|
Log-Analyse und Auswertung: I-Net phasenweise langsam, Grafikproblem - Eventuell Virus/Trojaner?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
10.01.2010, 17:17 | #1 |
| I-Net phasenweise langsam, Grafikproblem - Eventuell Virus/Trojaner? Hallo zusammen! Bin neu hier und hab auch zum ersten Mal ein HiJackThis-Log gemacht/erstellt. Habe aber so gut wie keine Ahnung von sowas :-( Vielleicht könnt Ihr mir ja helfen, mein I-Net ist seit den letzten Tagen phasenweise sehr langsam, also es lädt die Seiten nicht und so nach 10 Minuten etwa geht wieder alles wunderbar. Meine Grafikkarte funktioniert aber schon seit längerem nicht mehr (ca. 3 Monate), als Fehlermeldung erschien in etwa "Grafikbeschleuniger wurde zurückgesetzt". Ok, dies kann natürlich auch ohne Virus oder Ähnlichem vorkommen, wollte es nur mal erwähnen Habe den CCleaner angewendet, das Anti-Malware und RSIT. Wäre euch sehr dankbar wenn mir einer helfen könnte oder mir sagen was genau meine Log-Dateien aussagen?! Vielen Dank im Voraus. HiJackThis Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:53:55, on 10.01.2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: E:\WINDOWS\System32\smss.exe E:\WINDOWS\system32\winlogon.exe E:\WINDOWS\system32\services.exe E:\WINDOWS\system32\lsass.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\System32\svchost.exe E:\WINDOWS\system32\ZoneLabs\vsmon.exe E:\WINDOWS\Explorer.EXE E:\WINDOWS\system32\spoolsv.exe E:\WINDOWS\system32\crypserv.exe E:\Programme\Eset\nod32krn.exe E:\WINDOWS\System32\PSIService.exe E:\WINDOWS\System32\svchost.exe E:\WINDOWS\system32\wscntfy.exe E:\Programme\Zone Labs\ZoneAlarm\zlclient.exe E:\WINDOWS\system32\ctfmon.exe E:\Dokumente und Einstellungen\x\Desktop\RSIT.exe E:\Dokumente und Einstellungen\x\Desktop\HiJackThis\x.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://www.sportdog.gr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Programme\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - E:\Programme\Epson Software\Easy Photo Print\EPTBL.dll O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file) O2 - BHO: Burn4Free Toolbar Helper - {D187A56B-A33F-4CBE-9D77-459FC0BAE012} - E:\Programme\Burn4Free Toolbar\v3.3.0.2\Burn4Free_Toolbar.dll O2 - BHO: (no name) - {E676A759-8097-66A4-357C-CFDF2D90496D} - (no file) O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - E:\Programme\Epson Software\Easy Photo Print\EPTBL.dll O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - E:\Programme\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll O3 - Toolbar: Burn4Free Toolbar - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - E:\Programme\Burn4Free Toolbar\v3.3.0.2\Burn4Free_Toolbar.dll O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [ZoneAlarm Client] "E:\Programme\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\RunServices: [Microsoft Update 32] wininit32.exe O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Alles mit FlashGet laden - E:\Programme\flashget\jc_all.htm O8 - Extra context menu item: Mit FlashGet laden - E:\Programme\flashget\jc_link.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Programme\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Programme\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\WINDOWS\System32\shdocvw.dll O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\WINDOWS\System32\shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Programme\Messenger\msmsgs.exe O16 - DPF: ppctlcab - h**p://ppupdates.ca.com/downloads/scanner/ppctlcab.cab O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - h**p://public.windupdates.com/get_file.php?bt=ie&p=742ae6aabe7d3a41bcf4a5afcbb90dcf34dad1f7e20e580a8628a9310ebdbc79ff97ebe1e10940b1a7ee84d6b88713ffc07adc36a6c198daa84af66cad27b7bddb:0bcd3b08a0018c359992be6d71d48cd1 O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - h**p://static.35mb.com/applet/applet_l.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{593779BC-53C2-4AD1-BBD6-EE554FE97E47}: NameServer = 192.168.120.252,192.168.120.253 O17 - HKLM\System\CCS\Services\Tcpip\..\{AF97774D-5B2F-4F19-8512-19A42F12553F}: NameServer = 62.220.18.38 89.246.64.38 O23 - Service: Crypkey License - Kenonic Controls Ltd. - E:\WINDOWS\SYSTEM32\crypserv.exe O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - E:\PROGRAMME\FRITZ!\de_serv.exe O23 - Service: Macromedia Licensing Service - Unknown owner - E:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - E:\Programme\Eset\nod32krn.exe O23 - Service: ProtexisLicensing - Unknown owner - E:\WINDOWS\System32\PSIService.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - E:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 5687 bytes |
10.01.2010, 17:20 | #2 |
| I-Net phasenweise langsam, Grafikproblem - Eventuell Virus/Trojaner? RSIT Log
__________________Code:
ATTFilter Logfile of random's system information tool 1.06 (written by random/random) Run by x at 2010-01-10 16:53:51 Microsoft Windows XP Professional Service Pack 3 System drive E: has 8 GB (10%) free of 79 GB Total RAM: 511 MB (51% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:53:55, on 10.01.2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: E:\WINDOWS\System32\smss.exe E:\WINDOWS\system32\winlogon.exe E:\WINDOWS\system32\services.exe E:\WINDOWS\system32\lsass.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\System32\svchost.exe E:\WINDOWS\system32\ZoneLabs\vsmon.exe E:\WINDOWS\Explorer.EXE E:\WINDOWS\system32\spoolsv.exe E:\WINDOWS\system32\crypserv.exe E:\Programme\Eset\nod32krn.exe E:\WINDOWS\System32\PSIService.exe E:\WINDOWS\System32\svchost.exe E:\WINDOWS\system32\wscntfy.exe E:\Programme\Zone Labs\ZoneAlarm\zlclient.exe E:\WINDOWS\system32\ctfmon.exe E:\Dokumente und Einstellungen\x\Desktop\RSIT.exe E:\Dokumente und Einstellungen\x\Desktop\HiJackThis\x.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://www.sportdog.gr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Programme\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - E:\Programme\Epson Software\Easy Photo Print\EPTBL.dll O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file) O2 - BHO: Burn4Free Toolbar Helper - {D187A56B-A33F-4CBE-9D77-459FC0BAE012} - E:\Programme\Burn4Free Toolbar\v3.3.0.2\Burn4Free_Toolbar.dll O2 - BHO: (no name) - {E676A759-8097-66A4-357C-CFDF2D90496D} - (no file) O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - E:\Programme\Epson Software\Easy Photo Print\EPTBL.dll O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - E:\Programme\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll O3 - Toolbar: Burn4Free Toolbar - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - E:\Programme\Burn4Free Toolbar\v3.3.0.2\Burn4Free_Toolbar.dll O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [ZoneAlarm Client] "E:\Programme\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\RunServices: [Microsoft Update 32] wininit32.exe O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Alles mit FlashGet laden - E:\Programme\flashget\jc_all.htm O8 - Extra context menu item: Mit FlashGet laden - E:\Programme\flashget\jc_link.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Programme\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Programme\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\WINDOWS\System32\shdocvw.dll O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\WINDOWS\System32\shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Programme\Messenger\msmsgs.exe O16 - DPF: ppctlcab - h**p://ppupdates.ca.com/downloads/scanner/ppctlcab.cab O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - h**p://public.windupdates.com/get_file.php?bt=ie&p=742ae6aabe7d3a41bcf4a5afcbb90dcf34dad1f7e20e580a8628a9310ebdbc79ff97ebe1e10940b1a7ee84d6b88713ffc07adc36a6c198daa84af66cad27b7bddb:0bcd3b08a0018c359992be6d71d48cd1 O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - h**p://static.35mb.com/applet/applet_l.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{593779BC-53C2-4AD1-BBD6-EE554FE97E47}: NameServer = 192.168.120.252,192.168.120.253 O17 - HKLM\System\CCS\Services\Tcpip\..\{AF97774D-5B2F-4F19-8512-19A42F12553F}: NameServer = 62.220.18.38 89.246.64.38 O23 - Service: Crypkey License - Kenonic Controls Ltd. - E:\WINDOWS\SYSTEM32\crypserv.exe O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - E:\PROGRAMME\FRITZ!\de_serv.exe O23 - Service: Macromedia Licensing Service - Unknown owner - E:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - E:\Programme\Eset\nod32krn.exe O23 - Service: ProtexisLicensing - Unknown owner - E:\WINDOWS\System32\PSIService.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - E:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 5687 bytes ======Scheduled tasks folder====== E:\WINDOWS\tasks\B55CDC01913B4849.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] AcroIEHlprObj Class - E:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - E:\Programme\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9421DD08-935F-4701-A9CA-22DF90AC4EA6}] Easy Photo Print - E:\Programme\Epson Software\Easy Photo Print\EPTBL.dll [2008-04-02 266240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5366673-E8CA-11D3-9CD9-0090271D075B}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D187A56B-A33F-4CBE-9D77-459FC0BAE012}] Burn4Free Toolbar Helper - E:\Programme\Burn4Free Toolbar\v3.3.0.2\Burn4Free_Toolbar.dll [2009-08-16 815104] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E676A759-8097-66A4-357C-CFDF2D90496D}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {E0E899AB-F487-11D5-8D29-0050BA6940E3} {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - Easy Photo Print - E:\Programme\Epson Software\Easy Photo Print\EPTBL.dll [2008-04-02 266240] {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - Veoh Web Player Video Finder - E:\Programme\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll [2009-03-26 429816] {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - Burn4Free Toolbar - E:\Programme\Burn4Free Toolbar\v3.3.0.2\Burn4Free_Toolbar.dll [2009-08-16 815104] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd [] "ZoneAlarm Client"=E:\Programme\Zone Labs\ZoneAlarm\zlclient.exe [2008-07-09 919016] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"=E:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] "Power2GoExpress"= [] "PowerBar"= [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC] E:\Programme\ATI Technologies\ATI.ACE\cli.exe runtime -Delay [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA] E:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bits sect] [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA] [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeviceDiscovery] E:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2002-12-02 40960] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON SX100 Series] E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEDE.EXE [2008-02-05 188928] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] E:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd2.exe [2006-02-19 49152] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility] E:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe [2003-03-11 172032] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HydraVisionDesktopManager] E:\Programme\ATI Technologies\ATI HydraVision\HydraDM.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Optimizer] E:\Dokumente und Einstellungen\x\Internet Optimizer\optimize.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechGalleryRepair] E:\Programme\Logitech\ImageStudio\ISStart.exe [2002-12-10 155648] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechImageStudioTray] E:\Programme\Logitech\ImageStudio\LogiTray.exe [2002-12-10 61440] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS] E:\Programme\Gemeinsame Dateien\Logitech\QCDriver3\LVCOMS.EXE [2002-12-10 127022] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ] [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nod32kui] E:\Programme\Eset\nod32kui.exe [2005-12-27 917504] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication] [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync] [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] E:\Programme\QuickTime\qttask.exe [2006-09-01 282624] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] E:\Programme\CyberLink DVD Solution\PowerDVD\PDVDServ.exe [2003-10-31 32768] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMnEx32] E:\WINDOWS\System32\GAFE6.tmp.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] E:\Programme\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin] E:\Programme\Veoh Networks\VeohWebPlayer\veohwebplayer.exe [2009-03-26 3558648] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebCamRT.exe] [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\E:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader - Schnellstart.lnk] E:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [2004-12-14 29696] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\E:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^HP Digital Imaging Monitor.lnk] E:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hpqtra08.exe [2006-02-19 288472] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\E:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Microsoft Office.lnk] E:\PROGRA~1\MICROS~2\Office\OSA9.EXE [1999-04-30 65588] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "E:\Programme\Messenger\msmsgs.exe"="E:\Programme\Messenger\msmsgs.exe:*:Enabled:Windows Messenger" "E:\Programme\Opera\opera.exe"="E:\Programme\Opera\opera.exe:*:Enabled:Opera Internet Browser" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" ======File associations====== .js - open - "E:\Programme\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe" "%1" ======List of files/folders created in the last 1 months====== 2010-01-10 16:53:51 ----D---- E:\rsit 2010-01-10 15:25:53 ----D---- E:\Dokumente und Einstellungen\x\Anwendungsdaten\Malwarebytes 2010-01-10 15:25:45 ----D---- E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes 2010-01-10 15:25:44 ----D---- E:\Programme\Malwarebytes' Anti-Malware 2010-01-10 15:06:47 ----D---- E:\Programme\CCleaner ======List of files/folders modified in the last 1 months====== 2010-01-10 16:53:55 ----D---- E:\WINDOWS\Prefetch 2010-01-10 16:53:29 ----D---- E:\WINDOWS\Temp 2010-01-10 16:51:36 ----D---- E:\WINDOWS\Internet Logs 2010-01-10 16:12:30 ----D---- E:\WINDOWS 2010-01-10 16:11:33 ----RD---- E:\Programme 2010-01-10 16:11:32 ----D---- E:\WINDOWS\system32\drivers 2010-01-10 16:11:32 ----D---- E:\WINDOWS\system 2010-01-10 16:11:03 ----A---- E:\WINDOWS\SchedLgU.Txt 2010-01-10 15:14:52 ----D---- E:\WINDOWS\Minidump 2010-01-10 15:14:52 ----D---- E:\WINDOWS\Debug 2010-01-10 14:15:43 ----D---- E:\WINDOWS\system32 2010-01-09 23:52:08 ----D---- E:\Programme\Mozilla Firefox 2010-01-09 01:32:32 ----D---- E:\Dokumente und Einstellungen\x\Anwendungsdaten\vlc ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 AmdK7;AMD K7-Prozessortreiber; E:\WINDOWS\System32\DRIVERS\amdk7.sys [2008-04-14 41856] R1 cdrbsvsd;cdrbsvsd; E:\WINDOWS\system32\drivers\cdrbsvsd.sys [2003-07-16 13056] R1 KLIF;KLIF; E:\WINDOWS\system32\DRIVERS\klif.sys [2007-07-19 127768] R1 NetworkX;NetworkX; E:\WINDOWS\system32\ckldrv.sys [2000-02-03 24608] R1 vsdatant;vsdatant; E:\WINDOWS\System32\vsdatant.sys [2008-07-09 394952] R1 WS2IFSL;Windows Socket 2.0 Non-IFS-Dienstanbieter-Unterstützungsumgebung; E:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-18 12032] R2 AVMPORT;AVMPORT; E:\WINDOWS\System32\drivers\avmport.sys [2000-11-13 59520] R2 irda;IrDA-Protokoll; E:\WINDOWS\System32\DRIVERS\irda.sys [2008-04-13 88192] R2 ROOTMODEM;Microsoft Legacy Modem Driver; E:\WINDOWS\System32\Drivers\RootMdm.sys [2001-08-18 5888] R3 AVMWAN;AVM NDIS WAN CAPI Treiber; E:\WINDOWS\System32\DRIVERS\avmwan.sys [2001-07-25 29968] R3 cmuda;C-Media WDM Audio Interface; E:\WINDOWS\system32\drivers\cmuda.sys [2004-01-08 812416] R3 FETNDIS;VIA PCI 10/100-MBit/s-Fast Ethernetadapter-NT-Treiber; E:\WINDOWS\System32\DRIVERS\fetnd5.sys [2001-08-17 27165] R3 fxpcbase;AVM ISDN-Connector FRITZ!X PC v2.0/v3.0; E:\WINDOWS\System32\DRIVERS\fxpcbase.sys [2001-07-25 536448] R3 pfc;Padus ASPI Shell; E:\WINDOWS\system32\drivers\pfc.sys [2003-12-05 10368] R3 Rasirda;WAN-Miniport (IrDA); E:\WINDOWS\System32\DRIVERS\rasirda.sys [2001-08-17 19584] R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; E:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;USB2-aktivierter Hub; E:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; E:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608] S3 AMON;AMON; \??\E:\WINDOWS\System32\drivers\amon.sys [] S3 CCDECODE;Closed Caption Decoder; E:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 irsir;Microsoft serieller Infrarottreiber; E:\WINDOWS\System32\DRIVERS\irsir.sys [2001-08-17 18688] S3 LVUSBSta;Logitech USB Monitor Filter; E:\WINDOWS\System32\DRIVERS\LVUSBSta.sys [2004-05-21 19968] S3 ms_mpu401;Microsoft MPU-401 MIDI UART-Treiber; E:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; E:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;NABTS/FEC VBI Codec; E:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Microsoft TV/Video Connection; E:\WINDOWS\System32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 NETFRITZ;AVM FRITZ!web PPP over ISDN; E:\WINDOWS\System32\DRIVERS\NETFRITZ.SYS [2001-01-29 216576] S3 PID_0920;Logitech QuickCam Express(PID_0920); E:\WINDOWS\System32\DRIVERS\LV532AV.SYS [2004-05-21 163328] S3 SLIP;BDA Slip De-Framer; E:\WINDOWS\System32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 ss_bus;Samsung Mobile USB Device 1.0 driver (WDM); E:\WINDOWS\System32\DRIVERS\ss_bus.sys [2005-01-24 52384] S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter; E:\WINDOWS\System32\DRIVERS\ss_mdfl.sys [2005-01-24 6064] S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers; E:\WINDOWS\System32\DRIVERS\ss_mdm.sys [2005-01-24 84512] S3 streamip;BDA IPSink; E:\WINDOWS\System32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 TVICHW32;TVICHW32; \??\E:\WINDOWS\system32\DRIVERS\TVICHW32.SYS [] S3 usbccgp;Microsoft Standard-USB-Haupttreiber; E:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128] S3 usbprint;Microsoft USB-Druckerklasse; E:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 usbscan;USB-Scannertreiber; E:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 USBSTOR;USB-Massenspeichertreiber; E:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 WSTCODEC;World Standard Teletext Codec; E:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S4 IntelIde;IntelIde; E:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Crypkey License;Crypkey License; E:\WINDOWS\system32\crypserv.exe [2000-06-29 52224] R2 Irmon;Infrarotüberwachung; E:\WINDOWS\System32\svchost.exe [2008-04-14 14336] R2 NOD32krn;NOD32 Kernel Service; E:\Programme\Eset\nod32krn.exe [2005-12-27 495616] R2 ProtexisLicensing;ProtexisLicensing; E:\WINDOWS\System32\PSIService.exe [2006-11-02 174656] R2 UMWdf;Windows User Mode Driver Framework; E:\WINDOWS\System32\wdfmgr.exe [2005-01-28 38912] R2 vsmon;TrueVector Internet Monitor; E:\WINDOWS\system32\ZoneLabs\vsmon.exe [2008-07-09 75304] S3 aspnet_state;ASP.NET State Service; E:\WINDOWS\Microsoft.NET\Framework\v4.0.20506\aspnet_state.exe [2009-05-06 35160] S3 clr_optimization_v4.0.20506_32;.NET Runtime Optimization Service v4.0.20506_X86; e:\WINDOWS\Microsoft.NET\Framework\v4.0.20506\mscorsvw.exe [2009-05-06 104272] S3 de_serv;AVM FRITZ!web Routing Service; E:\PROGRAMME\FRITZ!\de_serv.exe [2001-01-29 180281] S3 Macromedia Licensing Service;Macromedia Licensing Service; E:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe [2005-01-03 68096] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; E:\WINDOWS\Microsoft.NET\Framework\v4.0.20506\SMSvcHost.exe [2009-05-06 120640] -----------------EOF----------------- RSIT Info Code:
ATTFilter info.txt logfile of random's system information tool 1.06 2010-01-10 16:54:00 ======Uninstall list====== -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 E:\WINDOWS\INF\PCHealth.inf AccessDiver v4.173-->E:\Programme\Accessdiver\unins000.exe Adobe Flash Player 10 ActiveX-->E:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player 10 Plugin-->E:\WINDOWS\System32\Macromed\Flash\uninstall_plugin.exe Adobe Reader 7.0 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A70000000000} AVM FRITZ!-->E:\WINDOWS\IsUn0407.exe -fE:\Programme\FRITZ!\Uninst.isu -cE:\Programme\FRITZ!\UNINST.DLL AVM FRITZ!X-->E:\WINDOWS\IsUn0407.exe -fE:\Programme\FRITZ!X\Uninst.isu AVM ISDN CAPI Port-->"E:\WINDOWS\AVM_cpdi.clr" -Delete Burn4Free CD and DVD-->"E:\Programme\Burn4Free\uninstall.exe" Burn4Free Toolbar-->"E:\WINDOWS\Burn4Free_Toolbar_Uninstaller_2312.exe" _?=E:\Programme\Burn4Free Toolbar CCleaner-->"E:\Programme\CCleaner\uninst.exe" C-Media 3D Audio-->E:\WINDOWS\CMIUnInstall.exe Corel Paint Shop Pro X-->MsiExec.exe /I{1A15507A-8551-4626-915D-3D5FA095CC1B} DivX Web Player-->E:\Programme\DivX\DivXWebPlayerUninstall.exe /PLUGIN DriverAgent by eSupport.com-->RunDll32.exe advpack.dll,LaunchINFSection driveragent_exe.inf,TVICHW32Remove DVD Solution-->E:\Programme\Uninstall_CDS.exe Epson Easy Photo Print 2-->E:\Programme\InstallShield Installation Information\{DEDB47A3-C988-4A43-A645-E2CEA571E680}\SETUP.EXE -runfromtemp -l0x0007 UNINST -removeonly EPSON Scan-->E:\Programme\epson\escndv\setup\setup.exe /r EPSON Stylus SX100_TX100 Handbuch-->E:\Programme\EPSON\TPMANUAL\ESSX100_TX100\DEU\USE_G\DOCUNINS.EXE EPSON SX100 Series Printer Uninstall-->E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FINSEDE.EXE /R /APD /P:"EPSON SX100 Series" EVEREST Home Edition v2.20-->"E:\Programme\Lavalys\EVEREST Home Edition\unins000.exe" FinalBurner Free v2.11.0.156-->"E:\Programme\FinalBurner\Uninstall.exe" "E:\Programme\FinalBurner\install.log" -u FLV Player 1.3.3-->"E:\Programme\FLVPlayer\uninstall.exe" Free YouTube to Mp3 Converter version 3.1-->"E:\Programme\DVDVideoSoft\Free YouTube to Mp3 Converter\unins000.exe" HijackThis 2.0.2-->"E:\Dokumente und Einstellungen\x\Desktop\HiJackThis\HijackThis.exe" /uninstall Hotfix für Windows XP (KB952287)-->"E:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" Hotfix für Windows XP (KB970653-v3)-->"E:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe" Hotfix für Windows XP (KB976098-v2)-->"E:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe" hp deskjet 3500-->msiexec /x{8FD62EBB-3175-4907-A326-989B14E5C757} HP Imaging Device Functions 7.0-->E:\Programme\Hewlett-Packard\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat HP Photo and Imaging 2.0 - Deskjet Series-->MsiExec.exe /I{E0828692-FD9D-459F-9312-C645C3CA6650} HP Photosmart Kameras 7.0-->E:\Programme\Hewlett-Packard\Digital Imaging\{8AF466A0-C13D-4e4b-91AD-86D8A262F7E5}\setup\hpzscr01.exe -datfile hpiscr02.dat HP Software Update-->MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E} HP Solution Center 7.0-->E:\Programme\Hewlett-Packard\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060} Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070} Language Pack for Ad-aware 6-->Lang\LANGUA~1\UNWISE.EXE Lang\LANGUA~1\INSTALL.LOG Logitech ImageStudio-->MsiExec.exe /I{5A24DD7E-7B01-41AC-ADA8-F1776177A3BA} Macromedia Dreamweaver MX 2004-->RunDll32 E:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "E:\Programme\InstallShield Installation Information\{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}\Setup.exe" -l0x7 mmUninstall Macromedia Extension Manager-->RunDll32 E:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "E:\Programme\InstallShield Installation Information\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}\setup.exe" -l0x7 mmUninstall Malwarebytes' Anti-Malware-->"E:\Programme\Malwarebytes' Anti-Malware\unins000.exe" MDI2PDF 2.4-->"E:\Programme\MDIConvertor\unins000.exe" Medi@Show-->E:\WINDOWS\IsUn0407.exe -f"E:\Programme\CyberLink DVD Solution\MediaShow\Uninst.isu" Microsoft .NET Framework 1.1 Security Update (KB953297)-->"E:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "E:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp" Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 4 Client Profile Beta 1-->e:\WINDOWS\Microsoft.NET\Framework\v4.0.20506\SetupCache\Microsoft .NET Framework 4 Client Profile Beta 1\Setup.exe /repair /x86 Microsoft .NET Framework 4 Client Profile Beta 1-->MsiExec.exe /X{1DF6A8F6-5048-323F-8758-DA533CE0F07E} Microsoft .NET Framework 4 Extended Beta 1-->e:\WINDOWS\Microsoft.NET\Framework\v4.0.20506\SetupCache\Microsoft .NET Framework 4 Extended Beta 1\Setup.exe /repair /x86 Microsoft .NET Framework 4 Extended Beta 1-->MsiExec.exe /X{19BD09BF-3BBD-3663-A5ED-50B6B2B07E45} Microsoft Office 2000 Premium-->MsiExec.exe /I{00000407-78E1-11D2-B60F-006097C998E7} Microsoft Visual C++ 2010 Beta 1 x86 Redistributable - 10.0.20506-->MsiExec.exe /X{FC92E32F-6AD6-38E7-AC11-83B639CEACD8} Mozilla Firefox (3.5.6)-->E:\Programme\Mozilla Firefox\uninstall\helper.exe MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC} Multimedia Launcher-->RunDll32 E:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "E:\Programme\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall NOD32 antivirus system-->E:\Programme\Eset\Setup\setup.exe /UNINSTALL NOD32 FiX v2.1-->"E:\Programme\Eset\unins000.exe" Opera 10.10-->MsiExec.exe /X{690BE098-6D0D-493D-B079-BD7E8F81A141} PDFCreator-->E:\Programme\PDFCreator\unins000.exe Power2Go 3.0-->RunDll32 E:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "E:\Programme\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe" -uninstall PowerDirector-->RunDll32 E:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "E:\Programme\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" -uninstall PowerDVD-->RunDll32 E:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "E:\Programme\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall PowerProducer-->RunDll32 E:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "E:\Programme\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall QuickTime-->MsiExec.exe /I{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8} RagTime 6.5-->MsiExec.exe /I{99591F66-BBF6-4CC7-BC7C-8BB488BD2F9A} SAMSUNG Mobile USB Modem 1.0 Software-->E:\WINDOWS\System32\Samsung\SS_Uninstall.exe Samsung PC Studio 3 USB Driver Installer-->RunDll32 E:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "E:\Programme\InstallShield Installation Information\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}\setup.exe" -l0x7 -removeonly Samsung PC Studio-->RunDll32 E:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "E:\Programme\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -l0x7 -removeonly Samsung Samples Installer-->RunDll32 E:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "E:\Programme\InstallShield Installation Information\{7AC15160-A49B-4A89-B181-D4619C025FFF}\setup.exe" -l0x7 -removeonly Sicherheitsupdate für Windows Internet Explorer 8 (KB971961)-->"E:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe" Sicherheitsupdate für Windows Internet Explorer 8 (KB972260)-->"E:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe" Sicherheitsupdate für Windows Internet Explorer 8 (KB974455)-->"E:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe" Sicherheitsupdate für Windows Internet Explorer 8 (KB976325)-->"E:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe" Sicherheitsupdate für Windows Media Player (KB952069)-->"E:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe" Sicherheitsupdate für Windows Media Player (KB954155)-->"E:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe" Sicherheitsupdate für Windows Media Player (KB968816)-->"E:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe" Sicherheitsupdate für Windows Media Player (KB973540)-->"E:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB923561)-->"E:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB923689)-->"E:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB938464-v2)-->"E:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB941569)-->"E:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB946648)-->"E:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB950762)-->"E:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB950974)-->"E:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB951066)-->"E:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB951376-v2)-->"E:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB951748)-->"E:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB952004)-->"E:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB952954)-->"E:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB954459)-->"E:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB954600)-->"E:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB955069)-->"E:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB956572)-->"E:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB956744)-->"E:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB956802)-->"E:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB956803)-->"E:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB956844)-->"E:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB957097)-->"E:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB958644)-->"E:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB958687)-->"E:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB958869)-->"E:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB959426)-->"E:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB960225)-->"E:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB960803)-->"E:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB961371-v2)-->"E:\WINDOWS\$NtUninstallKB961371-v2$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB961501)-->"E:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB968537)-->"E:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB969059)-->"E:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB969947)-->"E:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB970238)-->"E:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB970430)-->"E:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB971486)-->"E:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB971557)-->"E:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB971633)-->"E:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB971657)-->"E:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB972260)-->"E:\WINDOWS\$NtUninstallKB972260$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB973346)-->"E:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB973354)-->"E:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB973507)-->"E:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB973525)-->"E:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB973869)-->"E:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB973904)-->"E:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB974112)-->"E:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB974318)-->"E:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB974392)-->"E:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB974571)-->"E:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB975025)-->"E:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB975467)-->"E:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe" SopCast 1.0.0-->E:\Programme\SopCast\uninst.exe TagScanner 4.8 build 481 beta-->E:\Programme\TagScanner\unins000.exe Text-To-Speech-Runtime-->MsiExec.exe /X{7B3F0113-E63C-4D6D-AF19-111A3165CCA2} TVAnts 1.0-->E:\PROGRA~1\TVAnts\UNWISE.EXE E:\PROGRA~1\TVAnts\INSTALL.LOG TVUPlayer 2.3.6.1-->E:\Programme\TVUPlayer\uninst.exe Uninstall 1.0.0.1-->"E:\Programme\Gemeinsame Dateien\DVDVideoSoft\unins000.exe" Unlocker 1.8.7-->E:\Programme\Unlocker\uninst.exe Update für Windows Internet Explorer 8 (KB972636)-->"E:\WINDOWS\ie8updates\KB972636-IE8\spuninst\spuninst.exe" Update für Windows Internet Explorer 8 (KB976749)-->"E:\WINDOWS\ie8updates\KB976749-IE8\spuninst\spuninst.exe" Update für Windows XP (KB898461)-->"E:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe" Update für Windows XP (KB951978)-->"E:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe" Update für Windows XP (KB955839)-->"E:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe" Update für Windows XP (KB967715)-->"E:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe" Update für Windows XP (KB968389)-->"E:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe" Update für Windows XP (KB971737)-->"E:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe" Update für Windows XP (KB973687)-->"E:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe" Update für Windows XP (KB973815)-->"E:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe" Veoh Web Player-->"E:\Programme\Veoh Networks\VeohWebPlayer\uninst.exe" VLC media player 1.0.1-->E:\Programme\VideoLAN\VLC\uninstall.exe Windows Internet Explorer 8-->"E:\WINDOWS\ie8\spuninst\spuninst.exe" Windows Media Format Runtime-->"E:\Programme\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows XP Service Pack 3-->"E:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe" WinRAR Archivierer-->E:\Programme\WinRAR\uninstall.exe ZoneAlarm-->E:\Programme\Zone Labs\ZoneAlarm\zauninst.exe ======Security center information====== AV: Eset NOD32 antivirus system 2.50 (disabled) FW: ZoneAlarm Firewall ======System event log====== Computer Name: B-NLRF10TEC3PAG Event Code: 7036 Message: Dienst "SSDP-Suchdienst" befindet sich jetzt im Status "Ausgeführt". Record Number: 592 Source Name: Service Control Manager Time Written: Event Type: Informationen User: Computer Name: B-NLRF10TEC3PAG Event Code: 7035 Message: Der Steuerbefehl "starten" wurde erfolgreich an den Dienst "SSDP-Suchdienst" gesendet. Record Number: 591 Source Name: Service Control Manager Time Written: Event Type: Informationen User: NT-AUTORITÄT\SYSTEM Computer Name: B-NLRF10TEC3PAG Event Code: 7035 Message: Der Steuerbefehl "starten" wurde erfolgreich an den Dienst "IMAPI-CD-Brenn-COM-Dienste" gesendet. Record Number: 590 Source Name: Service Control Manager Time Written: Event Type: Informationen User: NT-AUTORITÄT\SYSTEM Computer Name: B-NLRF10TEC3PAG Event Code: 7036 Message: Dienst "Kompatibilität für schnelle Benutzerumschaltung" befindet sich jetzt im Status "Ausgeführt". Record Number: 589 Source Name: Service Control Manager Time Written: Event Type: Informationen User: Computer Name: B-NLRF10TEC3PAG Event Code: 7035 Message: Der Steuerbefehl "starten" wurde erfolgreich an den Dienst "Kompatibilität für schnelle Benutzerumschaltung" gesendet. Record Number: 588 Source Name: Service Control Manager Time Written: Event Type: Informationen User: B-NLRF10TEC3PAG\x =====Application event log===== Computer Name: B-NLRF10TEC3PAG Event Code: 1003 Message: Record Number: 5 Source Name: WgaSetup Time Written: 20090905111823.000000+120 Event Type: Informationen User: Computer Name: B-NLRF10TEC3PAG Event Code: 1005 Message: Record Number: 4 Source Name: WgaSetup Time Written: 20090905111823.000000+120 Event Type: Informationen User: Computer Name: B-NLRF10TEC3PAG Event Code: 1004 Message: Record Number: 3 Source Name: WgaSetup Time Written: 20090905111756.000000+120 Event Type: Informationen User: Computer Name: B-NLRF10TEC3PAG Event Code: 1002 Message: Record Number: 2 Source Name: WgaSetup Time Written: 20090905111756.000000+120 Event Type: Informationen User: Computer Name: B-NLRF10TEC3PAG Event Code: 1006 Message: Record Number: 1 Source Name: WgaSetup Time Written: 20090905111756.000000+120 Event Type: Informationen User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;E:\Programme\QuickTime\QTSystem\ "windir"=%SystemRoot% "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 8 Stepping 1, AuthenticAMD "PROCESSOR_REVISION"=0801 "NUMBER_OF_PROCESSORS"=1 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "CLASSPATH"=.;E:\Programme\Java\jre1.5.0_06\lib\ext\QTJava.zip "QTJAVA"=E:\Programme\Java\jre1.5.0_06\lib\ext\QTJava.zip "FP_NO_HOST_CHECK"=NO "tvdumpflags"=8 -----------------EOF----------------- |
10.01.2010, 17:23 | #3 |
| I-Net phasenweise langsam, Grafikproblem - Eventuell Virus/Trojaner? Anti-Malware
__________________Code:
ATTFilter Malwarebytes' Anti-Malware 1.44 Datenbank Version: 3533 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 10.01.2010 16:09:45 mbam-log-2010-01-10 (16-09-45).txt Scan-Methode: Vollständiger Scan (E:\|) Durchsuchte Objekte: 182446 Laufzeit: 40 minute(s), 46 second(s) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 1 Infizierte Registrierungsschlüssel: 29 Infizierte Registrierungswerte: 5 Infizierte Dateiobjekte der Registrierung: 3 Infizierte Verzeichnisse: 8 Infizierte Dateien: 39 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: E:\Programme\PremierOpinion\pmls.dll (Adware.PremierOpinion) -> Delete on reboot. Infizierte Registrierungsschlüssel: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\premieropinion (Adware.PremierOpinion) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ysbactivex.installer (Adware.ISTBar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{0985c112-2562-46f2-8da6-92648ba4630f} (Adware.ISTBar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{339d8aff-0b42-4260-ad82-78ce605a9543} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{a36a5936-cfd9-4b41-86bd-319a1931887f} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{86227d9c-0efe-4f8a-aa55-30386a3f5686} (Adware.ISTBar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{8cba1b49-8144-4721-a7b1-64c578c9eed7} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{67907b3c-a6ef-4a01-99ad-3fcd5f526429} (Adware.ISTBar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{58634367-d62b-4c2c-86be-5aac45cdb671} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{d0288a41-9855-4a9b-8316-babe243648da} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{8cba1b49-8144-4721-a7b1-64c578c9eed7} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{42f2c9ba-614f-47c0-b3e3-ecfd34eed658} (Adware.ISTBar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{056738e1-e15c-11d6-b876-0050bf5d85c7} (Trojan.AntiLeechPlugin) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{056738ed-e15c-11d6-b876-0050bf5d85c7} (Trojan.AntiLeechPlugin) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\WUSN.1 (Adware.WhenU) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Anti-Leech (Trojan.AntiLeechPlugin) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\IST (Adware.ISTBar) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\AMeOpt (Adware.NetOptimizer) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Media Access (Adware.MediaAccess) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SideFind (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\AMeOpt (Adware.NetOptimizer) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\anti-leech alie (Trojan.AntiLeechPlugin) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\anti-leech alnn (Trojan.AntiLeechPlugin) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DyFuCA (Adware.NetOptimizer) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Kapabout (Adware.NetOptimizer) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@anti-leech.com/anti-leech plugin,version=1.0.1.8 (Trojan.AntiLeechPlugin) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@anti-leech.com/anti-leech plugin,version=1.0.2.3 (Trojan.AntiLeechPlugin) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\saap (Adware.180Solutions) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\webHancer (Adware.WebHancer) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{10e42047-deb9-4535-a118-b3f6ec39b807} (Adware.ISTBar) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{86227d9c-0efe-4f8a-aa55-30386a3f5686} (Adware.ISTBar) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Control Panel\don't load\scui.cpl (Hijack.SecurityCenter) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Control Panel\don't load\wscui.cpl (Hijack.SecurityCenter) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\microsoft update 32 (Backdoor.Bot) -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Infizierte Verzeichnisse: E:\Programme\Anti-Leech (Trojan.AntiLeechPlugin) -> Quarantined and deleted successfully. E:\Programme\Anti-Leech\ALIE_1.0.1.6 (Trojan.AntiLeechPlugin) -> Quarantined and deleted successfully. E:\Programme\Anti-Leech\ALIE_1.0.1.9 (Trojan.AntiLeechPlugin) -> Quarantined and deleted successfully. E:\Programme\Anti-Leech\ALIE_1.0.2.2 (Trojan.AntiLeechPlugin) -> Quarantined and deleted successfully. E:\Programme\Anti-Leech\ALNN (Trojan.AntiLeechPlugin) -> Quarantined and deleted successfully. E:\Programme\premieropinion (Trojan.Agent) -> Delete on reboot. E:\Programme\whInstall (Adware.WebHancer) -> Quarantined and deleted successfully. E:\Programme\XPPoliceAntiVirus (Rogue.XPPolice) -> Quarantined and deleted successfully. Infizierte Dateien: E:\Programme\PremierOpinion\pmls.dll (Adware.PremierOpinion) -> Delete on reboot. E:\Dokumente und Einstellungen\x\Desktop\Meine Ordner\programme verschiedene\ALPlugin-1.0.2.4-setup.exe (Trojan.AntiLeechPlugin) -> Quarantined and deleted successfully. E:\Dokumente und Einstellungen\x\Lokale Einstellungen\Temp\nosreaxcmw.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. E:\Programme\Anti-Leech\ALNN\alhlp.exe (Trojan.AntiLeechPlugin) -> Quarantined and deleted successfully. E:\Programme\Anti-Leech\ALNN\npalnn.dll (Trojan.AntiLeechPlugin) -> Quarantined and deleted successfully. E:\Programme\Anti-Leech\ALNN\setup2.exe (Rogue.Installer) -> Quarantined and deleted successfully. E:\Programme\Mozilla Firefox\plugins\alhlp.exe (Trojan.AntiLeechPlugin) -> Quarantined and deleted successfully. E:\Programme\Mozilla Firefox\plugins\npalnn.dll (Trojan.AntiLeechPlugin) -> Quarantined and deleted successfully. E:\Programme\PremierOpinion\pmservice.exe (Adware.PremierOpinion) -> Quarantined and deleted successfully. E:\WINDOWS\iehost.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully. E:\WINDOWS\regsv32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. E:\Programme\Anti-Leech\ALIE_1.0.1.6\al2np.dll (Trojan.AntiLeechPlugin) -> Quarantined and deleted successfully. E:\Programme\Anti-Leech\ALIE_1.0.1.6\alhlp.exe (Trojan.AntiLeechPlugin) -> Quarantined and deleted successfully. E:\Programme\Anti-Leech\ALIE_1.0.1.6\alie.dll (Trojan.AntiLeechPlugin) -> Quarantined and deleted successfully. E:\Programme\Anti-Leech\ALIE_1.0.1.6\alie.inf (Trojan.AntiLeechPlugin) -> Quarantined and deleted successfully. E:\Programme\Anti-Leech\ALIE_1.0.1.6\iesetup2.exe (Trojan.AntiLeechPlugin) -> Quarantined and deleted successfully. E:\Programme\Anti-Leech\ALIE_1.0.1.9\al2np.dll (Trojan.AntiLeechPlugin) -> Quarantined and deleted successfully. E:\Programme\Anti-Leech\ALIE_1.0.1.9\alhlp.exe (Trojan.AntiLeechPlugin) -> Quarantined and deleted successfully. E:\Programme\Anti-Leech\ALIE_1.0.1.9\alie.dll (Trojan.AntiLeechPlugin) -> Quarantined and deleted successfully. E:\Programme\Anti-Leech\ALIE_1.0.1.9\alie.inf (Trojan.AntiLeechPlugin) -> Quarantined and deleted successfully. E:\Programme\Anti-Leech\ALIE_1.0.1.9\iesetup2.exe (Trojan.AntiLeechPlugin) -> Quarantined and deleted successfully. E:\Programme\Anti-Leech\ALIE_1.0.2.2\al2np.dll (Trojan.AntiLeechPlugin) -> Quarantined and deleted successfully. E:\Programme\Anti-Leech\ALIE_1.0.2.2\alhlp.exe (Trojan.AntiLeechPlugin) -> Quarantined and deleted successfully. E:\Programme\Anti-Leech\ALIE_1.0.2.2\alie.dll (Trojan.AntiLeechPlugin) -> Quarantined and deleted successfully. E:\Programme\Anti-Leech\ALIE_1.0.2.2\alie.inf (Trojan.AntiLeechPlugin) -> Quarantined and deleted successfully. E:\Programme\Anti-Leech\ALIE_1.0.2.2\iesetup2.exe (Trojan.AntiLeechPlugin) -> Quarantined and deleted successfully. E:\Programme\Anti-Leech\ALNN\al2np.dll (Trojan.AntiLeechPlugin) -> Quarantined and deleted successfully. E:\Programme\whInstall\license.txt (Adware.WebHancer) -> Quarantined and deleted successfully. E:\Programme\whInstall\readme.txt (Adware.WebHancer) -> Quarantined and deleted successfully. E:\Programme\whInstall\Sporder.dll (Adware.WebHancer) -> Quarantined and deleted successfully. E:\Programme\whInstall\webhdll.dll (Adware.WebHancer) -> Quarantined and deleted successfully. E:\Programme\whInstall\whAgent.exe (Adware.WebHancer) -> Quarantined and deleted successfully. E:\Programme\whInstall\whAgent.inf (Adware.WebHancer) -> Quarantined and deleted successfully. E:\Programme\whInstall\whAgent.ini (Adware.WebHancer) -> Quarantined and deleted successfully. E:\Programme\whInstall\whiehlpr.dll (Adware.WebHancer) -> Quarantined and deleted successfully. E:\Programme\whInstall\whInstaller.exe (Adware.WebHancer) -> Quarantined and deleted successfully. E:\Programme\whInstall\whInstaller.ini (Adware.WebHancer) -> Quarantined and deleted successfully. E:\Programme\whInstall\whSurvey.exe (Adware.WebHancer) -> Quarantined and deleted successfully. E:\Programme\XPPoliceAntiVirus\setup.dat (Rogue.XPPolice) -> Quarantined and deleted successfully. |
15.01.2010, 07:28 | #4 | |||
/// Helfer-Team | I-Net phasenweise langsam, Grafikproblem - Eventuell Virus/Trojaner? Hallo und Herzlich Willkommen! So wie es aussieht, bist Du nicht der einzige Administrator an dem PC, sondern mit einem Backdoor trojaner (Hintertür) aus der - "Rbot"- Familie, wurde ein server eingebaut,welcher es einem Unbekannten erlaubt die komplette Kontrolle über deinen Rechner zu übernehmen Da würde ich - moderne Technik hin und her - auf jeden Fall den Befehl «Format C» und anschließend Neuinstallation bevorzugen! Was bereits auf deinem Rechner passiert: Zitat:
Wichtig ist, dass du selbst bestimmst, welches Risiko du eingehen willst...besonders wenn du z.B Online-Banking machst usw Falls Du risikofreudig bist, können wir versuchen dein System zu saubern, aber ist das nicht wirklich als sichere methode zu empfehlen! Zitat:
1. Lade das SDFix von AndyManchesta eine der folgenden Links herunter: bleepingcomputer.com andymanchesta.com
- Wenn die Desktop Icons wieder da sind, wird das Skript ein Fenster öffnen und das Ergebnis als einen Report.txt im Ordner SDFix speichern. Kopiere den Inhalt dieses Report.txt und poste ihn! 2. Reinige dein System mit *SuperAntiSpyware*<- Download & Anleitung 3. poste erneut: Trend Micro HijackThis-Logfile - Keine offenen Fenster, solang bis HijackThis läuft!! 4. Für XP und Win2000 (ansonsten auslassen) → lade Dir das filelist.zip auf deinen Desktop herunter → entpacke die Zip-Datei auf deinen Desktop → starte nun mit einem Doppelklick auf die Datei "filelist.bat" - Dein Editor (Textverarbeitungsprogramm) wird sich öffnen → kopiere aus die erzeugten Logfile alle 7 Verzeichnisse ("C\...") usw - aber nur die Einträge der letzten 6 Monate - hier in deinem Thread ** vor jedem Eintrag steht ein Datum, also Einträge, die älter als 6 Monate sind bitte herauslöschen! 5. Ich würde gerne noch all deine installierten Programme sehen: Lade dir das Tool CCleaner herunter installieren ("Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ unter Options settings-> "german" einstellen dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..." wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein Zitat:
** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw gruß Coverflow |
16.01.2010, 11:53 | #5 |
| I-Net phasenweise langsam, Grafikproblem - Eventuell Virus/Trojaner? vielen dank Coverflow!!! dann werde ich wohl eine Neuinstallation durchführen :-(( dafür brauche ich aber die XP-Installations-CD oder??? Weil ich hab mir meinen Rechner in einem Laden gekauft wo die welche zusammen "basteln" .. muss mal gucken ob die auch so eine CD dazu-gepackt haben hmm .. Könnte dieser Trojaner auch dazu beitragen, dass meine Grafikkarte nicht funktioniert?? |
17.01.2010, 09:56 | #6 |
/// Helfer-Team | I-Net phasenweise langsam, Grafikproblem - Eventuell Virus/Trojaner? hi die Auswirkung div Trojaners vielfälltig, nach der Neuinstallation wenn alles gut läuft, hast Du dann dein Problem damit gelöst bekommen Datensicherung: -NUR Daten sichern, die nicht ausführbaren Dateien enthalten - Dateiendungen - Dies ist eine Liste von Dateiendungen, die Dateien mit ausführbarem Code bezeichnen können. -Bevor du mit deinem PC direkt ins Netz gehst: Ändere deine Passworte und Zugangsdaten! - Alle Passwörter, die auf dem kompromittierten System verwendet wurden (also z.B. Login-, Mail- oder Website-Passwörter, aber auch die PIN für das Online-Banking) sofort ändern (am besten von einem anderen, nicht-infizierten Rechner aus!) , da ein Angreifer die Passwörter z.B. verwenden kann, um erneut in das abgesicherte System einzudringen oder mit der Identität des Nutzers Transaktionen im Internet auszuführen ► Vor zurückspielen: Die auf eine externe Festplatte gesicherten Daten, gründlich zu scannen von einem suaberen System aus, am besten mit mehreren Scannern-> Kostenlose Online Scanner - Anleitung Tipps & Hilfe: SETI@home-Sicherheit / Sicherheitskonzept Anleitung: Neuaufsetzen des Systems + Absicherung alles Gute gruß Cf |
Themen zu I-Net phasenweise langsam, Grafikproblem - Eventuell Virus/Trojaner? |
adobe, bho, desktop, einstellungen, explorer, fehlermeldung, grafikkarte, hijack, hkus\s-1-5-18, internet, internet explorer, langsam, logfile, lädt, microsoft, monitor, neu, programme, rundll, rundll32, sehr langsam, seiten, software, system, virus, virus/trojaner, windows, windows xp |