| |
| |||||||
Mülltonne: Werde Virus/Trojaner TrojanDownloader:Win32/Renos.JS nicht losWindows 7 Beiträge, die gegen unsere Regeln verstoßen haben, solche, die die Welt nicht braucht oder sonstiger Müll landet hier in der Mülltonne... |
02.10.2009, 14:29
| #1 |
 |  Werde Virus/Trojaner TrojanDownloader:Win32/Renos.JS nicht los Hallo, ich glaube ich habe seit gestern einen Virus oder einen Trojaner auf meinem Laptop. Es hat damit angefangen, dass sich ständig Internet-Seiten mit Werbung selbstständig geöffnet hat, dann kam einige Male die Meldung b.exe funktioniert nicht mehr. Anschließend fand der Windows Defender was gefunden namens TrojanDownloader:Win32/Renos.JS mit der Warnstufe Hoch gefunden, was ich sofort löschen ließ. Allerdings scheint es, dass es sich immer wieder selbst wiederherstellt, denn ich bekomme die selbe Meldung immer wieder. Ich habe dann Kaspersky eine Vollständige Systemüberprüfung machen lassen, woraufhin dieser folgendes entdeckt hat: Virus HEUR:Trojan.Script.Inframer: C:\Documents and Settings\Natalin\Lokale Einstellungen\Microsoft\Windows\Temporary Internet Files\Content.IE5\1KZTUU0Y\count[2].htm (jetzt unter Quarantäne) trojanisches Programm Trojan.Win32.FraudPack.urh C:\Users\Natalin\AppData\Local\Temp\a.exe (gelöscht) Hier ist das HijackThis logfile: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:52:39, on 02.10.2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v8.00 (8.00.6001.18813) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Users\***\AppData\Local\Temp\c.exe C:\Users\***\AppData\Local\Temp\b.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Synaptics\SynTP\SynTPStart.exe C:\Program Files\Launch Manager\LaunchAp.exe C:\Program Files\Launch Manager\HotkeyApp.exe C:\Program Files\Launch Manager\OSD.exe C:\Program Files\Launch Manager\WButton.exe C:\Program Files\Softex\OmniPass\scureapp.exe C:\Windows\System32\rundll32.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe C:\Program Files\ICQ6.5\ICQ.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\conime.exe C:\Windows\system32\SearchProtocolHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Windows\system32\SearchFilterHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.web.de/home R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.web.de/home R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll R3 - URLSearchHook: (no name) - - (no file) R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll O1 - Hosts: ::1 localhost O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: WEB.DE Browser Configuration by mquadr.at - {D48FF4B4-E68F-47D1-8E25-81A0F0EEB341} - C:\Windows\System32\ieconfig_1und1.dll (file missing) O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [Skytel] Skytel.exe O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe" O4 - HKLM\..\Run: [HotkeyApp] "C:\Program Files\Launch Manager\HotkeyApp.exe" O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe" O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSD.exe" O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe" O4 - HKLM\..\Run: [OmniPass] C:\Program Files\Softex\OmniPass\scureapp.exe O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\HomeCinema\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\HomeCinema\YouCam" update "Software\CyberLink\YouCam\1.0" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-21-3746718226-2592118931-1477567580-1002\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Natalin') O4 - HKUS\S-1-5-21-3746718226-2592118931-1477567580-1002\..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent (User 'Natalin') O4 - HKUS\S-1-5-21-3746718226-2592118931-1477567580-1002\..\Run: [PopRock] C:\Users\Natalin\AppData\Local\Temp\b.exe (User 'Natalin') O4 - S-1-5-21-3746718226-2592118931-1477567580-1002 Startup: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Natalin') O4 - S-1-5-21-3746718226-2592118931-1477567580-1002 User Startup: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Natalin') O8 - Extra context menu item: &AOL Toolbar-Suche - c:\program files\aol\aol toolbar 5.0\resources\de-de\local\search.html O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202 O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll O9 - Extra button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-37276-17534-25/4 (file missing) O9 - Extra 'Tools' menuitem: eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-37276-17534-25/4 (file missing) O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll O9 - Extra button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe O9 - Extra button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-37276-17534-15/4 (file missing) (HKCU) O9 - Extra 'Tools' menuitem: eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-37276-17534-15/4 (file missing) (HKCU) O13 - Gopher Prefix: O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game01.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe O23 - Service: lxbf_device - - C:\Windows\system32\lxbfcoms.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Program Files\Softex\OmniPass\OmniServ.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: IEConfig 1und1/WEB.DE/GMX Edition (serviceIEConfig) - Unknown owner - C:\Windows\System32\ieconfig_1und1_svc.exe (file missing) O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe -- End of file - 13672 bytes Ich hoffe ihr könnt mir helfen. Danke schon mal im Voraus. LG nilatan |
|
02.10.2009, 22:54
| #2 | ||
| /// Helfer-Team    | Werde Virus/Trojaner TrojanDownloader:Win32/Renos.JS nicht los Hallo und Herzlich Willkommen!
__________________ Gibt es einen "relativ einfachen Weg",wenn eine frische Infektion vorliegt,oder mal bestimmte Probleme bekommt man auch gelöst, was man sogleich ausprobieren sollte: Zitat:
Zitat:
(drücke beim Hochfahren des Rechners [F8] solange, bis du eine Auswahlmöglichkeit hast, da "abgesicherten Modus " wählen) Auf jeden Fall positive als auch negative Rückmeldungen erwünscht gruß Coverflow |
|
03.10.2009, 17:35
| #3 |
| | Werde Virus/Trojaner TrojanDownloader:Win32/Renos.JS nicht los Habe heute morgen die Systemwiederherstellung gemacht und seitdem hat der Defender den TrojanDownloader nicht mehr gefunden. Danke für die Hilfe.
__________________Ich werde es auf jeden Fall die nächsten Tage nochmal beobachten und immer wieder den Defender und Kaspersky durchlaufen lassen. Ich habe irgendwie Angst mich zu früh zu freuen. |
|
03.10.2009, 20:20
| #4 | |
| /// Helfer-Team | Werde Virus/Trojaner TrojanDownloader:Win32/Renos.JS nicht los hi Auch nach Systemwiederherstellung können noch (Viren) Probleme auftreten. Daher ich würde noch eine gründliche Systemreinigung und Systemupdate vorschlagen. Wenn du einverstanden bist, dann führe die folgenden Schritte in der angegebenen Reihenfolge aus: 1. - Lade dir RSIT - http://filepony.de/download-rsit/: - an einen Ort deiner Wahl und führe die rsit.exe aus - wird "Hijackthis" auch von RSIT installiert und ausgeführt - RSIT erstellt 2 Logfiles (C:\rsit\log.txt und C:\rsit\info.txt) mit erweiterten Infos von deinem System - diese beide bitte komplett hier posten **Kannst Du das Log in Textdatei speichern und hier anhängen (auf "Erweitert" klicken) 2. Ich würde gerne noch all deine installierten Programme sehen: Lade dir das Tool CCleaner herunter installieren ("Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ unter Options settings-> "german" einstellen dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..." wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein Zitat:
|
|
05.10.2009, 15:32
| #5 |
| | Werde Virus/Trojaner TrojanDownloader:Win32/Renos.JS nicht los Hallo, natürlich würde ich auf Nummer sichr gehen und die Gewissheit haben wollen, dass es meinem Pc wieder gut geht. Ich bin nur etwas verunsichert, da ich noch nie was von diesen Programmen gehört habe und nicht weiß, was für Informationen ich durch diese Logfiles in einem öffentlichen Forum wie diesem preisgebe.  Könntest du mir deshalb erklären, worum es bei diesen Programmen handelt und was für Informationen ich über mich und mein Pc dadurch veröffentliche? lieben Gruß, nilatan |
|
06.10.2009, 00:21
| #6 |
| /// Helfer-Team | Werde Virus/Trojaner TrojanDownloader:Win32/Renos.JS nicht los Deine persönlichen Angaben/Daten (die persönliche Merkmale enthalten, wie Name, Seriennummer etc) kannst Du aus dem geposteten Logs heraus löschen bzw durch ein "X" ersetzen ansonsten nix dabei |
|
08.10.2009, 18:23
| #7 |
| | Werde Virus/Trojaner TrojanDownloader:Win32/Renos.JS nicht los Seit der Systemwiderherstellung sind keine Probleme mehr aufgetreten. Windows Defender und Kaspersky zeigen zum Glück auch nichts mehr an. Hier erst einmal die sachen die du durchsuchen wolltest. Code:
ATTFilter Log.txt Logfile of random's system information tool 1.06 (written by random/random) Run by *** at 2009-10-06 13:14:37 Microsoft® Windows Vista™ Home Premium Service Pack 1 System drive C: has 118 GB (42%) free of 282 GB Total RAM: 3070 MB (49% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:15:21, on 06.10.2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v8.00 (8.00.6001.18813) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Synaptics\SynTP\SynTPStart.exe C:\Program Files\Launch Manager\LaunchAp.exe C:\Program Files\Launch Manager\HotkeyApp.exe C:\Program Files\Launch Manager\OSD.exe C:\Program Files\Launch Manager\WButton.exe C:\Program Files\Softex\OmniPass\scureapp.exe C:\Windows\System32\rundll32.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Users\***\Downloads\RSIT.exe C:\Program Files\Trend Micro\HijackThis\*** .exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.web.de/home R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.web.de/home R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://www.aldi.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll R3 - URLSearchHook: (no name) - - (no file) R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll O1 - Hosts: ::1 localhost O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: WEB.DE Browser Configuration by mquadr.at - {D48FF4B4-E68F-47D1-8E25-81A0F0EEB341} - C:\Windows\System32\ieconfig_1und1.dll (file missing) O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [Skytel] Skytel.exe O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe" O4 - HKLM\..\Run: [HotkeyApp] "C:\Program Files\Launch Manager\HotkeyApp.exe" O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe" O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSD.exe" O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe" O4 - HKLM\..\Run: [OmniPass] C:\Program Files\Softex\OmniPass\scureapp.exe O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\HomeCinema\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\HomeCinema\YouCam" update "Software\CyberLink\YouCam\1.0" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-21-3746718226-2592118931-1477567580-1002\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User '***') O4 - HKUS\S-1-5-21-3746718226-2592118931-1477567580-1002\..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent (User '***') O4 - HKUS\S-1-5-21-3746718226-2592118931-1477567580-1002\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User '***') O4 - S-1-5-21-3746718226-2592118931-1477567580-1002 Startup: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User '***') O4 - S-1-5-21-3746718226-2592118931-1477567580-1002 User Startup: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User '***') O8 - Extra context menu item: &AOL Toolbar-Suche - c:\program files\aol\aol toolbar 5.0\resources\de-de\local\search.html O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll O9 - Extra button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-37276-17534-25/4 (file missing) O9 - Extra 'Tools' menuitem: eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-37276-17534-25/4 (file missing) O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll O9 - Extra button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe O9 - Extra button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-37276-17534-15/4 (file missing) (HKCU) O9 - Extra 'Tools' menuitem: eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-37276-17534-15/4 (file missing) (HKCU) O13 - Gopher Prefix: O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe O23 - Service: lxbf_device - - C:\Windows\system32\lxbfcoms.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Program Files\Softex\OmniPass\OmniServ.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: IEConfig 1und1/WEB.DE/GMX Edition (serviceIEConfig) - Unknown owner - C:\Windows\System32\ieconfig_1und1_svc.exe (file missing) O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe -- End of file - 12710 bytes ======Scheduled tasks folder====== C:\Windows\tasks\User_Feed_Synchronization-{2C6CA6EC-7275-40EC-BB3A-9A05438D87B6}.job C:\Windows\tasks\User_Feed_Synchronization-{A00D915F-9300-4454-ACC2-AED87FA34DBF}.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}] Octh Class - C:\Program Files\Orbitdownloader\orbitcth.dll [2008-09-17 130248] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}] IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll [2009-07-03 68112] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}] Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}] AOL Toolbar Launcher - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll [2008-02-22 1086816] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live Anmelde-Hilfsprogramm - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2008-07-22 2427968] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D48FF4B4-E68F-47D1-8E25-81A0F0EEB341}] WEB.DE Browser Configuration by mquadr.at - C:\Windows\System32\ieconfig_1und1.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}] Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}] FilterBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll [2009-10-03 264720] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2008-07-22 2427968] {855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2008-06-12 958712] {DE9C389F-3316-41A7-809B-AA305ED9D922} - AOL Toolbar - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll [2008-02-22 1086816] {21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184] "IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2007-10-03 178712] "RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-07-03 6266880] "Skytel"=C:\Windows\Skytel.exe [2008-06-25 1826816] "SynTPStart"=C:\Program Files\Synaptics\SynTP\SynTPStart.exe [2007-08-31 102400] "LaunchAp"=C:\Program Files\Launch Manager\LaunchAp.exe [2007-09-01 32768] "HotkeyApp"=C:\Program Files\Launch Manager\HotkeyApp.exe [2007-09-06 188416] "CtrlVol"=C:\Program Files\Launch Manager\CtrlVol.exe [] "LMgrOSD"=C:\Program Files\Launch Manager\OSD.exe [2006-12-26 180224] "Wbutton"=C:\Program Files\Launch Manager\Wbutton.exe [2007-09-07 86016] "OmniPass"=C:\Program Files\Softex\OmniPass\scureapp.exe [2007-11-02 2564096] "LanguageShortcut"=C:\Program Files\HomeCinema\PowerDVD\Language\Language.exe [2007-01-08 52256] "UCam_Menu"=C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe [2007-09-13 222504] "NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-07-11 13543968] "NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-07-11 92704] "toolbar_eula_launcher"=C:\Program Files\GoogleEULA\EULALauncher.exe [2007-02-09 16896] "NBKeyScan"=C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2008-06-08 2221352] "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-03-01 413696] "TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-03-25 198160] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696] "AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe [2009-07-03 303376] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-21 1233920] "msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [2008-06-24 1840424] "ICQ"=C:\Program Files\ICQ6.5\ICQ.exe [2009-03-01 172792] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon] C:\Windows\system32\klogon.dll [2009-07-03 219664] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableUIADesktopToggle"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\Program Files\Orbitdownloader\orbitdm.exe"="C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit" "C:\Program Files\Orbitdownloader\orbitnet.exe"="C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] Geändert von nilatan (08.10.2009 um 19:19 Uhr) |
|
08.10.2009, 18:25
| #8 |
| | Werde Virus/Trojaner TrojanDownloader:Win32/Renos.JS nicht los ..der Rest von log.txt Code:
ATTFilter ======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 months======
2009-10-06 13:14:37 ----D---- C:\rsit
2009-10-03 10:35:01 ----A---- C:\Windows\system32\wdigest.dll
2009-10-03 10:35:01 ----A---- C:\Windows\system32\schannel.dll
2009-10-03 10:35:01 ----A---- C:\Windows\system32\msv1_0.dll
2009-10-03 10:35:01 ----A---- C:\Windows\system32\lsasrv.dll
2009-10-03 10:35:01 ----A---- C:\Windows\system32\kerberos.dll
2009-10-03 10:35:00 ----A---- C:\Windows\system32\secur32.dll
2009-10-03 10:35:00 ----A---- C:\Windows\system32\lsass.exe
2009-10-03 10:26:00 ----D---- C:\Program Files\Kaspersky Lab
2009-10-03 10:12:26 ----A---- C:\Windows\system32\netiohlp.dll
2009-10-03 10:12:25 ----A---- C:\Windows\system32\TCPSVCS.EXE
2009-10-03 10:12:25 ----A---- C:\Windows\system32\ROUTE.EXE
2009-10-03 10:12:25 ----A---- C:\Windows\system32\NETSTAT.EXE
2009-10-03 10:12:25 ----A---- C:\Windows\system32\netevent.dll
2009-10-03 10:12:25 ----A---- C:\Windows\system32\MRINFO.EXE
2009-10-03 10:12:25 ----A---- C:\Windows\system32\HOSTNAME.EXE
2009-10-03 10:12:25 ----A---- C:\Windows\system32\finger.exe
2009-10-03 10:12:25 ----A---- C:\Windows\system32\ARP.EXE
2009-10-03 10:12:08 ----A---- C:\Windows\system32\jscript.dll
2009-10-03 10:12:06 ----A---- C:\Windows\system32\wlanmsm.dll
2009-10-03 10:12:06 ----A---- C:\Windows\system32\L2SecHC.dll
2009-10-03 10:12:05 ----A---- C:\Windows\system32\wlansvc.dll
2009-10-03 10:12:05 ----A---- C:\Windows\system32\wlansec.dll
2009-10-03 10:12:03 ----A---- C:\Windows\system32\WMVCORE.DLL
2009-10-03 10:12:03 ----A---- C:\Windows\system32\mf.dll
2009-10-01 18:35:59 ----D---- C:\Program Files\Kaspersky Lab(98)
2009-09-21 13:08:51 ----D---- C:\ProgramData\BigFish
2009-09-21 13:03:08 ----D---- C:\Program Files\Mein Koenigreich fuer die Prinzessin
2009-09-21 13:01:37 ----D---- C:\Program Files\Hidden Wonders of the Depths 2
2009-09-21 12:55:18 ----D---- C:\Program Files\Bookworm Deluxe
2009-09-21 12:54:17 ----D---- C:\Program Files\Aqua Words
======List of files/folders modified in the last 1 months======
2009-10-06 13:14:54 ----D---- C:\Windows\prefetch
2009-10-06 13:14:12 ----D---- C:\Windows\Temp
2009-10-06 13:12:13 ----D---- C:\ProgramData\Kaspersky Lab
2009-10-06 11:36:37 ----D---- C:\Windows\System32
2009-10-06 11:36:37 ----D---- C:\Windows\inf
2009-10-06 11:36:37 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-10-05 21:50:25 ----SHD---- C:\System Volume Information
2009-10-03 23:36:20 ----D---- C:\Windows\system32\catroot
2009-10-03 21:07:11 ----D---- C:\Windows\rescache
2009-10-03 20:51:24 ----D---- C:\Windows\winsxs
2009-10-03 20:36:31 ----D---- C:\Windows\system32\en-US
2009-10-03 20:36:31 ----D---- C:\Windows\system32\de-DE
2009-10-03 20:36:30 ----D---- C:\Windows\system32\drivers
2009-10-03 20:14:49 ----D---- C:\Windows\system32\catroot2
2009-10-03 20:14:43 ----D---- C:\Program Files\Windows Mail
2009-10-03 20:14:26 ----SHD---- C:\Windows\Installer
2009-10-03 20:14:20 ----D---- C:\Program Files\Microsoft Silverlight
2009-10-03 20:13:09 ----D---- C:\Windows\ehome
2009-10-03 15:16:04 ----SD---- C:\Windows\Downloaded Program Files
2009-10-03 10:34:54 ----D---- C:\Windows
2009-10-03 10:26:00 ----RD---- C:\Program Files
2009-10-03 10:22:35 ----D---- C:\ProgramData\Kaspersky Lab Setup Files
2009-10-03 10:00:47 ----D---- C:\Windows\system32\Msdtc
2009-10-03 10:00:43 ----D---- C:\Windows\system32\wbem
2009-10-03 09:59:52 ----D---- C:\Windows\system32\config
2009-10-03 09:58:42 ----D---- C:\Windows\system32\XPSViewer
2009-10-03 09:58:42 ----D---- C:\Windows\system32\sysprep
2009-10-03 09:58:42 ----D---- C:\Windows\system32\SLUI
2009-10-03 09:58:42 ----D---- C:\Windows\system32\setup
2009-10-03 09:58:42 ----D---- C:\Windows\system32\ras
2009-10-03 09:58:42 ----D---- C:\Windows\system32\oobe
2009-10-03 09:58:42 ----D---- C:\Windows\system32\migwiz
2009-10-03 09:58:42 ----D---- C:\Windows\system32\migration
2009-10-03 09:58:42 ----D---- C:\Windows\system
2009-10-03 09:58:41 ----RSD---- C:\Windows\Media
2009-10-03 09:58:41 ----RSD---- C:\Windows\Fonts
2009-10-03 09:58:41 ----RD---- C:\Windows\Offline Web Pages
2009-10-03 09:58:41 ----D---- C:\Windows\system32\ias
2009-10-03 09:58:41 ----D---- C:\Windows\system32\en
2009-10-03 09:58:41 ----D---- C:\Windows\system32\CodeIntegrity
2009-10-03 09:58:41 ----D---- C:\Windows\ShellNew
2009-10-03 09:58:41 ----D---- C:\Program Files\Windows Sidebar
2009-10-03 09:58:41 ----D---- C:\Program Files\Windows Journal
2009-10-03 09:58:41 ----D---- C:\Program Files\Windows Defender
2009-10-03 09:58:41 ----D---- C:\Program Files\Windows Collaboration
2009-10-03 09:58:41 ----D---- C:\Program Files\Movie Maker
2009-10-03 09:58:41 ----D---- C:\Program Files\Internet Explorer
2009-10-03 09:58:41 ----D---- C:\Program Files\Common Files\System
2009-10-03 09:58:41 ----D---- C:\Program Files\Common Files\Services
2009-10-03 09:58:30 ----D---- C:\Windows\Tasks
2009-10-03 09:58:30 ----D---- C:\Windows\system32\Tasks
2009-10-03 09:58:30 ----D---- C:\Windows\system32\spool
2009-10-03 09:58:22 ----D---- C:\Program Files\VDOWNLOADER
2009-10-03 09:57:45 ----D---- C:\Windows\registration
2009-09-30 14:57:39 ----AD---- C:\ProgramData\TEMP
2009-09-21 13:08:51 ----HD---- C:\ProgramData
2009-09-21 13:08:11 ----D---- C:\BigFishGamesCache
2009-09-07 21:00:16 ----D---- C:\Program Files\Pogo DE
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Hotkey;Hotkey; C:\Windows\system32\drivers\Hotkey.sys [2003-04-28 9867]
R1 kl1;kl1; C:\Windows\system32\DRIVERS\kl1.sys [2009-06-15 128016]
R1 KLIF;Kaspersky Lab Driver; C:\Windows\system32\DRIVERS\klif.sys [2009-10-03 280592]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter; C:\Windows\system32\DRIVERS\klim6.sys [2009-05-15 21008]
R3 ATSWPDRV;AuthenTec TruePrint USB Driver (SwipeSensor); C:\Windows\system32\DRIVERS\ATSwpDrv.sys [2007-08-28 146560]
R3 BthEnum;Bluetooth-Anforderungsblocktreiber; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-01-21 19456]
R3 BthPan;Bluetooth-Gerät (PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160]
R3 BTHUSB;USB-Treiber für Bluetooth-Funkgerät; C:\Windows\System32\Drivers\BTHUSB.sys [2008-07-10 29184]
R3 Cam5607;Bison Webcam; C:\Windows\System32\Drivers\BisonC07.sys [2007-08-30 805416]
R3 CmBatt;Treiber für Microsoft-ACPI-Kontrollmethodenkompatible Batterie; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-07-03 2152088]
R3 klmouflt;Kaspersky Lab KLMOUFLT; C:\Windows\system32\DRIVERS\klmouflt.sys [2009-05-16 19472]
R3 NETw4v32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2008-03-13 2555392]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-07-11 7539744]
R3 RFCOMM;Bluetooth-Gerät (RFCOMM-Protokoll-TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2008-01-21 49664]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-06-25 84480]
R3 RTSTOR;Realtek USB 2.0 Card Reader; C:\Windows\system32\drivers\RTSTOR.SYS [2009-03-26 64000]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-08-31 192688]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-21 11264]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S3 BTHPORT;Bluetooth-Porttreiber; C:\Windows\System32\Drivers\BTHport.sys [2008-07-10 220160]
S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2009-02-06 55280]
S3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 tbhsd;Tunebite High-Speed Dubbing; C:\Windows\system32\drivers\tbhsd.sys [2008-09-25 44320]
S3 usbscan;USB-Scannertreiber; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328]
S3 usbvideo;USB-Videogerät (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-21 39936]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AVP;Kaspersky Internet Security; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe [2009-07-03 303376]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2007-10-03 358936]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2008-06-10 222456]
R2 lxbf_device;lxbf_device; C:\Windows\system32\lxbfcoms.exe [2007-04-24 537520]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-06-08 877864]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-07-11 196608]
R2 omniserv;Softex OmniPass Service; C:\Program Files\Softex\OmniPass\OmniServ.exe [2007-11-02 40960]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [2006-12-19 81920]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2007-01-09 272024]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-06-24 537896]
R3 WisLMSvc;WisLMSvc; C:\Program Files\Launch Manager\WisLMSvc.exe [2007-09-11 118784]
S2 serviceIEConfig;IEConfig 1und1/WEB.DE/GMX Edition; C:\Windows\System32\ieconfig_1und1_svc.exe /startedbyscm:016FE01B-40E31F2D-serviceIEConfig []
S3 fsssvc;Windows Live Family Safety; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-07-22 138168]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
-----------------EOF-----------------
|
|
08.10.2009, 18:26
| #9 |
| | Werde Virus/Trojaner TrojanDownloader:Win32/Renos.JS nicht los der info.txt: Code:
ATTFilter ======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 months======
2009-10-06 13:14:37 ----D---- C:\rsit
2009-10-03 10:35:01 ----A---- C:\Windows\system32\wdigest.dll
2009-10-03 10:35:01 ----A---- C:\Windows\system32\schannel.dll
2009-10-03 10:35:01 ----A---- C:\Windows\system32\msv1_0.dll
2009-10-03 10:35:01 ----A---- C:\Windows\system32\lsasrv.dll
2009-10-03 10:35:01 ----A---- C:\Windows\system32\kerberos.dll
2009-10-03 10:35:00 ----A---- C:\Windows\system32\secur32.dll
2009-10-03 10:35:00 ----A---- C:\Windows\system32\lsass.exe
2009-10-03 10:26:00 ----D---- C:\Program Files\Kaspersky Lab
2009-10-03 10:12:26 ----A---- C:\Windows\system32\netiohlp.dll
2009-10-03 10:12:25 ----A---- C:\Windows\system32\TCPSVCS.EXE
2009-10-03 10:12:25 ----A---- C:\Windows\system32\ROUTE.EXE
2009-10-03 10:12:25 ----A---- C:\Windows\system32\NETSTAT.EXE
2009-10-03 10:12:25 ----A---- C:\Windows\system32\netevent.dll
2009-10-03 10:12:25 ----A---- C:\Windows\system32\MRINFO.EXE
2009-10-03 10:12:25 ----A---- C:\Windows\system32\HOSTNAME.EXE
2009-10-03 10:12:25 ----A---- C:\Windows\system32\finger.exe
2009-10-03 10:12:25 ----A---- C:\Windows\system32\ARP.EXE
2009-10-03 10:12:08 ----A---- C:\Windows\system32\jscript.dll
2009-10-03 10:12:06 ----A---- C:\Windows\system32\wlanmsm.dll
2009-10-03 10:12:06 ----A---- C:\Windows\system32\L2SecHC.dll
2009-10-03 10:12:05 ----A---- C:\Windows\system32\wlansvc.dll
2009-10-03 10:12:05 ----A---- C:\Windows\system32\wlansec.dll
2009-10-03 10:12:03 ----A---- C:\Windows\system32\WMVCORE.DLL
2009-10-03 10:12:03 ----A---- C:\Windows\system32\mf.dll
2009-10-01 18:35:59 ----D---- C:\Program Files\Kaspersky Lab(98)
2009-09-21 13:08:51 ----D---- C:\ProgramData\BigFish
2009-09-21 13:03:08 ----D---- C:\Program Files\Mein Koenigreich fuer die Prinzessin
2009-09-21 13:01:37 ----D---- C:\Program Files\Hidden Wonders of the Depths 2
2009-09-21 12:55:18 ----D---- C:\Program Files\Bookworm Deluxe
2009-09-21 12:54:17 ----D---- C:\Program Files\Aqua Words
======List of files/folders modified in the last 1 months======
2009-10-06 13:14:54 ----D---- C:\Windows\prefetch
2009-10-06 13:14:12 ----D---- C:\Windows\Temp
2009-10-06 13:12:13 ----D---- C:\ProgramData\Kaspersky Lab
2009-10-06 11:36:37 ----D---- C:\Windows\System32
2009-10-06 11:36:37 ----D---- C:\Windows\inf
2009-10-06 11:36:37 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-10-05 21:50:25 ----SHD---- C:\System Volume Information
2009-10-03 23:36:20 ----D---- C:\Windows\system32\catroot
2009-10-03 21:07:11 ----D---- C:\Windows\rescache
2009-10-03 20:51:24 ----D---- C:\Windows\winsxs
2009-10-03 20:36:31 ----D---- C:\Windows\system32\en-US
2009-10-03 20:36:31 ----D---- C:\Windows\system32\de-DE
2009-10-03 20:36:30 ----D---- C:\Windows\system32\drivers
2009-10-03 20:14:49 ----D---- C:\Windows\system32\catroot2
2009-10-03 20:14:43 ----D---- C:\Program Files\Windows Mail
2009-10-03 20:14:26 ----SHD---- C:\Windows\Installer
2009-10-03 20:14:20 ----D---- C:\Program Files\Microsoft Silverlight
2009-10-03 20:13:09 ----D---- C:\Windows\ehome
2009-10-03 15:16:04 ----SD---- C:\Windows\Downloaded Program Files
2009-10-03 10:34:54 ----D---- C:\Windows
2009-10-03 10:26:00 ----RD---- C:\Program Files
2009-10-03 10:22:35 ----D---- C:\ProgramData\Kaspersky Lab Setup Files
2009-10-03 10:00:47 ----D---- C:\Windows\system32\Msdtc
2009-10-03 10:00:43 ----D---- C:\Windows\system32\wbem
2009-10-03 09:59:52 ----D---- C:\Windows\system32\config
2009-10-03 09:58:42 ----D---- C:\Windows\system32\XPSViewer
2009-10-03 09:58:42 ----D---- C:\Windows\system32\sysprep
2009-10-03 09:58:42 ----D---- C:\Windows\system32\SLUI
2009-10-03 09:58:42 ----D---- C:\Windows\system32\setup
2009-10-03 09:58:42 ----D---- C:\Windows\system32\ras
2009-10-03 09:58:42 ----D---- C:\Windows\system32\oobe
2009-10-03 09:58:42 ----D---- C:\Windows\system32\migwiz
2009-10-03 09:58:42 ----D---- C:\Windows\system32\migration
2009-10-03 09:58:42 ----D---- C:\Windows\system
2009-10-03 09:58:41 ----RSD---- C:\Windows\Media
2009-10-03 09:58:41 ----RSD---- C:\Windows\Fonts
2009-10-03 09:58:41 ----RD---- C:\Windows\Offline Web Pages
2009-10-03 09:58:41 ----D---- C:\Windows\system32\ias
2009-10-03 09:58:41 ----D---- C:\Windows\system32\en
2009-10-03 09:58:41 ----D---- C:\Windows\system32\CodeIntegrity
2009-10-03 09:58:41 ----D---- C:\Windows\ShellNew
2009-10-03 09:58:41 ----D---- C:\Program Files\Windows Sidebar
2009-10-03 09:58:41 ----D---- C:\Program Files\Windows Journal
2009-10-03 09:58:41 ----D---- C:\Program Files\Windows Defender
2009-10-03 09:58:41 ----D---- C:\Program Files\Windows Collaboration
2009-10-03 09:58:41 ----D---- C:\Program Files\Movie Maker
2009-10-03 09:58:41 ----D---- C:\Program Files\Internet Explorer
2009-10-03 09:58:41 ----D---- C:\Program Files\Common Files\System
2009-10-03 09:58:41 ----D---- C:\Program Files\Common Files\Services
2009-10-03 09:58:30 ----D---- C:\Windows\Tasks
2009-10-03 09:58:30 ----D---- C:\Windows\system32\Tasks
2009-10-03 09:58:30 ----D---- C:\Windows\system32\spool
2009-10-03 09:58:22 ----D---- C:\Program Files\VDOWNLOADER
2009-10-03 09:57:45 ----D---- C:\Windows\registration
2009-09-30 14:57:39 ----AD---- C:\ProgramData\TEMP
2009-09-21 13:08:51 ----HD---- C:\ProgramData
2009-09-21 13:08:11 ----D---- C:\BigFishGamesCache
2009-09-07 21:00:16 ----D---- C:\Program Files\Pogo DE
|
|
08.10.2009, 18:27
| #10 |
| | Werde Virus/Trojaner TrojanDownloader:Win32/Renos.JS nicht los Rest vom info.txt: Code:
ATTFilter ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Hotkey;Hotkey; C:\Windows\system32\drivers\Hotkey.sys [2003-04-28 9867]
R1 kl1;kl1; C:\Windows\system32\DRIVERS\kl1.sys [2009-06-15 128016]
R1 KLIF;Kaspersky Lab Driver; C:\Windows\system32\DRIVERS\klif.sys [2009-10-03 280592]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter; C:\Windows\system32\DRIVERS\klim6.sys [2009-05-15 21008]
R3 ATSWPDRV;AuthenTec TruePrint USB Driver (SwipeSensor); C:\Windows\system32\DRIVERS\ATSwpDrv.sys [2007-08-28 146560]
R3 BthEnum;Bluetooth-Anforderungsblocktreiber; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-01-21 19456]
R3 BthPan;Bluetooth-Gerät (PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160]
R3 BTHUSB;USB-Treiber für Bluetooth-Funkgerät; C:\Windows\System32\Drivers\BTHUSB.sys [2008-07-10 29184]
R3 Cam5607;Bison Webcam; C:\Windows\System32\Drivers\BisonC07.sys [2007-08-30 805416]
R3 CmBatt;Treiber für Microsoft-ACPI-Kontrollmethodenkompatible Batterie; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-07-03 2152088]
R3 klmouflt;Kaspersky Lab KLMOUFLT; C:\Windows\system32\DRIVERS\klmouflt.sys [2009-05-16 19472]
R3 NETw4v32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2008-03-13 2555392]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-07-11 7539744]
R3 RFCOMM;Bluetooth-Gerät (RFCOMM-Protokoll-TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2008-01-21 49664]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-06-25 84480]
R3 RTSTOR;Realtek USB 2.0 Card Reader; C:\Windows\system32\drivers\RTSTOR.SYS [2009-03-26 64000]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-08-31 192688]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-21 11264]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S3 BTHPORT;Bluetooth-Porttreiber; C:\Windows\System32\Drivers\BTHport.sys [2008-07-10 220160]
S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2009-02-06 55280]
S3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 tbhsd;Tunebite High-Speed Dubbing; C:\Windows\system32\drivers\tbhsd.sys [2008-09-25 44320]
S3 usbscan;USB-Scannertreiber; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328]
S3 usbvideo;USB-Videogerät (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-21 39936]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AVP;Kaspersky Internet Security; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe [2009-07-03 303376]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2007-10-03 358936]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2008-06-10 222456]
R2 lxbf_device;lxbf_device; C:\Windows\system32\lxbfcoms.exe [2007-04-24 537520]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-06-08 877864]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-07-11 196608]
R2 omniserv;Softex OmniPass Service; C:\Program Files\Softex\OmniPass\OmniServ.exe [2007-11-02 40960]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [2006-12-19 81920]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2007-01-09 272024]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-06-24 537896]
R3 WisLMSvc;WisLMSvc; C:\Program Files\Launch Manager\WisLMSvc.exe [2007-09-11 118784]
S2 serviceIEConfig;IEConfig 1und1/WEB.DE/GMX Edition; C:\Windows\System32\ieconfig_1und1_svc.exe /startedbyscm:016FE01B-40E31F2D-serviceIEConfig []
S3 fsssvc;Windows Live Family Safety; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-07-22 138168]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
-----------------EOF-----------------
|
|
08.10.2009, 18:29
| #11 |
| | Werde Virus/Trojaner TrojanDownloader:Win32/Renos.JS nicht los ..und der ccleaner: Code:
ATTFilter CCleaner
3531-W-D Silicon Image 16.07.2008 1,18MB
7-Zip 4.57 04.09.2008 2,86MB
Activation Assistant for the 2007 Microsoft Office suites Microsoft Corporation 03.09.2008 13,5MB
Active@ File Recovery LSoft Technologies 14.06.2009 3,02MB
Adobe Flash Player 10 ActiveX Adobe Systems Incorporated 11.03.2009
Adobe Flash Player 10 Plugin Adobe Systems Incorporated 04.10.2009
Adobe Reader 9.1.2 - Deutsch Adobe Systems Incorporated 18.07.2009 158,1MB
Adobe Shockwave Player Adobe Systems, Inc. 03.03.2009 17,0MB
AIM 19.09.2008
AOL Toolbar 5.0 AOL 22.02.2009 2,61MB
Apple Software Update Apple Inc. 28.02.2009 2,16MB
Big Fish Games Client 05.06.2009 5,38MB
Bitvise Tunnelier 4.26 (remove only) 15.10.2008 15,3MB
CCleaner (remove only) Piriform 05.10.2009 2,71MB
Chocolatier PlayFirst, Inc. 14.10.2008 22,8MB
Cobra Starship Screensaver 29.11.2008
Compatibility Pack für 2007 Office System Microsoft Corporation 10.06.2009
Cooking Academy Zylom Games 16.04.2009 99,1MB
CyberLink PowerDirector CyberLink Corp. 16.07.2008 229,8MB
CyberLink PowerProducer CyberLink Corp. 16.07.2008 299,9MB
CyberLink YouCam CyberLink Corp. 16.07.2008 34,3MB
Die Sims 2 03.09.2008 2.808,0MB
Die Sims 2: Open For Business 03.09.2008 697,7MB
Die Sims™ 2 Apartment-Leben Electronic Arts 08.09.2008 1.241,7MB
Die Sims™ 2 Freizeit-Spaß Electronic Arts 07.09.2008 1.194,6MB
Die Sims™ 2 Gute Reise Electronic Arts 03.09.2008 946,8MB
Die Sims™ 2 Haustiere 03.09.2008 801,0MB
DivX Codec DivX, Inc. 06.10.2008 1,40MB
DivX Converter DivX, Inc. 06.10.2008 30,4MB
DivX Player 06.10.2008 15,4MB
DivX Web Player DivX,Inc. 06.10.2008 2,93MB
Free Studio version 4.1 DVD Video Soft Limited. 23.12.2008 40,8MB
Free YouTube to Mp3 Converter version 3.1 DVD Video Soft Limited. 23.12.2008 5,34MB
Gehirntraining 06.08.2009 98,5MB
Google Toolbar for Internet Explorer 21.07.2008 12,0MB
HijackThis 2.0.2 TrendMicro 12.04.2009 0,41MB
ICQ Toolbar ICQ 04.09.2008
ICQ6.5 ICQ 02.12.2008 41,6MB
Intel(R) Matrix Storage Manager 03.09.2008 3,77MB
Java(TM) 6 Update 7 Sun Microsystems, Inc. 16.07.2008 163,8MB
Kaspersky Internet Security 2010 Kaspersky Lab 02.10.2009 35,5MB
Launch Manager V1.4.9 Wistron Corp. 16.07.2008 0,98MB
Letstrade Buhl Data Service 16.07.2008 26,0MB
LetsTrade Komponenten 03.09.2008 19,6MB
Lexmark X6100 Series Lexmark International, Inc. 21.10.2008 42,7MB
MakeDisc CyberLink Corp. 03.09.2008 102,1MB
MediaShow CyberLink Corporation 03.09.2008 33,1MB
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft Corporation 14.08.2009 37,0MB
Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 12.04.2009 37,0MB
Microsoft Office Home and Student 2007 Microsoft Corporation 16.07.2008 299,5MB
Microsoft Office Live Add-in 1.3 Microsoft Corporation 11.04.2009 0,48MB
Microsoft Office PowerPoint Viewer 2007 (German) Microsoft Corporation 15.05.2009
Microsoft Silverlight Microsoft Corporation 02.10.2009
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 11.04.2009 1,74MB
Microsoft Sync Framework Runtime Native v1.0 (x86) Microsoft Corporation 11.04.2009 0,61MB
Microsoft Sync Framework Services Native v1.0 (x86) Microsoft Corporation 11.04.2009 1,45MB
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 29.07.2009 0,25MB
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 16.07.2008 0,41MB
Microsoft Works Microsoft Corporation 10.06.2009 378,0MB
Moorhuhn 2 30.01.2009 53,6MB
Mozilla Firefox (3.0.8) Mozilla 14.04.2009 23,3MB
MSXML 4.0 SP2 (KB936181) Microsoft Corporation 16.07.2008 1,27MB
MSXML 4.0 SP2 (KB941833) Microsoft Corporation 16.07.2008 1,27MB
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 18.11.2008 1,28MB
Nero 8 Essentials Nero AG 25.10.2008 1.825,4MB
NVIDIA Drivers 03.09.2008
OmniPass 5.00.91 Softex Inc. 16.07.2008 26,5MB
Orbit Downloader www.orbitdownloader.com 11.10.2008 8,30MB
Pastry Passion Deluxe Zylom Games 13.06.2009 99,1MB
PhotoNow! CyberLink Corp. 03.09.2008 1,60MB
PixiePack Codec Pack None 14.10.2008 11,4MB
Power Sound Editor Free PowerSoundEditorFree Inc. 06.10.2008 14,8MB
PowerDVD CyberLink Corporation 03.09.2008 87,2MB
PPTools - Remove ALL 30.01.2009
QuickTime Apple Inc. 28.02.2009 74,4MB
RealPlayer RealNetworks 24.03.2009 45,0MB
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista Realtek 16.07.2008 0,70MB
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 16.07.2008 22,0MB
Realtek USB 2.0 Card Reader Realtek Semiconductor Corp. 16.07.2008 2,97MB
Screensaver_Spongebob 29.11.2008
Spelling Dictionaries Support For Adobe Reader 9 Adobe Systems Incorporated 28.03.2009 29,7MB
Sweet Home 3D version 1.6 eTeks 04.03.2009 88,1MB
Synaptics Pointing Device Driver Synaptics 16.07.2008 13,6MB
The Poppit! Show Oberon Media 06.10.2008 18,0MB
Ulead PhotoImpact 12 Ulead System 03.09.2008 389,2MB
Uninstall 1.0.0.1 23.12.2008 39,4MB
VDownloader 0.76 Enrique Puertas 20.12.2008 5,26MB
Viewpoint Media Player 19.09.2008 7,30MB
Wecker 2.2 2.2 Frederik Trinkmann 10.05.2009 0,76MB
Windows Live Anmelde-Assistent Microsoft Corporation 05.03.2009 1,93MB
Windows Live Essentials Microsoft Corporation 11.04.2009 144,2MB
Windows Live Sync Microsoft Corporation 11.04.2009 2,80MB
Windows Live-Uploadtool Microsoft Corporation 11.04.2009 0,22MB
WISO Mein Geld 2008 Professional Buhl Data Service GmbH 16.07.2008 167,5MB
Zylom puzzles Deluxe Zylom Games 19.09.2008 11,9MB
 |
|
08.10.2009, 19:39
| #12 |
| | Werde Virus/Trojaner TrojanDownloader:Win32/Renos.JS nicht los Mist.. habe bei info.txt irgendwas vom log.txt gepostet. konnte es leider nicht mehr editieren. hier also nochmal der info.txt. die anderen 2 posts einfach ignorieren Code:
ATTFilter info.txt
info.txt logfile of random's system information tool 1.06 2009-10-06 13:15:29
======Uninstall list======
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Windows\UNNeroBackItUp.exe /UNINSTALL
-->C:\Windows\UNNeroMediaHome.exe /UNINSTALL
-->C:\Windows\UNNeroShowTime.exe /UNINSTALL
-->C:\Windows\UNNeroVision.exe /UNINSTALL
-->C:\Windows\UNRecode.exe /UNINSTALL
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0407-0000-0000000FF1CE} /uninstall {DCBECE36-8F23-4B33-925E-A1C6183C0DBD}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0407-0000-0000000FF1CE} /uninstall {DCBECE36-8F23-4B33-925E-A1C6183C0DBD}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0407-0000-0000000FF1CE} /uninstall {DCBECE36-8F23-4B33-925E-A1C6183C0DBD}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0410-0000-0000000FF1CE} /uninstall {58FC5E37-DD28-4D4A-A549-125744C6763C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0407-0000-0000000FF1CE} /uninstall {888B9AC7-8F5C-456B-A27A-157A6C310E52}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0407-0000-0000000FF1CE} /uninstall {DCBECE36-8F23-4B33-925E-A1C6183C0DBD}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
3531-W-D-->MsiExec.exe /X{BD1587F7-B8D0-4111-8F1F-3327628AB02F}
7-Zip 4.57-->"C:\Program Files\7-Zip\Uninstall.exe"
Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.1.2 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A91000000001}
Adobe Shockwave Player-->C:\Windows\System32\Adobe\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Adobe\SHOCKW~1\Install.log
AIM-->C:\Program Files\AIM6\uninst.exe
AOL Toolbar 5.0-->"C:\Program Files\AOL\AOL Toolbar 5.0\uninstall.exe"
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
AuthenTec Fingerprint Sensor Minimum Install-->MsiExec.exe /X{E815FB81-995F-4F33-8E25-F16712123AB7}
Big Fish Games Client-->C:\Program Files\bfgclient\Uninstall.exe
Bitvise Tunnelier 4.26 (remove only)-->"C:\Program Files\Bitvise Tunnelier\uninst.exe" Tunnelier
Chocolatier-->C:\PROGRA~1\PLAYFI~1\CHOCOL~1\UNWISE.EXE C:\PROGRA~1\PLAYFI~1\CHOCOL~1\INSTALL.LOG
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Cobra Starship Screensaver-->C:\Windows\system32\Cobra Starship Screensaver.scr /u
Compatibility Pack für 2007 Office System-->MsiExec.exe /X{90120000-0020-0407-0000-0000000FF1CE}
CyberLink PowerDirector-->"C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\Setup.exe" /z-uninstall
CyberLink PowerProducer-->"C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\Setup.exe" /z-uninstall
CyberLink PowerProducer-->"C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\Setup.exe" /z-uninstall
CyberLink YouCam-->"C:\Program Files\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\Setup.exe" /z-uninstall
Der Spongebob Schwammkopf Film Screen Saver-->C:\Windows\Der Spongebob Schwammkopf Film.scr /u
Die Sims 2: Open For Business-->C:\Program Files\EA GAMES\Die Sims 2 Open For Business\EAUninstall.exe
Die Sims 2-->C:\Program Files\EA GAMES\Die Sims 2\EAUninstall.exe
Die Sims™ 2 Apartment-Leben-->C:\Program Files\EA GAMES\Die Sims 2 Apartment-Leben\EAUninstall.exe
Die Sims™ 2 Freizeit-Spaß-->C:\Program Files\EA GAMES\Die Sims 2 Freizeit-Spaß\EAUninstall.exe
Die Sims™ 2 Gute Reise-->C:\Program Files\EA GAMES\Die Sims 2 Gute Reise\EAUninstall.exe
Die Sims™ 2 Haustiere-->C:\Program Files\EA GAMES\Die Sims 2 Haustiere\EAUninstall.exe
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Free Studio version 4.1-->"C:\Program Files\DVDVideoSoft\Free Studio\unins000.exe"
Free YouTube to Mp3 Converter version 3.1-->"C:\Program Files\DVDVideoSoft\Free YouTube to Mp3 Converter\unins000.exe"
Gehirntraining-->"C:\Program Files\Gehirntraining\Uninstall.exe"
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
ICQ Toolbar-->C:\Program Files\ICQ6Toolbar\ICQUnToolbar.exe
ICQ6.5-->"C:\Program Files\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly
Inst5657-->MsiExec.exe /I{FEDE400D-3381-4087-ACCB-689DD8A56123}
Intel(R) Matrix Storage Manager-->C:\Windows\System32\Imsmudlg.exe
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}
Kaspersky Internet Security 2010-->MsiExec.exe /I{9D8B0949-7C47-476F-9F06-F900D3B078EA}
Kaspersky Internet Security 2010-->MsiExec.exe /I{9D8B0949-7C47-476F-9F06-F900D3B078EA}
Launch Manager V1.4.9-->C:\Program Files\InstallShield Installation Information\{D0846526-66DD-4DC9-A02C-98F9A2806812}\setup.exe -runfromtemp -l0x0007 -removeonly
LetsTrade Komponenten-->C:\Windows\fpuninst.exe -uninstall:"C:\Program Files\Letstrade\uninst\uninst.ini"
Letstrade-->MsiExec.exe /X{E0091C29-DEE8-4B24-BF65-8C35B5940D77}
Lexmark X6100 Series-->C:\Program Files\Lexmark X6100 Series\Install\x86\Uninst.exe
MakeDisc-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B145EC69-66F5-11D8-9D75-000129760D75}\Setup.exe" -uninstall
MediaShow-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5A9B7C0-8751-11D8-9D75-000129760D75}\Setup.exe" -uninstall
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - deu\setup.exe
Microsoft .NET Framework 3.5 Language Pack SP1 - deu-->MsiExec.exe /I{052FDD78-A6EA-3187-8386-C82F4CA3A929}
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Office Excel MUI (German) 2007-->MsiExec.exe /X{90120000-0016-0407-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}
Microsoft Office OneNote MUI (German) 2007-->MsiExec.exe /X{90120000-00A1-0407-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (German) 2007-->MsiExec.exe /X{90120000-0018-0407-0000-0000000FF1CE}
Microsoft Office PowerPoint Viewer 2007 (German)-->MsiExec.exe /X{95120000-00AF-0407-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Italian) 2007-->MsiExec.exe /X{90120000-001F-0410-0000-0000000FF1CE}
Microsoft Office Proofing (German) 2007-->MsiExec.exe /X{90120000-002C-0407-0000-0000000FF1CE}
Microsoft Office Shared MUI (German) 2007-->MsiExec.exe /X{90120000-006E-0407-0000-0000000FF1CE}
Microsoft Office Word MUI (German) 2007-->MsiExec.exe /X{90120000-001B-0407-0000-0000000FF1CE}
Microsoft Search Enhancement Pack-->MsiExec.exe /X{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}
Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Works-->MsiExec.exe /I{39D0E034-1042-4905-BECB-5502909FCB7C}
Moorhuhn 2-->C:\Windows\IsUn0407.exe -f"C:\Program Files\Moorhuhn 2\Uninst.isu"
Mozilla Firefox (3.0.8)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Nero 8 Essentials-->MsiExec.exe /X{D6C9AF27-9414-46C8-B9D8-D878BA041031}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
OmniPass 5.00.91-->C:\Program Files\InstallShield Installation Information\{F4E57F49-84B4-4CF2-B0A1-8CA1752BDF7E}\setup.exe -runfromtemp -l0x0007 -removeonly
Orbit Downloader-->"C:\Program Files\Orbitdownloader\unins000.exe"
PhotoNow!-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D36DD326-7280-11D8-97C8-000129760CBE}\Setup.exe" -uninstall
PixiePack Codec Pack-->MsiExec.exe /I{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}
Power Sound Editor Free-->C:\PROGRA~1\POWERS~1\UNWISE.EXE C:\PROGRA~1\POWERS~1\INSTALL.LOG
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
PPTools - Remove ALL-->C:\Program Files\RnR\PPToolsV2\uninstal.exe
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista-->C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -l0x0007 -removeonly
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -removeonly
Realtek USB 2.0 Card Reader-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DC24971E-1946-445D-8A82-CE685433FA7D}\setup.exe" -l0x9 -removeonly
Screensaver_Spongebob-->C:\Windows\Screensaver_Spongebob.scr /U
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB969679)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C66E4A6C-6E07-4C63-8CCD-2493B5087C73}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB969682)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C03803BD-745A-46F8-8557-817DED578780}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
Spelling Dictionaries Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-900000000004}
Sweet Home 3D version 1.6-->"C:\Program Files\Sweet Home 3D\unins000.exe"
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
The Poppit! Show-->"C:\Program Files\Pogo DE\The Poppit! Show\Uninstall.exe" "C:\Program Files\Pogo DE\The Poppit! Show\install.log"
Ulead PhotoImpact 12-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11AFE21E-B193-430D-B57A-DFF7815BB962}\setup.exe" -l0x7
Uninstall 1.0.0.1-->"C:\Program Files\Common Files\DVDVideoSoft\unins000.exe"
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update für Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0407-0000-0000000FF1CE} /uninstall {BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}
Update für Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0407-0000-0000000FF1CE} /uninstall {EA160DA3-E9B5-4D03-A518-21D306665B96}
Update für Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0407-0000-0000000FF1CE} /uninstall {38472199-D7B6-4833-A949-10E4EE6365A1}
VDownloader 0.76-->"C:\Program Files\VDOWNLOADER\unins000.exe"
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Wecker 2.2 2.2-->C:\Windows\uninstall\Wecker 2.2\setup.exe
Windows Live Anmelde-Assistent-->MsiExec.exe /I{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}
Windows Live Call-->MsiExec.exe /I{5FC68772-6D56-41C6-9DF1-24E868198AE6}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}
Windows Live Family Safety-->MsiExec.exe /X{54B1E5A3-1B29-4582-A226-172A1FC7BA6C}
Windows Live Fotogalerie-->MsiExec.exe /X{119B7481-0216-40D2-A5CC-C3E1F461ECC1}
Windows Live Mail-->MsiExec.exe /I{5A166C0B-9557-4364-A057-F946D674E6AC}
Windows Live Messenger-->MsiExec.exe /X{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}
Windows Live Sync-->MsiExec.exe /X{ED636101-1959-4360-8BF7-209436E7DEE4}
Windows Live Toolbar-->MsiExec.exe /X{70B7A167-0B88-445D-A3EA-97C73AA88CAC}
Windows Live Writer-->MsiExec.exe /X{81821BF8-DA20-4F8C-AA87-F70A274828D4}
Windows Live-Uploadtool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
WISO Mein Geld 2008 Professional-->MsiExec.exe /I{D8D22773-14BF-4178-A683-3DBA515C2A26}
|
|
08.10.2009, 19:40
| #13 |
| | Werde Virus/Trojaner TrojanDownloader:Win32/Renos.JS nicht los und der Rest zu info.txt: Code:
ATTFilter =====HijackThis Backups=====
O23 - Service: IEConfig 1und1/WEB.DE/GMX Edition (serviceIEConfig) - mquadr.at softwareengineering und consulting gmbh - C:\Windows\System32\ieconfig_1und1_svc.exe [2009-04-13]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer bereitgestellt von WEB.DE [2009-04-13]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = h**p://go.web.de/runonce [2009-04-13]
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = h**p://go.web.de/suchbox/webdesuche?su=%s [2009-04-13]
======Security center information======
AS: Windows Defender
======System event log======
Computer Name: ***
Event Code: 1
Message: Das System wurde aus dem Energiesparmodus reaktiviert.
Zeit im Energiesparmodus: 2009-10-06T10:03:03.808Z
Reaktivierungszeit: 2009-10-06T10:04:39.743Z
Reaktivierungsquelle: Unbekannt
Record Number: 68301
Source Name: Microsoft-Windows-Power-Troubleshooter
Time Written: 20091006100443.118800-000
Event Type: Informationen
User: NT-AUTORITÄT\LOKALER DIENST
Computer Name: ***
Event Code: 7036
Message: Dienst "Windows Modules Installer" befindet sich jetzt im Status "Ausgeführt".
Record Number: 68302
Source Name: Service Control Manager
Time Written: 20091006100651.000000-000
Event Type: Informationen
User:
Computer Name: ***
Event Code: 7036
Message: Dienst "Windows Modules Installer" befindet sich jetzt im Status "Beendet".
Record Number: 68303
Source Name: Service Control Manager
Time Written: 20091006101651.000000-000
Event Type: Informationen
User:
Computer Name:***
Event Code: 7036
Message: Dienst "WinHTTP-Web Proxy Auto-Discovery-Dienst" befindet sich jetzt im Status "Ausgeführt".
Record Number: 68304
Source Name: Service Control Manager
Time Written: 20091006110557.000000-000
Event Type: Informationen
User:
Computer Name: ***
Event Code: 10026
Message: Das COM-Subsystem unterdrückt duplizierte Ereignisprotokolleinträge für eine Dauer von 86400 Sekunden. Dieses Zeitlimit kann durch den REG_DWORD-Wert SuppressDuplicateDuration unter folgendem Registrierungsschlüssel gesteuert werden: HKLM\Software\Microsoft\Ole\EventLog.
Record Number: 68305
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20091006111214.000000-000
Event Type: Informationen
User:
=====Application event log=====
Computer Name: ***
Event Code: 10
Message: Ereignisfilter mit Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" nicht reaktiviert werden aufgrund des Fehlers 0x80041003. Ereignisse können nicht durch diesen Filter geschickt werden, bis dieses Problem gelöst ist.
Record Number: 370664
Source Name: Microsoft-Windows-WMI
Time Written: 20091006093001.000000-000
Event Type: Fehler
User:
Computer Name: ***
Event Code: 0
Message:
Record Number: 370665
Source Name: NMIndexingService
Time Written: 20091006093041.000000-000
Event Type: Informationen
User:
Computer Name: ***
Event Code: 1
Message: Der Windows-Sicherheitscenterdienst wurde gestartet.
Record Number: 370666
Source Name: SecurityCenter
Time Written: 20091006093144.000000-000
Event Type: Informationen
User:
Computer Name: ***
Event Code: 1001
Message: Die Leistungsindikatoren für den Dienst WmiApRpl (WmiApRpl) wurden entfernt. Die Daten enthalten die neuen Werte der Registrierungseinträge "Last Counter" und "Last Help".
Record Number: 370667
Source Name: Microsoft-Windows-LoadPerf
Time Written: 20091006093637.000000-000
Event Type: Informationen
User:
Computer Name: ***
Event Code: 1000
Message: Die Leistungsindikatoren für den Dienst WmiApRpl (WmiApRpl) wurden erfolgreich geladen. Die Eintragsdaten im Datenbereich enthalten die neuen Indexwerte, die diesem Dienst zugeordnet sind.
Record Number: 370668
Source Name: Microsoft-Windows-LoadPerf
Time Written: 20091006093637.000000-000
Event Type: Informationen
User:
=====Security event log=====
Computer Name: ***
Event Code: 5038
Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen.
Dateiname: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 24717
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091006111515.198000-000
Event Type: Überwachung gescheitert
User:
Computer Name: ***
Event Code: 5038
Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen.
Dateiname: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 24718
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091006111515.323000-000
Event Type: Überwachung gescheitert
User:
Computer Name: ***
Event Code: 5038
Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen.
Dateiname: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 24719
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091006111515.441000-000
Event Type: Überwachung gescheitert
User:
Computer Name: ***
Event Code: 5038
Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen.
Dateiname: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 24720
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091006111515.562000-000
Event Type: Überwachung gescheitert
User:
Computer Name: ***
Event Code: 5038
Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen.
Dateiname: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 24721
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091006111515.695000-000
Event Type: Überwachung gescheitert
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Softex\OmniPass;C:\Program Files\Bitvise Tunnelier;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
-----------------EOF-----------------
|
|
08.10.2009, 21:54
| #14 |
| /// Helfer-Team | Werde Virus/Trojaner TrojanDownloader:Win32/Renos.JS nicht los hi - Die Anweisungen bitte gründlich lesen und immer streng einhalten, da ich die Reihenfolge nach bestimmten Kriterien vorbereitet habe: 1. Lade Dir Malwarebytes Anti-Malware von→ malwarebytes.org
2. Schliesse alle Programme einschliesslich Internet Explorer und fixe mit Hijackthis die Einträge aus der nachfolgenden Codebox (HijackThis starten→ "Do a system scan only"→ Einträge auswählen→ Häckhen setzen→ "Fix checked"klicken→ PC neu aufstarten): Code:
ATTFilter R3 - URLSearchHook: (no name) - - (no file)
auch wenn nicht mehr existiert:
O2 - BHO: WEB.DE Browser Configuration by mquadr.at - {D48FF4B4-E68F-47D1-8E25-81A0F0EEB341} - C:\Windows\System32\ieconfig_1und1.dll (file missing)
O23 - Service: IEConfig 1und1/WEB.DE/GMX Edition (serviceIEConfig) - Unknown owner - C:\Windows\System32\ieconfig_1und1_svc.exe (file missing)
alle Anwendungen schließen → Ordner für temporäre Dateien bitte leeren lösche nur den Inhalt der Ordner, nicht die Ordner selbst! - Dateien, die noch in Benutzung sind,nicht löschbar. c:\windows\temp - anschließend den Papierkorb leeren 4. reinige dein System mit Ccleaner:
5. Windows und die installierten Programme auf den neuesten Stand zu halten,sind Garanten für eine erhöhte Sicherheit! Java aktualisieren `Start→ Systemsteuereung→ Java→ Aktualisierung... 6. poste erneut: Trend Micro HijackThis-Logfile - Keine offenen Fenster, solang bis HijackThis läuft!! |
|
09.10.2009, 13:25
| #15 |
| | Werde Virus/Trojaner TrojanDownloader:Win32/Renos.JS nicht los Hi! Den ersten Schritt habe ich jetzt durchführen lassen. das Programm hat 2 Sachen gefunden, die ich weglöschen konnte, danach sollte mein Pc neugestartet werden. Vorher kam ein kleines Fensterchen wo stand dass der Scan erfolgreich beendet wurde und ein logfile erstellt und abgespeichert wurde. Aber bei den scan Berichten finde ich ihn (das Bericht) nicht und weiß nicht wo Malwarebytes die Datei sonst abgewspeichert hat. Hoffe ihr habt nen Tipp wie ich den Bericht wieder finde EDIT: beim 2. Schritt: Hijackthis findet dem R3 - URL Search HOOK nicht und ist es "normal" dass wenn ich die anderen 2 Sachen gefixed habe, pc neugestratet habe,.. hijackthis nochmal durchgescant hat und die 2 sachen immer noch da sind? LG Geändert von nilatan (09.10.2009 um 13:44 Uhr) |
| Themen zu Werde Virus/Trojaner TrojanDownloader:Win32/Renos.JS nicht los |
| 80-100, avp, avp.exe, bho, browser, content.ie5, downloader, ebay, google, gservice, heur, heur:, hijack, hijackthis, hijackthis logfile, immer wieder, internet explorer, internet security, internet security 2010, kaspersky, launch, local\temp, menu.exe, object, programm, rundll, security, senden, software, tastatur, trojaner, virtuelle tastatur, virus, virus/trojaner, vista, werbung, wiederherstell, win32/renos.js, windows |
Linear-Darstellung
