Trojaner-Board
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   explorer.exe stürzt ab/lädt neu (https://www.trojaner-board.de/54058-explorer-exe-stuerzt-ab-laedt-neu.html)

macbeth 17.06.2008 13:15
Nummer 2
Code:
----- Root -----------------------------

 Volume in drive C is HDD

 Volume Serial Number is 84DD-5D4E



 Directory of C:\



17.06.2008  11:56    1.560.281.088 pagefile.sys

11.05.2008  01:14          250.048 ntldr

06.01.2007  16:25              223 boot.ini

06.01.2007  16:10                0 MSDOS.SYS

06.01.2007  16:10                0 IO.SYS

06.01.2007  16:10                0 CONFIG.SYS

06.01.2007  16:10                0 AUTOEXEC.BAT

28.02.2006  14:00            47.564 NTDETECT.COM

              8 File(s)  1.560.578.923 bytes

              0 Dir(s)  126.678.753.280 bytes free



----- System32 -------------------------

 Volume in drive C is HDD

 Volume Serial Number is 84DD-5D4E



 Directory of C:\WINDOWS\system32



17.06.2008  13:09                0 nmp.log

17.06.2008  11:58            43.531 nvapps.xml

16.06.2008  20:06            13.646 wpa.dbl

16.06.2008  18:56          495.195 vwabaGgh.ini

16.06.2008  18:56              344 vwabaGgh.ini2

16.06.2008  17:18          497.003 vxybLRqr.ini

16.06.2008  17:18          496.774 vxybLRqr.ini2

16.06.2008  01:10          495.195 eKSCeMoq.ini

16.06.2008  01:09              344 eKSCeMoq.ini2

16.06.2008  00:57          597.154 wxadcccf.ini

16.06.2008  00:57          596.916 wxadcccf.ini2

05.06.2008  12:46        1.769.352 FNTCACHE.DAT

02.06.2008  22:56                16 servdat.slm

02.06.2008  22:56              355 lsprst7.tgz

02.06.2008  22:56              341 lsprst7.dll

02.06.2008  22:56                14 ssprs.tgz

30.05.2008  01:35        17.486.968 MRT.exe

25.05.2008  21:31              664 d3d9caps.dat

15.05.2008  02:06                0 nsprs.tgz

15.05.2008  02:04            1.025 sysprs7.tgz

11.05.2008  01:24          444.858 perfh009.dat

11.05.2008  01:24            72.356 perfc009.dat

11.05.2008  01:24          526.710 PerfStringBackup.INI

11.05.2008  01:22              249 spupdwxp.log

07.05.2008  07:12        1.288.192 quartz.dll



----- Windows --------------------------

 Volume in drive C is HDD

 Volume Serial Number is 84DD-5D4E



 Directory of C:\WINDOWS



17.06.2008  13:11        1.288.310 WindowsUpdate.log

17.06.2008  11:57                0 0.log

17.06.2008  11:56              159 wiadebug.log

17.06.2008  11:56                49 wiaservc.log

17.06.2008  11:56            2.048 bootstat.dat

17.06.2008  01:02            32.598 SchedLgU.Txt

16.06.2008  18:19              385 wininit.ini

16.06.2008  17:40          225.422 ntbtlog.txt

16.06.2008  00:16            1.868 OEWABLog.txt

16.06.2008  00:16          421.709 setupapi.log

14.06.2008  11:52              243 TEXTWARE.INI

14.06.2008  10:28            1.409 QTFont.for

14.06.2008  10:28            54.156 QTFont.qfn

12.06.2008  19:14          123.848 wmsetup.log

11.06.2008  20:03            45.301 tabletoc.log

11.06.2008  20:03          302.778 comsetup.log

11.06.2008  20:03          976.439 iis6.log

11.06.2008  20:03          181.585 ntdtcsetup.log

11.06.2008  20:03            1.374 imsins.log

11.06.2008  20:03          407.006 tsoc.log

11.06.2008  20:03            48.584 ocmsn.log

11.06.2008  20:03            18.591 KB950759-IE7.log

11.06.2008  20:03          155.167 netfxocm.log

11.06.2008  20:03            61.369 MedCtrOC.log

11.06.2008  20:03          426.077 ocgen.log

11.06.2008  20:03            43.948 msgsocm.log

11.06.2008  20:03          883.335 FaxSetup.log

11.06.2008  20:03          274.320 msmqinst.log

11.06.2008  20:02          204.699 updspapi.log

11.06.2008  20:01            1.374 imsins.BAK

11.06.2008  20:01            11.622 KB951698.log

11.06.2008  20:01            6.712 KB950762.log

11.06.2008  20:01            6.187 KB950760.log

11.06.2008  20:01            7.130 KB951376.log

11.05.2008  01:22            40.874 spupdsvc.log

11.05.2008  01:22              359 DtcInstall.log

11.05.2008  01:22            9.627 setuplog.txt

11.05.2008  01:22              187 spupdsvc.log.1.log

11.05.2008  01:20          522.495 svcpack.log

11.05.2008  01:18              400 cmsetacl.log

11.05.2008  01:18            1.281 sessmgr.setup.log

11.05.2008  00:56            20.698 KB892130.log



----- Tasks ----------------------------

 Volume in drive C is HDD

 Volume Serial Number is 84DD-5D4E



 Directory of C:\WINDOWS\tasks



17.06.2008  11:59              330 MP Scheduled Scan.job

17.06.2008  11:56                6 SA.DAT

12.06.2008  23:51              284 AppleSoftwareUpdate.job

06.06.2008  17:16              388 1-Click Maintenance.job

28.02.2006  14:00                65 desktop.ini

              5 File(s)          1.073 bytes

              0 Dir(s)  126.678.614.016 bytes free



----- Wintemp --------------------------

 Volume in drive C is HDD

 Volume Serial Number is 84DD-5D4E



 Directory of C:\WINDOWS\temp



17.06.2008  13:56              255 WGAErrLog.txt

17.06.2008  12:17            4.114 MpCmdRun.log

16.06.2008  23:30                0 winA6.tmp

16.06.2008  23:30                0 winA5.tmp

16.06.2008  23:08                0 winA4.tmp

16.06.2008  23:08                0 winA3.tmp

16.06.2008  21:46                0 winA2.tmp

16.06.2008  21:46                0 winA1.tmp

16.06.2008  21:44                0 winA0.tmp

16.06.2008  21:44                0 win9F.tmp

16.06.2008  21:42                0 win9B.tmp

16.06.2008  21:42                0 win9C.tmp

16.06.2008  21:40                0 win99.tmp

16.06.2008  21:40                0 win9A.tmp

16.06.2008  21:38                0 win98.tmp

16.06.2008  21:38                0 win97.tmp

16.06.2008  21:36                0 win95.tmp

16.06.2008  21:36                0 win96.tmp

16.06.2008  21:34                0 win94.tmp

16.06.2008  21:34                0 win93.tmp

16.06.2008  21:32                0 win91.tmp

16.06.2008  21:32                0 win92.tmp

16.06.2008  21:30                0 win8F.tmp

16.06.2008  21:30                0 win90.tmp

16.06.2008  21:28                0 win8D.tmp

16.06.2008  21:28                0 win8E.tmp

16.06.2008  21:26                0 win8B.tmp

16.06.2008  21:26                0 win8C.tmp

16.06.2008  21:24                0 win8A.tmp

16.06.2008  21:24                0 win89.tmp

16.06.2008  21:22                0 win87.tmp

16.06.2008  21:22                0 win88.tmp

16.06.2008  21:20                0 win85.tmp

16.06.2008  21:20                0 win86.tmp

16.06.2008  21:18                0 win83.tmp

16.06.2008  21:18                0 win84.tmp

16.06.2008  21:16                0 win82.tmp

16.06.2008  21:16                0 win81.tmp

16.06.2008  21:14                0 win7F.tmp

16.06.2008  21:14                0 win80.tmp

16.06.2008  21:12                0 win7D.tmp

16.06.2008  21:12                0 win7E.tmp

16.06.2008  21:10                0 win7B.tmp

16.06.2008  21:10                0 win7C.tmp

16.06.2008  21:08                0 win79.tmp

16.06.2008  21:08                0 win7A.tmp

16.06.2008  21:06                0 win78.tmp

16.06.2008  21:06                0 win77.tmp

16.06.2008  21:04                0 win75.tmp

16.06.2008  21:04                0 win76.tmp

16.06.2008  21:02                0 win73.tmp

16.06.2008  21:02                0 win74.tmp

16.06.2008  21:00                0 win71.tmp

16.06.2008  21:00                0 win72.tmp

16.06.2008  20:58                0 win6F.tmp

16.06.2008  20:58                0 win70.tmp

16.06.2008  20:56                0 win6E.tmp

16.06.2008  20:56                0 win6D.tmp

16.06.2008  20:54                0 win6B.tmp

16.06.2008  20:54                0 win6C.tmp

16.06.2008  20:52                0 win69.tmp

16.06.2008  20:52                0 win6A.tmp

16.06.2008  20:50                0 win67.tmp

16.06.2008  20:50                0 win68.tmp

16.06.2008  20:48                0 win65.tmp

16.06.2008  20:48                0 win66.tmp

16.06.2008  20:46                0 win64.tmp

16.06.2008  20:46                0 win63.tmp

16.06.2008  20:44                0 win61.tmp

16.06.2008  20:44                0 win62.tmp

16.06.2008  20:42                0 win5F.tmp

16.06.2008  20:42                0 win60.tmp

16.06.2008  20:40                0 win5D.tmp

16.06.2008  20:40                0 win5E.tmp

16.06.2008  20:38                0 win5C.tmp

16.06.2008  20:38                0 win5B.tmp

16.06.2008  20:36                0 win5A.tmp

16.06.2008  20:36                0 win59.tmp

16.06.2008  20:34                0 win57.tmp

16.06.2008  20:34                0 win58.tmp

16.06.2008  20:32                0 win56.tmp

16.06.2008  20:32                0 win55.tmp

16.06.2008  20:30                0 win54.tmp

16.06.2008  20:30                0 win53.tmp

16.06.2008  20:28                0 win51.tmp

16.06.2008  20:28                0 win52.tmp

16.06.2008  20:26                0 win50.tmp

16.06.2008  20:26                0 win4F.tmp

16.06.2008  20:24                0 win4E.tmp

16.06.2008  20:24                0 win4D.tmp

16.06.2008  20:22                0 win4C.tmp

16.06.2008  20:22                0 win4B.tmp

16.06.2008  20:20                0 win4A.tmp

16.06.2008  20:20                0 win49.tmp

16.06.2008  20:18                0 win47.tmp

16.06.2008  20:18                0 win48.tmp

16.06.2008  20:16                0 win46.tmp

16.06.2008  20:16                0 win45.tmp

16.06.2008  20:14                0 win44.tmp

16.06.2008  20:14                0 win43.tmp

16.06.2008  20:12                0 win42.tmp

16.06.2008  20:12                0 win41.tmp

16.06.2008  20:10                0 win40.tmp

16.06.2008  20:10                0 win3F.tmp

16.06.2008  20:08                0 win3E.tmp

16.06.2008  20:08                0 win3D.tmp

16.06.2008  20:06              409 WGANotify.settings

16.06.2008  20:06                0 win3C.tmp

16.06.2008  20:06                0 win39.tmp

16.06.2008  20:04                0 win3B.tmp

16.06.2008  20:04                0 win3A.tmp

16.06.2008  18:22                0 win38.tmp

16.06.2008  18:22                0 win37.tmp

16.06.2008  18:20                0 win35.tmp

16.06.2008  18:20                0 win36.tmp

16.06.2008  17:38                0 win34.tmp

16.06.2008  17:38                0 win33.tmp

16.06.2008  17:36                0 win31.tmp

16.06.2008  17:36                0 win32.tmp

16.06.2008  17:34                0 win30.tmp

16.06.2008  17:34                0 win2F.tmp

16.06.2008  17:32                0 win2E.tmp

16.06.2008  17:32                0 win2D.tmp

16.06.2008  17:30                0 win2B.tmp

16.06.2008  17:30                0 win2C.tmp

16.06.2008  17:28                0 win2A.tmp

16.06.2008  17:28                0 win29.tmp

16.06.2008  17:26                0 win27.tmp

16.06.2008  17:26                0 win28.tmp

16.06.2008  17:24                0 win26.tmp

16.06.2008  17:24                0 win25.tmp

16.06.2008  17:22                0 win23.tmp

16.06.2008  17:22                0 win24.tmp

16.06.2008  17:20                0 win21.tmp

16.06.2008  17:20                0 win22.tmp

16.06.2008  17:18                0 win20.tmp

16.06.2008  17:18                0 win1F.tmp

16.06.2008  17:16                0 win1E.tmp

16.06.2008  17:16                0 win1.tmp

16.06.2008  17:15                0 win1D.tmp

16.06.2008  17:15                0 win1C.tmp

16.06.2008  17:15                0 win1B.tmp

16.06.2008  17:15                0 win1A.tmp

16.06.2008  17:14                0 win19.tmp

16.06.2008  17:14                0 win18.tmp

16.06.2008  17:11                0 win16.tmp

16.06.2008  17:11                0 win17.tmp

16.06.2008  17:09                0 win15.tmp

16.06.2008  17:09                0 win14.tmp

16.06.2008  17:07                0 win13.tmp

16.06.2008  17:07                0 win12.tmp

16.06.2008  17:05                0 win10.tmp

16.06.2008  17:05                0 win11.tmp

16.06.2008  17:03                0 winE.tmp

16.06.2008  17:03                0 winF.tmp

16.06.2008  17:01                0 winD.tmp

16.06.2008  17:01                0 winC.tmp

16.06.2008  16:59                0 winA.tmp

16.06.2008  16:59                0 winB.tmp

16.06.2008  16:58                0 win8.tmp

16.06.2008  16:58                0 win9.tmp

16.06.2008  16:56                0 win7.tmp

16.06.2008  16:56                0 win6.tmp

16.06.2008  16:54                0 win5.tmp

16.06.2008  16:54                0 win4.tmp

16.06.2008  16:52                0 win2.tmp

16.06.2008  16:52                0 win3.tmp

            167 File(s)          4.778 bytes

              0 Dir(s)  126.678.597.632 bytes free



----- Temp -----------------------------

 Volume in drive C is HDD

 Volume Serial Number is 84DD-5D4E



 Directory of C:\DOCUME~1\Name\LOCALS~1\Temp



17.06.2008  14:03          143.547 filelist.txt

16.06.2008  02:18            46.080 ~e5d141.tmp

              2 File(s)        189.627 bytes

              0 Dir(s)  126.678.605.824 bytes free

macbeth 17.06.2008 13:19
...und hier noch die Quarantäne von AntiVir XP:

(leider etwas klein - tut mir Leid!)

http://www.trojaner-board.de/members...re36-avxp1.jpg

http://www.trojaner-board.de/members...re37-avxp2.jpg

macbeth 17.06.2008 13:30
Ich muss ehrlich sagen, dass ich schon ein ganz schlechtes Gewissen habe. :(

Ihr habt ja bestimmt auch andere Sachen zu tun. Deshalb habe ich mir folgendes überlegt:

Ich komme ja nun wieder an meine Dateien ran. Wenn ich die 109 GB nun auf eine externe Festplatte ziehen (die selbstverständlich leer ist), kann ich ja so ziemlich ohne Sorge formatieren.

Die Festplatte würde ich dann (irgendwie? mit Knoppicillin eventuell?) mehrmals scannen, damit sich kein Schädling an meinen Dateien vergriffen hat.

Somit könnte ich doch alles wieder nach einer Neuinstallation aufspielen, oder?

Mir ist das irgendwie unheimlich, wenn da noch Trojaner und Co auf meiner Platte "schlummer", sei es auch in "Quarantäne". Dazu sind mir meine Hausarbeiten und Seminarscheine zu wichtig... :rolleyes:

BataAlexander 17.06.2008 13:30
Reboot im abgesicherten Modus.


Benutze den Windows Explorer (um dahin zu kommen, mache einen Rechtsklick auf dem Start Button und klicke auf "Explorer"), bitte lösche diese Dateien (wenn vorhanden, stelle Windows ein wie hier beschrieben.):

C:\WINDOWS\system32\nmp.log
C:\WINDOWS\system32\vwabaGgh.ini
C:\WINDOWS\system32\vwabaGgh.ini2
C:\WINDOWS\system32\vxybLRqr.ini
C:\WINDOWS\system32\vxybLRqr.ini2
C:\WINDOWS\system32\eKSCeMoq.ini
C:\WINDOWS\system32\eKSCeMoq.ini2
C:\WINDOWS\system32\wxadcccf.ini
C:\WINDOWS\system32\wxadcccf.ini2
C:\WINDOWS\system32\servdat.slm
C:\WINDOWS\system32\lsprst7.tgz
C:\WINDOWS\system32\lsprst7.dll
C:\WINDOWS\system32\ssprs.tgz
C:\WINDOWS\system32\nsprs.tgz
C:\WINDOWS\system32\ sysprs7.tgz

Dann starte den Rechner im normalen Modus neu.

Dann bitte ein DSS Log.

Deckards System Scanner (DSS)

Hier gibt es das Tool -> dss.exe

* Schließe alle Anwendungen
* Doppelklicke dss.exe um das Programm zu starten
* Wenn der Scan abgeschlossen ist wird sich ein Notepad mit dem Inhalt
der main.txt öffnen.
Ein weiteres Logfile, die extra.txt liegt im Verzeichnis
c:\Deckard\SystemScanner\extra.txt
* Kopiere den Inhalt der beiden Logfiles in diesen Thread, bitte als [CODE][/CODE]


Was Deckards System Scanner macht:

* Es Erstellt einen System Wiederherstellungspunkt
* es säubert die temporären Dateien, Downloaded Program Files, Internet
Cache Dateien und es leert den Mülleimer auf allen Laufwerken.

macbeth 17.06.2008 14:00
Hey! :party:

Ich habe alle Dateien gefunden und mit Shift+DEL sofort gelöscht. Vielen Dank!

Hier die .txt:

Code:
Deckard's System Scanner v20071014.68

Run by Toni on 2008-06-17 14:54:38

Computer is in Normal Mode.

--------------------------------------------------------------------------------







-- HijackThis (run as Toni.exe) ------------------------------------------------



Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:54:44, on 17.06.2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Boot mode: Normal



Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\userinit.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\Microsoft IntelliType Pro\type32.exe

C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\CNAB4RPK.EXE

C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\UAService.exe

C:\WINDOWS\system32\UAService7.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Documents and Settings\Toni\Desktop\dss.exe

C:\DOCUME~1\Toni\Desktop\Toni.exe



R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1FBF1F47-46AE-4578-BAEB-06E3D7B7F57E} - (no file)

O2 - BHO: (no name) - {39CEF1D5-A3CE-443C-A113-8CC473D46259} - (no file)

O2 - BHO: (no name) - {487D319E-1BA7-48AE-84B9-D497984E7632} - C:\WINDOWS\system32\rqRLbyxv.dll (file missing)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {6A370A29-5206-448E-891F-C3C1749D0138} - C:\WINDOWS\system32\hgGabawv.dll (file missing)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: ColorVisionStartup.lnk = C:\Program Files\ColorVision\Utility\ColorVisionStartup.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1168120904062

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O20 - Winlogon Notify: winrnt32 - winrnt32.dll (file missing)

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

O23 - Service: SecuROM User Access Service (UserAccess) - Unknown owner - C:\WINDOWS\system32\UAService.exe

O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe



--

End of file - 8759 bytes



-- Files created between 2008-05-17 and 2008-06-17 -----------------------------



2027-09-14 15:29:06        0 d--h----- C:\WINDOWS\PIF

2008-06-17 14:53:35        0 dr-h----- C:\Documents and Settings\Toni\Recent

2008-06-16 23:27:17        0 d-------- C:\Documents and Settings\LocalService\Application Data\Adobe

2008-06-16 18:20:19        0 d-------- C:\Documents and Settings\Toni\Application Data\Malwarebytes

2008-06-16 18:20:18        0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2008-06-16 18:20:17        0 d-------- C:\Program Files\Malwarebytes Anti-Malware

2008-06-16 01:44:44        0 d-------- C:\Program Files\Trend Micro

2008-06-16 00:41:36        0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-06-13 00:16:34        0 d-------- C:\Program Files\PhotomatixPro3

2008-05-22 20:26:19        0 d-------- C:\Documents and Settings\Toni\Application Data\vlc

2008-05-22 20:02:05        0 d-------- C:\Program Files\VideoLAN

2008-05-20 17:41:52        0 d-------- C:\Program Files\Bonjour

2008-05-20 17:41:46        0 d-------- C:\Program Files\Airfoil Speakers





-- Find3M Report ---------------------------------------------------------------



2008-06-14 12:12:15        0 d-------- C:\Program Files\Mozilla Thunderbird

2008-06-14 11:52:36        0 d-------- C:\Program Files\OALD

2008-05-25 21:31:49      664 --a------ C:\WINDOWS\system32\d3d9caps.dat

2008-05-11 01:18:14        0 d-------- C:\Program Files\Messenger

2008-05-11 01:17:57        0 d-------- C:\Program Files\Movie Maker

2008-05-11 01:15:35        0 d-------- C:\Program Files\Windows NT

2008-05-07 18:53:42        0 d-------- C:\Documents and Settings\Toni\Application Data\ICQ

2008-05-07 15:13:51        0 d-------- C:\Program Files\ICQ6

2008-05-07 15:08:23        0 d--h----- C:\Program Files\InstallShield Installation Information

2008-05-01 20:51:24        0 d-------- C:\Program Files\Common Files\Adobe

2008-05-01 20:51:04        0 d-------- C:\Documents and Settings\Toni\Application Data\Adobe

2008-05-01 20:45:49        0 d-------- C:\Program Files\Common Files

2008-04-24 01:19:57        0 d-------- C:\Documents and Settings\Toni\Application Data\Mask Pro 4.0

2008-04-22 18:11:29        0 d-------- C:\Documents and Settings\Toni\Application Data\Launchy

2008-04-22 18:11:21        0 d-------- C:\Program Files\Launchy

2008-04-20 23:35:33        0 d-------- C:\Program Files\Apple Software Update

2008-04-17 21:55:33        0 d-------- C:\Program Files\Langenscheidt

2008-04-12 16:04:31      268 -r-h----- C:\Documents and Settings\Toni\Application Data\Documentation





-- Registry Dump ---------------------------------------------------------------



*Note* empty entries & legit default entries are not shown





[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1FBF1F47-46AE-4578-BAEB-06E3D7B7F57E}]



[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{39CEF1D5-A3CE-443C-A113-8CC473D46259}]



[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{487D319E-1BA7-48AE-84B9-D497984E7632}]

                        C:\WINDOWS\system32\rqRLbyxv.dll



[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6A370A29-5206-448E-891F-C3C1749D0138}]

                        C:\WINDOWS\system32\hgGabawv.dll



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [24.01.2006 12:15]

"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [20.05.2005 03:11]

"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [07.09.2005 16:35]

"type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [03.06.2004 10:51]

"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [14.04.2008 23:32]

"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [03.11.2006 19:20]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [28.03.2008 23:37]



[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [14.04.2008 02:12]



C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

ColorVisionStartup.lnk - C:\Program Files\ColorVision\Utility\ColorVisionStartup.exe [1/31/2006 12:23:15 PM]



[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoRecentDocsNetHood"=1 (0x1)

"ClearRecentDocsOnExit"=1 (0x1)



[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]

C:\WINDOWS\System32\dimsntfy.dll



[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winrnt32]

winrnt32.dll



[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

"Authentication Packages"= msv1_0 C:\WINDOWS\system32\hgGabawv



[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

SecurityProviders        msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]

@="Service"



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

@="Volume shadow copy"



[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"TuneUp MemOptimizer"="C:\Program Files\TuneUp Utilities 2006\MemOptimizer.exe" autostart

"E06DDXRC_2352296"="C:\Program Files\Microsoft Encarta\Encarta 2006 Enzyklopaedie\EDICT.EXE" -m

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe

"ICQ"="C:\PROGRA~1\ICQ6\ICQ.exe" silent

"Airfoil Speakers"="C:\Program Files\Airfoil Speakers\AirfoilSpeakers.exe"

"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe



[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"nwiz"=nwiz.exe /install

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k

"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

"ScanSoft OmniPage 16-reminder"="C:\Program Files\ScanSoft\OmniPage16\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\OmniPage 16\Ereg\Ereg.ini"

"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit



[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

eapsvcs        eaphost

dot3svc        dot3svc



HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs

UxTuneUp

napagent

hkmsvc









-- End of Deckard's System Scanner: finished at 2008-06-17 14:56:26 ------------

macbeth 17.06.2008 14:02
...und hier die andere .txt:

Code:
Deckard's System Scanner v20071014.68

Extra logfile - please post this as an attachment with your post.

--------------------------------------------------------------------------------



-- System Information ----------------------------------------------------------



Microsoft Windows XP Professional (build 2600) SP 3.0

Architecture: X86; Language: English



CPU 0: AMD Athlon(tm) 64 X2 Dual Core Processor 4200+

Percentage of Memory in Use: 24%

Physical Memory (total/avail): 2030.48 MiB / 1534.9 MiB

Pagefile Memory (total/avail): 3365.38 MiB / 3011.55 MiB

Virtual Memory (total/avail): 2047.88 MiB / 1907.26 MiB



C: is Fixed (NTFS) - 298.08 GiB total, 132.39 GiB free.

D: is CDROM (No Media)

G: is Removable (FAT)



\\.\PHYSICALDRIVE0 - ST3320620AS - 298.09 GiB - 1 partition

  \PARTITION0 (bootable) - Installable File System - 298.08 GiB - C:



\\.\PHYSICALDRIVE1 - VBTM Store'n'go USB Device - 949.15 MiB - 1 partition

  \PARTITION0 (bootable) - Win95 w/Extended Int 13 - 953.5 MiB - G:







-- Security Center -------------------------------------------------------------



AUOptions is scheduled to auto-install.





-- Environment Variables -------------------------------------------------------



ALLUSERSPROFILE=C:\Documents and Settings\All Users

APPDATA=C:\Documents and Settings\Toni\Application Data

CLASSPATH=.;C:\Program Files\Java\jre1.5.0_10\lib\ext\QTJava.zip

CLIENTNAME=Console

CommonProgramFiles=C:\Program Files\Common Files

COMPUTERNAME=FELIX

ComSpec=C:\WINDOWS\system32\cmd.exe

FP_NO_HOST_CHECK=NO

HOMEDRIVE=C:

HOMEPATH=\Documents and Settings\Toni

LOGONSERVER=\\FELIX

NUMBER_OF_PROCESSORS=2

OS=Windows_NT

Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Adobe\AGL;C:\PROGRA~1\COMMON~1\AUTODE~1;C:\Program Files\QuickTime\QTSystem\

PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

PROCESSOR_ARCHITECTURE=x86

PROCESSOR_IDENTIFIER=x86 Family 15 Model 75 Stepping 2, AuthenticAMD

PROCESSOR_LEVEL=15

PROCESSOR_REVISION=4b02

ProgramFiles=C:\Program Files

PROMPT=$P$G

QTJAVA=C:\Program Files\Java\jre1.5.0_10\lib\ext\QTJava.zip

SESSIONNAME=Console

SystemDrive=C:

SystemRoot=C:\WINDOWS

TEMP=C:\DOCUME~1\Toni\LOCALS~1\Temp

TMP=C:\DOCUME~1\Toni\LOCALS~1\Temp

USERDOMAIN=FELIX

USERNAME=Toni

USERPROFILE=C:\Documents and Settings\Toni

windir=C:\WINDOWS





-- User Profiles ---------------------------------------------------------------



Toni (admin)

Administrator (admin)

Guest (guest)





-- Add/Remove Programs ---------------------------------------------------------



 --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

 --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER

 --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}

Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe

Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}

Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}

Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}

Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log

Adobe Stock Photos 1.0 --> MsiExec.exe /I{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}

Airfoil Speakers --> "C:\Program Files\Airfoil Speakers\Uninstall Airfoil Speakers.exe"

Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}

Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}

Athlon 64 Processor Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x9

AutoCAD 2000 - Deutsch --> C:\WINDOWS\unin0407.exe -fC:\PROGRA~1\ACAD2000\DeIsL1.isu -c"C:\PROGRA~1\ACAD2000\unacad.dll

Avira AntiVir Personal ñ Free Antivirus --> C:\Program Files\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE

Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}

Canon LBP2900 --> C:\Program Files\Canon\PrnUninstall\Canon LBP2900\CNAB4UN.EXE

Cisco Systems VPN Client 5.0.02.0090 --> MsiExec.exe /X{871DF2BE-41D2-4334-AC33-839AF16FC8FE}

DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC

DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER

DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER

DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER

DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN

Duden Korrektor PLUS --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{910BEE2C-3C2F-4DC0-9FF0-61DD5F5E8E47}

DVD Decrypter (Remove Only) --> "C:\Program Files\DVDrips\DVDdecrypter\uninstall.exe"

DVD Shrink 3.2 --> "C:\Program Files\DVDrips\DVDshrink\unins000.exe"

e-Dictionaries --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4737AD9F-13AA-4E4C-B86F-B631D557F6A7}\setup.exe" anything

English Pronouncing Dictionary --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Cambridge\EPD\Uninst.isu"

Exif-Viewer 2.44 --> C:\WINDOWS\uninstall\Exif-Viewer\setup.exe

FileZilla Client 3.0.8.1 --> C:\Program Files\FileZilla FTP Client\uninstall.exe

Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9  -removeonly

Google SketchUp 6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98736A65-3C79-49EC-B7E9-A3C77774B0E6}\setup.exe" -l0x9  -removeonly

Google SketchUp 6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}\setup.exe" -l0x9  -removeonly

High Definition Audio Driver Package - KB888111 --> C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe

HijackThis 2.0.2 --> "G:\HijackThis.exe" /uninstall

Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"

ICQ6 --> "C:\Program Files\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly

IrfanView (remove only) --> C:\Program Files\IrfanView\iv_uninstall.exe

iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}

J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}

L&H TTS3000 Deutsch --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\LHTTSGED.inf, Uninstall

Launchy 2.0 --> "C:\Program Files\Launchy\unins000.exe"

Lightroom --> MsiExec.exe /I{D4134B0B-EA9B-4835-A77A-60BEE6277101}

Macromedia Dreamweaver MX 2004 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}\Setup.exe" -l0x9 mmUninstall

Macromedia Flash MX 2004 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2F353D44-73BB-4971-B31D-F7642E9E9531}\Setup.exe" -l0x9 UNINSTALL

Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"

Microsoft Encarta 2006 Enzyklop‰die --> MsiExec.exe /I{06100000-3E21-46D6-9A91-D927BA08F41D}

Microsoft Office Standard Edition 2003 --> MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}

Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"

Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}

Mozilla Firefox (2.0.0.14) --> C:\PROGRA~1\Mozilla Firefox\uninstall\helper.exe

Mozilla Thunderbird (2.0.0.14) --> C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe

MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}

Nero 6 Ultra Edition --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL

NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI

NVIDIA ForceWare Network Access Manager --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{1F6423DE-7959-4178-80E0-023C7EAA5347} /l1033

Office-Bibliothek 4.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{54971F17-9D16-4D43-95D6-3A86E3D20EDB}\setup.exe"  -uninst

PC-Bibliothek --> C:\WINDOWS\unin0407.exe -f"c:\program files\Duden\DeIsL1.isu"  -c"c:\program files\Duden\_ISREG32.DLL"

Photomatix Pro version 3.0.3RC2 --> "C:\Program Files\PhotomatixPro3\unins000.exe"

PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe"  -uninstall

QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}

RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

RipIt4Me --> C:\Program Files\DVDrips\RipIt4Me\Uninstal.exe

ScanSoft OmniPage 16 --> MsiExec.exe /I{DF74C7BA-5C9F-4F17-8B6F-5ECE08280F34}

ScanSoft PDF Create! 4 --> MsiExec.exe /I{67EC0AB2-8CF7-4415-9F70-7FBC593C0D5E}

Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe" -l0x9  -removeonly

Spelling Dictionaries Support For Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}

Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"

Spyder2 --> C:\WINDOWS\unvise32.exe C:\Program Files\ColorVision\Spyder2\uninstal.log

TuneUp Utilities 2006 --> MsiExec.exe /I{868D7896-99D4-4513-BC62-2B3AD3E24926}

VideoLAN VLC media player 0.8.6f --> C:\Program Files\VideoLAN\VLC\uninstall.exe

Visual C++ 8.0 CRT (x86) WinSXS MSM --> MsiExec.exe /I{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}

Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}

Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"

Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"

Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}

Windows XP Service Pack 3 --> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe

XML Paper Specification Shared Components Pack 1.0 -->

xp-AntiSpy 3.93 --> C:\Program Files\xp-AntiSpy\uninst.exe





-- Application Event Log -------------------------------------------------------



Event Record #/Type6444 / Warning

Event Submitted/Written: 06/16/2008 01:03:25 AM

Event ID/Source: 1524 / Userenv

Event Description:

Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.



Event Record #/Type6357 / Warning

Event Submitted/Written: 06/16/2008 00:16:39 AM

Event ID/Source: 1524 / Userenv

Event Description:

Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.



Event Record #/Type6355 / Warning

Event Submitted/Written: 06/16/2008 00:15:42 AM

Event ID/Source: 1524 / Userenv

Event Description:

Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.



Event Record #/Type6118 / Warning

Event Submitted/Written: 06/15/2008 11:07:16 PM

Event ID/Source: 1524 / Userenv

Event Description:

Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.



Event Record #/Type6117 / Error

Event Submitted/Written: 06/15/2008 10:09:54 PM

Event ID/Source: 8193 / VSS

Event Description:

Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80040206.







-- Security Event Log ----------------------------------------------------------



No Errors/Warnings found.





-- System Event Log ------------------------------------------------------------



No Errors/Warnings found.





-- End of Deckard's System Scanner: finished at 2008-06-16 01:41:27 ------------

BataAlexander 17.06.2008 14:25
Bitte lade Dir die angehängte Datei herunter, benene sie in reb.bat um uns installiere Sie.

Suche dann noch die Dateien
Zitat:
C:\WINDOWS\system32\rqRLbyxv.dll
C:\WINDOWS\system32\hgGabawv.dll
und lösche sie, wenn vorhanden.

Dann benötige ich ein neues HiJackThis Logfile.

macbeth 17.06.2008 15:01
Hey!

Ich habe beide Dateien gesucht - nicht gefunden. Sollte ich sie im abgesicherten Modus suchen? Habe sie nämlich "normal" gesucht? Das "Programm" habe ich installiert - ging ja in einer Sekunde. :)

Hier die log:

Code:
Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:59:29, on 17.06.2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Boot mode: Normal



Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\Microsoft IntelliType Pro\type32.exe

C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\CNAB4RPK.EXE

C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\UAService.exe

C:\WINDOWS\system32\UAService7.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe



R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1FBF1F47-46AE-4578-BAEB-06E3D7B7F57E} - (no file)

O2 - BHO: (no name) - {39CEF1D5-A3CE-443C-A113-8CC473D46259} - (no file)

O2 - BHO: (no name) - {487D319E-1BA7-48AE-84B9-D497984E7632} - C:\WINDOWS\system32\rqRLbyxv.dll (file missing)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {6A370A29-5206-448E-891F-C3C1749D0138} - C:\WINDOWS\system32\hgGabawv.dll (file missing)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: ColorVisionStartup.lnk = C:\Program Files\ColorVision\Utility\ColorVisionStartup.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1168120904062

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O20 - Winlogon Notify: winrnt32 - winrnt32.dll (file missing)

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

O23 - Service: SecuROM User Access Service (UserAccess) - Unknown owner - C:\WINDOWS\system32\UAService.exe

O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe



--

End of file - 8698 bytes

BataAlexander 17.06.2008 15:08
Die Dateien sind wohl schon gelöscht worden und das mit der reg. Datei hat nicht funktioniert. Machen wir es halt mit HiJackThis. :)

Gehe wiefolgt vor


Bitte öffne Deine HiJackThis nochmal und scanne. Check die klickboxen neben den Einträgen die untenstehend gelistet sind.

O2 - BHO: (no name) - {1FBF1F47-46AE-4578-BAEB-06E3D7B7F57E} - (no file)
O2 - BHO: (no name) - {39CEF1D5-A3CE-443C-A113-8CC473D46259} - (no file)
O2 - BHO: (no name) - {487D319E-1BA7-48AE-84B9-D497984E7632} - C:\WINDOWS\system32\rqRLbyxv.dll (file missing)
O2 - BHO: (no name) - {6A370A29-5206-448E-891F-C3C1749D0138} - C:\WINDOWS\system32\hgGabawv.dll (file missing)
O20 - Winlogon Notify: winrnt32 - winrnt32.dll (file missing)

(file missing)dann Klicke Fix Checked.

Wie verhält sich Dein System/ der Explorer?

Führe ein Java Update durch! Deinstalliere vorher alle alten Java Versionen (Systemsteuerung / Software). Durch alte Java Versionen können Schädlinge auf Dein System gelangen. Dies gilt für jegliche Software!

macbeth 17.06.2008 15:32
So, diese Einträge habe ich erfolgreich "gefixt". Danke.

Explorer verhält sich "normal". Noch...

Sorry für die dumme Frage, aber Java ist als "J2SE Runtime Enviroment 5.0 ..." unter "Software" gelistet, oder? :schmoll:

Die deinstallieren und dann... ?

BataAlexander 17.06.2008 15:38
Zitat:
Zitat von macbeth (Beitrag 346662)

Die deinstallieren und dann... ?
Die deinstallieren und dann die neuste Version installieren 1.6.6

Poste abschließend ein neues HJT Logfile. :)

macbeth 17.06.2008 15:51
Vielen Dank!

Also, neue Version ist drauf. Wie geht es weiter? :heilig:

HJT:

Code:
Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:49:24, on 17.06.2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Boot mode: Normal



Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\Microsoft IntelliType Pro\type32.exe

C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\CNAB4RPK.EXE

C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\UAService.exe

C:\WINDOWS\system32\UAService7.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\msiexec.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe



R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: ColorVisionStartup.lnk = C:\Program Files\ColorVision\Utility\ColorVisionStartup.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1168120904062

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

O23 - Service: SecuROM User Access Service (UserAccess) - Unknown owner - C:\WINDOWS\system32\UAService.exe

O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe



--

End of file - 8388 bytes

BataAlexander 17.06.2008 16:00
Gar nicht. :)

Bei Dir ist alles Ok.

macbeth 17.06.2008 16:13
Zitat:
Zitat von BataAlexander (Beitrag 346684)
Gar nicht. :)

Bei Dir ist alles Ok.
Nein, wirklich? :aplaus:

WOW! Kannst Du mir eventuell noch sagen, wie ich mit den Dateien in der AntiVir Quarantäne umgehen soll? Löschen (löscht er sie dann aus der Quarantäne, oder generell - das ist ambivalent)? Ich muss also nix mehr einstellen oder so? Kann wieder getrost weiterarbeiten? Ich kann mein Glück noch nicht glauben... *wow!*

Kann ich HJT und DSS nun wieder deinstallieren? Malwarebytes Anti-Malware und Spybot lass ich mal drauf. :)

Ich weiß ja nicht, wie ich Dir für die viele Arbeit Danken soll?!! Wenn Du mal Fotos, ein Design oder Umzugshilfe brauchst - ich schicke Dir meine Mailaddi. Das ist das Mindeste, was ich tun kann.

Tausend Dank! :daumenhoc :daumenhoc :)

macbeth 17.06.2008 19:29
Wusste ich es doch.

Problem beim AntiVir-Systemscan: ein .gif in Program Files hat noch das trojanische Pferd TR/BHO.ecl :koch:

Habe es in die Quarantäne verschoben. Richtig? :(


Alle Zeitangaben in WEZ +1. Es ist jetzt 00:09 Uhr.
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19