| |
| |||||||
Log-Analyse und Auswertung: Seit paar Tagen nervige PopupsWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
18.12.2009, 20:33
| #1 |
 |  Seit paar Tagen nervige Popups Hallo, ich bin zum ersten Mal hier im Forum. Habe einige ähnliche Berichte hier durchschaut und viel gegoogelt. Aber das Problem mit den Popups scheint sehr individuell zu sein... leider. Alle 10 Minuten kommt so ein Fenster (vor allem Party Poker). Hab AdAware rüberlaufen lassen und Antivir Systemscan gemacht. Die haben zwar was gefunden, aber nachdem ich sie in die Quarantäne gesteckt habe bleibt das Problem bestehen. Hoffe, man kann mir hier helfen. Daher hier meine hijackthis.log-file C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Programme\Avira\AntiVir Desktop\avguard.exe C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe C:\Programme\Bonjour\mDNSResponder.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\mHotkey.exe C:\WINDOWS\Dit.exe C:\Programme\Gemeinsame Dateien\AOL\1147443072\ee\AOLSoftware.exe C:\Programme\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe c:\programme\gemeinsame dateien\aol\1147443072\ee\services\antiSpywareApp\ver2_0_25_1\AOLSP Scheduler.exe c:\programme\gemeinsame dateien\aol\1147443072\ee\aolsoftware.exe C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Programme\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.arcor.de R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://de.search.yahoo.com/search?fr=mcafee&p=%s R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=8116 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Arcor AG & Co. KG R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: (no name) - _{919575F2-B449-EBBB-3480-E37B32872992} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Automated Content Enhancer - {1D74E9DD-8987-448b-B2CB-67FFF2B8A932} - C:\Programme\Automated Content Enhancer\4.1.0.5290\ACEIEAddOn.dll O2 - BHO: Customized Platform Advancer - {42C7C39F-3128-4a17-BDB7-91C46032B5B9} - C:\Programme\Customized Platform Advancer\4.1.0.1960\CPAIEAddOn.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Content Management Wizard - {B72681C0-A222-4b21-A0E2-53A5A5CA3D41} - C:\Programme\Content Management Wizard\1.1.0.1990\CMWIE.dll O2 - BHO: Textual Content Provider - {CAC89FF9-34A9-4431-8CFE-292A47F843BC} - C:\Programme\Textual Content Provider\1.1.0.1810\TCPIE.dll O2 - BHO: Web Search Operator - {EB4A577D-BCAD-4b1c-8AF2-9A74B8DD3431} - C:\Programme\Web Search Operator\4.1.0.2080\wso.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [CHotkey] mHotkey.exe O4 - HKLM\..\Run: [Dit] Dit.exe O4 - HKLM\..\Run: [HostManager] C:\Programme\Gemeinsame Dateien\AOL\1147443072\ee\AOLSoftware.exe O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [StartCCC] "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: &Google Search - res://c:\programme\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Search - http://kp.bar.need2find.com/KP/menusearch.html?p=KP O8 - Extra context menu item: &Translate English Word - res://c:\programme\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\programme\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programme\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\programme\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\programme\google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing) O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing) O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.msn.de/ O15 - Trusted Zone: http://*.mcafee.com O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633 O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab O16 - DPF: {477E2667-7E7A-4737-BFF5-121D68EF7816} (AOL Download Assistent) - http://musikdownloads.aol.de/imcdms-static/code/AOL%20Download%20Assistent.ocx O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.de/computercheckup/qdiagcc.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/23ea10ffae3267990f05/netzip/RdxIE601_de.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093861551859 O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://static.ak.studivz.net/photouploader/ImageUploader4.cab?nocache=20071128-1 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=23100 O16 - DPF: {96512D57-F751-4088-A689-5778FCC77F7A} (Photo Uploader Control) - http://www.studivz.net/lib/photouploader/PhotoUploader.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - http://www.arcor.de/vod/dmd/WMDownload.cab O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader4.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game10.zylom.com/activex/zylomgamesplayer.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/html - (no CLSID) - (no file) O20 - Winlogon Notify: winzoa32 - winzoa32.dll (file missing) O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe O23 - Service: CA-Lizenz-Client (CA_LIC_CLNT) - Unknown owner - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe (file missing) O23 - Service: CA-Lizenzserver (CA_LIC_SRVR) - Unknown owner - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe (file missing) O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - D:\Programme\iPod\bin\iPodService.exe O23 - Service: Ereignisprotokoll-Überwachung (LogWatch) - Unknown owner - C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe (file missing) O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe Liebe Grüße |
|
20.12.2009, 17:28
| #2 |
| | Seit paar Tagen nervige Popups Kann mir wirklich niemand helfen? Habe Spybot drüber gelaufen. Da wurde zwar was gefunden, aber gebracht hat es nichts!
__________________ |
|
20.12.2009, 17:52
| #3 |
  | Seit paar Tagen nervige Popups Hallo und
__________________ nenn bitte immer das Programm sowie die Datei und den Pfad wo die diese Dateien gefunden wurden. Arbeite bitte zuerst diese Anleitung ab http://www.trojaner-board.de/69886-a...-beachten.html zusätzlich lass bitte SUPERAntiSpyware dein System überprüfen und poste ebenfalls das Log hierher. MFG
__________________ |
|
20.12.2009, 19:23
| #4 |
| | Seit paar Tagen nervige Popups Hallo, habe SUPERAntiSpyware rüberlaufen lassen. Der hat nichts gefunden: SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 12/20/2009 at 07:20 PM Application Version : 4.32.1000 Core Rules Database Version : 4396 Trace Rules Database Version: 2232 Scan type : Quick Scan Total Scan Time : 00:18:44 Memory items scanned : 641 Memory threats detected : 0 Registry items scanned : 512 Registry threats detected : 0 File items scanned : 9455 File threats detected : 0 Danach hab ich nochmal HijackThis drüberlaufen lassen: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:24:23, on 20.12.2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16945) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Programme\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\mHotkey.exe C:\WINDOWS\Dit.exe C:\Programme\Gemeinsame Dateien\AOL\1147443072\ee\AOLSoftware.exe C:\Programme\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\ctfmon.exe c:\programme\gemeinsame dateien\aol\1147443072\ee\services\antiSpywareApp\ver2_0_25_1\AOLSP Scheduler.exe C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe c:\programme\gemeinsame dateien\aol\1147443072\ee\aolsoftware.exe C:\Programme\Avira\AntiVir Desktop\avguard.exe C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe C:\Programme\Bonjour\mDNSResponder.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\svchost.exe C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Programme\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.arcor.de R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://de.search.yahoo.com/search?fr=mcafee&p=%s R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=8116 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Arcor AG & Co. KG R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: (no name) - _{919575F2-B449-EBBB-3480-E37B32872992} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Automated Content Enhancer - {1D74E9DD-8987-448b-B2CB-67FFF2B8A932} - C:\Programme\Automated Content Enhancer\4.1.0.5290\ACEIEAddOn.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Content Management Wizard - {B72681C0-A222-4b21-A0E2-53A5A5CA3D41} - C:\Programme\Content Management Wizard\1.1.0.1990\CMWIE.dll O2 - BHO: Textual Content Provider - {CAC89FF9-34A9-4431-8CFE-292A47F843BC} - C:\Programme\Textual Content Provider\1.1.0.1810\TCPIE.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [CHotkey] mHotkey.exe O4 - HKLM\..\Run: [Dit] Dit.exe O4 - HKLM\..\Run: [HostManager] C:\Programme\Gemeinsame Dateien\AOL\1147443072\ee\AOLSoftware.exe O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [StartCCC] "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: &Google Search - res://c:\programme\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Search - http://kp.bar.need2find.com/KP/menusearch.html?p=KP O8 - Extra context menu item: &Translate English Word - res://c:\programme\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\programme\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programme\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\programme\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\programme\google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing) O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing) O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.msn.de/ O15 - Trusted Zone: http://*.mcafee.com O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633 O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab O16 - DPF: {477E2667-7E7A-4737-BFF5-121D68EF7816} (AOL Download Assistent) - http://musikdownloads.aol.de/imcdms-static/code/AOL%20Download%20Assistent.ocx O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.de/computercheckup/qdiagcc.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/23ea10ffae3267990f05/netzip/RdxIE601_de.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093861551859 O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://static.ak.studivz.net/photouploader/ImageUploader4.cab?nocache=20071128-1 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=23100 O16 - DPF: {96512D57-F751-4088-A689-5778FCC77F7A} (Photo Uploader Control) - http://www.studivz.net/lib/photouploader/PhotoUploader.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - http://www.arcor.de/vod/dmd/WMDownload.cab O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader4.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game10.zylom.com/activex/zylomgamesplayer.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/html - (no CLSID) - (no file) O20 - Winlogon Notify: !SASWinLogon - C:\Programme\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe O23 - Service: CA-Lizenz-Client (CA_LIC_CLNT) - Unknown owner - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe (file missing) O23 - Service: CA-Lizenzserver (CA_LIC_SRVR) - Unknown owner - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe (file missing) O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - D:\Programme\iPod\bin\iPodService.exe O23 - Service: Ereignisprotokoll-Überwachung (LogWatch) - Unknown owner - C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe (file missing) O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- End of file - 12299 bytes Es wird übrigens immer schlimmer!!! |
|
20.12.2009, 19:31
| #5 |
| | Seit paar Tagen nervige Popups Hallo lass bitte Malwarebytes auf dein System los und erstelle anschließend ein Log mit RSIT wie es in der Anleitung http://www.trojaner-board.de/69886-a...-beachten.html beschrieben ist, dann sehen wir weiter. MFG
__________________ Kein Support per PN - Bitte im Forum posten. Wenn du das Forum unterstützen möchtest Genitiv ins Wasser, weil es dativ ist   http://www.vivaconagua.org/ |
|
22.12.2009, 01:16
| #6 |
| | Seit paar Tagen nervige Popups Hab jetzt mal Mawarebytes rüberlaufen lassen. Der Scan hat über 140 infizierte Dateien entdeckt. Hier das Log: Logfile of random's system information tool 1.06 (written by random/random) Run by at 2009-12-22 00:55:46 Microsoft Windows XP Home Edition Service Pack 2 System drive C: has 14 GB (18%) free of 76 GB Total RAM: 1535 MB (58% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 00:55:51, on 22.12.2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16945) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Avira\AntiVir Desktop\sched.exe C:\Programme\Avira\AntiVir Desktop\avguard.exe C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe C:\Programme\Bonjour\mDNSResponder.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\mHotkey.exe C:\WINDOWS\Dit.exe C:\Programme\Gemeinsame Dateien\AOL\1147443072\ee\AOLSoftware.exe C:\Programme\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Spybot - Search & Destroy\TeaTimer.exe C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe c:\programme\gemeinsame dateien\aol\1147443072\ee\services\antiSpywareApp\ver2_0_25_1\AOLSP Scheduler.exe C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe c:\programme\gemeinsame dateien\aol\1147443072\ee\aolsoftware.exe C:\Dokumente und Einstellungen\Desktop\RSIT.exe C:\Programme\HijackThis\S.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.arcor.de R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://de.search.yahoo.com/search?fr=mcafee&p=%s R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=8116 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Arcor AG & Co. KG R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: (no name) - _{919575F2-B449-EBBB-3480-E37B32872992} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [CHotkey] mHotkey.exe O4 - HKLM\..\Run: [Dit] Dit.exe O4 - HKLM\..\Run: [HostManager] C:\Programme\Gemeinsame Dateien\AOL\1147443072\ee\AOLSoftware.exe O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [StartCCC] "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [ Malwarebytes Anti-Malware (reboot)] "C:\Programme\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: &Google Search - res://c:\programme\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Search - http://kp.bar.need2find.com/KP/menusearch.html?p=KP O8 - Extra context menu item: &Translate English Word - res://c:\programme\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\programme\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programme\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\programme\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\programme\google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing) O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing) O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.msn.de/ O15 - Trusted Zone: http://*.mcafee.com O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633 O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab O16 - DPF: {477E2667-7E7A-4737-BFF5-121D68EF7816} (AOL Download Assistent) - http://musikdownloads.aol.de/imcdms-static/code/AOL%20Download%20Assistent.ocx O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.de/computercheckup/qdiagcc.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/23ea10ffae3267990f05/netzip/RdxIE601_de.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093861551859 O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://static.ak.studivz.net/photouploader/ImageUploader4.cab?nocache=20071128-1 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=23100 O16 - DPF: {96512D57-F751-4088-A689-5778FCC77F7A} (Photo Uploader Control) - http://www.studivz.net/lib/photouploader/PhotoUploader.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - http://www.arcor.de/vod/dmd/WMDownload.cab O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader4.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game10.zylom.com/activex/zylomgamesplayer.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/html - (no CLSID) - (no file) O20 - Winlogon Notify: !SASWinLogon - C:\Programme\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe O23 - Service: CA-Lizenz-Client (CA_LIC_CLNT) - Unknown owner - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe (file missing) O23 - Service: CA-Lizenzserver (CA_LIC_SRVR) - Unknown owner - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe (file missing) O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - D:\Programme\iPod\bin\iPodService.exe O23 - Service: Ereignisprotokoll-Überwachung (LogWatch) - Unknown owner - C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe (file missing) O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- End of file - 12195 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Adobe PDF Reader Link Helper - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}] Adobe PDF Conversion Toolbar Helper - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006-12-18 231160] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\programme\google\googletoolbar1.dll [2006-02-14 1191424] {47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006-12-18 231160] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "CHotkey"=C:\WINDOWS\mHotkey.exe [2002-07-23 477184] "Dit"=C:\WINDOWS\Dit.exe [2004-04-02 86016] "HostManager"=C:\Programme\Gemeinsame Dateien\AOL\1147443072\ee\AOLSoftware.exe [2006-03-20 48280] "avgnt"=C:\Programme\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153] "QuickTime Task"=C:\Programme\QuickTime\QTTask.exe [2009-09-05 417792] "StartCCC"=C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-07-14 98304] " Malwarebytes Anti-Malware (reboot)"=C:\Programme\Malwarebytes' Anti-Malware\mbam.exe [2009-12-03 1394000] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Malwarebytes' Anti-Malware"=C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe [2009-12-03 429392] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-03 15360] "SpybotSD TeaTimer"=C:\Programme\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480] "SUPERAntiSpyware"=C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-12-16 2002160] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\180sa] c:\programme\180search assistant\180sa.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\8bedb02.exe] C:\WINDOWS\System32\8bedb02.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0] C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [2008-04-23 483328] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG] C:\WINDOWS\AGRSMMSG.exe [2004-06-29 88363] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD] C:\Programme\SlySoft\AnyDVD\AnyDVDtray.exe [2009-09-25 3058624] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer] C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe [2004-11-09 497240] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [2004-08-03 15360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager] C:\Programme\HP\hpcoretech\hpcmpmgr.exe [2003-12-22 241664] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] C:\Programme\HP\HP Software Update\HPWuSchd.exe [2003-08-04 49152] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstaFinderK] C:\Programme\INSTAFINK\InstaFinderK_inst.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Optimizer] C:\Program Files\Internet Optimizer\optimize.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IST Service] C:\Programme\ISTsvc\istsvc.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] D:\Programme\iTunes\iTunesHelper.exe [2009-10-28 141600] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lao] C:\WINDOWS\S?mantec\w?auboot.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Media Gateway] C:\Program Files\Media Gateway\MediaGateway.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ] C:\Programme\Ahead\Nero BackItUp\NBJ.exe [2005-06-02 1957888] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService] C:\Programme\Home Cinema\PowerCinema\PCMService.exe [2004-08-09 81920] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\qfN7] C:\WINDOWS\xhrmo.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Programme\QuickTime\qttask.exe [2009-09-05 417792] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Rlos] C:\DOKUME~1\SORANM~1\EIGENE~1\YSTEM3~1\logonui.exe -vt yax [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchUpgrader] C:\Programme\Common files\SearchUpgrader\SearchUpgrader.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] C:\Programme\Skype\Phone\Skype.exe [2007-02-22 25388584] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite] C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [2005-10-26 159744] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Programme\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SurfAccuracy] C:\Programme\SurfAccuracy\SAcc.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tbon] C:\Programme\TBONBin\tbon.exe /r [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrayServer] C:\MAGIX\Video_deluxe_2007_PLUS\TrayServer.exe [2006-10-04 86016] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr] C:\Programme\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe [2006-03-30 313472] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinAntiVirusPro2006] C:\Programme\WinAntiVirus Pro 2006\WinAV.exe /min [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ypvob] C:\Program Files\Ygmd\Hjrfr.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Acrobat Speed Launcher.lnk] C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2009-03-16 25214] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^AOL 9.0 Tray-Symbol.lnk] C:\PROGRA~1\AOL9~1.0\aoltray.exe [2004-05-10 156784] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^HP Digital Imaging Monitor.lnk] C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2003-09-16 237568] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^ImageMixer for HDD Camcorder.lnk] L:\PIXELA\IMAGEM~1\IMX3LA~1.EXE [2006-06-08 1871872] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^Startmenü^Programme^Autostart^Screen Saver Control.lnk] C:\WINDOWS\FSScrCtl.exe [2006-06-12 241664] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "aawservice"=2 "Apple Mobile Device"=2 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon] C:\Programme\SUPERAntiSpyware\SASWINLO.dll [2009-09-03 548352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] C:\WINDOWS\system32\Ati2evxx.dll [2009-07-15 155648] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Programme\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Programme\AOL 9.0\waol.exe"="C:\Programme\AOL 9.0\waol.exe:*:Enabled:AOL 9.0" "C:\Programme\Microsoft Games\Flight Simulator 9\fs9.exe"="C:\Programme\Microsoft Games\Flight Simulator 9\fs9.exe:*:Enabled:Microsoft Flight Simulator" "C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server" "C:\Programme\SopCast\SopCast.exe"="C:\Programme\SopCast\SopCast.exe:*:Enabled:SopCast" "C:\Dokumente und Einstellungen\Anwendungsdaten\SopCast\adv\SopAdver.exe"="C:\Dokumente und Einstellungen\Anwendungsdaten\SopCast\adv\SopAdver.exe:*:Enabled:SopAdver" "C:\Programme\internet explorer\iexplore.exe"="C:\Programme\internet explorer\iexplore.exe:*:Enabled:Internet Explorer" "C:\Programme\Skype\Phone\Skype.exe"="C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "D:\Programme\eMule.de 0.46c v17\emule.exe"="D:\Programme\eMule.de 0.46c v17\emule.exe:*  isabled:eMule""C:\Programme\TVUPlayer\TVUPlayer.exe"="C:\Programme\TVUPlayer\TVUPlayer.exe:*:Enabled:TVUPlayer Component" "C:\Programme\Bonjour\mDNSResponder.exe"="C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour" "D:\Programme\iTunes\iTunes.exe"="D:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G] shell\AutoRun\command - G:\stub.exe ======List of files/folders created in the last 1 months====== 2009-12-22 00:55:46 ----D---- C:\rsit 2009-12-22 00:42:18 ----D---- C:\Dokumente und Einstellungen\Anwendungsdaten\Malwarebytes 2009-12-22 00:42:06 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes 2009-12-22 00:42:05 ----D---- C:\Programme\Malwarebytes' Anti-Malware 2009-12-18 19:13:03 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com 2009-12-18 19:12:54 ----D---- C:\Programme\SUPERAntiSpyware 2009-12-18 19:12:54 ----D---- C:\Dokumente und Einstellungen\Anwendungsdaten\SUPERAntiSpyware.com 2009-12-18 19:06:59 ----D---- C:\Programme\HijackThis 2009-12-16 19:37:28 ----A---- C:\WINDOWS\D4E5BE1A1B770A11.log[20091216_1937].bak 2009-12-13 17:13:42 ----D---- C:\Medion 2009-12-12 20:22:53 ----N---- C:\WINDOWS\system32\spmsg2.dll 2009-12-12 20:22:47 ----HDC---- C:\WINDOWS\$NtUninstallXPSEPSCLP$ 2009-12-12 19:51:45 ----D---- C:\Programme\Bevelstone Production 2009-12-09 22:33:55 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$ 2009-12-09 22:33:46 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$ 2009-12-09 22:33:36 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$ 2009-12-09 22:32:57 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$ 2009-12-09 22:32:47 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$ 2009-11-25 18:05:19 ----HDC---- C:\WINDOWS\$NtUninstallKB976098-v2$ 2009-11-25 18:05:12 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$ ======List of files/folders modified in the last 1 months====== 2009-12-22 00:55:37 ----HDC---- C:\WINDOWS\$NtUninstallKB888113$ 2009-12-22 00:55:37 ----D---- C:\WINDOWS\system32\drivers 2009-12-22 00:55:08 ----AD---- C:\Programme 2009-12-22 00:55:07 ----RSD---- C:\WINDOWS\Fonts 2009-12-22 00:37:44 ----D---- C:\Programme\Mozilla Firefox 2009-12-22 00:37:23 ----AD---- C:\WINDOWS\Temp 2009-12-22 00:37:13 ----D---- C:\WINDOWS\system32\CatRoot2 2009-12-22 00:36:29 ----D---- C:\WINDOWS 2009-12-20 23:11:01 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-12-20 19:00:27 ----SHD---- C:\WINDOWS\Installer 2009-12-20 19:00:00 ----D---- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard 2009-12-20 18:46:28 ----A---- C:\driverlog.txt 2009-12-19 16:34:43 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy 2009-12-19 16:12:00 ----D---- C:\Programme\Spybot - Search & Destroy 2009-12-19 01:35:31 ----AC---- C:\WINDOWS\ntbtlog.txt 2009-12-18 23:33:41 ----A---- C:\WINDOWS\win.ini 2009-12-18 19:49:25 ----AD---- C:\WINDOWS\system32 2009-12-18 19:37:36 ----D---- C:\WINDOWS\Prefetch 2009-12-17 20:57:34 ----A---- C:\WINDOWS\PhotoSnapViewer.INI 2009-12-17 20:56:46 ----A---- C:\WINDOWS\NeroDigital.ini 2009-12-13 17:17:27 ----RASH---- C:\boot.ini 2009-12-13 17:17:27 ----A---- C:\WINDOWS\system.ini 2009-12-12 20:38:58 ----D---- C:\WINDOWS\Microsoft.NET 2009-12-12 20:22:59 ----HD---- C:\WINDOWS\inf 2009-12-12 20:22:38 ----RSD---- C:\WINDOWS\assembly 2009-12-12 20:22:27 ----D---- C:\WINDOWS\system32\de-de 2009-12-12 20:22:26 ----D---- C:\WINDOWS\system32\XPSViewer 2009-12-11 18:46:45 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-12-09 22:34:00 ----A---- C:\WINDOWS\imsins.BAK 2009-12-09 22:33:58 ----RSHDC---- C:\WINDOWS\system32\dllcache 2009-12-09 22:33:35 ----HD---- C:\WINDOWS\$hf_mig$ 2009-12-09 22:33:24 ----D---- C:\Programme\internet explorer 2009-12-09 22:33:14 ----D---- C:\WINDOWS\ie7updates 2009-12-01 21:06:20 ----A---- C:\WINDOWS\system32\MRT.exe 2009-11-25 18:04:13 ----D---- C:\WINDOWS\WinSxS ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2005-10-07 43488] R1 avgio;avgio; \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104] R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2009-09-11 24744] R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-03 40192] R1 prodrv04;Star Force copy protection driver v4; C:\WINDOWS\System32\drivers\prodrv04.sys [2006-05-14 114496] R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2004-08-09 53920] R1 SASDIFSV;SASDIFSV; \??\C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS [] R1 SASKUTIL;SASKUTIL; \??\C:\Programme\SUPERAntiSpyware\SASKUTIL.sys [] R1 SSHDRV5C;SSHDRV5C; \??\C:\WINDOWS\system32\drivers\SSHDRV5C.sys [] R1 SSHDRV76;SSHDRV76; \??\C:\WINDOWS\System32\drivers\SSHDRV76.sys [] R1 SSHDRV86;SSHDRV86; \??\C:\WINDOWS\system32\drivers\SSHDRV86.sys [] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520] R2 ACEDRV07;ACEDRV07; \??\C:\WINDOWS\system32\drivers\ACEDRV07.sys [] R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-12-07 56816] R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\System32\DRIVERS\AGRSM.sys [2004-06-29 1268204] R3 AnyDVD;AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [2009-09-24 104512] R3 Arp1394;1394-ARP-Clientprotokoll; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-03 60800] R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-07-15 4407808] R3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\WINDOWS\system32\drivers\AtiHdmi.sys [2009-06-02 99856] R3 Cap7134;MEDION (7134) WDM Video Capture; C:\WINDOWS\System32\DRIVERS\Cap7134.sys [2003-06-05 350752] R3 CardReaderFilter;Card Reader Filter; \??\C:\WINDOWS\system32\Drivers\USBCRFT.SYS [] R3 cmudax;C-Media Azalia Audio Interface; C:\WINDOWS\system32\drivers\cmudax.sys [2004-06-08 1390976] R3 ElbyDelay;ElbyDelay; C:\WINDOWS\System32\Drivers\ElbyDelay.sys [2007-02-16 11984] R3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\System32\DRIVERS\fetnd5b.sys [2004-04-15 42496] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600] R3 HDAudBus;Microsoft UAA-Bustreiber für High Definition Audio; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [2004-04-26 135168] R3 HidUsb;Microsoft HID Class-Treiber; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-08-17 9600] R3 MODEMCSA;Unimodem-Datenstromfiltergerät; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128] R3 NIC1394;1394-Netzwerktreiber; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-03 61824] R3 Pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\Pcouffin.sys [2008-02-01 47360] R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-12-05 10368] R3 PhTVTune;MEDION TV-TUNER 7134 MK2/3; C:\WINDOWS\System32\DRIVERS\PhTVTune.sys [2003-06-12 24704] R3 SASENUM;SASENUM; \??\C:\Programme\SUPERAntiSpyware\SASENUM.SYS [] R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-03 26624] R3 usbhub;Microsoft USB-Standardhubtreiber; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600] R3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-03 26496] R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-03 20480] R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\System32\DRIVERS\wanatw4.sys [2003-01-10 33588] R3 X10UIF;%DESCRIPTION%; C:\WINDOWS\System32\Drivers\x10uif.sys [2001-11-14 10761] S1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2004-08-03 14848] S1 spl1394;spl1394; \??\C:\WINDOWS\System32\drivers\sflacpi.sys [] S3 61883;61883-Einheitsgerät; C:\WINDOWS\system32\DRIVERS\61883.sys [2004-08-03 48128] S3 Avc;AVC-Gerät; C:\WINDOWS\system32\DRIVERS\avc.sys [2004-08-03 38912] S3 bfturboh;BUFFALO TurboUSB for HD Filter; C:\WINDOWS\system32\drivers\bfturboh.sys [2007-08-01 15872] S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2004-08-03 17024] S3 dtscsi;dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys [2006-04-26 223128] S3 HdAudAddService;Microsoft UAA-Funktionstreiber für den High Definition Audio-Dienst; C:\WINDOWS\system32\drivers\HdAudio.sys [2004-03-17 113664] S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [2004-01-05 51056] S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [2004-01-05 16496] S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [2004-01-05 21488] S3 IIUSBISP;USB Mass Storage for USB ISP; C:\WINDOWS\System32\Drivers\iiusbisp.sys [] S3 Intels51;Creatix V.9X DSP Data Fax Modem; C:\WINDOWS\System32\DRIVERS\CtxS51.sys [2004-03-12 845092] S3 mouhid;Maus-HID-Treiber; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-18 12288] S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\System32\DRIVERS\msdv.sys [2004-08-03 51328] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504] S3 MxlW2k;MxlW2k; C:\WINDOWS\system32\drivers\MxlW2k.sys [2004-10-01 28352] S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2004-08-03 85376] S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2004-08-03 10880] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2004-08-03 11136] S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2004-08-03 15360] S3 UKBFLT;UKBFLT; C:\WINDOWS\System32\DRIVERS\UKBFLT.sys [2003-12-19 11672] S3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-03 31616] S3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2004-08-03 25856] S3 usbscan;USB-Scannertreiber; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2004-08-03 15104] S3 w810bus;Sony Ericsson W810 Driver driver (WDM); C:\WINDOWS\system32\DRIVERS\w810bus.sys [2006-02-20 58288] S3 w810mdfl;Sony Ericsson W810 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\w810mdfl.sys [2006-02-20 8336] S3 w810mdm;Sony Ericsson W810 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\w810mdm.sys [2006-02-20 94064] S3 w810mgmt;Sony Ericsson W810 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\w810mgmt.sys [2006-02-20 85408] S3 w810obex;Sony Ericsson W810 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\w810obex.sys [2006-02-20 83344] S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528] S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] S4 SENdisk;SENdisk; \??\C:\WINDOWS\System32\drivers\rasnull.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Programme\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289] R2 AntiVirService;Avira AntiVir Guard; C:\Programme\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089] R2 AOL ACS;AOL Connectivity Service; C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe [2004-11-09 1140312] R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-07-15 602112] R2 Bonjour Service;Bonjour-Dienst; C:\Programme\Bonjour\mDNSResponder.exe [2008-12-12 238888] R2 MDM;Machine Debug Manager; C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120] R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-03 14336] S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2009-07-14 593920] S2 gupdate;Google Update Service (gupdate); C:\Programme\Google\Update\GoogleUpdate.exe [2009-10-26 133104] S2 LogWatch;Ereignisprotokoll-Überwachung; C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe [] S3 Adobe LM Service;Adobe LM Service; C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe [2006-05-10 69632] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 CA_LIC_CLNT;CA-Lizenz-Client; C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe [] S3 CA_LIC_SRVR;CA-Lizenzserver; C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe [] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; C:\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 IDriverT;InstallDriver Table Manager; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 iPod Service;iPod-Dienst; D:\Programme\iPod\bin\iPodService.exe [2009-10-28 545568] S3 ose;Office Source Engine; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\HPZipm12.exe [2004-01-05 65795] S3 WMPNetworkSvc;Windows Media Player-Netzwerkfreigabedienst; C:\Programme\Windows Media Player\WMPNetwk.exe [2006-11-03 920576] S3 x10nets;X10 Device Network Service; C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe [2001-11-12 20480] S4 Apple Mobile Device;Apple Mobile Device; C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF----------------- |
|
22.12.2009, 01:44
| #7 |
| | Seit paar Tagen nervige Popups Während des Scans hat AntiVir paar Mal Alarm geschlagen: TR/Dldr.agent.cxyf bzw. TR/Dldr.agent.cxye |
|
22.12.2009, 05:52
| #8 | |
| | Seit paar Tagen nervige Popups Hallo Zitat:
Dein System scheint mir ziemlich stark befallen und daher würde ich dir an dieser Stelle eine Neuinstallation anraten. Wenn du weiter eine Bereinigung versuchen möchtest, sag es bitte und poste dann die noch ausstehenden Logs von Malwarebytes und die Info.txt von Rsit. MFG
__________________ Kein Support per PN - Bitte im Forum posten. Wenn du das Forum unterstützen möchtest Genitiv ins Wasser, weil es dativ ist http://www.vivaconagua.org/ |
|
23.12.2009, 12:43
| #9 |
| | Seit paar Tagen nervige Popups Hallo, Zunächst vielen Dank für die Unterstützung! Eine Neuinstallation wäre für mich wohl die wirklich letzte Option, da ich viele wichtige Daten auf dem Rechner habe. Jedenfalls ist nach dem Scan kein Popup mehr aufgetaucht. Ein weiterer Scan mit Malwarebytes heute Morgen ergab, dass keine infizierten Objekte gefunden wurden. Die infizierten Daten sind in der Quarantäne. Ich frage mich nun, ob ich diese (vor allem TR/Dldr.agent.cxyf und TR/Dldr.agent.cxye) ohne weiteres löschen kann... Hier das Log von RSIT nach dem letzten Scan: Logfile of random's system information tool 1.06 (written by random/random) Run by *** at 2009-12-23 12:37:25 Microsoft Windows XP Home Edition Service Pack 2 System drive C: has 14 GB (18%) free of 76 GB Total RAM: 1535 MB (61% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:37:28, on 23.12.2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16945) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\mHotkey.exe C:\WINDOWS\Dit.exe C:\Programme\Gemeinsame Dateien\AOL\1147443072\ee\AOLSoftware.exe C:\Programme\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\ctfmon.exe c:\programme\gemeinsame dateien\aol\1147443072\ee\services\antiSpywareApp\ver2_0_25_1\AOLSP Scheduler.exe C:\Programme\Avira\AntiVir Desktop\avguard.exe C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe C:\Programme\Bonjour\mDNSResponder.exe c:\programme\gemeinsame dateien\aol\1147443072\ee\aolsoftware.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Dokumente und Einstellungen\***\Desktop\RSIT.exe C:\Programme\HijackThis\***.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.arcor.de R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://de.search.yahoo.com/search?fr=mcafee&p=%s R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=8116 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Arcor AG & Co. KG R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: (no name) - _{919575F2-B449-EBBB-3480-E37B32872992} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [CHotkey] mHotkey.exe O4 - HKLM\..\Run: [Dit] Dit.exe O4 - HKLM\..\Run: [HostManager] C:\Programme\Gemeinsame Dateien\AOL\1147443072\ee\AOLSoftware.exe O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [StartCCC] "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: &Google Search - res://c:\programme\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Search - http://kp.bar.need2find.com/KP/menusearch.html?p=KP O8 - Extra context menu item: &Translate English Word - res://c:\programme\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\programme\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programme\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\programme\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\programme\google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing) O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing) O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.msn.de/ O15 - Trusted Zone: http://*.mcafee.com O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633 O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab O16 - DPF: {477E2667-7E7A-4737-BFF5-121D68EF7816} (AOL Download Assistent) - http://musikdownloads.aol.de/imcdms-static/code/AOL%20Download%20Assistent.ocx O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.de/computercheckup/qdiagcc.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/23ea10ffae3267990f05/netzip/RdxIE601_de.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093861551859 O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://static.ak.studivz.net/photouploader/ImageUploader4.cab?nocache=20071128-1 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=23100 O16 - DPF: {96512D57-F751-4088-A689-5778FCC77F7A} (Photo Uploader Control) - http://www.studivz.net/lib/photouploader/PhotoUploader.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - http://www.arcor.de/vod/dmd/WMDownload.cab O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader4.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game10.zylom.com/activex/zylomgamesplayer.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/html - (no CLSID) - (no file) O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe O23 - Service: CA-Lizenz-Client (CA_LIC_CLNT) - Unknown owner - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe (file missing) O23 - Service: CA-Lizenzserver (CA_LIC_SRVR) - Unknown owner - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe (file missing) O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - D:\Programme\iPod\bin\iPodService.exe O23 - Service: Ereignisprotokoll-Überwachung (LogWatch) - Unknown owner - C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe (file missing) O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- End of file - 11257 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Adobe PDF Reader Link Helper - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}] Adobe PDF Conversion Toolbar Helper - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006-12-18 231160] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\programme\google\googletoolbar1.dll [2006-02-14 1191424] {47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006-12-18 231160] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "CHotkey"=C:\WINDOWS\mHotkey.exe [2002-07-23 477184] "Dit"=C:\WINDOWS\Dit.exe [2004-04-02 86016] "HostManager"=C:\Programme\Gemeinsame Dateien\AOL\1147443072\ee\AOLSoftware.exe [2006-03-20 48280] "avgnt"=C:\Programme\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153] "QuickTime Task"=C:\Programme\QuickTime\QTTask.exe [2009-09-05 417792] "StartCCC"=C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-07-14 98304] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-03 15360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\180sa] c:\programme\180search assistant\180sa.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\8bedb02.exe] C:\WINDOWS\System32\8bedb02.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0] C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [2008-04-23 483328] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG] C:\WINDOWS\AGRSMMSG.exe [2004-06-29 88363] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD] C:\Programme\SlySoft\AnyDVD\AnyDVDtray.exe [2009-09-25 3058624] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer] C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe [2004-11-09 497240] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [2004-08-03 15360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager] C:\Programme\HP\hpcoretech\hpcmpmgr.exe [2003-12-22 241664] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] C:\Programme\HP\HP Software Update\HPWuSchd.exe [2003-08-04 49152] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstaFinderK] C:\Programme\INSTAFINK\InstaFinderK_inst.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Optimizer] C:\Program Files\Internet Optimizer\optimize.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IST Service] C:\Programme\ISTsvc\istsvc.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] D:\Programme\iTunes\iTunesHelper.exe [2009-10-28 141600] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lao] C:\WINDOWS\S?mantec\w?auboot.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Media Gateway] C:\Program Files\Media Gateway\MediaGateway.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ] C:\Programme\Ahead\Nero BackItUp\NBJ.exe [2005-06-02 1957888] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService] C:\Programme\Home Cinema\PowerCinema\PCMService.exe [2004-08-09 81920] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\qfN7] C:\WINDOWS\xhrmo.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Programme\QuickTime\qttask.exe [2009-09-05 417792] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Rlos] C:\DOKUME~1\SORANM~1\EIGENE~1\YSTEM3~1\logonui.exe -vt yax [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchUpgrader] C:\Programme\Common files\SearchUpgrader\SearchUpgrader.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] C:\Programme\Skype\Phone\Skype.exe [2007-02-22 25388584] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite] C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [2005-10-26 159744] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Programme\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SurfAccuracy] C:\Programme\SurfAccuracy\SAcc.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tbon] C:\Programme\TBONBin\tbon.exe /r [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrayServer] C:\MAGIX\Video_deluxe_2007_PLUS\TrayServer.exe [2006-10-04 86016] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr] C:\Programme\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe [2006-03-30 313472] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinAntiVirusPro2006] C:\Programme\WinAntiVirus Pro 2006\WinAV.exe /min [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ypvob] C:\Program Files\Ygmd\Hjrfr.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Acrobat Speed Launcher.lnk] C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2009-03-16 25214] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^AOL 9.0 Tray-Symbol.lnk] C:\PROGRA~1\AOL9~1.0\aoltray.exe [2004-05-10 156784] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^HP Digital Imaging Monitor.lnk] C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2003-09-16 237568] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^ImageMixer for HDD Camcorder.lnk] L:\PIXELA\IMAGEM~1\IMX3LA~1.EXE [2006-06-08 1871872] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^***^Startmenü^Programme^Autostart^Screen Saver Control.lnk] C:\WINDOWS\FSScrCtl.exe [2006-06-12 241664] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "aawservice"=2 "Apple Mobile Device"=2 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] C:\WINDOWS\system32\Ati2evxx.dll [2009-07-15 155648] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Programme\AOL 9.0\waol.exe"="C:\Programme\AOL 9.0\waol.exe:*:Enabled:AOL 9.0" "C:\Programme\Microsoft Games\Flight Simulator 9\fs9.exe"="C:\Programme\Microsoft Games\Flight Simulator 9\fs9.exe:*:Enabled:Microsoft Flight Simulator" "C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server" "C:\Programme\SopCast\SopCast.exe"="C:\Programme\SopCast\SopCast.exe:*:Enabled:SopCast" "C:\Dokumente und Einstellungen\***\Anwendungsdaten\SopCast\adv\SopAdver.exe"="C:\Dokumente und Einstellungen\***\Anwendungsdaten\SopCast\adv\SopAdver.exe:*:Enabled:SopAdver" "C:\Programme\internet explorer\iexplore.exe"="C:\Programme\internet explorer\iexplore.exe:*:Enabled:Internet Explorer" "C:\Programme\Skype\Phone\Skype.exe"="C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "D:\Programme\eMule.de 0.46c v17\emule.exe"="D:\Programme\eMule.de 0.46c v17\emule.exe:* isabled:eMule""C:\Programme\TVUPlayer\TVUPlayer.exe"="C:\Programme\TVUPlayer\TVUPlayer.exe:*:Enabled:TVUPlayer Component" "C:\Programme\Bonjour\mDNSResponder.exe"="C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour" "D:\Programme\iTunes\iTunes.exe"="D:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G] shell\AutoRun\command - G:\stub.exe ======List of files/folders created in the last 1 months====== 2009-12-22 02:55:28 ----SHD---- C:\Config.Msi 2009-12-22 00:55:46 ----D---- C:\rsit 2009-12-22 00:42:18 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Malwarebytes 2009-12-22 00:42:06 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes 2009-12-22 00:42:05 ----D---- C:\Programme\Malwarebytes' Anti-Malware 2009-12-18 19:13:03 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com 2009-12-18 19:12:54 ----D---- C:\Programme\SUPERAntiSpyware 2009-12-18 19:12:54 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\SUPERAntiSpyware.com 2009-12-18 19:06:59 ----D---- C:\Programme\HijackThis 2009-12-16 19:37:28 ----A---- C:\WINDOWS\D4E5BE1A1B770A11.log[20091216_1937].bak 2009-12-13 17:13:42 ----D---- C:\Medion 2009-12-12 20:22:53 ----N---- C:\WINDOWS\system32\spmsg2.dll 2009-12-12 20:22:47 ----HDC---- C:\WINDOWS\$NtUninstallXPSEPSCLP$ 2009-12-12 19:51:45 ----D---- C:\Programme\Bevelstone Production 2009-12-09 22:33:55 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$ 2009-12-09 22:33:46 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$ 2009-12-09 22:33:36 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$ 2009-12-09 22:32:57 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$ 2009-12-09 22:32:47 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$ 2009-11-25 18:05:19 ----HDC---- C:\WINDOWS\$NtUninstallKB976098-v2$ 2009-11-25 18:05:12 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$ ======List of files/folders modified in the last 1 months====== 2009-12-23 12:30:45 ----D---- C:\Programme\Mozilla Firefox 2009-12-23 12:15:48 ----AD---- C:\WINDOWS\Temp 2009-12-23 12:15:38 ----D---- C:\WINDOWS\system32\CatRoot2 2009-12-23 12:14:55 ----D---- C:\WINDOWS 2009-12-22 03:11:51 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-12-22 02:56:44 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy 2009-12-22 02:55:31 ----SHD---- C:\WINDOWS\Installer 2009-12-22 02:55:31 ----D---- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard 2009-12-22 02:54:17 ----D---- C:\Programme\Spybot - Search & Destroy 2009-12-22 02:51:11 ----D---- C:\WINDOWS\system32\drivers 2009-12-22 02:51:10 ----HD---- C:\WINDOWS\inf 2009-12-22 01:20:55 ----A---- C:\WINDOWS\win.ini 2009-12-22 00:55:37 ----HDC---- C:\WINDOWS\$NtUninstallKB888113$ 2009-12-22 00:55:08 ----AD---- C:\Programme 2009-12-22 00:55:07 ----RSD---- C:\WINDOWS\Fonts 2009-12-20 18:46:28 ----A---- C:\driverlog.txt 2009-12-19 01:35:31 ----AC---- C:\WINDOWS\ntbtlog.txt 2009-12-18 19:49:25 ----AD---- C:\WINDOWS\system32 2009-12-18 19:37:36 ----D---- C:\WINDOWS\Prefetch 2009-12-17 20:57:34 ----A---- C:\WINDOWS\PhotoSnapViewer.INI 2009-12-17 20:56:46 ----A---- C:\WINDOWS\NeroDigital.ini 2009-12-13 17:17:27 ----RASH---- C:\boot.ini 2009-12-13 17:17:27 ----A---- C:\WINDOWS\system.ini 2009-12-12 20:38:58 ----D---- C:\WINDOWS\Microsoft.NET 2009-12-12 20:22:38 ----RSD---- C:\WINDOWS\assembly 2009-12-12 20:22:27 ----D---- C:\WINDOWS\system32\de-de 2009-12-12 20:22:26 ----D---- C:\WINDOWS\system32\XPSViewer 2009-12-11 18:46:45 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-12-09 22:34:00 ----A---- C:\WINDOWS\imsins.BAK 2009-12-09 22:33:58 ----RSHDC---- C:\WINDOWS\system32\dllcache 2009-12-09 22:33:35 ----HD---- C:\WINDOWS\$hf_mig$ 2009-12-09 22:33:24 ----D---- C:\Programme\internet explorer 2009-12-09 22:33:14 ----D---- C:\WINDOWS\ie7updates 2009-12-01 21:06:20 ----A---- C:\WINDOWS\system32\MRT.exe 2009-11-25 18:04:13 ----D---- C:\WINDOWS\WinSxS ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2005-10-07 43488] R1 avgio;avgio; \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104] R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2009-09-11 24744] R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-03 40192] R1 prodrv04;Star Force copy protection driver v4; C:\WINDOWS\System32\drivers\prodrv04.sys [2006-05-14 114496] R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2004-08-09 53920] R1 SSHDRV5C;SSHDRV5C; \??\C:\WINDOWS\system32\drivers\SSHDRV5C.sys [] R1 SSHDRV76;SSHDRV76; \??\C:\WINDOWS\System32\drivers\SSHDRV76.sys [] R1 SSHDRV86;SSHDRV86; \??\C:\WINDOWS\system32\drivers\SSHDRV86.sys [] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520] R2 ACEDRV07;ACEDRV07; \??\C:\WINDOWS\system32\drivers\ACEDRV07.sys [] R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-12-07 56816] R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\System32\DRIVERS\AGRSM.sys [2004-06-29 1268204] R3 AnyDVD;AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [2009-09-24 104512] R3 Arp1394;1394-ARP-Clientprotokoll; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-03 60800] R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-07-15 4407808] R3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\WINDOWS\system32\drivers\AtiHdmi.sys [2009-06-02 99856] R3 Cap7134;MEDION (7134) WDM Video Capture; C:\WINDOWS\System32\DRIVERS\Cap7134.sys [2003-06-05 350752] R3 CardReaderFilter;Card Reader Filter; \??\C:\WINDOWS\system32\Drivers\USBCRFT.SYS [] R3 cmudax;C-Media Azalia Audio Interface; C:\WINDOWS\system32\drivers\cmudax.sys [2004-06-08 1390976] R3 ElbyDelay;ElbyDelay; C:\WINDOWS\System32\Drivers\ElbyDelay.sys [2007-02-16 11984] R3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\System32\DRIVERS\fetnd5b.sys [2004-04-15 42496] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600] R3 HDAudBus;Microsoft UAA-Bustreiber für High Definition Audio; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [2004-04-26 135168] R3 HidUsb;Microsoft HID Class-Treiber; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-08-17 9600] R3 MODEMCSA;Unimodem-Datenstromfiltergerät; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128] R3 NIC1394;1394-Netzwerktreiber; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-03 61824] R3 Pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\Pcouffin.sys [2008-02-01 47360] R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-12-05 10368] R3 PhTVTune;MEDION TV-TUNER 7134 MK2/3; C:\WINDOWS\System32\DRIVERS\PhTVTune.sys [2003-06-12 24704] R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-03 26624] R3 usbhub;Microsoft USB-Standardhubtreiber; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600] R3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-03 26496] R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-03 20480] R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\System32\DRIVERS\wanatw4.sys [2003-01-10 33588] R3 X10UIF;%DESCRIPTION%; C:\WINDOWS\System32\Drivers\x10uif.sys [2001-11-14 10761] S1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2004-08-03 14848] S1 spl1394;spl1394; \??\C:\WINDOWS\System32\drivers\sflacpi.sys [] S3 61883;61883-Einheitsgerät; C:\WINDOWS\system32\DRIVERS\61883.sys [2004-08-03 48128] S3 Avc;AVC-Gerät; C:\WINDOWS\system32\DRIVERS\avc.sys [2004-08-03 38912] S3 bfturboh;BUFFALO TurboUSB for HD Filter; C:\WINDOWS\system32\drivers\bfturboh.sys [2007-08-01 15872] S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2004-08-03 17024] S3 dtscsi;dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys [2006-04-26 223128] S3 HdAudAddService;Microsoft UAA-Funktionstreiber für den High Definition Audio-Dienst; C:\WINDOWS\system32\drivers\HdAudio.sys [2004-03-17 113664] S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [2004-01-05 51056] S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [2004-01-05 16496] S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [2004-01-05 21488] S3 IIUSBISP;USB Mass Storage for USB ISP; C:\WINDOWS\System32\Drivers\iiusbisp.sys [] S3 Intels51;Creatix V.9X DSP Data Fax Modem; C:\WINDOWS\System32\DRIVERS\CtxS51.sys [2004-03-12 845092] S3 mouhid;Maus-HID-Treiber; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-18 12288] S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\System32\DRIVERS\msdv.sys [2004-08-03 51328] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504] S3 MxlW2k;MxlW2k; C:\WINDOWS\system32\drivers\MxlW2k.sys [2004-10-01 28352] S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2004-08-03 85376] S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2004-08-03 10880] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2004-08-03 11136] S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2004-08-03 15360] S3 UKBFLT;UKBFLT; C:\WINDOWS\System32\DRIVERS\UKBFLT.sys [2003-12-19 11672] S3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-03 31616] S3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2004-08-03 25856] S3 usbscan;USB-Scannertreiber; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2004-08-03 15104] S3 w810bus;Sony Ericsson W810 Driver driver (WDM); C:\WINDOWS\system32\DRIVERS\w810bus.sys [2006-02-20 58288] S3 w810mdfl;Sony Ericsson W810 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\w810mdfl.sys [2006-02-20 8336] S3 w810mdm;Sony Ericsson W810 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\w810mdm.sys [2006-02-20 94064] S3 w810mgmt;Sony Ericsson W810 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\w810mgmt.sys [2006-02-20 85408] S3 w810obex;Sony Ericsson W810 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\w810obex.sys [2006-02-20 83344] S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528] S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] S4 SENdisk;SENdisk; \??\C:\WINDOWS\System32\drivers\rasnull.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Programme\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289] R2 AntiVirService;Avira AntiVir Guard; C:\Programme\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089] R2 AOL ACS;AOL Connectivity Service; C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe [2004-11-09 1140312] R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-07-15 602112] R2 Bonjour Service;Bonjour-Dienst; C:\Programme\Bonjour\mDNSResponder.exe [2008-12-12 238888] R2 MDM;Machine Debug Manager; C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120] R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-03 14336] S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2009-07-14 593920] S2 gupdate;Google Update Service (gupdate); C:\Programme\Google\Update\GoogleUpdate.exe [2009-10-26 133104] S2 LogWatch;Ereignisprotokoll-Überwachung; C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe [] S3 Adobe LM Service;Adobe LM Service; C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe [2006-05-10 69632] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 CA_LIC_CLNT;CA-Lizenz-Client; C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe [] S3 CA_LIC_SRVR;CA-Lizenzserver; C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe [] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; C:\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 IDriverT;InstallDriver Table Manager; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 iPod Service;iPod-Dienst; D:\Programme\iPod\bin\iPodService.exe [2009-10-28 545568] S3 ose;Office Source Engine; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\HPZipm12.exe [2004-01-05 65795] S3 WMPNetworkSvc;Windows Media Player-Netzwerkfreigabedienst; C:\Programme\Windows Media Player\WMPNetwk.exe [2006-11-03 920576] S3 x10nets;X10 Device Network Service; C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe [2001-11-12 20480] S4 Apple Mobile Device;Apple Mobile Device; C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF----------------- Was ich nicht ganz nachvollziehen kann ist die Tatsache, dass ich immer schon AntiVir auf dem Rechner hatte und dieser dann doch so stark befallen ist (war?). |
|
23.12.2009, 21:54
| #10 | |
| | Seit paar Tagen nervige Popups Hallo Zitat:
Deinstalliere bitte schon einmal diese veralteten Programme: alle Javaversionen Adobe Reader sowie ungenutzte Software. MFG
__________________ Kein Support per PN - Bitte im Forum posten. Wenn du das Forum unterstützen möchtest Genitiv ins Wasser, weil es dativ ist http://www.vivaconagua.org/ |
|
24.12.2009, 15:59
| #11 |
| | Seit paar Tagen nervige Popups Gibt es noch mehr Logs? Habe nur das von mir gepostete Rsit-Log gefunden. Das von Malwarebytes hat ja keinen Funde ergeben, daher hab ich es nicht gepostet. Bin jetzt über Weihnachten nicht an meinem "Patienten". Werde daher erst nächste Woche die Programme löschen. Wie würde es weiter gehen? Ist mein PC wirklich noch befallen (laut der Log)? Ich habe nicht ganz so viel Ahnung von dem Thema  Ich wünsche ein frohes Weihnachtsfest und nochmal vielen Dank für die Unterstützung! |
|
25.12.2009, 00:46
| #12 | ||
| | Seit paar Tagen nervige Popups Hallo Zitat:
 Zitat:
Bei Malwarebytes unter Scan-Berichte solltest du das passende Log finden. MFG
__________________ Kein Support per PN - Bitte im Forum posten. Wenn du das Forum unterstützen möchtest Genitiv ins Wasser, weil es dativ ist http://www.vivaconagua.org/ |
|
31.12.2009, 14:20
| #13 |
| | Seit paar Tagen nervige Popups Hier das Log von Malwarebytes beim ersten Suchlauf. Wie gesagt habe ich die infizierten Objekte in die Quarantäne gesteckt und frage mich, ob ich diese einfach so löschen kann... Malwarebytes' Anti-Malware 1.42 Datenbank Version: 3406 Windows 5.1.2600 Service Pack 2 Internet Explorer 7.0.5730.13 22.12.2009 00:55:08 mbam-log-2009-12-22 (00-55-08).txt Scan-Methode: Quick-Scan Durchsuchte Objekte: 132443 Laufzeit: 10 minute(s), 40 second(s) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 9 Infizierte Registrierungsschlüssel: 40 Infizierte Registrierungswerte: 4 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 31 Infizierte Dateien: 83 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: C:\Programme\Web Search Operator\4.1.0.2080\lri.dll (Adware.Agent) -> Delete on reboot. C:\Programme\Web Search Operator\4.1.0.2080\WSOCommon.dll (Adware.Agent) -> Delete on reboot. C:\Programme\Web Search Operator\4.1.0.2080\FF\components\WSOFFAddOn.dll (Adware.Agent) -> Delete on reboot. C:\Programme\Automated Content Enhancer\4.1.0.5290\ACECommon.dll (Adware.Agent) -> Delete on reboot. C:\Programme\Automated Content Enhancer\4.1.0.5290\lri.dll (Adware.Agent) -> Delete on reboot. C:\Programme\Automated Content Enhancer\4.1.0.5290\FF\components\ACEFFAddOn.dll (Adware.Agent) -> Delete on reboot. C:\Programme\Customized Platform Advancer\4.1.0.1960\CPACommon.dll (Adware.Agent) -> Delete on reboot. C:\Programme\Customized Platform Advancer\4.1.0.1960\lri.dll (Adware.Agent) -> Delete on reboot. C:\Programme\Customized Platform Advancer\4.1.0.1960\FF\components\CPAFFAddOn.dll (Adware.Agent) -> Delete on reboot. Infizierte Registrierungsschlüssel: HKEY_CLASSES_ROOT\explorerbar.cmw (Adware.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{f5b8c69c-9b45-4a6a-9380-df225c546ae7} (Adware.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{629cd6c2-e4c5-4554-aeb8-12e4e2cd40ff} (Adware.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{b72681c0-a222-4b21-a0e2-53a5a5ca3d41} (Adware.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b72681c0-a222-4b21-a0e2-53a5a5ca3d41} (Adware.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b72681c0-a222-4b21-a0e2-53a5a5ca3d41} (Adware.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\explorerbar.cmw.1 (Adware.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\explorerbar.tcp (Adware.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{2a743834-05f4-4ed4-8a1c-41332b10ac0c} (Adware.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{1081d532-7de4-40bd-b912-388fa6b27c78} (Adware.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{cac89ff9-34a9-4431-8cfe-292a47f843bc} (Adware.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Explorer\Bars\{cac89ff9-34a9-4431-8cfe-292a47f843bc} (Adware.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cac89ff9-34a9-4431-8cfe-292a47f843bc} (Adware.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cac89ff9-34a9-4431-8cfe-292a47f843bc} (Adware.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\explorerbar.tcp.1 (Adware.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{6160f76a-1992-4b17-a32d-0c706d159105} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{1d74e9dd-8987-448b-b2cb-67fff2b8a932} (Adware.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{565dd573-549e-4da9-8cd7-6ae3df25339a} (Adware.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d74e9dd-8987-448b-b2cb-67fff2b8a932} (Adware.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1d74e9dd-8987-448b-b2cb-67fff2b8a932} (Adware.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{3de88beb-f271-484a-ba71-01d30f439f0c} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{50ad41d2-b1f0-47cc-9ea7-395355eaeebd} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{8ceb185e-81a5-46d3-bc20-c555d605afbd} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{a72522ba-9ff3-4c83-abc6-9b476728a396} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{c5762628-ae15-4ca6-96c4-b00dd17f3419} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{d062e03e-65ca-49e4-9b15-31938ba98922} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{ac5ab953-ed25-4f9c-87f0-b086b0178ffa} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Explorer\Bars\{b72681c0-a222-4b21-a0e2-53a5a5ca3d411} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{42c7c39f-3128-4a17-bdb7-91c46032b5b9} (Adware.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{eb4a577d-bcad-4b1c-8af2-9a74b8dd3431} (Adware.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d45817b8-3ead-4d1d-8fca-ec63a8e35de2} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Web Search Operator (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\AppDataLow\SOFTWARE\Internet Today (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Automated Content Enhancer (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Customized Platform Advancer (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\QuestService (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Web Search Operator (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Automated Content Enhancer (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Customized Platform Advancer (Adware.DoubleD) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{d45817b8-3ead-4d1d-8fca-ec63a8e35de2} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{8141440e-08f0-4339-9959-5c31c6a69f23} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{e63605fc-d583-4c81-867f-9457bdb3ea1b} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{e889f097-b0be-471b-89ad-b86b6f04b506} (Adware.DoubleD) -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: C:\Programme\Internet Today (Adware.Agent) -> Quarantined and deleted successfully. C:\Programme\Internet Today\1.1.0.1260 (Adware.Agent) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Lokale Einstellungen\Temp\cmw\newSetup (Adware.Agent) -> Quarantined and deleted successfully. C:\Programme\Web Search Operator (Adware.Agent) -> Quarantined and deleted successfully. C:\Programme\Web Search Operator\4.1.0.2080 (Adware.Agent) -> Quarantined and deleted successfully. C:\Programme\Web Search Operator\4.1.0.2080\Data (Adware.Agent) -> Quarantined and deleted successfully. C:\Programme\Web Search Operator\4.1.0.2080\FF (Adware.Agent) -> Quarantined and deleted successfully. C:\Programme\Web Search Operator\4.1.0.2080\FF\chrome (Adware.Agent) -> Quarantined and deleted successfully. C:\Programme\Web Search Operator\4.1.0.2080\FF\chrome\content (Adware.Agent) -> Quarantined and deleted successfully. C:\Programme\Web Search Operator\4.1.0.2080\FF\components (Adware.Agent) -> Quarantined and deleted successfully. C:\Programme\Textual Content Provider (Adware.Agent) -> Quarantined and deleted successfully. C:\Programme\Textual Content Provider\1.1.0.1810 (Adware.Agent) -> Quarantined and deleted successfully. C:\Programme\Textual Content Provider\1.1.0.1810\data (Adware.Agent) -> Quarantined and deleted successfully. C:\Programme\Automated Content Enhancer (Adware.Agent) -> Quarantined and deleted successfully. C:\Programme\Automated Content Enhancer\4.1.0.5290 (Adware.Agent) -> Quarantined and deleted successfully. C:\Programme\Automated Content Enhancer\4.1.0.5290\Data (Adware.Agent) -> Quarantined and deleted successfully. C:\Programme\Automated Content Enhancer\4.1.0.5290\FF (Adware.Agent) -> Quarantined and deleted successfully. C:\Programme\Automated Content Enhancer\4.1.0.5290\FF\chrome (Adware.Agent) -> Quarantined and deleted successfully. C:\Programme\Automated Content Enhancer\4.1.0.5290\FF\chrome\content (Adware.Agent) -> Quarantined and deleted successfully. C:\Programme\Automated Content Enhancer\4.1.0.5290\FF\components (Adware.Agent) -> Quarantined and deleted successfully. C:\Programme\Customized Platform Advancer (Adware.Agent) -> Quarantined and deleted successfully. C:\Programme\Customized Platform Advancer\4.1.0.1960 (Adware.Agent) -> Quarantined and deleted successfully. C:\Programme\Customized Platform Advancer\4.1.0.1960\Data (Adware.Agent) -> Quarantined and deleted successfully. C:\Programme\Customized Platform Advancer\4.1.0.1960\FF (Adware.Agent) -> Quarantined and deleted successfully. C:\Programme\Customized Platform Advancer\4.1.0.1960\FF\chrome (Adware.Agent) -> Quarantined and deleted successfully. C:\Programme\Customized Platform Advancer\4.1.0.1960\FF\chrome\content (Adware.Agent) -> Quarantined and deleted successfully. C:\Programme\Customized Platform Advancer\4.1.0.1960\FF\components (Adware.Agent) -> Quarantined and deleted successfully. C:\Programme\Content Management Wizard (Adware.Agent) -> Quarantined and deleted successfully. C:\Programme\Content Management Wizard\1.1.0.1990 (Adware.Agent) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QuestService (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Programme\QuestService (Adware.DoubleD) -> Quarantined and deleted successfully. Infizierte Dateien: Geändert von Helga79 (31.12.2009 um 14:26 Uhr) |
|
31.12.2009, 14:21
| #14 |
| | Seit paar Tagen nervige Popups Der Zweite Suchlauf ergab dann folgendes: Malwarebytes' Anti-Malware 1.42 Datenbank Version: 3406 Windows 5.1.2600 Service Pack 2 Internet Explorer 7.0.5730.13 22.12.2009 02:49:07 mbam-log-2009-12-22 (02-49-07).txt Scan-Methode: Vollständiger Scan (C:\|D:\|E:\|) Durchsuchte Objekte: 374915 Laufzeit: 1 hour(s), 46 minute(s), 35 second(s) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 23 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Dokumente und Einstellungen\Lokale Einstellungen\Temporary Internet Files\Content.IE5\2UZIPOVJ\productinfo[1].dll (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Lokale Einstellungen\Temporary Internet Files\Content.IE5\2UZIPOVJ\mvbup[1].exe (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Lokale Einstellungen\Temporary Internet Files\Content.IE5\2UZIPOVJ\cpasetup[1].exe (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Lokale Einstellungen\Temporary Internet Files\Content.IE5\QT53D55N\itsetup[1].exe (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Lokale Einstellungen\Temporary Internet Files\Content.IE5\WUDVVO3N\acesetup[1].exe (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Lokale Einstellungen\Temporary Internet Files\Content.IE5\WUDVVO3N\tcpsetup[1].exe (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Lokale Einstellungen\Temporary Internet Files\Content.IE5\Z16ZIF5X\cmwsetup[1].exe (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Lokale Einstellungen\Temporary Internet Files\Content.IE5\Z16ZIF5X\wsosetup[1].exe (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Lokale Einstellungen\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\mvbup.exe (Adware.DoubleD) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP392\A0164910.rbf (Adware.DoubleD) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP392\A0164913.rbf (Adware.DoubleD) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP392\A0164914.rbf (Adware.DoubleD) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP392\A0164915.rbf (Adware.DoubleD) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP392\A0164916.rbf (Adware.DoubleD) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP393\A0165076.exe (Adware.DoubleD) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP397\A0165345.exe (Adware.DoubleD) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP397\A0165347.exe (Adware.DoubleD) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP397\A0165348.exe (Adware.DoubleD) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP397\A0165349.exe (Adware.DoubleD) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP397\A0165350.exe (Adware.DoubleD) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP397\A0165351.exe (Adware.DoubleD) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP397\A0165352.exe (Adware.DoubleD) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP397\A0165353.exe (Adware.DoubleD) -> Quarantined and deleted successfully. Beim dritten Suchlauf wurde nichts gefunden! |
|
01.01.2010, 23:04
| #15 |
| | Seit paar Tagen nervige Popups Hallo lass bitte den CCleaner dein System aufräumen (auch Registry), dann deaktiviere bitte die Systemwiederherstellung --> System herunterfahren --> System ca. 2min auslassen --> Neustart --> Systemwiederherstellung kann wieder aktiviert werden. Dann bitte nach dem Neustart einen neuen Punkt in der Systemwiederherstellung erstellen, einen Wiederherstellungspunkt vergeben kannst du unter Start --> Programme --> Zubehör --> Systemprogramme --> Systemwiederherstellung findest du den Punkt einen neuen Systemwiederherstellungspunkt erstellen. Hast du zwischenzeitlich eine Sicherung deiner Dateien angelegt? Wenn nein, solltest du das jetzt machen. Musik, Videos, Bilder und Officedateien können i.d.R. problemlos gesichert werden, verzichten solltest du auf ausführbare Dateien. MFG
__________________ Kein Support per PN - Bitte im Forum posten. Wenn du das Forum unterstützen möchtest Genitiv ins Wasser, weil es dativ ist http://www.vivaconagua.org/ |
|
| Themen zu Seit paar Tagen nervige Popups |
| adobe, adware.agent, adware.doubled, antivir guard, avira, dateien, desktop, firefox, gupdate, hijack, hkus\s-1-5-18, internet, internet explorer, magix, messenger, microsoft, mozilla, opera, popups, problem, programme, system32, tr/dldr.agent.cxye, tr/dldr.agent.cxyf, windows |
Linear-Darstellung
