| |
| |||||||
Log-Analyse und Auswertung: mehrere Viren!Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
22.03.2010, 16:34
| #16 |
 |  mehrere Viren! Also es geht dauernd ein Internet Explorer Fenster auf und es ist sofort keine Rückmeldung. Wenn ich es schließe öffnet es sich nach kurzer Zeit wieder. Außerdem werden im Internet Explorer Seiten wie h**p://parksapple.com/search/index.php?said=a02&q=grandfatherclocks h**p://bcveserv.biz/in.cgi?12&key=ender's+game+summary geöffnet und die öffnen sich auch immer von selbt. Das alles war vorher nicht. Außerdem kommen oft Windows-Fehlermeldung: kikin broker process funktioniert nicht mehr oder Rec.Info funktioniert nicht mehr. Ja und die kommen auch dauernd wieder. Und wenn ich sie nicht schließ sind sie am Ende 10 mal offen. Hoffe ihr könnt damit irgendwas anfangen. Hab ja das was Malwarebytes gefunden hat gelöscht. |
|
23.03.2010, 14:22
| #18 |
| | mehrere Viren! Logfile of random's system information tool 1.06 (written by random/random)
__________________Run by Bilz at 2010-03-23 14:17:24 Microsoft® Windows Vista™ Home Premium System drive C: has 22 GB (10%) free of 222 GB Total RAM: 2046 MB (60% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:17:34, on 23.03.2010 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16982) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Programme\G DATA AntiVirenKit 2007 Trial\AVKTray\AVKTray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\ICQ7.0\ICQ.exe C:\Users\Bilz\AppData\Local\temp\ugvdstn.exe C:\Users\Bilz\AppData\Local\temp\nvsvc32.exe C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe C:\Program Files\ICQ-Tools.de\ICQ-Tools.de - Launcher\ICQ-Tools.de Launcher.exe C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\Windows\ehome\ehmsas.exe C:\Windows\System32\mobsync.exe C:\Program Files\Internet Explorer\IEUser.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\Bilz\Downloads\RSIT(2).exe C:\Program Files\trend micro\Bilz.exe C:\Windows\system32\wuauclt.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.orbitdownloader.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll R3 - URLSearchHook: (no name) - - (no file) R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll O1 - Hosts: ::1 localhost O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: kikin Plugin - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Program Files\kikin\ie_kikin.dll O2 - BHO: DVDVideoSoft Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll O3 - Toolbar: DVDVideoSoft Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [AVKTray] "C:\Programme\G DATA AntiVirenKit 2007 Trial\AVKTray\AVKTray.exe" O4 - HKLM\..\Run: [QuickFinder Scheduler] "c:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE" O4 - HKLM\..\Run: [recinfo464] c:\RecInfo\RecInfo.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Ocs_SM] C:\Users\Bilz\AppData\Roaming\OCS\SM\SearchAnonymizer.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [fsc-reg] C:\ProgramData\fsc-reg\fscreg.exe 20100319 O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7.0\ICQ.exe" silent loginmode=4 O4 - HKCU\..\Run: [userinit] C:\Users\Bilz\AppData\Roaming\sdra64.exe O4 - HKCU\..\Run: [hsa8ffushf83hoigjhs98jgijg9sd8e] C:\Users\Bilz\AppData\Local\temp\ugvdstn.exe O4 - HKCU\..\Run: [hsf87efjhdsf87f3jfsdi7fhsujfd] C:\Users\Bilz\AppData\Local\temp\nvsvc32.exe O4 - Startup: ICQ-Tools.de Launcher.lnk = ? O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe O4 - Global Startup: McAfee Security Scan Plus.lnk = ? O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202 O8 - Extra context menu item: Save Flash - res://C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210 O8 - Extra context menu item: Öffnen mit WordPerfect - c:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta O9 - Extra button: (no name) - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files\kikin\ie_kikin.dll O9 - Extra 'Tools' menuitem: My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files\kikin\ie_kikin.dll O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (HKCU) O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVKProxy - G DATA Software AG - C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe O23 - Service: AVK Service (AVKService) - G DATA Software AG - C:\Programme\G DATA AntiVirenKit 2007 Trial\AVK\AVKService.exe O23 - Service: AVK Wächter (AVKWCtl) - G DATA Software AG - C:\Programme\G DATA AntiVirenKit 2007 Trial\AVK\AVKWCtl.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe O23 - Service: ProtexisLicensing - Unknown owner - c:\Windows\system32\PSIService.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: SearchAnonymizer - Unknown owner - C:\Users\Bilz\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- End of file - 10083 bytes ======Scheduled tasks folder====== C:\Windows\tasks\Norton Security Scan for Bilz.job C:\Windows\tasks\User_Feed_Synchronization-{66C88B4D-1DE4-4FCE-B218-9D907BFD128D}.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}] Octh Class - C:\Program Files\Orbitdownloader\orbitcth.dll [2010-01-12 240912] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}] PC Tools Browser Guard BHO - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll [2010-01-22 567248] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-02-04 1197448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-01-24 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E601996F-E400-41CA-804B-CD6373A7EEE2}] kikin Plugin - C:\Program Files\kikin\ie_kikin.dll [2009-06-09 429280] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}] DVDVideoSoft Toolbar - C:\Program Files\DVDVideoSoft\tbDVDV.dll [2009-11-09 2331672] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-01-03 1019128] {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - DVDVideoSoft Toolbar - C:\Program Files\DVDVideoSoft\tbDVDV.dll [2009-11-09 2331672] {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - Grab Pro - C:\Program Files\Orbitdownloader\GrabPro.dll [2010-01-12 662720] {D4027C7F-154A-4066-A1AD-4243D8127440} - Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-02-04 1197448] {472734EA-242A-422B-ADF8-83D1E48CC825} - PC Tools Browser Guard - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll [2010-01-22 567248] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2007-11-02 1006264] "RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-07-06 4669440] "AVKTray"=C:\Programme\G DATA AntiVirenKit 2007 Trial\AVKTray\AVKTray.exe [2007-04-02 1042256] "QuickFinder Scheduler"=c:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE [2007-01-02 83568] "recinfo464"=c:\RecInfo\RecInfo.exe [2007-10-23 2785280] "NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2007-03-01 153136] "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792] "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-09-21 305440] "Ocs_SM"=C:\Users\Bilz\AppData\Roaming\OCS\SM\SearchAnonymizer.exe [2009-12-16 126976] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760] "Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2010-01-24 149280] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-10-22 1232896] "fsc-reg"=C:\ProgramData\fsc-reg\fscreg.exe [2007-11-08 533264] "Sony Ericsson PC Suite"=C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe [2009-09-24 434176] "ehTray.exe"=C:\Windows\ehome\ehTray.exe [2006-11-02 125440] "WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-11-02 201728] "ICQ"=C:\Program Files\ICQ7.0\ICQ.exe [2010-02-11 133368] "userinit"=C:\Users\Bilz\AppData\Roaming\sdra64.exe [2006-11-02 146432] "hsa8ffushf83hoigjhs98jgijg9sd8e"=C:\Users\Bilz\AppData\Local\temp\ugvdstn.exe [2010-03-21 20001] "hsf87efjhdsf87f3jfsdi7fhsujfd"=C:\Users\Bilz\AppData\Local\temp\nvsvc32.exe [2010-03-21 50004] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe C:\Users\Bilz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup ICQ-Tools.de Launcher.lnk - C:\Users\Bilz\AppData\Roaming\Microsoft\Installer\{959214DF-C502-402A-A5A0-D8CE3EB74CDC}\_AA6D09703DA76FD7ACB5DC.exe OpenOffice.org 3.1.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDrives"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\Program Files\Orbitdownloader\orbitdm.exe"="C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit" "C:\Program Files\Orbitdownloader\orbitnet.exe"="C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{02e824a5-adda-11de-a88f-806e6f6e6963}] shell\AutoRun\command - E:\autoplay.exe ======List of files/folders created in the last 1 months====== 2010-03-21 21:11:54 ----SHD---- C:\Users\Bilz\AppData\Roaming\lowsec 2010-03-20 13:30:03 ----SHD---- C:\$RECYCLE.BIN 2010-03-20 13:29:56 ----A---- C:\ComboFix.txt 2010-03-20 13:26:31 ----D---- C:\Windows\temp 2010-03-20 13:15:03 ----A---- C:\Windows\zip.exe 2010-03-20 13:15:03 ----A---- C:\Windows\SWXCACLS.exe 2010-03-20 13:15:03 ----A---- C:\Windows\SWSC.exe 2010-03-20 13:15:03 ----A---- C:\Windows\SWREG.exe 2010-03-20 13:15:03 ----A---- C:\Windows\sed.exe 2010-03-20 13:15:03 ----A---- C:\Windows\PEV.exe 2010-03-20 13:15:03 ----A---- C:\Windows\NIRCMD.exe 2010-03-20 13:15:03 ----A---- C:\Windows\MBR.exe 2010-03-20 13:15:03 ----A---- C:\Windows\grep.exe 2010-03-20 13:14:47 ----D---- C:\Windows\ERDNT 2010-03-20 13:14:46 ----D---- C:\cofi 2010-03-20 13:12:48 ----D---- C:\Qoobox 2010-03-17 20:42:46 ----D---- C:\games 2010-03-17 19:40:22 ----D---- C:\GAMIGO 2010-03-17 15:05:24 ----D---- C:\Program Files\trend micro 2010-03-17 15:05:23 ----D---- C:\rsit 2010-03-17 13:31:57 ----D---- C:\Users\Bilz\AppData\Roaming\Malwarebytes 2010-03-17 13:30:04 ----D---- C:\ProgramData\Malwarebytes 2010-03-17 13:28:54 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2010-03-16 16:54:02 ----D---- C:\Program Files\TrendMicro 2010-03-16 16:39:23 ----D---- C:\Program Files\CleanUp! 2010-03-16 16:04:05 ----A---- C:\Windows\SGDetectionTool.dll 2010-03-16 16:04:05 ----A---- C:\Windows\BDTSupport.dll.old 2010-03-16 16:04:05 ----A---- C:\Windows\BDTSupport.dll 2010-03-16 16:04:04 ----A---- C:\Windows\PCTBDRes.dll 2010-03-16 16:04:04 ----A---- C:\Windows\PCTBDCore.dll.old 2010-03-16 16:04:04 ----A---- C:\Windows\PCTBDCore.dll 2010-03-16 15:06:36 ----D---- C:\Users\Bilz\AppData\Roaming\PC Tools 2010-03-16 15:06:36 ----D---- C:\ProgramData\PC Tools 2010-03-16 15:06:36 ----D---- C:\Program Files\Spyware Doctor 2010-03-16 15:06:36 ----D---- C:\Program Files\Common Files\PC Tools 2010-03-16 15:06:30 ----AD---- C:\ProgramData\TEMP 2010-03-11 15:38:13 ----A---- C:\Windows\system32\nshhttp.dll 2010-03-11 15:38:05 ----A---- C:\Windows\system32\httpapi.dll 2010-03-06 19:17:11 ----A---- C:\Users\Bilz\AppData\Roaming\bkctl.dll 2010-03-02 17:26:19 ----D---- C:\Program Files\Mixxx 2010-02-27 16:15:37 ----D---- C:\ProgramData\McAfee Security Scan 2010-02-27 16:15:37 ----D---- C:\ProgramData\McAfee 2010-02-27 16:15:35 ----D---- C:\Program Files\McAfee Security Scan 2010-02-24 16:27:58 ----D---- C:\Program Files\Common Files\Blizzard Entertainment 2010-02-24 15:43:51 ----A---- C:\Windows\system32\secproc_isv.dll 2010-02-24 15:43:51 ----A---- C:\Windows\system32\secproc.dll 2010-02-24 15:43:50 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe 2010-02-24 15:43:50 ----A---- C:\Windows\system32\RMActivate_ssp.exe 2010-02-24 15:43:50 ----A---- C:\Windows\system32\RMActivate_isv.exe 2010-02-24 15:43:50 ----A---- C:\Windows\system32\RMActivate.exe 2010-02-24 15:43:49 ----A---- C:\Windows\system32\secproc_ssp_isv.dll 2010-02-24 15:43:49 ----A---- C:\Windows\system32\secproc_ssp.dll 2010-02-24 15:43:49 ----A---- C:\Windows\system32\msdrm.dll 2010-02-24 14:45:20 ----A---- C:\Windows\system32\tzres.dll ======List of files/folders modified in the last 1 months====== 2010-03-23 14:17:20 ----D---- C:\Windows\Prefetch 2010-03-23 14:14:16 ----D---- C:\ProgramData\NVIDIA 2010-03-22 22:03:33 ----D---- C:\Users\Bilz\AppData\Roaming\ICQ 2010-03-21 21:16:40 ----D---- C:\Program Files\Warcraft III 2010-03-21 21:12:46 ----D---- C:\Windows\system32\drivers 2010-03-21 20:50:21 ----D---- C:\Windows\Help 2010-03-21 15:06:00 ----SHD---- C:\System Volume Information 2010-03-20 22:49:01 ----D---- C:\Windows\system32\NDF 2010-03-20 22:46:07 ----D---- C:\Windows\Minidump 2010-03-20 22:46:07 ----D---- C:\Windows 2010-03-20 16:51:55 ----D---- C:\Program Files\TmNationsForever 2010-03-20 13:27:01 ----A---- C:\Windows\system.ini 2010-03-20 13:25:32 ----D---- C:\Windows\System32 2010-03-20 13:25:30 ----D---- C:\ProgramData 2010-03-20 13:21:46 ----D---- C:\Windows\AppPatch 2010-03-20 13:21:45 ----D---- C:\Program Files\Common Files 2010-03-17 19:40:22 ----HD---- C:\Program Files\InstallShield Installation Information 2010-03-17 19:27:51 ----D---- C:\Windows\system32\catroot2 2010-03-17 15:05:24 ----RD---- C:\Program Files 2010-03-16 16:54:04 ----SHD---- C:\Windows\Installer 2010-03-16 15:07:11 ----D---- C:\Windows\winsxs 2010-03-16 14:54:02 ----A---- C:\Windows\system32\PerfStringBackup.INI 2010-03-16 14:54:01 ----D---- C:\Windows\inf 2010-03-12 17:02:20 ----D---- C:\Program Files\Mozilla Firefox 2010-03-11 17:08:54 ----D---- C:\Windows\system32\catroot 2010-03-11 17:06:23 ----D---- C:\Program Files\Movie Maker 2010-03-11 17:06:22 ----D---- C:\Program Files\Windows Mail 2010-03-10 19:40:11 ----D---- C:\Users\Bilz\AppData\Roaming\vlc 2010-03-10 18:02:13 ----D---- C:\Program Files\Common Files\Symantec Shared 2010-03-10 15:13:15 ----D---- C:\Program Files\ICQ7.0 2010-03-05 17:59:07 ----D---- C:\ProgramData\TmForever 2010-03-04 18:02:48 ----D---- C:\Program Files\American Conquest - Fight Back 2010-03-04 14:34:47 ----D---- C:\Users\Bilz\AppData\Roaming\dvdcss 2010-03-02 17:09:23 ----SD---- C:\Users\Bilz\AppData\Roaming\Microsoft 2010-03-02 16:50:17 ----D---- C:\Windows\system32\Macromed 2010-02-27 16:15:53 ----SD---- C:\Windows\Downloaded Program Files 2010-02-27 14:44:23 ----D---- C:\ProgramData\Adobe 2010-02-25 19:52:51 ----D---- C:\Windows\rescache 2010-02-25 18:29:19 ----RSD---- C:\Windows\Fonts 2010-02-25 18:29:19 ----D---- C:\Windows\system32\de-DE 2010-02-24 10:16:06 ----N---- C:\Windows\system32\MpSigStub.exe ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 GDTdiInterceptor;GDTdiInterceptor; \??\C:\Windows\system32\drivers\GDTdiIcpt.sys [2007-11-19 39120] R3 FETNDIS;VIA Rhine-Familie--Fast-Ethernet-Adaptertreiberdienst; C:\Windows\system32\DRIVERS\fetnd5.sys [2006-11-02 45568] R3 GDMnIcpt;GDMnIcpt; \??\C:\Windows\system32\drivers\MiniIcpt.sys [2007-11-19 47312] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600] R3 HookCentre;HookCentre; \??\C:\Windows\system32\drivers\HookCentre.sys [2007-11-19 32464] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-07-18 1841312] R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2009-09-27 9509832] R3 RTL8023xp;NDIS-x86-Treiber für Realtek 10/100-Netzwerkkartenfamilie; C:\Windows\system32\DRIVERS\Rtnicxp.sys [2006-11-02 47104] R3 seehcri;Sony Ericsson seehcri Device Driver; C:\Windows\system32\DRIVERS\seehcri.sys [2008-01-09 27632] R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2007-11-03 82688] S3 catchme;catchme; \??\C:\Users\Bilz\AppData\Local\Temp\catchme.sys [] S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632] S3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service; C:\Windows\system32\DRIVERS\fetnd5bv.sys [2007-04-17 42496] S3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520] S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192] S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888] S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016] S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2009-08-28 40448] S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2006-11-02 39936] S4 iaStor;Intel RAID Controller; C:\Windows\system32\drivers\iastor.sys [2007-07-12 305176] S4 JRAID;JRAID; C:\Windows\system32\drivers\jraid.sys [2007-06-13 48256] S4 nvrd32;NVIDIA nForce RAID Driver; C:\Windows\system32\drivers\nvrd32.sys [2007-07-02 131616] S4 nvstor32;nvstor32; C:\Windows\system32\drivers\nvstor32.sys [2007-07-02 110112] S4 viamraid;viamraid; C:\Windows\system32\drivers\viamraid.sys [2006-11-08 102912] S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2007-11-03 11264] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672] R2 AVKProxy;AVKProxy; C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe [2007-05-03 649040] R2 AVKService;AVK Service; C:\Programme\G DATA AntiVirenKit 2007 Trial\AVK\AVKService.exe [2007-04-02 407376] R2 AVKWCtl;AVK Wächter; C:\Programme\G DATA AntiVirenKit 2007 Trial\AVK\AVKWCtl.exe [2007-04-02 1103696] R2 Bonjour Service;Bonjour-Dienst; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888] R2 Browser Defender Update Service;Browser Defender Update Service; C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe [2010-01-22 112592] R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-01-03 246520] R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2007-08-08 836904] R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-09-27 215656] R2 OMSI download service;Sony Ericsson OMSI download service; C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112] R2 ProtexisLicensing;ProtexisLicensing; c:\Windows\system32\PSIService.exe [2006-11-02 174656] R2 SearchAnonymizer;SearchAnonymizer; C:\Users\Bilz\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe [2009-12-16 40960] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2009-09-27 240232] R2 TestHandler;Fujitsu Siemens Computers Diagnostic Testhandler; C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe [2006-12-08 204800] R3 iPod Service;iPod-Dienst; C:\Program Files\iPod\bin\iPodService.exe [2009-09-21 545568] S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1548380] S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232] S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2007-08-16 382248] S3 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2009-12-09 365280] S3 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2010-01-18 1141712] S3 UPnPService;UPnPService; C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 565248] -----------------EOF----------------- |
|
24.03.2010, 10:27
| #19 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | mehrere Viren! Bitte mal den Avenger anwenden: 1.) Lade Dir von hier Avenger: Swandog46's Public Anti-Malware Tools (Download, linksseitig) 2.) Entpack das zip-Archiv, führe die Datei "avenger.exe" aus (unter Vista per Rechtsklick => als Administrator ausführen). Die Haken unten wie abgebildet setzen:  3.) Kopiere Dir exakt die Zeilen aus dem folgenden Code-Feld: Code:
ATTFilter files to delete:
C:\Users\Bilz\AppData\Local\temp\ugvdstn.exe
C:\Users\Bilz\AppData\Local\temp\nvsvc32.exe
C:\Users\Bilz\AppData\Roaming\sdra64.exe
5.) Der Code-Text hier aus meinem Beitrag müsste nun unter "Input Script here" in "The Avenger" zu sehen sein. 6.) Falls dem so ist, klick unten rechts auf "Execute". Bestätige die nächste Abfrage mit "Ja", die Frage zu "Reboot now" (Neustart des Systems) ebenso. 7.) Nach dem Neustart erhältst Du ein LogFile von Avenger eingeblendet. Kopiere dessen Inhalt und poste ihn hier. 8.) Die Datei c:\avenger\backup.zip bei file-upload.net hochladen und hier verlinken
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
24.03.2010, 14:11
| #20 |
| | mehrere Viren! Logfile of The Avenger Version 2.0, (c) by Swandog46 hxxp://swandog46.geekstogo.com Platform: Windows Vista ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! File "C:\Users\Bilz\AppData\Local\temp\ugvdstn.exe" deleted successfully. File "C:\Users\Bilz\AppData\Local\temp\nvsvc32.exe" deleted successfully. File "C:\Users\Bilz\AppData\Roaming\sdra64.exe" deleted successfully. Completed script processing. ******************* Finished! Terminate. hxxp://www.file-upload.net/download-2374595/backup.zip.html |
|
24.03.2010, 14:36
| #21 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | mehrere Viren! Sieht ok aus. Mach bitte Kontrollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ --> mehrere Viren! |
|
24.03.2010, 18:15
| #22 |
| | mehrere Viren! SUPERAntiSpyware Scan Log hxxp://www.superantispyware.com Generated 03/24/2010 at 05:37 PM Application Version : 4.34.1000 Core Rules Database Version : 4723 Trace Rules Database Version: 2535 Scan type : Complete Scan Total Scan Time : 01:44:08 Memory items scanned : 711 Memory threats detected : 0 Registry items scanned : 6739 Registry threats detected : 2 File items scanned : 157338 File threats detected : 16 Adware.Tracking Cookie C:\Users\Bilz\AppData\Roaming\Microsoft\Windows\Cookies\bilz@atwola[2].txt C:\Users\Bilz\AppData\Roaming\Microsoft\Windows\Cookies\bilz@serving-sys[2].txt C:\Users\Bilz\AppData\Roaming\Microsoft\Windows\Cookies\bilz@content.yieldmanager[3].txt C:\Users\Bilz\AppData\Roaming\Microsoft\Windows\Cookies\bilz@ad.yieldmanager[2].txt C:\Users\Bilz\AppData\Roaming\Microsoft\Windows\Cookies\bilz@ar.atwola[2].txt C:\Users\Bilz\AppData\Roaming\Microsoft\Windows\Cookies\bilz@bs.serving-sys[1].txt C:\Users\Bilz\AppData\Roaming\Microsoft\Windows\Cookies\bilz@content.yieldmanager[2].txt C:\Users\Bilz\AppData\Roaming\Microsoft\Windows\Cookies\bilz@doubleclick[2].txt Unclassified.Unknown Origin HKU\S-1-5-21-1742380514-2152415404-2404969845-1000\Software\Microsoft\Windows\CurrentVersion\Run#userinit [ C:\Users\Bilz\AppData\Roaming\sdra64.exe ] Rogue.ProtectionSystem HKU\S-1-5-21-1742380514-2152415404-2404969845-1000\Software\Protection System C:\USERS\PUBLIC\PROTECTION SYSTEM\PSYSTEM.EXE Trojan.Agent/Gen-Backdoor[FakeAlert] C:\USERS\BILZ\APPDATA\LOCAL\TEMP\DEBUG.EXE C:\USERS\BILZ\APPDATA\LOCAL\TEMP\TASKMGR.EXE C:\USERS\BILZ\APPDATA\LOCAL\TEMP\WIN.EXE Trojan.Agent/Gen-FakeAV C:\USERS\BILZ\APPDATA\LOCAL\TEMP\VRTE5F2.TMP Trojan.Agent/Gen-Virut C:\USERS\BILZ\APPDATA\LOCAL\WINDOWS SERVER\MLMLJJ.DLL Trojan.Agent/Gen-RogueDropper[ProtectionSystem] C:\USERS\PUBLIC\PROTECTION SYSTEM\SC.EXE Trojan.Agent/Gen C:\WINDOWS\SYSTEM32\DRIVERS\BPZNJKCS.SYS Malwarebytes hab ich ja eig. erst vor 3 Tagen gemacht. Muss ich noch einen machen, da hat sich ja eigentlich nichts geändert oder? Geändert von Plukas (24.03.2010 um 18:27 Uhr) |
|
25.03.2010, 13:00
| #23 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | mehrere Viren! Bitte die Funde entfernen. Und ja, Malwarebytes auch machen, oder meinst ich schreib das wenn Du das nicht machen sollst?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
30.03.2010, 11:23
| #24 |
| | mehrere Viren! Also es wird immer schlimmer. Der Computer wird immer langsamer und es kommen alle 5 Sekunden verschieden Fehlermeldungen dass irgenwelche Programme nicht mehr laufen. Der Internet-Explorer öffnet sich dauernd von allein mit irgendwelchen Gewinnspielseiten und vorhin als ich den PC gestartet hab waren irgendwelche Shortcuts zu Pornoseiten auf meinem Desktop. Hab gestern den SuperAntiSpyware-Scan gemacht und alles gefundene gelöscht. Zur Sicherheit hab ich heut noch einen gemacht und es wurden 100 Bedrohungen gefunden, die ich wieder gelöscht habe. Gleich danach noch einen und wieder 50 Neue. Das kann doch nicht sein oder? Gibt es irgendeine Chance das noch alles zu retten? Das Problem ist, dass ich Windows Vista habe und zu blöd war die Recovery gleich zu machen. Und jetzt hab ich auf der Recovery auch nen Virus. Gibts vielleicht noch eine Möglichkeit Windows neuzuinstallieren? |
|
30.03.2010, 11:25
| #25 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | mehrere Viren! Warum postest Du die Logs nicht? Wie soll ich mich denn dazu äußern wenn ich nicht weiß was überhaupt gefunden wurde?  Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
30.03.2010, 11:35
| #26 |
| | mehrere Viren! Ja ich frag nur ob es überhaupt einen Sinn hat wenn dauernd so viele neue Viren dazu kommen. Ja also ich wollte vorhin einen Scan machen und da ist der PC abgestürzt, deswegen hab ich ihn jetzt nicht ganz durchlaufen lassen. Ich versuch aber später nochmal einen kompletten. Hier der 1.: SUPERAntiSpyware Scan Log hxxp://www.superantispyware.com Generated 03/30/2010 at 12:04 PM Application Version : 4.34.1000 Core Rules Database Version : 4748 Trace Rules Database Version: 2555 Scan type : Complete Scan Total Scan Time : 00:04:59 Memory items scanned : 686 Memory threats detected : 10 Registry items scanned : 6826 Registry threats detected : 78 File items scanned : 381 File threats detected : 27 Trojan.Dropper/Sys-NV C:\WINDOWS\SYSTEM32\APP_DLL.DLL C:\WINDOWS\SYSTEM32\APP_DLL.DLL Adware.Vundo/Variant-MSE C:\WINDOWS\TEMP\MSBYYLFY.DLL C:\WINDOWS\TEMP\MSBYYLFY.DLL [owjngz] C:\WINDOWS\TEMP\MSBYYLFY.DLL [owjngz] C:\WINDOWS\TEMP\MSBYYLFY.DLL Trojan.Smitfraud Variant-Gen/Bensorty C:\WINDOWS\SYSTEM32\QIOVVKD.DLL C:\WINDOWS\SYSTEM32\QIOVVKD.DLL HKLM\Software\Classes\CLSID\{A9BA40A1-74F1-52BD-F434-00B15A2C8953} HKCR\CLSID\{A9BA40A1-74F1-52BD-F434-00B15A2C8953} HKCR\CLSID\{A9BA40A1-74F1-52BD-F434-00B15A2C8953} HKCR\CLSID\{A9BA40A1-74F1-52BD-F434-00B15A2C8953}#ThreadingModel HKCR\CLSID\{A9BA40A1-74F1-52BD-F434-00B15A2C8953}\InProcServer32 HKCR\CLSID\{A9BA40A1-74F1-52BD-F434-00B15A2C8953}\InProcServer32#ThreadingModel HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A9BA40A1-74F1-52BD-F434-00B15A2C8953} HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler#{A9BA40A1-74F1-52BD-F434-00B15A2C8953} HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A9BA40A1-74F1-52BD-F434-00B15A2C8953} HKU\S-1-5-21-1742380514-2152415404-2404969845-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A9BA40A1-74F1-52BD-F434-00B15A2C8953} HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A9BA40A1-74F1-52BD-F434-00B15A2C8953} Trojan.Dropper/SVCHost-Fake C:\WINDOWS\TEMP\SVCHOST.EXE C:\WINDOWS\TEMP\SVCHOST.EXE Trojan.Agent/Gen-FakeAV C:\WINDOWS\TEMP\VRTB1FB.TMP C:\WINDOWS\TEMP\VRTB1FB.TMP HKLM\System\ControlSet001\Services\Appinfo C:\WINDOWS\TEMP\VRT790F.TMP HKLM\System\ControlSet001\Enum\Root\LEGACY_Appinfo HKLM\System\ControlSet001\Services\Browser Defender Update Service C:\WINDOWS\TEMP\VRT75BA.TMP HKLM\System\ControlSet001\Enum\Root\LEGACY_Browser Defender Update Service HKLM\System\ControlSet001\Services\darkness C:\WINDOWS\TEMP\VRT3A46.TMP HKLM\System\ControlSet001\Enum\Root\LEGACY_darkness HKLM\System\ControlSet001\Services\NMIndexingService C:\WINDOWS\TEMP\VRTFC72.TMP HKLM\System\ControlSet001\Enum\Root\LEGACY_NMIndexingService HKLM\System\ControlSet001\Services\SCPolicySvc C:\WINDOWS\TEMP\VRT219D.TMP HKLM\System\ControlSet001\Enum\Root\LEGACY_SCPolicySvc HKLM\System\ControlSet001\Services\sdAuxService C:\PROGRAM FILES\SPYWARE DOCTOR\PCTSAUXS.EXE HKLM\System\ControlSet001\Enum\Root\LEGACY_sdAuxService HKLM\System\ControlSet001\Services\sdCoreService C:\PROGRAM FILES\SPYWARE DOCTOR\PCTSSVC.EXE HKLM\System\ControlSet001\Enum\Root\LEGACY_sdCoreService HKLM\System\ControlSet003\Services\Appinfo HKLM\System\ControlSet003\Enum\Root\LEGACY_Appinfo HKLM\System\ControlSet003\Services\Browser Defender Update Service HKLM\System\ControlSet003\Enum\Root\LEGACY_Browser Defender Update Service HKLM\System\ControlSet003\Services\darkness HKLM\System\ControlSet003\Enum\Root\LEGACY_darkness HKLM\System\ControlSet003\Services\NMIndexingService HKLM\System\ControlSet003\Enum\Root\LEGACY_NMIndexingService HKLM\System\ControlSet003\Services\SCPolicySvc HKLM\System\ControlSet003\Enum\Root\LEGACY_SCPolicySvc HKLM\System\CurrentControlSet\Services\AeLookupSvc HKLM\System\CurrentControlSet\Enum\Root\LEGACY_AeLookupSvc HKLM\System\CurrentControlSet\Services\Appinfo HKLM\System\CurrentControlSet\Enum\Root\LEGACY_Appinfo HKLM\System\CurrentControlSet\Services\Browser Defender Update Service HKLM\System\CurrentControlSet\Enum\Root\LEGACY_Browser Defender Update Service HKLM\System\CurrentControlSet\Services\darkness HKLM\System\CurrentControlSet\Enum\Root\LEGACY_darkness HKLM\System\CurrentControlSet\Services\NMIndexingService HKLM\System\CurrentControlSet\Enum\Root\LEGACY_NMIndexingService HKLM\System\CurrentControlSet\Services\SCPolicySvc HKLM\System\CurrentControlSet\Enum\Root\LEGACY_SCPolicySvc HKLM\system\controlset001\services\AeLookupSvc Trojan.Agent/Gen-Reader_S C:\WINDOWS\SYSTEM32\READER_S.EXE C:\WINDOWS\SYSTEM32\READER_S.EXE [reader_s] C:\WINDOWS\SYSTEM32\READER_S.EXE [reader_s] C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\READER_S.EXE C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\READER_S.EXE [reader_s] C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\READER_S.EXE HKLM\Software\Microsoft\Windows\CurrentVersion\Run#reader_s [ C:\Windows\System32\reader_s.exe ] Adware.Vundo Variant C:\WINDOWS\SYSTEM32\BTWSVC.DLL C:\WINDOWS\SYSTEM32\BTWSVC.DLL C:\WINDOWS\SYSTEM32\MSXSLTSSO.DLL C:\WINDOWS\SYSTEM32\MSXSLTSSO.DLL HKLM\Software\Classes\CLSID\{3293F7F8-2041-4A6D-A0F2-933C3B025148} HKCR\CLSID\{3293F7F8-2041-4A6D-A0F2-933C3B025148} HKCR\CLSID\{3293F7F8-2041-4A6D-A0F2-933C3B025148}\InProcServer32 HKLM\Software\Classes\CLSID\{81C684AE-3F46-4418-B44D-027F510CD6CC} HKCR\CLSID\{81C684AE-3F46-4418-B44D-027F510CD6CC} HKCR\CLSID\{81C684AE-3F46-4418-B44D-027F510CD6CC}\InProcServer32 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad#GootkitSSO Trojan.Agent/Gen-Virut[WinLogo] C:\WINDOWS\SYSTEM32\GROUPPOLICY\USER\SCRIPTS\LOGON\WINLOGO.EXE C:\WINDOWS\SYSTEM32\GROUPPOLICY\USER\SCRIPTS\LOGON\WINLOGO.EXE Trojan.Agent/Gen-FakeRas C:\PROGRAM FILES\INTERNET EXPLORER\RASADHLP.DLL C:\PROGRAM FILES\INTERNET EXPLORER\RASADHLP.DLL Trojan.Agent/Gen [hsa8ffushf83hoigjhs98jgijg9sd8e] C:\WINDOWS\TEMP\ES5TVT339O.EXE C:\WINDOWS\TEMP\ES5TVT339O.EXE [hsa8ffushf83hoigjhs98jgijg9sd8e] C:\WINDOWS\TEMP\ES5TVT339O.EXE HKLM\Software\AGProtect C:\Windows\system32\lowsec\local.ds C:\Windows\system32\lowsec\user.ds C:\Windows\system32\lowsec Trojan.Agent/Gen-SSHNas[FakeAlert] [Canaveral] C:\WINDOWS\SYSTEM32\SSHNAS21.DLL C:\WINDOWS\SYSTEM32\SSHNAS21.DLL [Canaveral] C:\WINDOWS\SYSTEM32\SSHNAS21.DLL Trojan.Dropper/Win-NV [hsf87efjhdsf87f3jfsdi7fhsujfd] C:\WINDOWS\TEMP\SPOOLSV.EXE C:\WINDOWS\TEMP\SPOOLSV.EXE [hsf87efjhdsf87f3jfsdi7fhsujfd] C:\WINDOWS\TEMP\SPOOLSV.EXE Adware.Tracking Cookie C:\Users\Bilz\AppData\Roaming\Microsoft\Windows\Cookies\bilz@msnaccountservices.112.2o7[1].txt C:\Users\Bilz\AppData\Roaming\Microsoft\Windows\Cookies\bilz@atdmt[1].txt Unclassified.Unknown Origin HKU\S-1-5-21-1742380514-2152415404-2404969845-1000\Software\Microsoft\Windows\CurrentVersion\Run#userinit [ C:\Users\Bilz\AppData\Roaming\msypub32.exe ] Rogue.ProtectionSystem HKU\S-1-5-21-1742380514-2152415404-2404969845-1000\Software\Protection System C:\Program Files\Protection System Trojan.Agent/Gen-RefPron HKLM\SYSTEM\CurrentControlSet\Services\BtwSvc HKLM\SYSTEM\CurrentControlSet\Services\BtwSvc#Type HKLM\SYSTEM\CurrentControlSet\Services\BtwSvc#Start HKLM\SYSTEM\CurrentControlSet\Services\BtwSvc#ErrorControl HKLM\SYSTEM\CurrentControlSet\Services\BtwSvc#ImagePath HKLM\SYSTEM\CurrentControlSet\Services\BtwSvc#ObjectName HKLM\SYSTEM\CurrentControlSet\Services\BtwSvc#DisplayName HKLM\SYSTEM\CurrentControlSet\Services\BtwSvc\Parameters Und der hier war 10 min danach: hxxp://www.superantispyware.com Generated 03/30/2010 at 12:13 PM Application Version : 4.34.1000 Core Rules Database Version : 4748 Trace Rules Database Version: 2555 Scan type : Complete Scan Total Scan Time : 00:04:47 Memory items scanned : 650 Memory threats detected : 10 Registry items scanned : 6789 Registry threats detected : 26 File items scanned : 177 File threats detected : 11 Adware.Vundo/Variant-MSE C:\WINDOWS\TEMP\MSBYYLFY.DLL C:\WINDOWS\TEMP\MSBYYLFY.DLL [owjngz] C:\WINDOWS\TEMP\MSBYYLFY.DLL [owjngz] C:\WINDOWS\TEMP\MSBYYLFY.DLL Trojan.Smitfraud Variant-Gen/Bensorty C:\WINDOWS\SYSTEM32\OA8BOD.DLL C:\WINDOWS\SYSTEM32\OA8BOD.DLL HKLM\Software\Classes\CLSID\{A9BA40A1-74F1-52BD-F434-00B15A2C8953} HKCR\CLSID\{A9BA40A1-74F1-52BD-F434-00B15A2C8953} HKCR\CLSID\{A9BA40A1-74F1-52BD-F434-00B15A2C8953} HKCR\CLSID\{A9BA40A1-74F1-52BD-F434-00B15A2C8953}#ThreadingModel HKCR\CLSID\{A9BA40A1-74F1-52BD-F434-00B15A2C8953}\InProcServer32 HKCR\CLSID\{A9BA40A1-74F1-52BD-F434-00B15A2C8953}\InProcServer32#ThreadingModel HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A9BA40A1-74F1-52BD-F434-00B15A2C8953} HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler#{A9BA40A1-74F1-52BD-F434-00B15A2C8953} HKU\S-1-5-21-1742380514-2152415404-2404969845-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A9BA40A1-74F1-52BD-F434-00B15A2C8953} Adware.Vundo Variant C:\WINDOWS\SYSTEM32\BTWSVC.DLL C:\WINDOWS\SYSTEM32\BTWSVC.DLL Trojan.Agent/Gen-Reader_S C:\WINDOWS\SYSTEM32\READER_S.EXE C:\WINDOWS\SYSTEM32\READER_S.EXE [reader_s] C:\WINDOWS\SYSTEM32\READER_S.EXE [reader_s] C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\READER_S.EXE C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\READER_S.EXE [reader_s] C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\READER_S.EXE HKLM\Software\Microsoft\Windows\CurrentVersion\Run#reader_s [ C:\Windows\System32\reader_s.exe ] Trojan.Agent/Gen-Virut[WinLogo] C:\WINDOWS\SYSTEM32\GROUPPOLICY\USER\SCRIPTS\LOGON\WINLOGO.EXE C:\WINDOWS\SYSTEM32\GROUPPOLICY\USER\SCRIPTS\LOGON\WINLOGO.EXE Trojan.Agent/Gen C:\WINDOWS\TEMP\ZYRXKLBCKK.EXE C:\WINDOWS\TEMP\ZYRXKLBCKK.EXE [hsa8ffushf83hoigjhs98jgijg9sd8e] C:\WINDOWS\TEMP\ZYRXKLBCKK.EXE [hsa8ffushf83hoigjhs98jgijg9sd8e] C:\WINDOWS\TEMP\ZYRXKLBCKK.EXE Trojan.Dropper/Gen-NV C:\WINDOWS\TEMP\AVP32.EXE C:\WINDOWS\TEMP\AVP32.EXE Trojan.Agent/Gen-Backdoor[FakeAlert] C:\WINDOWS\TEMP\LOGIN.EXE C:\WINDOWS\TEMP\LOGIN.EXE C:\WINDOWS\TEMP\WINAMP.EXE C:\WINDOWS\TEMP\WINAMP.EXE C:\WINDOWS\TEMP\TASKMGR.EXE C:\WINDOWS\TEMP\TASKMGR.EXE [hsf87efjhdsf87f3jfsdi7fhsujfd] C:\WINDOWS\TEMP\TASKMGR.EXE [hsf87efjhdsf87f3jfsdi7fhsujfd] C:\WINDOWS\TEMP\TASKMGR.EXE Trojan.Agent/Gen-RefPron HKLM\SYSTEM\CurrentControlSet\Services\BtwSvc HKLM\SYSTEM\CurrentControlSet\Services\BtwSvc#Type HKLM\SYSTEM\CurrentControlSet\Services\BtwSvc#Start HKLM\SYSTEM\CurrentControlSet\Services\BtwSvc#ErrorControl HKLM\SYSTEM\CurrentControlSet\Services\BtwSvc#ImagePath HKLM\SYSTEM\CurrentControlSet\Services\BtwSvc#ObjectName HKLM\SYSTEM\CurrentControlSet\Services\BtwSvc\Parameters Hab bei beiden jeweils die Funde löschen lassen. Hoffe das hilft irgendwas |
|
30.03.2010, 11:51
| #27 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | mehrere Viren! Wahrscheinlich nicht. Du hast da wohl noch ein Rootkit drin, den ich bisher nicht gesehen habe. Das würde erklären, warum die Einträge immer wieder erscheinen, trotz Löschung mit SASW - mach mal bitte ein Log mit OSAM und poste es.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
30.03.2010, 12:39
| #28 |
| | mehrere Viren! Kenne leider keinen mit einer Vista-CD, aber das mit den vielen Viren ist erst in letzter Zeit so. Ich könnte es ja mit meiner Recovery versuchen und dann versuchen den einen Virus wegzubekommen. Also hier das Logfile: Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 13:37:28 on 30.03.2010 OS: Windows Vista (Build 6000), 32-bit Default Browser: Mozilla Corporation Firefox 3.6.2 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [AppInit DLLs] -----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )----- "AppInit_DLLs" - ? - app_dll.dll (File not found) [Common] -----( %SystemRoot%\Tasks )----- "At1.job" - "Microsoft Corporation" - c:\program files\internet explorer\wmpscfgs.exe "At10.job" - "Microsoft Corporation" - c:\program files\internet explorer\wmpscfgs.exe "At11.job" - "Microsoft Corporation" - c:\program files\internet explorer\wmpscfgs.exe "At12.job" - "Microsoft Corporation" - c:\program files\internet explorer\wmpscfgs.exe "At13.job" - "Microsoft Corporation" - c:\program files\internet explorer\wmpscfgs.exe "At14.job" - "Microsoft Corporation" - c:\program files\internet explorer\wmpscfgs.exe "At15.job" - "Microsoft Corporation" - c:\program files\internet explorer\wmpscfgs.exe "At16.job" - "Microsoft Corporation" - c:\program files\internet explorer\wmpscfgs.exe "At17.job" - "Microsoft Corporation" - c:\program files\internet explorer\wmpscfgs.exe "At18.job" - "Microsoft Corporation" - c:\program files\internet explorer\wmpscfgs.exe "At19.job" - "Microsoft Corporation" - c:\program files\internet explorer\wmpscfgs.exe "At2.job" - "Microsoft Corporation" - c:\program files\internet explorer\wmpscfgs.exe "At20.job" - "Microsoft Corporation" - c:\program files\internet explorer\wmpscfgs.exe "At21.job" - "Microsoft Corporation" - c:\program files\internet explorer\wmpscfgs.exe "At22.job" - "Microsoft Corporation" - c:\program files\internet explorer\wmpscfgs.exe "At23.job" - "Microsoft Corporation" - c:\program files\internet explorer\wmpscfgs.exe "At24.job" - "Microsoft Corporation" - c:\program files\internet explorer\wmpscfgs.exe "At3.job" - "Microsoft Corporation" - c:\program files\internet explorer\wmpscfgs.exe "At4.job" - "Microsoft Corporation" - c:\program files\internet explorer\wmpscfgs.exe "At49.job" - ? - c:\program files\adobe\acrotray .exe (File found, but it contains no detailed information) "At5.job" - "Microsoft Corporation" - c:\program files\internet explorer\wmpscfgs.exe "At50.job" - ? - c:\program files\adobe\acrotray .exe (File found, but it contains no detailed information) "At51.job" - ? - c:\program files\adobe\acrotray .exe (File found, but it contains no detailed information) "At52.job" - ? - c:\program files\adobe\acrotray .exe (File found, but it contains no detailed information) "At53.job" - ? - c:\program files\adobe\acrotray .exe (File found, but it contains no detailed information) "At54.job" - ? - c:\program files\adobe\acrotray .exe (File found, but it contains no detailed information) "At55.job" - ? - c:\program files\adobe\acrotray .exe (File found, but it contains no detailed information) "At56.job" - ? - c:\program files\adobe\acrotray .exe (File found, but it contains no detailed information) "At57.job" - ? - c:\program files\adobe\acrotray .exe (File found, but it contains no detailed information) "At58.job" - ? - c:\program files\adobe\acrotray .exe (File found, but it contains no detailed information) "At59.job" - ? - c:\program files\adobe\acrotray .exe (File found, but it contains no detailed information) "At6.job" - "Microsoft Corporation" - c:\program files\internet explorer\wmpscfgs.exe "At60.job" - ? - c:\program files\adobe\acrotray .exe (File found, but it contains no detailed information) "At61.job" - ? - c:\program files\adobe\acrotray .exe (File found, but it contains no detailed information) "At62.job" - ? - c:\program files\adobe\acrotray .exe (File found, but it contains no detailed information) "At63.job" - ? - c:\program files\adobe\acrotray .exe (File found, but it contains no detailed information) "At64.job" - ? - c:\program files\adobe\acrotray .exe (File found, but it contains no detailed information) "At65.job" - ? - c:\program files\adobe\acrotray .exe (File found, but it contains no detailed information) "At66.job" - ? - c:\program files\adobe\acrotray .exe (File found, but it contains no detailed information) "At67.job" - ? - c:\program files\adobe\acrotray .exe (File found, but it contains no detailed information) "At68.job" - ? - c:\program files\adobe\acrotray .exe (File found, but it contains no detailed information) "At69.job" - ? - c:\program files\adobe\acrotray .exe (File found, but it contains no detailed information) "At7.job" - "Microsoft Corporation" - c:\program files\internet explorer\wmpscfgs.exe "At70.job" - ? - c:\program files\adobe\acrotray .exe (File found, but it contains no detailed information) "At71.job" - ? - c:\program files\adobe\acrotray .exe (File found, but it contains no detailed information) "At72.job" - ? - c:\program files\adobe\acrotray .exe (File found, but it contains no detailed information) "At8.job" - "Microsoft Corporation" - c:\program files\internet explorer\wmpscfgs.exe "At9.job" - "Microsoft Corporation" - c:\program files\internet explorer\wmpscfgs.exe "Norton Security Scan for Bilz.job" - "Symantec Corporation" - C:\Program Files\Norton Security Scan\Engine\2.3.0.44\Nss.exe "User_Feed_Synchronization-{66C88B4D-1DE4-4FCE-B218-9D907BFD128D}.job" - "Microsoft Corporation" - C:\Windows\system32\msfeedssync.exe "{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job" - ? - C:\Windows\TEMP\Nkj.exe (File found, but it contains no detailed information) "{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job" - "Microsoft Corporation" - C:\Windows\TEMP\Nkk.exe -----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls )----- "AppSecDll" - ? - C:\Windows\system32\config\systemprofile\AppData\Local\Windows Server\gwwbli.dll (File found, but it contains no detailed information) [Control Panel Objects] -----( %SystemRoot%\system32 )----- "bdeadmin.cpl" - "Borland Software Corporation" - C:\Windows\system32\bdeadmin.cpl "nvcpl.cpl" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Nero BurnRights" - "Nero AG" - C:\Program Files\Nero\Nero8\Nero Toolkit\NeroBurnRights.cpl "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "bpznjkcs" (bpznjkcs) - ? - C:\Windows\system32\drivers\bpznjkcs.sys (Hidden registry entry, rootkit activity | File not found) "catchme" (catchme) - ? - C:\Users\Bilz\AppData\Local\Temp\catchme.sys (File not found) "enodpl" (enodpl) - ? - C:\Windows\System32\drivers\enodpl.sys (File found, but it contains no detailed information) "GDMnIcpt" (GDMnIcpt) - "G DATA Software AG" - C:\Windows\system32\drivers\MiniIcpt.sys "GDTdiInterceptor" (GDTdiInterceptor) - ? - C:\Windows\system32\drivers\GDTdiIcpt.sys "HookCentre" (HookCentre) - "G DATA Software AG" - C:\Windows\system32\drivers\HookCentre.sys "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found) "PCTools KDS" (PCTCore) - "PC Tools" - C:\Windows\System32\drivers\PCTCore.sys "SASDIFSV" (SASDIFSV) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS "SASENUM" (SASENUM) - " SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASENUM.SYS "SASKUTIL" (SASKUTIL) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS "tandpl" (tandpl) - ? - C:\Windows\System32\drivers\tandpl.sys (File found, but it contains no detailed information) [Explorer] -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- >{26923b43-4d38-484f-9b9e-de460746276c} "Internet Explorer" - "Microsoft Corporation" - C:\Windows\system32\ie4uinit.exe -UserIconConfig {89820200-ECBD-11cf-8B85-00AA005B4383} "Internet Explorer" - "Microsoft Corporation" - C:\Windows\system32\ie4uinit.exe -BaseSettings {44BBA840-CC51-11CF-AAFA-00AA00B6015C} "Microsoft Windows Mail 7" - "Microsoft Corporation" - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} "Microsoft Windows Media Player" - "Microsoft Corporation" - C:\Windows\system32\unregmp2.exe /ShowWMP {6BF52A52-394A-11d3-B153-00C04F79FAA6} "Microsoft Windows Media Player" - "Microsoft Corporation" - %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler )----- {A9BA40A1-74F1-52BD-F434-00B15A2C8953} "C:\Windows\system32\ltn9e.dll" - ? - C:\Windows\system32\ltn9e.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "SABShellExecuteHook Class" - "SuperAdBlocker.com" - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL {AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {7A979262-40CE-46ff-AEEE-7884AC3B6136} "Add New Hardware" - "Microsoft Corporation" - C:\Windows\System32\hdwwiz.exe {d3e34b21-9d75-101a-8c3d-00aa001a1652} "Bitmap Image" - "Microsoft Corporation" - C:\Windows\system32\mspaint.exe {b2c761c6-29bc-4f19-9251-e6195265baf1} "Color Control Panel Applet" - "Microsoft Corporation" - C:\Windows\system32\colorcpl.exe {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0} "Control Panel command object for Start menu" - "Microsoft Corporation" - C:\Windows\system32\control.exe {E44E5D18-0652-4508-A4E2-8A090067BCB0} "Default Programs command object for Start menu" - "Microsoft Corporation" - C:\Windows\system32\control.exe {A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {a304259d-52b8-4526-8b1a-a1d6cecc8243} "iSCSI Initiator" - "Microsoft Corporation" - C:\Windows\System32\iscsicpl.exe {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll {00020d75-0000-0000-c000-000000000046} "lnkfile" - ? - (File not found | COM-object registry key not found) {5ea4f148-308c-46d7-98a9-49041b1dd468} "Mobility Center Control Panel" - "Microsoft Corporation" - C:\Windows\system32\mblctr.exe {97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll {FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {fcfeecae-ee1b-4849-ae50-685dcf7717ec} "Problem Reports and Solutions" - "Microsoft Corporation" - C:\Windows\System32\wercon.exe {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {00f2886f-cd64-4fc9-8ec5-30ef6cdbe8c3} "Scanner and Camera Control Panel" - "Microsoft Corporation" - C:\Program Files\Windows Photo Gallery\ImagingDevices.exe {7A9D77BD-5403-11d2-8785-2E0420524153} "User Accounts" - "Microsoft Corporation" - C:\Windows\system32\netplwiz.exe {67718415-c450-4f3c-bf8a-b487642dc39b} "Windows Features" - "Microsoft Corporation" - C:\Windows\System32\optionalfeatures.exe {4026492f-2f69-46b8-b9bf-5654fc07e423} "Windows Firewall" - "Microsoft Corporation" - C:\Windows\system32\FirewallControlPanel.exe {031EE060-67BC-460d-8847-E4A7C5E45A27} "Windows Media Player Rich Preview Handler" - "Microsoft Corporation" - C:\Program Files\Windows Media Player\wmprph.exe {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) {37efd44d-ef8d-41b1-940d-96973a50e9e0} "Windows Sidebar Properties" - "Microsoft Corporation" - C:\Program Files\Windows Sidebar\sidebar.exe {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll [Internet Explorer] -----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {F81D52BF-F2F1-4F49-BF5F-05664E803039} "Flash" - "UnH Solutions" - C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "Ask Toolbar" - "Ask.com" - C:\Program Files\Ask.com\GenericAskToolbar.dll <binary data> "DVDVideoSoft Toolbar" - "Conduit Ltd." - C:\Program Files\DVDVideoSoft\tbDVDV.dll <binary data> "Grab Pro" - ? - C:\Program Files\Orbitdownloader\GrabPro.dll <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "PC Tools Browser Guard" - "Threat Expert Ltd." - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll -----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )----- {855F3B16-6D32-4fe6-8A56-BBB695989046} "ICQToolBar" - "ICQ" - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll {00000000-6E41-4FD3-8538-502F5495E5FC} "UrlSearchHook Class" - "Ask.com" - C:\Program Files\Ask.com\GenericAskToolbar.dll -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_17.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab {D0C0F75C-683A-4390-A791-1ACFD5599AB8} "Oberon Flash Game Host" - "Oberon Media, Inc." - C:\Windows\Downloaded Program Files\OberonGameHost.dll / hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash10e.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {E601996F-E400-41CA-804B-CD6373A7EEE2} "ClsidExtension" - "kikin" - C:\Program Files\kikin\ie_kikin.dll "ICQ7" - "ICQ, Inc." - C:\Program Files\ICQ7.0\ICQ.exe -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "Ask Toolbar" - "Ask.com" - C:\Program Files\Ask.com\GenericAskToolbar.dll {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} "DVDVideoSoft Toolbar" - "Conduit Ltd." - C:\Program Files\DVDVideoSoft\tbDVDV.dll <binary data> "Grab Pro" - ? - C:\Program Files\Orbitdownloader\GrabPro.dll {855F3B16-6D32-4fe6-8A56-BBB695989046} "ICQToolBar" - "ICQ" - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll {472734EA-242A-422B-ADF8-83D1E48CC825} "PC Tools Browser Guard" - "Threat Expert Ltd." - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {A9BA40A1-74F1-52BD-F434-00B15A2C8953} "C:\Windows\system32\ltn9e.dll" - ? - C:\Windows\system32\ltn9e.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\Bilz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "ICQ-Tools.de Launcher.lnk" - "ICQ-Tools.de" - C:\Program Files\ICQ-Tools.de\ICQ-Tools.de - Launcher\ICQ-Tools.de Launcher.exe (Shortcut exists | File exists) "OpenOffice.org 3.1.lnk" - ? - C:\Program Files\OpenOffice.org 3\program\quickstart.exe (Shortcut exists | File found, but it contains no detailed information | File exists) -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "McAfee Security Scan Plus.lnk" - "McAfee, Inc." - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (Shortcut exists | File exists) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "ehTray.exe" - "Microsoft Corporation" - C:\Windows\ehome\ehTray.exe "fsc-reg" - "Fujitsu Siemens Computers" - C:\ProgramData\fsc-reg\fscreg.exe 20100319 "hsa8ffushf83hoigjhs98jgijg9sd8e" - ? - C:\Users\Bilz\AppData\Local\temp\ugvdstn.exe (File not found) "hsf87efjhdsf87f3jfsdi7fhsujfd" - ? - C:\Users\Bilz\AppData\Local\temp\nvsvc32.exe (File not found) "ICQ" - "ICQ, Inc." - "C:\Program Files\ICQ7.0\ICQ.exe" silent loginmode=4 "reader_s" - ? - C:\Users\Bilz\reader_s.exe (File not found) "Sidebar" - "Microsoft Corporation" - C:\Program Files\Windows Sidebar\sidebar.exe /autoRun "Sony Ericsson PC Suite" - "Sony Ericsson Mobile Communications AB" - "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon "SUPERAntiSpyware" - "SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe "WMPNSCFG" - "Microsoft Corporation" - C:\Program Files\Windows Media Player\WMPNSCFG.exe -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon )----- "Shell" - "Microsoft Corporation" - C:\Windows\Explorer.exe "Userinit" - "Microsoft Corporation" - C:\Windows\system32\userinit.exe "Userinit" - ? - C:\Windows\system32\msisws32.exe (File found, but it contains no detailed information) "Userinit" - ? - C:\Windows\system32\mskrix32.exe (File is exclusively opened, access blocked | File found, but it contains no detailed information) "Userinit" - ? - C:\Windows\system32\sdra64.exe -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Microsoft Corporation" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "Adobe Reader Speed Launcher" - "Microsoft Corporation" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" "AVKTray" - "Microsoft Corporation" - "C:\Programme\G DATA AntiVirenKit 2007 Trial\AVKTray\AVKTray.exe" "iTunesHelper" - "Microsoft Corporation" - "C:\Program Files\iTunes\iTunesHelper.exe" "NeroFilterCheck" - "Microsoft Corporation" - C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe "Ocs_SM" - "Microsoft Corporation" - C:\Users\Bilz\AppData\Roaming\OCS\SM\SearchAnonymizer.exe "QuickFinder Scheduler" - "Microsoft Corporation" - "c:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE" "QuickTime Task" - "Microsoft Corporation" - "C:\Program Files\QuickTime\QTTask.exe" -atboottime "reader_s" - "Portable Library" - C:\Windows\System32\reader_s.exe "recinfo464" - "Microsoft Corporation" - c:\RecInfo\RecInfo.exe "RtHDVCpl" - "Microsoft Corporation" - RtHDVCpl.exe "SunJavaUpdateSched" - "Microsoft Corporation" - "C:\Program Files\Java\jre6\bin\jusched.exe" [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101" (WMPNetworkSvc) - "Microsoft Corporation" - C:\Program Files\Windows Media Player\wmpnetwk.exe "@%SystemRoot%\ehome\ehrecvr.exe,-101" (ehRecvr) - ? - C:\Windows\ehome\ehRecvr.exe "@%SystemRoot%\ehome\ehsched.exe,-101" (ehSched) - ? - C:\Windows\ehome\ehsched.exe "@%SystemRoot%\servicing\TrustedInstaller.exe,-100" (TrustedInstaller) - "Microsoft Corporation" - C:\Windows\servicing\TrustedInstaller.exe "@%SystemRoot%\system32\Alg.exe,-112" (ALG) - ? - C:\Windows\System32\alg.exe (File not found) "@%systemroot%\system32\Locator.exe,-2" (RpcLocator) - ? - C:\Windows\system32\locator.exe "@%SystemRoot%\system32\snmptrap.exe,-3" (SNMPTRAP) - "Microsoft Corporation" - C:\Windows\System32\snmptrap.exe "@%SystemRoot%\system32\ui0detect.exe,-101" (UI0Detect) - "Microsoft Corporation" - C:\Windows\system32\UI0Detect.exe "@%SystemRoot%\system32\vds.exe,-100" (vds) - "Microsoft Corporation" - C:\Windows\System32\vds.exe "@%systemroot%\system32\vssvc.exe,-102" (VSS) - "Microsoft Corporation" - C:\Windows\system32\vssvc.exe "@%Systemroot%\system32\wbem\wmiapsrv.exe,-110" (wmiApSrv) - "Microsoft Corporation" - C:\Windows\system32\wbem\WmiApSrv.exe "@comres.dll,-2797" (MSDTC) - ? - C:\Windows\System32\msdtc.exe "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe "AVKProxy" (AVKProxy) - "G DATA Software AG" - C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe "AVKService" (AVKService) - ? - C:\Programme\G DATA AntiVirenKit 2007 Trial\AVK\AVKService.exe (File not found) "AVKWCtl" (AVKWCtl) - "G DATA Software AG" - C:\Programme\G DATA AntiVirenKit 2007 Trial\AVK\AVKWCtl.exe "Bonjour Service" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe "COMSysApp" (COMSysApp) - ? - C:\Windows\TEMP\VRTB1FB.tmp (File not found) "DFSR" (DFSR) - ? - C:\Windows\system32\DFSR.exe (File not found) "FirebirdServerMAGIXInstance" (FirebirdServerMAGIXInstance) - ? - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe (File not found) "Fujitsu Siemens Computers Diagnostic Testhandler" (TestHandler) - "Fujitsu Siemens Computers" - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe "ICQ Service" (ICQ Service) - ? - C:\Program Files\ICQ6Toolbar\ICQ Service.exe (File not found) "iPod Service" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe "McComponentHostService" (McComponentHostService) - "McAfee, Inc." - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe "msiserver" (msiserver) - "Microsoft Corporation" - C:\Windows\system32\msiexec.exe "Nero BackItUp Scheduler 3" (Nero BackItUp Scheduler 3) - ? - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe (File not found) "NVIDIA Stereoscopic 3D Driver Service" (Stereo Service) - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe "nvsvc" (nvsvc) - ? - C:\Windows\system32\nvvsvc.exe (File not found) "OMSI download service" (OMSI download service) - ? - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe (File not found) "peresvc" (peresvc) - "Neto systems" - C:\Windows\system32\PereSvc.exe "ProtexisLicensing" (ProtexisLicensing) - ? - c:\Windows\system32\PSIService.exe (File not found) "SearchAnonymizer" (SearchAnonymizer) - ? - C:\Users\Bilz\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe "UPnPService" (UPnPService) - "Magix AG" - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [Winlogon] -----( HKCU\Control Panel\Desktop )----- "SCRNSAVE.EXE" - "Fujitsu Siemens Computers" - c:\windows\system32\Fujits~1.scr -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "!SASWinLogon" - "SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )----- "PCTOOLS CONTENT FILTER PROVIDER" - "PC Tools Research Pty Ltd." - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru |
|
30.03.2010, 12:51
| #29 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | mehrere Viren! Autsch!!  Da musst Du ne ganze Menge mit OSAM fixen: Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
30.03.2010, 14:01
| #30 |
| | mehrere Viren! Also ich hab erstmal alle deaktiviert und dann den PC neugestartet. Komischerweise wurde mit kein Logfile angezeigt. Naja dann hab ich die Sachen entfernt, neugestartet und noch ein Scan gemacht: Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 14:59:55 on 30.03.2010 OS: Windows Vista (Build 6000), 32-bit Default Browser: Mozilla Corporation Firefox 3.6.2 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [AppInit DLLs] -----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )----- "AppInit_DLLs" - ? - app_dll.dll (File not found) [Common] -----( %SystemRoot%\Tasks )----- "At62.job" - ? - c:\program files\adobe\acrotray .exe (File found, but it contains no detailed information) "At69.job" - ? - c:\program files\adobe\acrotray .exe (File found, but it contains no detailed information) "{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job" - ? - C:\Windows\TEMP\Nkj.exe (File found, but it contains no detailed information) [Control Panel Objects] -----( %SystemRoot%\system32 )----- "bdeadmin.cpl" - "Borland Software Corporation" - C:\Windows\system32\bdeadmin.cpl "nvcpl.cpl" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Nero BurnRights" - "Nero AG" - C:\Program Files\Nero\Nero8\Nero Toolkit\NeroBurnRights.cpl "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "catchme" (catchme) - ? - C:\Users\Bilz\AppData\Local\Temp\catchme.sys (File not found) "enodpl" (enodpl) - ? - C:\Windows\System32\drivers\enodpl.sys (File found, but it contains no detailed information) "GDMnIcpt" (GDMnIcpt) - "G DATA Software AG" - C:\Windows\system32\drivers\MiniIcpt.sys "GDTdiInterceptor" (GDTdiInterceptor) - ? - C:\Windows\system32\drivers\GDTdiIcpt.sys "HookCentre" (HookCentre) - "G DATA Software AG" - C:\Windows\system32\drivers\HookCentre.sys "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found) "ksermxi" (ksermxi) - ? - C:\Windows\system32\drivers\ksermxi.sys (Hidden registry entry, rootkit activity | File not found) "PCTools KDS" (PCTCore) - "PC Tools" - C:\Windows\System32\drivers\PCTCore.sys "SASDIFSV" (SASDIFSV) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS "SASENUM" (SASENUM) - " SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASENUM.SYS "SASKUTIL" (SASKUTIL) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS "tandpl" (tandpl) - ? - C:\Windows\System32\drivers\tandpl.sys (File found, but it contains no detailed information) [Explorer] -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- >{26923b43-4d38-484f-9b9e-de460746276c} "Internet Explorer" - "Microsoft Corporation" - C:\Windows\system32\ie4uinit.exe -UserIconConfig {89820200-ECBD-11cf-8B85-00AA005B4383} "Internet Explorer" - "Microsoft Corporation" - C:\Windows\system32\ie4uinit.exe -BaseSettings {44BBA840-CC51-11CF-AAFA-00AA00B6015C} "Microsoft Windows Mail 7" - "Microsoft Corporation" - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} "Microsoft Windows Media Player" - "Microsoft Corporation" - C:\Windows\system32\unregmp2.exe /ShowWMP {6BF52A52-394A-11d3-B153-00C04F79FAA6} "Microsoft Windows Media Player" - "Microsoft Corporation" - %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler )----- {A9BA40A1-74F1-52BD-F434-00B15A2C8953} "C:\Windows\system32\fihitkj11.dll" - ? - C:\Windows\system32\fihitkj11.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "SABShellExecuteHook Class" - "SuperAdBlocker.com" - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL {AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {7A979262-40CE-46ff-AEEE-7884AC3B6136} "Add New Hardware" - "Microsoft Corporation" - C:\Windows\System32\hdwwiz.exe {d3e34b21-9d75-101a-8c3d-00aa001a1652} "Bitmap Image" - "Microsoft Corporation" - C:\Windows\system32\mspaint.exe {b2c761c6-29bc-4f19-9251-e6195265baf1} "Color Control Panel Applet" - "Microsoft Corporation" - C:\Windows\system32\colorcpl.exe {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0} "Control Panel command object for Start menu" - "Microsoft Corporation" - C:\Windows\system32\control.exe {E44E5D18-0652-4508-A4E2-8A090067BCB0} "Default Programs command object for Start menu" - "Microsoft Corporation" - C:\Windows\system32\control.exe {A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {a304259d-52b8-4526-8b1a-a1d6cecc8243} "iSCSI Initiator" - "Microsoft Corporation" - C:\Windows\System32\iscsicpl.exe {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll {00020d75-0000-0000-c000-000000000046} "lnkfile" - ? - (File not found | COM-object registry key not found) {5ea4f148-308c-46d7-98a9-49041b1dd468} "Mobility Center Control Panel" - "Microsoft Corporation" - C:\Windows\system32\mblctr.exe {97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll {FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {fcfeecae-ee1b-4849-ae50-685dcf7717ec} "Problem Reports and Solutions" - "Microsoft Corporation" - C:\Windows\System32\wercon.exe {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {00f2886f-cd64-4fc9-8ec5-30ef6cdbe8c3} "Scanner and Camera Control Panel" - "Microsoft Corporation" - C:\Program Files\Windows Photo Gallery\ImagingDevices.exe {7A9D77BD-5403-11d2-8785-2E0420524153} "User Accounts" - "Microsoft Corporation" - C:\Windows\system32\netplwiz.exe {67718415-c450-4f3c-bf8a-b487642dc39b} "Windows Features" - "Microsoft Corporation" - C:\Windows\System32\optionalfeatures.exe {4026492f-2f69-46b8-b9bf-5654fc07e423} "Windows Firewall" - "Microsoft Corporation" - C:\Windows\system32\FirewallControlPanel.exe {031EE060-67BC-460d-8847-E4A7C5E45A27} "Windows Media Player Rich Preview Handler" - "Microsoft Corporation" - C:\Program Files\Windows Media Player\wmprph.exe {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) {37efd44d-ef8d-41b1-940d-96973a50e9e0} "Windows Sidebar Properties" - "Microsoft Corporation" - C:\Program Files\Windows Sidebar\sidebar.exe {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll [Internet Explorer] -----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {F81D52BF-F2F1-4F49-BF5F-05664E803039} "Flash" - "UnH Solutions" - C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "Ask Toolbar" - "Ask.com" - C:\Program Files\Ask.com\GenericAskToolbar.dll <binary data> "DVDVideoSoft Toolbar" - "Conduit Ltd." - C:\Program Files\DVDVideoSoft\tbDVDV.dll <binary data> "Grab Pro" - ? - C:\Program Files\Orbitdownloader\GrabPro.dll <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "PC Tools Browser Guard" - "Threat Expert Ltd." - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll -----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )----- {855F3B16-6D32-4fe6-8A56-BBB695989046} "ICQToolBar" - "ICQ" - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll {00000000-6E41-4FD3-8538-502F5495E5FC} "UrlSearchHook Class" - "Ask.com" - C:\Program Files\Ask.com\GenericAskToolbar.dll -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_17.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab {D0C0F75C-683A-4390-A791-1ACFD5599AB8} "Oberon Flash Game Host" - "Oberon Media, Inc." - C:\Windows\Downloaded Program Files\OberonGameHost.dll / hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash10e.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {E601996F-E400-41CA-804B-CD6373A7EEE2} "ClsidExtension" - "kikin" - C:\Program Files\kikin\ie_kikin.dll "ICQ7" - "ICQ, Inc." - C:\Program Files\ICQ7.0\ICQ.exe -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "Ask Toolbar" - "Ask.com" - C:\Program Files\Ask.com\GenericAskToolbar.dll {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} "DVDVideoSoft Toolbar" - "Conduit Ltd." - C:\Program Files\DVDVideoSoft\tbDVDV.dll <binary data> "Grab Pro" - ? - C:\Program Files\Orbitdownloader\GrabPro.dll {855F3B16-6D32-4fe6-8A56-BBB695989046} "ICQToolBar" - "ICQ" - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll {472734EA-242A-422B-ADF8-83D1E48CC825} "PC Tools Browser Guard" - "Threat Expert Ltd." - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {A9BA40A1-74F1-52BD-F434-00B15A2C8953} "C:\Windows\system32\fihitkj11.dll" - ? - C:\Windows\system32\fihitkj11.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\Bilz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "ICQ-Tools.de Launcher.lnk" - "ICQ-Tools.de" - C:\Program Files\ICQ-Tools.de\ICQ-Tools.de - Launcher\ICQ-Tools.de Launcher.exe (Shortcut exists | File exists) "OpenOffice.org 3.1.lnk" - ? - C:\Program Files\OpenOffice.org 3\program\quickstart.exe (Shortcut exists | File found, but it contains no detailed information | File exists) -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "McAfee Security Scan Plus.lnk" - "McAfee, Inc." - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (Shortcut exists | File exists) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "ehTray.exe" - "Microsoft Corporation" - C:\Windows\ehome\ehTray.exe "fsc-reg" - "Fujitsu Siemens Computers" - C:\ProgramData\fsc-reg\fscreg.exe 20100319 "ICQ" - "ICQ, Inc." - "C:\Program Files\ICQ7.0\ICQ.exe" silent loginmode=4 "reader_s" - ? - C:\Users\Bilz\reader_s.exe (File not found) "Sidebar" - "Microsoft Corporation" - C:\Program Files\Windows Sidebar\sidebar.exe /autoRun "Sony Ericsson PC Suite" - "Sony Ericsson Mobile Communications AB" - "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon "SUPERAntiSpyware" - "SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe "WMPNSCFG" - "Microsoft Corporation" - C:\Program Files\Windows Media Player\WMPNSCFG.exe -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon )----- "Shell" - "Microsoft Corporation" - C:\Windows\Explorer.exe "Userinit" - "Microsoft Corporation" - C:\Windows\system32\userinit.exe "Userinit" - ? - C:\Windows\system32\mspbue32.exe (File is exclusively opened, access blocked | File found, but it contains no detailed information) "Userinit" - ? - C:\Windows\system32\mszqha32.exe (File found, but it contains no detailed information) -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- (Disabled) "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Microsoft Corporation" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "Adobe Reader Speed Launcher" - "Microsoft Corporation" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" "AVKTray" - "Microsoft Corporation" - "C:\Programme\G DATA AntiVirenKit 2007 Trial\AVKTray\AVKTray.exe" "iTunesHelper" - "Microsoft Corporation" - "C:\Program Files\iTunes\iTunesHelper.exe" "NeroFilterCheck" - "Microsoft Corporation" - C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe "Ocs_SM" - "Microsoft Corporation" - C:\Users\Bilz\AppData\Roaming\OCS\SM\SearchAnonymizer.exe "QuickFinder Scheduler" - "Microsoft Corporation" - "c:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE" "QuickTime Task" - "Microsoft Corporation" - "C:\Program Files\QuickTime\QTTask.exe" -atboottime "reader_s" - "Portable Library" - C:\Windows\System32\reader_s.exe "recinfo464" - "Microsoft Corporation" - c:\RecInfo\RecInfo.exe "RtHDVCpl" - "Microsoft Corporation" - RtHDVCpl.exe "SunJavaUpdateSched" - "Microsoft Corporation" - "C:\Program Files\Java\jre6\bin\jusched.exe" [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101" (WMPNetworkSvc) - "Microsoft Corporation" - C:\Program Files\Windows Media Player\wmpnetwk.exe "@%SystemRoot%\ehome\ehrecvr.exe,-101" (ehRecvr) - ? - C:\Windows\ehome\ehRecvr.exe "@%SystemRoot%\ehome\ehsched.exe,-101" (ehSched) - ? - C:\Windows\ehome\ehsched.exe "@%SystemRoot%\servicing\TrustedInstaller.exe,-100" (TrustedInstaller) - "Microsoft Corporation" - C:\Windows\servicing\TrustedInstaller.exe "@%SystemRoot%\system32\Alg.exe,-112" (ALG) - ? - C:\Windows\System32\alg.exe (File not found) "@%systemroot%\system32\Locator.exe,-2" (RpcLocator) - ? - C:\Windows\system32\locator.exe "@%SystemRoot%\system32\snmptrap.exe,-3" (SNMPTRAP) - "Microsoft Corporation" - C:\Windows\System32\snmptrap.exe "@%SystemRoot%\system32\ui0detect.exe,-101" (UI0Detect) - "Microsoft Corporation" - C:\Windows\system32\UI0Detect.exe "@%SystemRoot%\system32\vds.exe,-100" (vds) - "Microsoft Corporation" - C:\Windows\System32\vds.exe "@%systemroot%\system32\vssvc.exe,-102" (VSS) - "Microsoft Corporation" - C:\Windows\system32\vssvc.exe "@%Systemroot%\system32\wbem\wmiapsrv.exe,-110" (wmiApSrv) - "Microsoft Corporation" - C:\Windows\system32\wbem\WmiApSrv.exe "@comres.dll,-2797" (MSDTC) - ? - C:\Windows\System32\msdtc.exe "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe "AVKProxy" (AVKProxy) - "G DATA Software AG" - C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe "AVKService" (AVKService) - ? - C:\Programme\G DATA AntiVirenKit 2007 Trial\AVK\AVKService.exe (File not found) "AVKWCtl" (AVKWCtl) - "G DATA Software AG" - C:\Programme\G DATA AntiVirenKit 2007 Trial\AVK\AVKWCtl.exe "Bonjour Service" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe "DFSR" (DFSR) - ? - C:\Windows\system32\DFSR.exe (File not found) "FirebirdServerMAGIXInstance" (FirebirdServerMAGIXInstance) - ? - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe (File not found) "Fujitsu Siemens Computers Diagnostic Testhandler" (TestHandler) - "Fujitsu Siemens Computers" - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe "ICQ Service" (ICQ Service) - ? - C:\Program Files\ICQ6Toolbar\ICQ Service.exe (File not found) "iPod Service" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe "McComponentHostService" (McComponentHostService) - "McAfee, Inc." - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe "msiserver" (msiserver) - "Microsoft Corporation" - C:\Windows\system32\msiexec.exe "Nero BackItUp Scheduler 3" (Nero BackItUp Scheduler 3) - ? - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe (File not found) "NVIDIA Stereoscopic 3D Driver Service" (Stereo Service) - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe "nvsvc" (nvsvc) - ? - C:\Windows\system32\nvvsvc.exe (File not found) "OMSI download service" (OMSI download service) - ? - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe (File not found) "ProtexisLicensing" (ProtexisLicensing) - ? - c:\Windows\system32\PSIService.exe (File not found) "SearchAnonymizer" (SearchAnonymizer) - ? - C:\Users\Bilz\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe "UPnPService" (UPnPService) - "Magix AG" - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [Winlogon] -----( HKCU\Control Panel\Desktop )----- "SCRNSAVE.EXE" - "Fujitsu Siemens Computers" - c:\windows\system32\Fujits~1.scr -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "!SASWinLogon" - "SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )----- "PCTOOLS CONTENT FILTER PROVIDER" - "PC Tools Research Pty Ltd." - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru |
|
| Themen zu mehrere Viren! |
| bestimmte, bestimmten, blockiert, browser, cookies, entfernen, erkannt, erkennen, folge, hijack, hijack log, langsam, log, meldung, neuinstallation, posten, probleme, programme, protection system, recovery, system, tracking, verschiedene, viren, virus, virus gefunden, write |
Linear-Darstellung
