|
hilfe BDS/Bifrose.bbld.20 hallo leute hab ein proplem hab mir ein virus oder ähnliches eingefangen das nennt sich BDS/Bifrose.bbld.20 hab das als ein bild getant mir auf den rechner gezogen und dummer weise ausgeführt :heulen: jetzt kommt bei jedem start meines windows ne meldung svchost.exe ausführen oder abrechen habt ihr ne ahnung wie ich den wegbekomme oder ob ich ihn überhaupt weg kriege danke schon im voraus |
echt keiner ne ahnung ob ich den unerwünschten gast i-wie loswerden kann :-( |
Halli Hallo und :hallo: Bitte ackere die komplette Liste unter diesem Link ab. Poste danach bitte danach alle anfallenden logs hier. Liebe Grüße Moritz009 |
@Knuffy: Was sollen derartige Links hier im forum? :kloppen: @Den-Jo: Führe bitte einfach wie von mir beschrieben fort. Liebe Grüße Moritz009 |
ok moritz werd ich jetzt direkt machen...danke für deine antwort |
ok hab alles beschriebene ausgeführt 1.) report von Malwarebytes Anti-Malware Malwarebytes' Anti-Malware 1.40 Datenbank Version: 2662 Windows 5.1.2600 Service Pack 3 20.08.2009 13:21:35 mbam-log-2009-08-20 (13-21-35).txt Scan-Methode: Vollständiger Scan (C:\|D:\|) Durchsuchte Objekte: 189635 Laufzeit: 37 minute(s), 2 second(s) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 19 Infizierte Registrierungswerte: 2 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 5 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2248xhv2-41vh-kujd-166b-7h476ow38cm4} (Generic.Bot.H) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3ba4271e-5c1e-48e2-b432-d8bf420dd31d} (Rogue.DeusCleaner) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windows-update (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windows-update (Trojan.Agent) -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\WINXP\svchost.exe (Generic.Bot.H) -> Quarantined and deleted successfully. C:\Programme\Windows Live\Messenger\msimg32.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programme\Windows Live\Messenger\riched20.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully. D:\meine Dateien\müll\Nero 6 + key\Keygen.exe (Trojan.Agent) -> Quarantined and deleted successfully. D:\System Volume Information\_restore{6CEBD20D-9ADA-40B3-94F9-30A243E1762B}\RP4\A0000471.exe (Trojan.Agent) -> Quarantined and deleted successfully. |
2.) rsit scann log Logfile of random's system information tool 1.06 (written by random/random) Run by Denjo at 2009-08-20 13:27:30 Microsoft Windows XP Professional Service Pack 3 System drive C: has 27 GB (53%) free of 50 GB Total RAM: 1022 MB (62% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:27:37, on 20.08.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINXP\System32\smss.exe C:\WINXP\system32\winlogon.exe C:\WINXP\system32\services.exe C:\WINXP\system32\lsass.exe C:\WINXP\system32\svchost.exe C:\WINXP\System32\svchost.exe C:\Programme\Lavasoft\Ad-Aware\AAWService.exe C:\WINXP\system32\spoolsv.exe C:\Programme\Avira\AntiVir Desktop\sched.exe C:\WINXP\Explorer.EXE C:\WINXP\system32\RUNDLL32.EXE C:\WINXP\Mixer.exe C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe C:\Programme\Avira\AntiVir Desktop\avgnt.exe C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe C:\Programme\Java\jre6\bin\jusched.exe C:\WINXP\system32\ctfmon.exe C:\Programme\Spybot - Search & Destroy\TeaTimer.exe C:\Programme\RocketDock\RocketDock.exe C:\Programme\Sandboxie\SbieCtrl.exe C:\Programme\Avira\AntiVir Desktop\avguard.exe C:\Programme\Bonjour\mDNSResponder.exe C:\WINXP\system32\cisvc.exe C:\Programme\Java\jre6\bin\jqs.exe C:\WINXP\system32\nvsvc32.exe C:\Programme\Sandboxie\SbieSvc.exe C:\WINXP\system32\svchost.exe C:\WINXP\system32\wscntfy.exe C:\WINXP\system32\wuauclt.exe C:\Dokumente und Einstellungen\Denjo\Desktop\RSIT.exe C:\Programme\trend micro\Denjo.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Programme\FlashFXP\IEFlash.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Programme\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINXP\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINXP\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINXP\system32\NeroCheck.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [Ad-Watch] C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINXP\system32\ctfmon.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [RocketDock] "C:\Programme\RocketDock\RocketDock.exe" O4 - HKCU\..\Run: [NBJ] "C:\Programme\Ahead\Nero BackItUp\NBJ.exe" O4 - HKCU\..\Run: [SandboxieControl] "C:\Programme\Sandboxie\SbieCtrl.exe" O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user') O8 - Extra context menu item: &Search - ?p=ZKxdm022YYDE O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINXP\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINXP\bdoscandel.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINXP\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINXP\Network Diagnostic\xpnetdiag.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/de/scan8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1241485019718 O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{8D6FB355-AFA0-4E5B-9C58-11486372C3BA}: NameServer = 192.168.2.1 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programme\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINXP\system32\nvsvc32.exe O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Programme\Sandboxie\SbieSvc.exe O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINXP\System32\TuneUpDefragService.exe -- End of file - 8265 bytes ======Scheduled tasks folder====== C:\WINXP\tasks\1-Klick-Wartung.job C:\WINXP\tasks\Ad-Aware Update (Weekly).job C:\WINXP\tasks\AppleSoftwareUpdate.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}] Skype add-on (mastermind) - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-04-21 1082880] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live Anmelde-Hilfsprogramm - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Programme\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E5A1691B-D188-4419-AD02-90002030B8EE}] FlashFXP Helper for Internet Explorer - C:\Programme\FlashFXP\IEFlash.dll [2007-05-16 191096] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-25 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - Veoh Web Player Video Finder - C:\Programme\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll [2009-03-26 429816] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"=C:\WINXP\system32\NvCpl.dll [2008-10-07 13574144] "nwiz"=nwiz.exe /install [] "NvMediaCenter"=C:\WINXP\system32\NvMcTray.dll [2008-10-07 86016] "C-Media Mixer"=Mixer.exe /startup [] "NeroFilterCheck"=C:\WINXP\system32\NeroCheck.exe [2006-01-12 155648] "Adobe Reader Speed Launcher"=C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696] "avgnt"=C:\Programme\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153] "Ad-Watch"=C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe [2009-06-24 518488] "SunJavaUpdateSched"=C:\Programme\Java\jre6\bin\jusched.exe [2009-07-25 149280] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"=C:\WINXP\system32\ctfmon.exe [2008-04-14 15360] "SpybotSD TeaTimer"=C:\Programme\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480] "RocketDock"=C:\Programme\RocketDock\RocketDock.exe [2007-09-02 495616] "NBJ"=C:\Programme\Ahead\Nero BackItUp\NBJ.exe [2006-09-15 2048000] "SandboxieControl"=C:\Programme\Sandboxie\SbieCtrl.exe [2009-05-28 380416] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] C:\WINXP\system32\ctfmon.exe [2008-04-14 15360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM] C:\Programme\SweetIM\Messenger\SweetIM.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin] C:\Programme\Veoh Networks\VeohWebPlayer\veohwebplayer.exe [2009-03-26 3558648] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINXP\system32\WgaLogon.dll [2008-03-22 3584] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINXP\system32\wpdshserviceobj.dll [2008-07-08 133632] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Programme\eMule\emule.exe"="C:\Programme\eMule\emule.exe:*:Enabled:eMule" "C:\Programme\PPMate\ppmate.exe"="C:\Programme\PPMate\ppmate.exe:*:Enabled:PPMate" "C:\Programme\PPMate\ppamnet.exe"="C:\Programme\PPMate\ppamnet.exe:*:Enabled:PPMate" "C:\Programme\TVAnts\Tvants.exe"="C:\Programme\TVAnts\Tvants.exe:*:Enabled:TVAnts" "C:\Programme\TVUPlayer\TVUPlayer.exe"="C:\Programme\TVUPlayer\TVUPlayer.exe:*:Enabled:TVUPlayer Component" "C:\Programme\SopCast\adv\SopAdver.exe"="C:\Programme\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver" "C:\Programme\SopCast\SopCast.exe"="C:\Programme\SopCast\SopCast.exe:*:Enabled:SopCast Main Application" "C:\Programme\Internet Explorer\IEXPLORE.EXE"="C:\Programme\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer" "C:\Programme\Java\jre6\launch4j-tmp\JDownloader.exe"="C:\Programme\Java\jre6\launch4j-tmp\JDownloader.exe:*:Enabled:Java(TM) Platform SE binary" "C:\WINXP\system32\java.exe"="C:\WINXP\system32\java.exe:*:Enabled:Java(TM) Platform SE binary" "C:\Programme\ICQ6.5\ICQ.exe"="C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6" "C:\Programme\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"="C:\Programme\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player " "C:\Programme\Messenger\msmsgs.exe"="C:\Programme\Messenger\msmsgs.exe:*:Enabled:Windows Messenger" "C:\Programme\Windows Live\Messenger\wlcsdk.exe"="C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Programme\Windows Live\Messenger\msnmsgr.exe"="C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Programme\FlashFXP\FlashFXP.exe"="C:\Programme\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3" "C:\Programme\Skype\Phone\Skype.exe"="C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype" "C:\Programme\Java\jre6\bin\javaw.exe"="C:\Programme\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary" "C:\Programme\Bonjour\mDNSResponder.exe"="C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour" "C:\Programme\VideoLAN\VLC\vlc.exe"="C:\Programme\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Programme\Windows Live\Messenger\wlcsdk.exe"="C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Programme\Windows Live\Messenger\msnmsgr.exe"="C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Programme\FlashFXP\FlashFXP.exe"="C:\Programme\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3" ======List of files/folders created in the last 1 months====== 2009-08-20 13:27:30 ----D---- C:\rsit 2009-08-20 13:27:30 ----D---- C:\Programme\trend micro 2009-08-20 12:35:58 ----D---- C:\Dokumente und Einstellungen\Denjo\Anwendungsdaten\Malwarebytes 2009-08-20 12:35:52 ----D---- C:\Programme\Malwarebytes' Anti-Malware 2009-08-20 12:35:52 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes 2009-08-20 12:26:39 ----D---- C:\Programme\CCleaner 2009-08-19 13:46:59 ----D---- C:\Programme\AmoK 2009-08-19 12:06:29 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\STEITZ IT-Solutions 2009-08-18 17:42:50 ----D---- C:\WINXP\BDOSCAN8 2009-08-17 14:39:44 ----D---- C:\Dokumente und Einstellungen\Denjo\Anwendungsdaten\temp 2009-08-17 14:36:53 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Electronic Arts 2009-08-17 14:33:41 ----A---- C:\WINXP\system32\D3DX9_39.dll 2009-08-16 23:43:45 ----A---- C:\WINXP\system32\pdfcmnnt.dll 2009-08-16 23:43:43 ----D---- C:\Programme\PDFCreator 2009-08-16 23:43:43 ----A---- C:\WINXP\system32\VB6DE.DLL 2009-08-16 23:43:43 ----A---- C:\WINXP\system32\MSMPIDE.DLL 2009-08-16 23:43:43 ----A---- C:\WINXP\system32\MSCMCDE.DLL 2009-08-16 23:43:43 ----A---- C:\WINXP\system32\MSCC2DE.DLL 2009-08-16 23:34:44 ----D---- C:\Dokumente und Einstellungen\Denjo\Anwendungsdaten\WordToPDF 2009-08-16 23:34:40 ----D---- C:\Programme\WordToPDF 2009-08-15 13:15:39 ----A---- C:\WINXP\system32\msvcr70.dll 2009-08-15 13:15:35 ----D---- C:\Programme\Gemeinsame Dateien\DVDVideoSoft 2009-08-15 13:15:35 ----D---- C:\Programme\DVDVideoSoft 2009-08-13 21:10:01 ----A---- C:\WINXP\Sandboxie.ini 2009-08-13 21:09:57 ----D---- C:\Programme\Sandboxie 2009-08-13 15:22:42 ----D---- C:\Sandbox 2009-08-12 19:18:43 ----D---- C:\Programme\ProtectDisc Driver Installer 2009-08-12 19:18:40 ----D---- C:\Dokumente und Einstellungen\Denjo\Anwendungsdaten\ProtectDisc 2009-08-12 15:39:26 ----D---- C:\Programme\Nobilis 2009-08-10 23:41:52 ----D---- C:\Dokumente und Einstellungen\Denjo\Anwendungsdaten\RouterControl 2009-08-10 23:36:36 ----A---- C:\WINXP\RCoUn.EXE 2009-08-10 23:36:28 ----D---- C:\Programme\RouterControl 2009-08-10 23:19:07 ----D---- C:\Dokumente und Einstellungen\Denjo\Anwendungsdaten\Load 2009-08-09 20:22:57 ----A---- C:\WINXP\WORDPAD.INI 2009-08-08 16:42:30 ----D---- C:\Programme\A4Proxy 2009-08-05 16:28:00 ----A---- C:\WINXP\system32\javaws.exe 2009-08-05 16:28:00 ----A---- C:\WINXP\system32\javaw.exe 2009-08-05 16:28:00 ----A---- C:\WINXP\system32\java.exe 2009-08-03 14:12:16 ----D---- C:\Programme\Tunatic 2009-07-26 22:49:32 ----D---- C:\Programme\Bonjour 2009-07-26 22:41:53 ----D---- C:\Programme\Gemeinsame Dateien\Macrovision Shared 2009-07-26 20:34:27 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FLEXnet ======List of files/folders modified in the last 1 months====== 2009-08-20 13:27:30 ----D---- C:\Programme 2009-08-20 13:24:35 ----D---- C:\Programme\Mozilla Firefox 2009-08-20 13:24:30 ----D---- C:\WINXP\Temp 2009-08-20 13:24:30 ----D---- C:\WINXP\system32\CatRoot2 2009-08-20 13:24:25 ----RSHD---- C:\WINXP 2009-08-20 13:23:48 ----D---- C:\WINXP\system32\drivers 2009-08-20 13:23:48 ----D---- C:\WINXP\system32 2009-08-20 13:23:25 ----A---- C:\WINXP\SchedLgU.Txt 2009-08-20 13:23:07 ----D---- C:\WINXP\Prefetch 2009-08-20 12:39:07 ----A---- C:\WINXP\NeroDigital.ini 2009-08-20 12:30:37 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy 2009-08-20 12:30:19 ----D---- C:\WINXP\Minidump 2009-08-20 12:30:19 ----D---- C:\WINXP\Debug 2009-08-20 02:35:17 ----HD---- C:\WINXP\inf 2009-08-20 02:35:17 ----D---- C:\Programme\Windows Live Safety Center 2009-08-19 23:48:04 ----D---- C:\Dokumente und Einstellungen\Denjo\Anwendungsdaten\vlc 2009-08-19 23:23:18 ----D---- C:\Dokumente und Einstellungen\Denjo\Anwendungsdaten\dvdcss 2009-08-19 14:01:32 ----SHD---- C:\System Volume Information 2009-08-19 13:34:16 ----RSHDC---- C:\WINXP\system32\dllcache 2009-08-19 13:34:11 ----A---- C:\WINXP\system32\svchost.exe 2009-08-19 12:37:54 ----SD---- C:\Dokumente und Einstellungen\Denjo\Anwendungsdaten\Microsoft 2009-08-18 20:02:19 ----D---- C:\Dokumente und Einstellungen\Denjo\Anwendungsdaten\gtk-2.0 2009-08-18 17:42:52 ----SD---- C:\WINXP\Downloaded Program Files 2009-08-17 14:33:42 ----D---- C:\WINXP\system32\DirectX 2009-08-17 10:15:32 ----SHD---- C:\WINXP\Installer 2009-08-17 10:15:31 ----D---- C:\WINXP\WinSxS 2009-08-17 10:15:28 ----SHD---- C:\Config.Msi 2009-08-16 23:52:22 ----D---- C:\Dokumente und Einstellungen\Denjo\Anwendungsdaten\Adobe 2009-08-15 13:15:35 ----D---- C:\Programme\Gemeinsame Dateien 2009-08-13 14:46:45 ----D---- C:\Programme\eMule 2009-08-13 00:03:15 ----D---- C:\Dokumente und Einstellungen\Denjo\Anwendungsdaten\LimeWire 2009-08-12 16:40:46 ----HD---- C:\Programme\InstallShield Installation Information 2009-08-05 16:27:45 ----D---- C:\Programme\Java 2009-07-26 22:50:47 ----D---- C:\Programme\Adobe 2009-07-26 22:49:29 ----D---- C:\Programme\Gemeinsame Dateien\Adobe 2009-07-26 22:24:08 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Adobe 2009-07-26 20:26:05 ----RSD---- C:\WINXP\Fonts 2009-07-25 05:23:00 ----A---- C:\WINXP\system32\deploytk.dll ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 avgio;avgio; \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys [] R1 avipbb;avipbb; C:\WINXP\system32\DRIVERS\avipbb.sys [2009-05-27 96104] R1 kbdhid;Tastatur-HID-Treiber; C:\WINXP\system32\DRIVERS\kbdhid.sys [2008-04-14 14720] R1 ssmdrv;ssmdrv; C:\WINXP\system32\DRIVERS\ssmdrv.sys [2009-06-09 28520] R2 acedrv11;acedrv11; \??\C:\WINXP\system32\drivers\acedrv11.sys [] R2 ASTRA32;ASTRA32 Kernel Driver 5.2.1.0; \??\C:\Programme\ASTRA32\ASTRA32.sys [] R2 avgntflt;avgntflt; C:\WINXP\system32\DRIVERS\avgntflt.sys [2009-08-05 55656] R3 Arp1394;1394-ARP-Clientprotokoll; C:\WINXP\system32\DRIVERS\arp1394.sys [2008-04-14 60800] R3 cmpci;C-Media PCI Audio Driver (WDM); C:\WINXP\system32\drivers\cmaudio.sys [2001-09-28 280720] R3 HDAudBus;Microsoft UAA-Bustreiber für High Definition Audio; C:\WINXP\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384] R3 hidusb;Microsoft HID Class-Treiber; C:\WINXP\system32\DRIVERS\hidusb.sys [2008-04-14 10368] R3 mouhid;Maus-HID-Treiber; C:\WINXP\system32\DRIVERS\mouhid.sys [2008-04-14 12288] R3 NIC1394;1394-Netzwerktreiber; C:\WINXP\system32\DRIVERS\nic1394.sys [2008-04-14 61824] R3 nv;nv; C:\WINXP\system32\DRIVERS\nv4_mini.sys [2008-10-07 6133856] R3 ovt519;%USB\vid_054c&pid_0155.DeviceDesc%; C:\WINXP\System32\Drivers\ov519vid.sys [2003-10-15 174530] R3 rtl8139;NT-Treiber für Realtek RTL8139(A/B/C)-basierten PCI-Fast Ethernet-Adapter; C:\WINXP\system32\DRIVERS\RTL8139.SYS [2008-04-13 20992] R3 SbieDrv;SbieDrv; \??\C:\Programme\Sandboxie\SbieDrv.sys [] R3 usbaudio;USB-Audiotreiber (WDM); C:\WINXP\system32\drivers\usbaudio.sys [2008-04-14 60032] R3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINXP\system32\DRIVERS\usbccgp.sys [2008-04-14 32128] R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINXP\system32\DRIVERS\usbehci.sys [2008-04-14 30208] R3 usbhub;USB2-aktivierter Hub; C:\WINXP\system32\DRIVERS\usbhub.sys [2008-04-14 59520] R3 usbohci;Miniporttreiber für Microsoft USB Open Host-Controller; C:\WINXP\system32\DRIVERS\usbohci.sys [2008-04-14 17152] R3 usbstor;USB-Massenspeichertreiber; C:\WINXP\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368] S3 a5xs41il;a5xs41il; C:\WINXP\system32\drivers\a5xs41il.sys [] S3 CCDECODE;Untertiteldecoder; C:\WINXP\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINXP\system32\drivers\MSTEE.sys [2008-04-14 5504] S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINXP\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248] S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINXP\system32\DRIVERS\NdisIP.sys [2008-04-14 10880] S3 SANDRA;SANDRA; \??\C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP2\WNt500x86\Sandra.sys [] S3 SLIP;BDA Slip De-Framer; C:\WINXP\system32\DRIVERS\SLIP.sys [2008-04-14 11136] S3 streamip;BDA-IPSink; C:\WINXP\system32\DRIVERS\StreamIP.sys [2008-04-14 15232] S3 WSTCODEC;World Standard Teletext-Codec; C:\WINXP\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINXP\system32\DRIVERS\WudfPf.sys [2008-07-08 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINXP\system32\DRIVERS\wudfrd.sys [2008-07-08 82944] S4 IntelIde;IntelIde; C:\WINXP\system32\drivers\IntelIde.sys [] |
2.9 rsit scann log zweiter teil....war zu groß um es auf einmal zu senden! ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Programme\Avira\AntiVir Desktop\sched.exe [2009-06-09 108289] R2 AntiVirService;Avira AntiVir Guard; C:\Programme\Avira\AntiVir Desktop\avguard.exe [2009-08-05 185089] R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Programme\Bonjour\mDNSResponder.exe [2006-02-28 229376] R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2009-07-25 153376] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Programme\Lavasoft\Ad-Aware\AAWService.exe [2009-06-24 1003344] R2 NVSvc;NVIDIA Display Driver Service; C:\WINXP\system32\nvsvc32.exe [2008-10-07 163908] R2 SbieSvc;Sandboxie Service; C:\Programme\Sandboxie\SbieSvc.exe [2009-05-28 53760] R2 UxTuneUp;TuneUp Designerweiterung; C:\WINXP\System32\svchost.exe [2009-08-19 14336] S3 aspnet_state;ASP.NET State Service; C:\WINXP\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINXP\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240] S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-07-26 654848] S3 TuneUp.Defrag;TuneUp Drive Defrag-Dienst; C:\WINXP\System32\TuneUpDefragService.exe [2008-01-15 361728] S3 WMPNetworkSvc;Windows Media Player-Netzwerkfreigabedienst; C:\Programme\Windows Media Player\WMPNetwk.exe [2006-11-03 920576] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINXP\system32\svchost.exe [2009-08-19 14336] -----------------EOF----------------- |
3.) rsit scann info info.txt logfile of random's system information tool 1.06 2009-08-20 13:27:38 ======Uninstall list====== -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINXP\INF\PCHealth.inf 7-Zip 4.64-->"C:\Programme\7-Zip\Uninstall.exe" Ad-Aware-->"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe" REMOVE=TRUE MODIFY=FALSE Ad-Aware-->C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95} Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61} Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394} Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23} Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C} Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C} Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E} Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9} Adobe Color EU Recommended Settings-->MsiExec.exe /I{73B5D990-04EA-4751-B10F-5534770B91F2} Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029} Adobe Color NA Extra Settings-->MsiExec.exe /I{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A} Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D} Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD} Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2} Adobe Flash Player 10 ActiveX-->C:\WINXP\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player 10 Plugin-->C:\WINXP\system32\Macromed\Flash\uninstall_plugin.exe Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B} Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245} Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078} Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C} Adobe Photoshop CS3-->C:\Programme\Gemeinsame Dateien\Adobe\Installers\5f143314a5d434c8511097393d17397\Setup.exe Adobe Photoshop CS3-->MsiExec.exe /I{29F05234-DCBB-4FE0-88DC-5160C9250312} Adobe Reader 9.1.3 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A91000000001} Adobe Setup-->MsiExec.exe /I{F01F79AD-1F47-4685-AE4E-CCFA4EA9FF7C} Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183} Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312} Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8} Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5} Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6} Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923} Anonymity 4 Proxy version 2.8-->C:\Programme\A4Proxy\unins000.exe Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033} ASTRA32 - Advanced System Information Tool 2.01-->C:\Programme\ASTRA32\unins000.exe ATI - Software Uninstall Utility-->C:\Programme\ATI Technologies\UninstallAll\AtiCimUn.exe Avira AntiVir Personal - Free Antivirus-->C:\Programme\Avira\AntiVir Desktop\setup.exe /REMOVE CCleaner (remove only)-->"C:\Programme\CCleaner\uninst.exe" Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E} Clean My Registry 4.1-->"C:\Programme\Clean My Registry\unins000.exe" ConvertHelper 2.2-->"C:\Programme\ConvertHelper\unins000.exe" DivX Codec-->C:\Programme\DivX\DivXCodecUninstall.exe /CODEC DivX Player-->C:\Programme\DivX\DivXPlayerUninstall.exe /PLAYER DivX Web Player-->C:\Programme\DivX\DivXWebPlayerUninstall.exe /PLUGIN eMule-->"C:\Programme\eMule\Uninstall.exe" EVEREST Home Edition v2.20-->"C:\Programme\Lavalys\EVEREST Home Edition\unins000.exe" FlashFXP v3-->"C:\Programme\FlashFXP\Uninstall.exe" "C:\Programme\FlashFXP\install.log" -u Free YouTube to Mp3 Converter version 3.1-->"C:\Programme\DVDVideoSoft\Free YouTube to Mp3 Converter\unins000.exe" GIMP 2.6.6-->"C:\Programme\GIMP-2.0\setup\unins000.exe" HijackThis 2.0.2-->"C:\Programme\trend micro\HijackThis.exe" /uninstall Hotel Gigant 2-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{83DD8CC8-522E-4B75-836F-8775FDA4B5AB}\setup.exe" -l0x7 -uninst -removeonly HyperCam 2-->C:\Programme\HyCam2\UnHyCam2.exe ICQ6.5-->"C:\Programme\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly ImgBurn-->"C:\Programme\ImgBurn\uninstall.exe" Java(TM) 6 Update 15-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216012FF} Malwarebytes' Anti-Malware-->"C:\Programme\Malwarebytes' Anti-Malware\unins000.exe" Microsoft .NET Framework 2.0-->C:\WINXP\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe Mozilla Firefox (3.0.13)-->C:\Programme\Mozilla Firefox\uninstall\helper.exe MSN-->C:\Programme\MSN\MsnInstaller\msninst.exe /Action:ARP MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94} Nero 6 Ultra Edition-->C:\Programme\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL NVIDIA Drivers-->C:\WINXP\system32\nvuninst.exe UninstallGUI PCI Audio Driver-->cmuninst.exe PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5} PDFCreator-->C:\Programme\PDFCreator\unins000.exe ProtectDisc Driver, Version 11-->C:\Programme\ProtectDisc Driver Installer\uninstall_v11.exe RocketDock 1.3.5-->"C:\Programme\RocketDock\unins000.exe" RouterControl 2.0-->C:\WINXP\RCoUn.EXE /UnInst:"C:\WINXP\RouterControl_Uninstall.in" Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7} Sicherheitsupdate für Windows XP (KB923789)-->C:\WINXP\system32\MacroMed\Flash\genuinst.exe C:\WINXP\system32\MacroMed\Flash\KB923789.inf Skype™ 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D} Sony Eyetoy Webcam-->C:\WINXP\CleanDev.exe C:\WINXP\ov519.TXT SopCast 3.0.3-->C:\Programme\SopCast\uninst.exe Spelling Dictionaries Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-900000000004} Spybot - Search & Destroy-->"C:\Programme\Spybot - Search & Destroy\unins000.exe" System Requirements Lab-->C:\Programme\SystemRequirementsLab\Uninstall.exe Tunatic-->"C:\WINXP\lsb_un20.exe" /C=UC /N=Tunatic TuneUp Utilities 2008-->MsiExec.exe /I{5888428E-699C-4E71-BF71-94EE06B497DA} TVAnts 1.0-->C:\PROGRA~1\TVAnts\UNWISE.EXE C:\PROGRA~1\TVAnts\INSTALL.LOG TVUPlayer 2.4.1.0-->C:\Programme\TVUPlayer\uninst.exe Uninstall 1.0.0.1-->"C:\Programme\Gemeinsame Dateien\DVDVideoSoft\unins000.exe" Veetle TV Player 0.9.11-->C:\Programme\Veetle\VLC\uninstall.exe Veoh Web Player-->"C:\Programme\Veoh Networks\VeohWebPlayer\uninst.exe" Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27} Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINXP\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT="" VLC media player 1.0.0-->C:\Programme\VideoLAN\VLC\uninstall.exe Winamp-->"C:\Programme\Winamp\UninstWA.exe" Windows Live Anmelde-Assistent-->MsiExec.exe /I{52B97218-98CB-4B8B-9283-D213C85E1AA4} Windows Live Call-->MsiExec.exe /I{5FC68772-6D56-41C6-9DF1-24E868198AE6} Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52} Windows Live Essentials-->C:\Programme\Windows Live\Installer\wlarp.exe Windows Live Essentials-->MsiExec.exe /I{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19} Windows Live Messenger-->MsiExec.exe /X{837B6259-6FF5-4E66-87C1-A5A15ED36FF4} Windows Live OneCare safety scanner-->RunDll32.exe "C:\Programme\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT Windows Live-Uploadtool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238} WinRAR-->C:\Programme\WinRAR\uninstall.exe WordToPDF 2.5-->"C:\Programme\WordToPDF\unins000.exe" ======Security center information====== AV: AntiVir Desktop ======System event log====== Computer Name: BIE Event Code: 59 Message: Generate Activation Context ist für C:\Programme\Avira\AntiVir Desktop\avgnt.exe fehlgeschlagen. Referenzfehlermeldung: Der Vorgang wurde erfolgreich beendet. . Record Number: 9297 Source Name: SideBySide Time Written: 20090624180133.000000+120 Event Type: Fehler User: Computer Name: BIE Event Code: 59 Message: Resolve Partial Assembly ist für Microsoft.VC90.CRT fehlgeschlagen. Referenzfehlermeldung: Die referenzierte Assemblierung ist nicht auf dem Computer installiert. . Record Number: 9296 Source Name: SideBySide Time Written: 20090624180133.000000+120 Event Type: Fehler User: Computer Name: BIE Event Code: 32 Message: Abhängige Assemblierung "Microsoft.VC90.CRT" konnte nicht gefunden werden. "Last Error": Die referenzierte Assemblierung ist nicht auf dem Computer installiert. Record Number: 9295 Source Name: SideBySide Time Written: 20090624180133.000000+120 Event Type: Fehler User: Computer Name: BIE Event Code: 59 Message: Generate Activation Context ist für C:\Programme\Avira\AntiVir Desktop\sched.exe fehlgeschlagen. Referenzfehlermeldung: Der Vorgang wurde erfolgreich beendet. . Record Number: 9294 Source Name: SideBySide Time Written: 20090624180133.000000+120 Event Type: Fehler User: Computer Name: BIE Event Code: 59 Message: Resolve Partial Assembly ist für Microsoft.VC90.CRT fehlgeschlagen. Referenzfehlermeldung: Die referenzierte Assemblierung ist nicht auf dem Computer installiert. . Record Number: 9293 Source Name: SideBySide Time Written: 20090624180133.000000+120 Event Type: Fehler User: =====Application event log===== Computer Name: BIE Event Code: 100 Message: wuauclt (820) Das Datenbankmodul 5.01.2600.5512 ist gestartet. Record Number: 1768 Source Name: ESENT Time Written: 20080219233506.000000+060 Event Type: Informationen User: Computer Name: BIE Event Code: 101 Message: wuauclt (2120) Das Datenbankmodul wurde beendet. Record Number: 1767 Source Name: ESENT Time Written: 20080219160519.000000+060 Event Type: Informationen User: Computer Name: BIE Event Code: 103 Message: wuaueng.dll (2120) SUS20ClientDataStore: Das Datenbankmodul hat die Instanz (0) beendet. Record Number: 1766 Source Name: ESENT Time Written: 20080219160519.000000+060 Event Type: Informationen User: Computer Name: BIE Event Code: 102 Message: wuaueng.dll (2120) SUS20ClientDataStore: Das Datenbankmodul hat eine neue Instanz gestartet (0). Record Number: 1765 Source Name: ESENT Time Written: 20080219160012.000000+060 Event Type: Informationen User: Computer Name: BIE Event Code: 100 Message: wuauclt (2120) Das Datenbankmodul 5.01.2600.5512 ist gestartet. Record Number: 1764 Source Name: ESENT Time Written: 20080219160012.000000+060 Event Type: Informationen User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=15 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 75 Stepping 2, AuthenticAMD "PROCESSOR_REVISION"=4b02 "NUMBER_OF_PROCESSORS"=2 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP -----------------EOF----------------- |
Hallo, Zitat:
Aufgrund dieses eintrags geht es für dich jetzt hier weiter: http://www.trojaner-board.de/51262-a...sicherung.html Lass in Zukunft die Finger von Keygens, Cracks und Patches!!! Die haben so gut wie immer solche Mitbringsel dabei! Ändere nach dem Neaufsetzen des Systems alle deine Passwörter! Moritz |
hab ich absolut keine möglichkeit diese neuinstallierung zu umgehen kann man den nicht so löschen?? ich kann das so nicht machen wie das da steht |
Hallo Zitat:
Vorteil ist, dass der Schädling nix mehr anrichten kann:uglyhammer: Zitat:
Windows CD einlegen alle Festplatten formatieren und anschließend Neuinstallation durchführen:rolleyes: - ganz einfach MFG |
ich hab in na frust aktion mein orginal vista runtergeworfen weil ich total genervt war davon...und hab jetzt winxp drauf und kann keine automatischen updates machen^^ war total doof aber so is das nun mal jetzt...will den net platt machen das wäre der oberstress...aber wenns net anders geht...muß ich wohl...dann mach ich auch wieder mein ORGINAL vista drauf |
Hallo Zitat:
Zitat:
wenn du keine Updates ziehen kannst und weiterhin Kekse usw. verwendest bist in kürzester Zeit wieder verkeimt, also mach nen sauberen Schnitt und gut isses. Zitat:
(läuft noch ca. 1 Jahr) Windows 7 Release Candidate ? Vorschauprogramm für Kunden mir hat es gut gefallen und es ist zudem schon recht stabil. MFG |
ok danke trozdem für eure hilfsbereitschaft echt nett von euch ... greetz |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 00:24 Uhr. |
Copyright ©2000-2025, Trojaner-Board