009, 21:48 | #27 |
| internet explorer öffnet ständig neue fenster! virus ? Irgendetwas stimmt mit deiner TCPIP.SYS nicht. Kann es sein, dass du die für P2P gepatch hast? ciao, andreas |
06.01.2009, 22:02 | #28 |
| internet explorer öffnet ständig neue fenster! virus ? hm. da ich nicht einmal weiß was das ist, denke ich nich, dass ich da irgendwas gepacht habe ? wieso ? was ist denn da ?? |
06.01.2009, 22:13 | #29 | |
| internet explorer öffnet ständig neue fenster! virus ?Zitat:
ciao, andreas |
07.01.2009, 15:00 | #30 |
| internet explorer öffnet ständig neue fenster! virus ? ich hab 2 scans durchgeführt, hab dann jetzt auch zwei protokolle. hier das erste: SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 01/06/2009 at 02:30 PM Application Version : 4.24.1004 Core Rules Database Version : 3696 Trace Rules Database Version: 1672 Scan type : Complete Scan Total Scan Time : 01:12:08 Memory items scanned : 651 Memory threats detected : 0 Registry items scanned : 8555 Registry threats detected : 0 File items scanned : 29149 File threats detected : 25 Adware.Tracking Cookie C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\x@sevenoneintermedia.112.2o7[1].txt C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\x@weborama[2].txt C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\@azjmp[2].txt C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\x@serw.clicksor[1].txt C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\x@atwola[1].txt C:\Users\Rx\AppData\Roaming\Microsoft\Windows\Cookies\x@myroitracking[1].txt C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\x@atdmt[2].txt C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\x@adserver.71i[1].txt C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\x@doubleclick[1].txt C:\Users\x_2\AppData\Roaming\Microsoft\Windows\Cookies\Low\x@tto2.traffictrack[1].txt C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\Low\x@doubleclick[1].txt C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\Low\x@komtrack[2].txt C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\Low\x@adserver.71i[1].txt C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\Low\x@www.etracker[2].txt C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\Low\x@ads.heias[2].txt C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\Low\x@adfarm1.adition[1].txt C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\Low\x@euros4click[2].txt C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\Low\x@statse.webtrendslive[2].txt C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\Low\x@advertising[1].txt C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\Low\x@ottogroup.112.2o7[1].txt C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\Low\x@webmasterplan[1].txt C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\Low\x@ad.zanox[1].txt C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\Low\x@ottotrialpopunders.112.2o7[1].txt C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\Low\x@traffictrack[2].txt BearShare File Sharing Client C:\USERS\x\DOCUMENTS\ICQ LITE\216******\ELLI_296******\BEARSHARE.EXE und hier das zweite: SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 01/06/2009 at 04:59 AM Application Version : 4.24.1004 Core Rules Database Version : 3696 Trace Rules Database Version: 1672 Scan type : Complete Scan Total Scan Time : 01:20:05 Memory items scanned : 310 Memory threats detected : 0 Registry items scanned : 8184 Registry threats detected : 0 File items scanned : 42500 File threats detected : 14 Adware.Tracking Cookie C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\x@sevenoneintermedia.112.2o7[1].txt C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\x@weborama[2].txt C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\x@zbox.zanox[1].txt C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\x@azjmp[2].txt C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\x@serw.clicksor[1].txt C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\x@atwola[2].txt C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\x@myroitracking[1].txt C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\x@atdmt[2].txt C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\x@adserver.71i[2].txt C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\x@tradedoubler[2].txt C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\Low\x@doubleclick[2].txt C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\x@adserver.71i[1].txt C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\x@atwola[1].txt BearShare File Sharing Client C:\USERS\RICHARD\DOCUMENTS\ICQ LITE\216******\ELLI_296******\BEARSHARE.EXE |
Themen zu internet explorer öffnet ständig neue fenster! virus ? |
.com, adobe, antivir, antivirus, avg, avira, bho, defender, excel, hijack, hijackthis, hijackthis log, hkus\s-1-5-18, home, install.exe, internet, internet explorer, local\temp, logfile, magix, neue seite, object, plug-in, problem, rundll, server, software, solution, system, temp, virus, virus ?, vista, windows, windows defender, windows sidebar |