| |
| |||||||
Log-Analyse und Auswertung: Anti-malware Bericht ok, Spyware Doctor meldet noch InfektionWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
22.10.2010, 00:04
| #1 |
 |  Anti-malware Bericht ok, Spyware Doctor meldet noch Infektion Hallo, ich bin neu hier - weiblich, zarte 38 und usability engineer im software  Bereich, bin Deutsche und lebe in Finnland - und in solchen Fragen sehr unbeholfen. Ich habe schon gründlich recherchiert, da ich mir vermutlich spyware eingehandelt habe. Ich bin voll auf Admess (also dieses "billige" Explorerfenster mit den Trojanermeldungen) reingefallen *peinlich* - ist mir noch nie passiert...Eure Anweisungen sind super und hab schon Anti-Malware laufen lassen. Hier nun die Einzelheiten: erkannt wurden Spyware.Marketscore und Adware.180Solutions (setup.player, setup.player2k2 und zwei lange Schlüssel nach dem Scan). Nach der Entferung dann der Bericht: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4905 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 22.10.2010 01:33:23 mbam-log-2010-10-22 (01-33-23).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 179796 Laufzeit: 29 Minute(n), 20 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 4 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CLASSES_ROOT\setup.player (Spyware.MarketScore) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\setup.player.2k2 (Spyware.MarketScore) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{35b7e48b-9d81-4c6c-9578-5fd4f620d886} (Spyware.MarketScore) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8fcdf9d9-a28b-480f-8c3d-581f119a8ab8} (Adware.180Solutions) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) * * * Davor und danach hab ich auch Spyware Doctor benutzt, nach wie vor meldet er mir (mit einem schrecklichen Ton) immer noch Infizierungen:
Spyware Doctor scheint sie zu identifizieren, aber entfernen tut's nur die Vollversion oder? Der Kauf wäre nicht das Problem, doch wenn ich nicht weiss was mit der Kiste los ist, greife ich ungern zu Kreditkartendaten... Logisch oder? Wie kann ich auf Nummer sicher gehen, dass alles entfernt wurde? Vielen Dank im Voraus, hoffe alle Regeln berücksichtigt zu haben. |
|
23.10.2010, 19:55
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Anti-malware Bericht ok, Spyware Doctor meldet noch InfektionZitat:
__________________ |
|
24.10.2010, 06:18
| #3 | |
| | Anti-malware Bericht ok, Spyware Doctor meldet noch InfektionZitat:
|
|
24.10.2010, 13:55
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Anti-malware Bericht ok, Spyware Doctor meldet noch Infektion Du hast aber gefragt, wie man ganz sicher die Brut entfernt. Und da eine Bereinigung immer mit einem Restrisiko verbunden ist, kommt sowas ja nicht für Dich in Frage oder? 
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
26.10.2010, 20:23
| #5 | |
| | Anti-malware Bericht ok, Spyware Doctor meldet noch Infektion Bevor ich noch formatiere, hab noch mal gescannt und diesmal wohl sauber. Zitat:
|
|
27.10.2010, 16:27
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Anti-malware Bericht ok, Spyware Doctor meldet noch Infektion Du hast aber nur einen Quickscan gemacht und vergessen, vorher die Signaturen zu aktualisieren. Hol das mal nach.
__________________ --> Anti-malware Bericht ok, Spyware Doctor meldet noch Infektion |
|
27.10.2010, 20:35
| #7 | |
| | Anti-malware Bericht ok, Spyware Doctor meldet noch InfektionZitat:
 Also Malwarbytes aktualisieren? |
|
27.10.2010, 21:14
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Anti-malware Bericht ok, Spyware Doctor meldet noch Infektion Ja. MBAM starten, Updatebutton drücken
__________________ Logfiles bitte immer in CODE-Tags posten |
|
04.11.2010, 14:27
| #9 | |
| | Anti-malware Bericht ok, Spyware Doctor meldet noch InfektionZitat:
Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 5042 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 04.11.2010 15:07:43 mbam-log-2010-11-04 (15-07-43).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 181313 Laufzeit: 40 Minute(n), 49 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) |
|
04.11.2010, 19:15
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Anti-malware Bericht ok, Spyware Doctor meldet noch Infektion Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten |
|
21.11.2010, 21:54
| #11 |
| | Anti-malware Bericht ok, Spyware Doctor meldet noch Infektion Hier kommen die OTL Berichte... OTL.txtOTL Logfile: Code:
ATTFilter OTL logfile created on: 21.11.2010 22:34:26 - Run 1 OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\XXX\Työpöytä Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Saksa | Language: DEU | Date Format: dd.MM.yyyy 1.022,00 Mb Total Physical Memory | 313,00 Mb Available Physical Memory | 31,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 64,00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 74,52 Gb Total Space | 17,31 Gb Free Space | 23,23% Space Free | Partition Type: NTFS Computer Name: SONIA | User Name: Sonia Kaukonen | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\XXX\Työpöytä\OTL.exe (OldTimer Tools) PRC - C:\Program Files\PC Tools Security\pctsGui.exe (PC Tools) PRC - C:\Program Files\PC Tools Security\pctsSvc.exe (PC Tools) PRC - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google) PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Program Files\PC Tools Security\pctsAuxs.exe (PC Tools) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files\Outlook Express\msimn.exe (Microsoft Corporation) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) PRC - C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.) PRC - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation) PRC - C:\WINDOWS\system32\drivers\CDAC11BA.EXE (C-Dilla Ltd) PRC - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation) PRC - C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe (Sun Microsystems, Inc.) PRC - C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.) PRC - C:\Program Files\HPQ\Quick Launch Buttons\eabservr.exe (Hewlett-Packard ) PRC - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (Symantec Corporation) PRC - C:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe (Hewlett-Packard Company) PRC - C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe (Sony Corporation.) PRC - C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe (Sony Corporation) ========== Modules (SafeList) ========== MOD - C:\Documents and Settings\XXX\Työpöytä\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation) MOD - C:\Program Files\PC Tools Security\PCTGMhk.dll (PC Tools) MOD - C:\WINDOWS\system32\SynTPFcs.dll (Synaptics, Inc.) ========== Win32 Services (SafeList) ========== SRV - (HidServ) HID (Human Interface Device) -- C:\WINDOWS\System32\hidserv.dll File not found SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found SRV - (sdCoreService) -- C:\Program Files\PC Tools Security\pctsSvc.exe (PC Tools) SRV - (GoogleDesktopManager-051210-111108) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google) SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (sdAuxService) -- C:\Program Files\PC Tools Security\pctsAuxs.exe (PC Tools) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE (Symantec Corporation) SRV - (Automattinen LiveUpdate-ajastustoiminto) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation) SRV - (C-DillaCdaC11BA) -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE (C-Dilla Ltd) SRV - (SymWSC) -- C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (Symantec Corporation) ========== Driver Services (SafeList) ========== DRV - (PCTCore) -- C:\WINDOWS\system32\drivers\PCTCore.sys (PC Tools) DRV - (pctEFA) -- C:\WINDOWS\system32\drivers\pctEFA.sys (PC Tools) DRV - (pctDS) -- C:\WINDOWS\system32\drivers\pctDS.sys (PC Tools) DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (usbaudio) USB-ääniohjain (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation) DRV - (tifm21) -- C:\WINDOWS\system32\drivers\tifm21.sys (Texas Instruments) DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) DRV - (HSFHWATI) -- C:\WINDOWS\system32\drivers\HSFHWATI.sys (Conexant Systems, Inc.) DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.) DRV - (CAMCHALA) -- C:\WINDOWS\system32\drivers\camc6hal.sys (Conexant Systems Inc.) DRV - (CAMCAUD) -- C:\WINDOWS\system32\drivers\camc6aud.sys (Conexant Systems Inc.) DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation) DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.) DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.) DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys (Realtek Semiconductor Corporation ) DRV - (eabfiltr) -- C:\WINDOWS\system32\drivers\eabfiltr.sys (Hewlett-Packard Company) DRV - (cdrbsdrv) -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS (B.H.A Corporation) DRV - (eabusb) -- C:\WINDOWS\system32\drivers\EabUsb.sys (Hewlett-Packard Company) DRV - (sonypvs1) -- C:\WINDOWS\system32\drivers\sonypvs1.sys (Sony Corporation) DRV - (SMCIRDA) -- C:\WINDOWS\system32\drivers\smcirda.sys (SMC) DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local O1 HOSTS File: ([2004.09.15 10:00:00 | 000,000,665 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.) O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found. O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (HP-Ansicht) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\Hp\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company) O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O3 - HKCU\..\Toolbar\ShellBrowser: (HP-Ansicht) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\Hp\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company) O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (HP-Ansicht) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\Hp\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company) O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\Cpqset.exe () O4 - HKLM..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (Hewlett-Packard ) O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google) O4 - HKLM..\Run: [ISTray] C:\Program Files\PC Tools Security\pctsGui.exe (PC Tools) O4 - HKLM..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation) O4 - HKLM..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.) O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - Startup: C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O4 - Startup: C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\Picture Package Menu.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe (Sony Corporation) O4 - Startup: C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\Picture Package VCD Maker.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe (Sony Corporation.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.) O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.) O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06) O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab (Java Plug-in 1.5.0_02) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.89.123.231 193.210.19.190 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Nykyinen kotisivu) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\Blue Sonic.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Blue Sonic.bmp O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{83e5e2b2-e1df-11de-aedc-00904ba60384}\Shell - "" = AutoRun O33 - MountPoints2\{83e5e2b2-e1df-11de-aedc-00904ba60384}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found O33 - MountPoints2\{e6aaccff-01ca-11dd-ac04-00904ba60384}\Shell\AutoRun\command - "" = E:\wd_windows_tools\setup.exe -- File not found O33 - MountPoints2\{e9688520-548c-11df-af57-00904ba60384}\Shell\AutoRun\command - "" = explorer . O33 - MountPoints2\{e9688520-548c-11df-af57-00904ba60384}\Shell\mobile\command - "" = E:\MobileLaunch.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.11.21 22:33:28 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\XXX\Työpöytä\OTL.exe [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.11.21 22:43:00 | 000,000,366 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job [2010.11.21 22:33:33 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\XXX\Työpöytä\OTL.exe [2010.11.21 22:13:03 | 000,001,096 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010.11.21 21:49:02 | 000,416,238 | ---- | M] () -- C:\WINDOWS\System32\perfh00B.dat [2010.11.21 21:49:01 | 000,441,458 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010.11.21 21:49:01 | 000,085,348 | ---- | M] () -- C:\WINDOWS\System32\perfc00B.dat [2010.11.21 21:49:01 | 000,071,394 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010.11.21 21:46:16 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.11.21 21:46:05 | 000,001,092 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010.11.21 21:40:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.11.21 21:39:54 | 1072,222,208 | -HS- | M] () -- C:\hiberfil.sys [2010.10.26 23:58:37 | 000,017,408 | ---- | M] () -- C:\Documents and Settings\XXX\Omat tiedostot\Kirppis.xls [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.10.26 23:58:24 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\XXX\Omat tiedostot\Kirppis.xls [2007.11.25 12:57:32 | 000,000,145 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI [2007.11.25 12:57:32 | 000,000,040 | ---- | C] () -- C:\WINDOWS\BRDIAG.INI [2007.11.25 12:57:32 | 000,000,023 | ---- | C] () -- C:\WINDOWS\Brownie.ini [2007.11.25 12:57:25 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\BROSNMP.DLL [2007.11.25 12:57:25 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC32.DLL [2007.11.25 12:57:25 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC16.DLL [2007.11.25 12:57:24 | 000,008,975 | ---- | C] () -- C:\WINDOWS\HL-2030.INI [2007.11.25 12:56:49 | 000,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI [2007.11.06 19:34:12 | 000,004,527 | ---- | C] () -- C:\WINDOWS\WINAS60.INI [2007.03.11 13:09:30 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI [2006.11.11 21:52:34 | 000,000,057 | ---- | C] () -- C:\WINDOWS\MTWPLUS.INI [2006.06.25 18:48:22 | 000,000,560 | ---- | C] () -- C:\Documents and Settings\XXX\Application Data\ViewerApp.dat [2006.06.25 18:08:34 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll [2006.06.03 19:40:54 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI [2006.06.03 19:22:16 | 000,049,152 | ---- | C] () -- C:\WINDOWS\StiRegstGer.dll [2006.06.03 19:19:53 | 000,290,919 | ---- | C] () -- C:\WINDOWS\System32\pythoncom21.dll [2006.06.03 19:19:53 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes21.dll [2006.06.03 19:17:45 | 000,096,768 | ---- | C] () -- C:\WINDOWS\SlantAdj.dll [2006.06.03 19:17:45 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\epDPE.ini [2006.06.03 19:16:22 | 000,000,130 | ---- | C] () -- C:\WINDOWS\EPSON Perfection 1670G.ini [2006.06.03 18:52:44 | 000,000,391 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2006.05.04 18:27:38 | 000,041,472 | ---- | C] () -- C:\Documents and Settings\XXX\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2006.01.22 21:27:10 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI [2005.09.15 20:41:51 | 000,001,326 | ---- | C] () -- C:\Documents and Settings\XXX\Application Data\wklnhst.dat [2005.09.13 17:46:08 | 000,000,678 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log [2005.09.13 16:30:10 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll [2005.09.13 16:30:10 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll [2005.09.13 16:30:10 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll [2005.09.13 16:30:10 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll [2005.09.13 16:30:10 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll [2005.09.13 16:30:07 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll [2005.09.13 16:20:02 | 000,015,669 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2005.09.13 16:12:28 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\XXX\Local Settings\Application Data\fusioncache.dat [2005.07.01 05:47:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini [2004.09.27 10:39:14 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2004.09.27 10:25:18 | 000,004,381 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2004.09.15 10:00:00 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll [2004.09.15 10:00:00 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll [2004.09.15 10:00:00 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll [2004.09.15 10:00:00 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll [2004.09.15 10:00:00 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 161 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 < End of report > es folgt: Extras.txt |
|
21.11.2010, 21:55
| #12 |
| | Anti-malware Bericht ok, Spyware Doctor meldet noch Infektion und weiter:OTL EXTRAS Logfile:OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 21.11.2010 22:34:26 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\XXX\Työpöytä
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Saksa | Language: DEU | Date Format: dd.MM.yyyy
1.022,00 Mb Total Physical Memory | 313,00 Mb Available Physical Memory | 31,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 64,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 17,31 Gb Free Space | 23,23% Space Free | Partition Type: NTFS
Computer Name: XXX | User Name: XXX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.js [@ = JSFile] -- C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe (Macromedia, Inc.)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
jsfile [open] -- "C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02E22217-0E96-4C3F-B831-83AA942B7715}" = UserGuides
"{044146E4-A924-458A-9948-4B9C7C7D9321}" = LightScribe 1.4.31.1
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic Data Module
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0E0131B2-CF18-40D9-A331-60A3746C1204}" = EPSON Scan
"{0E484A60-A429-49A8-982C-D6475F1E80A9}" = HPIZplus450
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1AD5F465-8282-4DAD-B957-E09C0B783D18}" = InstantShare
"{1E2F8AE3-3437-44E6-BB75-E95751D6B83F}" = Picture Package
"{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}" = Safari
"{20FBC0A0-3160-4F14-83ED-3A74BB6B8C31}" = TrayApp
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26BD3ED8-4879-400F-8DB0-28E0D0AD98BC}" = Moorhuhn Total
"{272EC8BA-5A08-4ea1-A189-684466A06B02}" = cp_dwShrek2Albums1
"{28CFF19D-B92C-4109-A427-F75505E81688}" = cp_dwSharkTaleAlbums1
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{2E8428AD-6CD2-4031-916A-3CF9BBF2DEC9}" = Unload
"{2EF8368A-5670-45C0-82F1-D7B00F7E7AB8}" = Microsoft Works
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{32498B7B-E1F3-4ad5-A23B-F26414E94BE0}" = HP Image Zone Plus 4.8.5
"{350C940b-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36FCD82D-1CED-436d-B33C-874EEC666D68}" = cp_dwSharkTaleCards1
"{3762DB2D-71BD-421F-9E55-C74DA7DF4D07}" = CueTour
"{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}" = Macromedia Flash MX
"{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}" = HP Wireless Assistant 1.01 A3
"{4538A1AF-6894-4F10-ABDA-6CB9E6ACF8B6}" = Microsoft .NET Framework 1.1 Finnish Language Pack
"{49FC50FC-F965-40D9-89B4-CBFF80941033}" = Windows Movie Maker 2.0
"{503AA035-41E2-4858-B31F-1E49AC66C309}" = Norton Security Center
"{55508A44-8225-47AB-9666-1F57A5B5CE2E}" = CP_PLSBusinessFlyers
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{5E8D588F-307C-4250-B622-26969027319A}" = PanoStandAlone
"{644D04A2-C682-4FD5-977D-03B804C4B9C5}" = CreativeProjects
"{646A65DD-23FC-418E-B9F0-E0500FB42CB1}" = PhotoGallery
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{68963635-14A4-48D9-B431-DF3A74D1AAE1}" = Destinations
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C11D561-620B-47DA-A693-4C597F3CDF40}" = EPSON Smart Panel
"{6C5D7191-140A-11D6-B5A0-0050DA208A93}" = ArcSoft PhotoImpression
"{724517BD-1DE1-4986-BFCA-C1DFD379E3BC}" = cp_dwShrek2Cards1
"{84CDF5A8-1D57-4B69-BAB6-1F11D8923375}" = SkinsHP1
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{8B4AB829-DFD3-436D-B808-D9733D76C590}" = Macromedia Dreamweaver MX
"{90300409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content
"{909018B6-8D25-42BF-B4AD-9675B6069ED0}" = Brother HL-2030
"{91110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{96C0E73B-8813-4F4A-9EA1-D407C27AA1A1}" = TIxx21
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5B9D22C-755A-4AC6-9904-875E80838BB6}" = CP_AtenaShokunin1Config
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio Module
"{AC76BA86-0000-0000-0000-6028747ADE01}" = Adobe Acrobat - Reader 6.0.2 Update
"{AC76BA86-0000-F676-9FA0-000000000603}" = Adobe Interactive Forms Update SP1
"{AC76BA86-7AD7-1035-7B44-A00000000001}" = Adobe Reader 6.0.1 - Suomi
"{AEBBFC67-7A03-4DF3-9E71-BA5C9EB4FBEF}" = MobileMe Control Panel
"{AF507761-0AD4-4BCC-A636-42DB38E689B0}" = Sven 2 XXL
"{AF600F7B-67A7-48D9-BA3B-0FF97F35F970}" = ABBYY FineReader 6.0
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic Copy Module
"{B69CC1A5-0404-11D6-ABCB-005004C21D30}" = EPSON Copy Utility
"{B911B811-BA3E-46D4-90F8-6F3338359651}" = Director
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
"{C797EAF2-707A-4239-BDF3-F2672314A734}" = First Step Guide
"{C81F57EA-7754-4EC4-BE0E-AB620E20582D}" = Mordillo Jungle Fever XXL
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CDFCF124-115F-4976-8BF4-08C89187A146}" = WebReg
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEB326EC-8F40-47B2-BA22-BB092565D66F}" = Quick Launch Buttons 5.10 B3
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1696920-9794-4BBC-8A30-7A88763DE5A2}" = ABBYY FineReader 5.0 Sprint
"{D379964B-685C-44D5-AE46-C953A9FEEA14}" = EPSON Photo Print
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{E24AECDA-101F-11D6-986D-00500443CF9F}" = Sven Bømwøllen
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{F8C6BABF-0837-4EA0-AD6C-8E5A392A7538}" = ImageMixer VCD2
"{FC22D020-3005-4715-8DF9-F3EDE81DEB3D}" = CreativeProjectsTemplates
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"ATI Display Driver" = ATI Display Driver
"Audacity_is1" = Audacity 1.2.4
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CDex" = CDex extraction audio
"CNXT_MODEM_PCI_VEN_1002&DEV_4378&SUBSYS_3085103C" = Data Fax SoftModem with SmartCP
"Conexant PCI Audio" = Conexant AC-Link Audio
"Google Desktop" = Google Desktop
"HP Pavillion zv6000 User Guides" = HP Pavillion zv6000 User Guides
"HP Photo & Imaging" = HP Image Zone 4.8.5
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{96C0E73B-8813-4F4A-9EA1-D407C27AA1A1}" = Texas Instruments PCIxx21/x515 drivers.
"LiveUpdate" = LiveUpdate 3.0 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"P1670 Referenzhandbuch" = P1670 Referenzhandbuch
"Picasa2" = Picasa 2
"Spyware Doctor" = Spyware Doctor 8.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uninstall Presto! BizCard 4.1 Ger" = Presto! BizCard 4.1 (Deutsch Version)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 12.10.2010 01:35:03 | Computer Name = XXX | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office XP Professional -- Error 1706. Setup cannot
find the required files. Check your connection to the network, or CD-ROM drive.
For other potential solutions to this problem, see C:\Program Files\Microsoft Office\Office10\1033\SETUP.HLP.
Error - 15.10.2010 17:50:22 | Computer Name = XXX | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 15.10.2010 17:50:22 | Computer Name = XXX | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 30091250
Error - 15.10.2010 17:50:22 | Computer Name = XXX | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 30091250
Error - 16.10.2010 17:37:34 | Computer Name = XXX | Source = Application Error | ID = 1000
Description = Virhesovellus lsburnwatcher.exe, versio 4.10.14.0, moduuli lsburnwatcher.exe,
versio 4.10.14.0, osoite 0x0001bf0b.
Error - 16.10.2010 19:07:41 | Computer Name = XXX | Source = Google Update | ID = 20
Description =
Error - 19.10.2010 17:07:05 | Computer Name = XXX | Source = Google Update | ID = 20
Description =
Error - 21.10.2010 17:07:05 | Computer Name = XXX | Source = Google Update | ID = 20
Description =
Error - 21.10.2010 17:56:17 | Computer Name = XXX | Source = Application Error | ID = 1000
Description = Virhesovellus lsburnwatcher.exe, versio 4.10.14.0, moduuli lsburnwatcher.exe,
versio 4.10.14.0, osoite 0x0001bf0b.
Error - 21.11.2010 15:50:40 | Computer Name = XXX | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office XP Professional -- Error 1706. Setup cannot
find the required files. Check your connection to the network, or CD-ROM drive.
For other potential solutions to this problem, see C:\Program Files\Microsoft Office\Office10\1033\SETUP.HLP.
[ System Events ]
Error - 18.10.2010 01:37:38 | Computer Name = XXX | Source = Service Control Manager | ID = 7000
Description = Palvelua PC Tools Security Service ei voi käynnistää. Virhekoodi on
%%1053
Error - 21.10.2010 16:51:25 | Computer Name = XXX | Source = Service Control Manager | ID = 7009
Description = Aikakatkaisu (30000 ms) odottaa palvelun PC Tools Security Service
yhdistymistä.
Error - 21.10.2010 16:51:25 | Computer Name = XXX | Source = Service Control Manager | ID = 7000
Description = Palvelua PC Tools Security Service ei voi käynnistää. Virhekoodi on
%%1053
Error - 21.10.2010 16:53:14 | Computer Name = XXX | Source = Windows Update Agent | ID = 16
Description = Yhteyttä ei voi muodostaa: Windows ei voinut muodostaa yhteyttä automaattiseen
päivityspalveluun. Windows ei voi ladata ja asentaa päivityksiä määritetyn aikataulun
mukaisesti. Windows jatkaa yhteyden muodostamisen yrittämistä.
Error - 26.10.2010 14:01:22 | Computer Name = XXX | Source = Service Control Manager | ID = 7022
Description = Palvelu PC Tools Security Service lukkiutui käynnistyksessä.
Error - 26.10.2010 14:07:03 | Computer Name = XXX | Source = Service Control Manager | ID = 7034
Description = Palvelu PC Tools Security Service lopetti yllättäen toimintansa. Se
on tehnyt näin jo 1 kertaa.
Error - 04.11.2010 07:41:42 | Computer Name = XXX | Source = Service Control Manager | ID = 7009
Description = Aikakatkaisu (30000 ms) odottaa palvelun PC Tools Security Service
yhdistymistä.
Error - 04.11.2010 07:41:42 | Computer Name = XXX | Source = Service Control Manager | ID = 7000
Description = Palvelua PC Tools Security Service ei voi käynnistää. Virhekoodi on
%%1053
Error - 04.11.2010 07:42:58 | Computer Name = XXX | Source = Service Control Manager | ID = 7009
Description = Aikakatkaisu (30000 ms) odottaa palvelun PC Tools Security Service
yhdistymistä.
Error - 04.11.2010 07:42:58 | Computer Name = XXX | Source = Service Control Manager | ID = 7000
Description = Palvelua PC Tools Security Service ei voi käynnistää. Virhekoodi on
%%1053
< End of report >
War das auch richtig so mit den 30 Tagen? Danke im voraus. Geändert von Finnkatti (21.11.2010 um 21:57 Uhr) Grund: realname nochmal gefunden |
|
21.11.2010, 22:00
| #13 |
| | Anti-malware Bericht ok, Spyware Doctor meldet noch Infektion Ich merk gerade, dass einige der Fehler sind auf Finnisch... obwohl ich die Einstellungen deutsch und englischsprachige Software habe. Urghs. |
|
22.11.2010, 09:35
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Anti-malware Bericht ok, Spyware Doctor meldet noch Infektion Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{83e5e2b2-e1df-11de-aedc-00904ba60384}\Shell - "" = AutoRun
O33 - MountPoints2\{83e5e2b2-e1df-11de-aedc-00904ba60384}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{e6aaccff-01ca-11dd-ac04-00904ba60384}\Shell\AutoRun\command - "" = E:\wd_windows_tools\setup.exe -- File not found
O33 - MountPoints2\{e9688520-548c-11df-af57-00904ba60384}\Shell\AutoRun\command - "" = explorer .
O33 - MountPoints2\{e9688520-548c-11df-af57-00904ba60384}\Shell\mobile\command - "" = E:\MobileLaunch.exe -- File not found
@Alternate Data Stream - 161 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.11.2010, 21:45
| #15 | |
| | Anti-malware Bericht ok, Spyware Doctor meldet noch InfektionZitat:
|
|
| Themen zu Anti-malware Bericht ok, Spyware Doctor meldet noch Infektion |
| adware.180solutions, adware.lop, anti-malware, bereich, bericht, browser, dateien, entfernen, erkannt, frage, fragen, ide, infektion, karte, kis, kreditkarte, microsoft, neu, problem, regeln, scan, service, software, spyware, spyware doctor, super, version, voll |
Linear-Darstellung
