Windows XP SP3 Firewall läßt sich nicht mehr aktivieren?

Bebcho · 23.04.2010, 16:32

Kann mir vielleicht jemand dabei helfen?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:12:52, on 23.04.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Notebook Hardware Control\nhc.exe
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Programme\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Programme\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
C:\Programme\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\FABS.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\Avira\AntiVir Desktop\avshadow.exe
C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Dokumente und Einstellungen\Thomas\Eigene Dateien\Hijack\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Programme\FlashGet\jccatch.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Programme\FlashGet\getflash.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NotebookHardwareControl] "C:\Programme\Notebook Hardware Control\nhc.exe" -quiet
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: &Alles mit FlashGet laden - C:\Programme\FlashGet\jc_all.htm
O8 - Extra context menu item: &Mit FlashGet laden - C:\Programme\FlashGet\jc_link.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programme\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programme\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - C:\Programme\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - C:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\FABS.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\CyberLink\Shared files\RichVideo.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 8046 bytes

cosinus · 24.04.2010, 16:12

Hallo und

bitte nen Vollscan mit Malwarebytes machen und Log posten. Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in den Thread.

Bebcho · 24.04.2010, 16:34

Hier das Logfile:

OTL Extras logfile created on: 24.04.2010 17:28:40 - Run 1
OTL by OldTimer - Version 3.2.2.0 Folder = F:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 82,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 94,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 71,52 Gb Total Space | 51,30 Gb Free Space | 71,73% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 1,91 Gb Total Space | 1,81 Gb Free Space | 94,39% Space Free | Partition Type: FAT32
Drive G: | 40,27 Gb Total Space | 20,38 Gb Free Space | 50,61% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BEBCHO
Current User Name: Thomas
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{17E2F183-BAC4-4D01-BD7A-59F781E17EFA}" = REALTEK PCIE NIC Driver
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{211FD4F6-43CF-41E6-8F6D-5FDF8D70B733}" = Opera 10.51
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 18
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{37C8899D-FD70-481F-94AA-1F1B08765E22}" = Acronis†True†Image†Home
"{395AB8C5-F3A8-4380-8718-7A11EC5829F6}" = iCON 210
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{76BC2442-0002-47FA-9617-43BAD82BEF4C}" = Bonjour
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7E20EFE6-E604-48C6-8B39-BA4742F2CDB4}" = Zune Desktop Theme
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8AAB4176-A747-493A-A42C-B63CFADFD8E3}" = NVIDIA PhysX
"{90AF0407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9578C0CD-8108-4379-9026-4601F59859A0}" = Google Earth Pro
"{996A2FAA-7514-4628-9D12-A8FC34A0016E}" = iTunes
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A35001F0-F1E4-11DD-A38B-005056C00008}" = Paragon Partition Managerô 10.0 Professional
"{A589DA26-51BD-475D-8C32-E19E34145842}" = Camtasia Studio 6
"{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}" = Safari
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3 - Deutsch
"{B5C3B892-0849-476C-9F46-B12F84819D57}" = Apple Mobile Device Support
"{B73BEEBE-3D94-2634-B5D1-28B8269489FF}" = twhirl
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CB6075D9-F912-40AE-BEA6-E590DA24F16B}" = Adobe Photoshop Elements 7.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skypeô 4.2
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.0.8.320
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 7" = Adobe Photoshop Elements 7.0
"ALDI Foto Service D" = ALDI Foto Service
"ALDI Nord Foto Manager Free D" = ALDI Nord Foto Manager Free
"Aldi Nord Fotoservice_is1" = Aldi Nord Fotoservice
"ALDI Nord Online Druck Service" = ALDI Nord Online Druck Service 4.6
"Any DVD Converter Professional_is1" = Any DVD Converter Professional 4.0.1
"AnyDVD" = AnyDVD
"Audio 180%" = Audio 180%
"BBAD1A7054D7B16ED03E62627C123F5CBA70A4E7" = Windows Driver Package - Intel (NETw3x32) net (09/27/2006 10.5.1.68)
"CCleaner" = CCleaner
"CloneCD" = CloneCD
"CloneDVD2" = CloneDVD2
"CloneDVDmobile" = CloneDVDmobile
"D16AA00FE65B9D2C6E0A57F54400303BF3259CC3" = Windows Driver Package - Intel (w29n51) net (06/26/2006 9.0.4.17)
"de.makesoft.twhirl.0EA062BC275E7ED1E6EC3762EFFD73C7158ADF33.1" = twhirl
"DVDFab 7_is1" = DVDFab 7.0.3.0 (26/03/2010)
"FileZilla Client" = FileZilla Client 3.3.1
"FlashGet" = FlashGet 1.9.6.1073
"Flickr Uploadr" = Flickr Uploadr 3.2.1
"foobar2000" = foobar2000 v0.9.6.9
"Fraps" = Fraps (remove only)
"GTK 2.0" = GTK+ Runtime 2.14.7 rev a (nur entfernen)
"HaaliMkx" = Haali Media Splitter
"HijackThis" = HijackThis 2.0.2
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"LastFM_is1" = Last.fm 1.5.4.24567
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Mozilla Thunderbird (3.0.4)" = Mozilla Thunderbird (3.0.4)
"Mp3tag" = Mp3tag v2.45
"Notebook Hardware Control" = Notebook Hardware Control 2.0 Pre-Release-06 Bugfix
"NVIDIA Drivers" = NVIDIA Drivers
"Picasa 3" = Picasa 3
"TeamViewer 5" = TeamViewer 5
"TrueCrypt" = TrueCrypt
"VLC media player" = VLC media player 1.0.3
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"winscp3_is1" = WinSCP 4.2.5
"XnView_is1" = XnView 1.97.1

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 23.04.2010 08:34:14 | Computer Name = BEBCHO | Source = JavaQuickStarterService | ID = 1
Description =

Error - 23.04.2010 08:39:05 | Computer Name = BEBCHO | Source = Google Update | ID = 20
Description =

Error - 23.04.2010 08:39:27 | Computer Name = BEBCHO | Source = JavaQuickStarterService | ID = 1
Description =

Error - 23.04.2010 08:57:38 | Computer Name = BEBCHO | Source = JavaQuickStarterService | ID = 1
Description =

Error - 23.04.2010 09:04:50 | Computer Name = BEBCHO | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung chrome.exe, Version 0.0.0.0, fehlgeschlagenes
Modul chrome.dll, Version 5.0.342.8, Fehleradresse 0x000d1c52.

Error - 23.04.2010 09:17:08 | Computer Name = BEBCHO | Source = JavaQuickStarterService | ID = 1
Description =

Error - 23.04.2010 09:36:17 | Computer Name = BEBCHO | Source = JavaQuickStarterService | ID = 1
Description =

Error - 23.04.2010 09:41:33 | Computer Name = BEBCHO | Source = JavaQuickStarterService | ID = 1
Description =

Error - 23.04.2010 09:48:25 | Computer Name = BEBCHO | Source = JavaQuickStarterService | ID = 1
Description =

Error - 24.04.2010 08:50:25 | Computer Name = BEBCHO | Source = JavaQuickStarterService | ID = 1
Description =

[ System Events ]
Error - 23.04.2010 08:57:51 | Computer Name = BEBCHO | Source = Service Control Manager | ID = 7001
Description = Der Dienst "NLA (Network Location Awareness)" ist vom Dienst "TCP/IP-Protokolltreiber"
abh‰ngig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 23.04.2010 08:57:51 | Computer Name = BEBCHO | Source = Service Control Manager | ID = 7000
Description = Der Dienst "IPSEC-Treiber" wurde aufgrund folgenden Fehlers nicht
gestartet: %%2001

Error - 23.04.2010 08:57:51 | Computer Name = BEBCHO | Source = Service Control Manager | ID = 7001
Description = Der Dienst "TCP/IP-Protokolltreiber" ist vom Dienst "IPSEC-Treiber"
abh‰ngig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%2001

Error - 23.04.2010 08:57:51 | Computer Name = BEBCHO | Source = Service Control Manager | ID = 7001
Description = Der Dienst "NLA (Network Location Awareness)" ist vom Dienst "TCP/IP-Protokolltreiber"
abh‰ngig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 23.04.2010 08:57:51 | Computer Name = BEBCHO | Source = Service Control Manager | ID = 7000
Description = Der Dienst "IPSEC-Treiber" wurde aufgrund folgenden Fehlers nicht
gestartet: %%2001

Error - 23.04.2010 08:57:51 | Computer Name = BEBCHO | Source = Service Control Manager | ID = 7001
Description = Der Dienst "TCP/IP-Protokolltreiber" ist vom Dienst "IPSEC-Treiber"
abh‰ngig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%2001

Error - 23.04.2010 08:57:51 | Computer Name = BEBCHO | Source = Service Control Manager | ID = 7001
Description = Der Dienst "NLA (Network Location Awareness)" ist vom Dienst "TCP/IP-Protokolltreiber"
abh‰ngig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 23.04.2010 08:57:51 | Computer Name = BEBCHO | Source = Service Control Manager | ID = 7000
Description = Der Dienst "IPSEC-Treiber" wurde aufgrund folgenden Fehlers nicht
gestartet: %%2001

Error - 23.04.2010 08:57:51 | Computer Name = BEBCHO | Source = Service Control Manager | ID = 7001
Description = Der Dienst "TCP/IP-Protokolltreiber" ist vom Dienst "IPSEC-Treiber"
abh‰ngig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%2001

Error - 23.04.2010 08:57:51 | Computer Name = BEBCHO | Source = Service Control Manager | ID = 7001
Description = Der Dienst "NLA (Network Location Awareness)" ist vom Dienst "TCP/IP-Protokolltreiber"
abh‰ngig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

[ TuneUp Events ]
Error - 25.11.2009 06:59:44 | Computer Name = BEBCHO | Source = TuneUp Program Statistics | ID = 131840
Description =

Error - 25.11.2009 06:59:44 | Computer Name = BEBCHO | Source = TuneUp Program Statistics | ID = 131840
Description =

Error - 25.11.2009 07:01:49 | Computer Name = BEBCHO | Source = TuneUp Program Statistics | ID = 131840
Description =

Error - 25.11.2009 22:37:03 | Computer Name = BEBCHO | Source = TuneUp Program Statistics | ID = 131840
Description =

Error - 25.11.2009 22:37:03 | Computer Name = BEBCHO | Source = TuneUp Program Statistics | ID = 131840
Description =

Error - 26.11.2009 23:30:07 | Computer Name = BEBCHO | Source = TuneUp Program Statistics | ID = 131840
Description =

Error - 27.11.2009 23:52:54 | Computer Name = BEBCHO | Source = TuneUp Program Statistics | ID = 131840
Description =

Error - 28.11.2009 23:35:32 | Computer Name = BEBCHO | Source = TuneUp Program Statistics | ID = 131840
Description =

Error - 29.11.2009 02:37:34 | Computer Name = BEBCHO | Source = TuneUp Program Statistics | ID = 131840
Description =

Error - 29.11.2009 08:40:37 | Computer Name = BEBCHO | Source = TuneUp Program Statistics | ID = 131840
Description =

< End of report >

cosinus · 24.04.2010, 16:42

Du solltest eigentlich erst den Vollscan mit Malwarebytes machen...

Bebcho · 24.04.2010, 17:44

Hier der Logfile von Malware:

Malwarebytes' Anti-Malware 1.45
Malwarebytes

Datenbank Version: 3955

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

24.04.2010 18:36:40
mbam-log-2010-04-24 (18-36-40).txt

Art des Suchlaufs: Vollst‰ndiger Suchlauf (C:\|)
Durchsuchte Objekte: 165662
Laufzeit: 33 Minute(n), 29 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschl¸ssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bˆsartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bˆsartigen Objekte gefunden)

Infizierte Registrierungsschl¸ssel:
(Keine bˆsartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bˆsartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bˆsartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bˆsartigen Objekte gefunden)

Infizierte Dateien:
C:\System Volume Information\_restore{8521CCFD-84FA-40AA-B688-047DEF0163B7}\RP147\A0056629.exe (Trojan.Agent.CK) -> No action taken.

cosinus · 24.04.2010, 19:50

Zitat:

Datenbank Version: 3955

Darfst gleich noch einen Vollscan machen. Aber erstmal die Signaturen aktualisieren...

24.04.2010, 16:42	#4
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Windows XP SP3 Firewall läßt sich nicht mehr aktivieren? Du solltest eigentlich erst den Vollscan mit Malwarebytes machen... __________________ Logfiles bitte immer in CODE-Tags posten

Windows XP SP3 Firewall läßt sich nicht mehr aktivieren?

Log-Analyse und Auswertung: Windows XP SP3 Firewall läßt sich nicht mehr aktivieren?