e-scan log

**Grimmi** · 11.03.2007, 20:39

Hallo,
ich habe in letzter Zeit immer wieder Systemabstürze, die ich mir nicht erklären kann. Habe mal e-scan über mein System laufen lassen und poste hier mal das Egebnis. Könnt Ihr mir weiterhelfen, ob ich mir da was eingefangen habe(Virus / Trjojaner???) ?

Grüße Grimmi

starting as "C:\bases\findmwav.bat"

---------- C:\RESULTS.TXT

Fri Mar 09 00:57:43 2007 => File {} infected by "Trojan-Spy.HTML.Bankfraud.ot" Virus! Action Taken: No Action Taken.
Fri Mar 09 00:59:11 2007 => File C:\Dokumente und Einstellungen\Andi\Anwendungsdaten\Thunderbird\Profiles\t8xa 8l8r.default\Mail\pop.addcom.de\Inbox//[From "Derby Willoughby" <kristiryan@proxad.net>][Date Sun, 09 Oct 2005 15:33:40 -0500]/UNNAMED//[From Sean Stokes <characterizable@zicom.n... infected by "Trojan-Spy.HTML.Bankfraud.mb" Virus! Action Taken: No Action Taken.
Fri Mar 09 00:59:12 2007 => File C:\Dokumente und Einstellungen\Andi\Anwendungsdaten\Thunderbird\Profiles\t8xa 8l8r.default\Mail\pop.addcom.de\Trash//[From "Italy - Designer" <italy-designer@users.ch>][Date Thu, 6 Oct 2005 12:50:24 +0200 (added by postmaster@mx10.unit.tiscali.de)]/UNNAMED... infected by "Email-Worm.Win32.Sober.y" Virus! Action Taken: No Action Taken.
Fri Mar 09 01:01:01 2007 => File {} infected by "Trojan-Spy.HTML.Bankfraud.od" Virus! Action Taken: No Action Taken.

Fri Mar 09 00:40:35 2007 => File C:\PROGRA~1\NAVEXC~1\NAVEXC~1.DLL tagged as "not-a-virus:AdWare.Win32.NavExcel.i". Action Taken: No Action Taken.
Fri Mar 09 00:40:36 2007 => File C:\Programme\NavExcel\NavHelper\v2.0.4c\NHelper.dll tagged as "not-a-virus:AdWare.Win32.NavExcel.f". Action Taken: No Action Taken.
Fri Mar 09 00:40:36 2007 => File C:\PROGRA~1\NAVEXC~1\NAVEXC~1.DLL tagged as "not-a-virus:AdWare.Win32.NavExcel.i". Action Taken: No Action Taken.
Fri Mar 09 00:40:58 2007 => File D:\Programme\RealVNC\VNC4\WinVNC4.exe tagged as "not-a-virus:RemoteAdmin.Win32.WinVNC.4". No Action Taken.
Fri Mar 09 00:43:13 2007 => File C:\WINDOWS\nxstinst.exe tagged as "not-a-virus:AdWare.Win32.NavExcel.i". Action Taken: No Action Taken.
Fri Mar 09 00:43:15 2007 => File C:\WINDOWS\remover.dll tagged as "not-a-virus:AdWare.Win32.NavExcel.i". Action Taken: No Action Taken.
Fri Mar 09 00:46:06 2007 => File C:\Dokumente und Einstellungen\All Users\Dokumente\vnc-4_1_2-x86_win32.zip/vnc-4_1_2-x86_win32.exe//data0001 tagged as "not-a-virus:RemoteAdmin.Win32.WinVNC.4". No Action Taken.
Fri Mar 09 01:14:03 2007 => File C:\Programme\NavExcel\NavHelper\v2.0.4c\NHelper.dll tagged as "not-a-virus:AdWare.Win32.NavExcel.f". Action Taken: No Action Taken.
Fri Mar 09 01:14:03 2007 => File C:\Programme\NavExcel\NavHelper\v2.0.4c\NHUninstaller.exe tagged as "not-a-virus:AdWare.Win32.NavExcel". Action Taken: No Action Taken.
Fri Mar 09 01:14:03 2007 => File C:\Programme\NavExcel\NavHelper\v2.0.4c\NHUpdater.exe tagged as "not-a-virus:AdWare.Win32.NavExcel.b". Action Taken: No Action Taken.
Fri Mar 09 01:14:03 2007 => File C:\Programme\NavExcel\NavHelper\v2.0.4c\v2.0.4c.b.cab/NHelper.dll tagged as "not-a-virus:AdWare.Win32.NavExcel.b". Action Taken: No Action Taken.
Fri Mar 09 01:14:03 2007 => File C:\Programme\NavExcel Search Toolbar\NavExcelBar.dll tagged as "not-a-virus:AdWare.Win32.NavExcel.i". Action Taken: No Action Taken.
Fri Mar 09 01:34:31 2007 => File C:\WINDOWS\nxstinst.exe tagged as "not-a-virus:AdWare.Win32.NavExcel.i". Action Taken: No Action Taken.
Fri Mar 09 01:35:10 2007 => File C:\WINDOWS\remover.dll tagged as "not-a-virus:AdWare.Win32.NavExcel.i". Action Taken: No Action Taken.
Fri Mar 09 01:44:08 2007 => File D:\PE_Builder3.15\ctpebuilder\BartPE\I386\SYSTEM32\CMDOW.EXE tagged as "not-a-virus:RiskTool.Win32.HideWindows". Action Taken: No Action Taken.
Fri Mar 09 01:46:51 2007 => File D:\PE_Builder3.15\ctpebuilder\plugin\system\nu2menu mit geoshell\cmdow.exe tagged as "not-a-virus:RiskTool.Win32.HideWindows". Action Taken: No Action Taken.
Fri Mar 09 02:35:16 2007 => File D:\Programme\RealVNC\VNC4\vncconfig.exe tagged as "not-a-virus:RemoteAdmin.Win32.WinVNC.4". No Action Taken.
Fri Mar 09 02:35:16 2007 => File D:\Programme\RealVNC\VNC4\vncviewer.exe tagged as "not-a-virus:RemoteAdmin.Win32.WinVNC.4". No Action Taken.
Fri Mar 09 02:35:16 2007 => File D:\Programme\RealVNC\VNC4\winvnc4.exe tagged as "not-a-virus:RemoteAdmin.Win32.WinVNC.4". No Action Taken.
Fri Mar 09 02:35:16 2007 => File D:\Programme\RealVNC\VNC4\wm_hooks.dll tagged as "not-a-virus:RemoteAdmin.Win32.WinVNC.4". No Action Taken.
Fri Mar 09 03:04:00 2007 => File E:\System Volume Information\_restore{BA35B6C4-7E1D-4AC0-A21B-90299C0070BB}\RP249\A0061404.exe//data0001 tagged as "not-a-virus:RemoteAdmin.Win32.WinVNC.4". No Action Taken.
Fri Mar 09 03:04:02 2007 => File E:\System Volume Information\_restore{BA35B6C4-7E1D-4AC0-A21B-90299C0070BB}\RP249\A0061408.exe//data0001 tagged as "not-a-virus:RemoteAdmin.Win32.WinVNC.4". No Action Taken.

Fri Mar 09 00:40:59 2007 => System found infected with flashget Unclassified ({a5366673-e8ca-11d3-9cd9-0090271d075b})! Action taken: No Action Taken.
Fri Mar 09 00:40:59 2007 => System found infected with navexcel Spyware/Adware ({c1e58a84-95b3-4630-b8c2-d06b77b7a0fc})! Action taken: No Action Taken.
Fri Mar 09 00:40:59 2007 => System found infected with navexcel Spyware/Adware ({d80c4e21-c346-4e21-8e64-20746aa20aeb})! Action taken: No Action Taken.
Fri Mar 09 00:40:59 2007 => System found infected with navexcel Spyware/Adware ({c1e58a84-95b3-4630-b8c2-d06b77b7a0fc})! Action taken: No Action Taken.
Fri Mar 09 00:40:59 2007 => System found infected with navexcel Spyware/Adware ({d80c4e21-c346-4e21-8e64-20746aa20aeb})! Action taken: No Action Taken.
Fri Mar 09 00:40:59 2007 => System found infected with navexcel Spyware/Adware ({710bcb5b-8c6c-483e-a4f5-faf083b13184})! Action taken: No Action Taken.
Fri Mar 09 00:42:11 2007 => System found infected with navexcel Spyware/Adware ({fa4de133-d3c3-4ed4-92d1-cd4dde839ab3})! Action taken: No Action Taken.
Fri Mar 09 00:42:11 2007 => System found infected with navexcel Spyware/Adware ({20f36af3-3486-4bb6-8bcb-f1f8abe74d07})! Action taken: No Action Taken.
Fri Mar 09 00:42:12 2007 => System found infected with navexcel Spyware/Adware ({710bcb5b-8c6c-483e-a4f5-faf083b13184})! Action taken: No Action Taken.
Fri Mar 09 00:42:22 2007 => System found infected with winad Adware (installer.exe)! Action taken: No Action Taken.
Fri Mar 09 00:42:30 2007 => System found infected with winad Adware (installer.exe)! Action taken: No Action Taken.
Fri Mar 09 00:42:30 2007 => System found infected with navexcel browser helper Spyware/Adware (nhelper.dll)! Action taken: No Action Taken.
Fri Mar 09 00:42:30 2007 => System found infected with navexcel browser helper Spyware/Adware (nhelper.dll)! Action taken: No Action Taken.
Fri Mar 09 00:42:30 2007 => System found infected with savenow Adware (C:\WINDOWS\system32\unzip32.dll)! Action taken: No Action Taken.
Fri Mar 09 00:42:31 2007 => System found infected with spylax Corrupted Adware/Spyware (C:\WINDOWS\unvise32.exe)! Action taken: No Action Taken.
Fri Mar 09 00:42:13 2007 => Offending Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\navhelper !!!
Fri Mar 09 00:42:13 2007 => Offending Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\uninstall\nav helper !!!
Fri Mar 09 00:42:13 2007 => Offending Key found: HKLM\Software\kazaa !!!
Fri Mar 09 00:42:13 2007 => Offending Key found: HKLM\Software\navexcel !!!
Fri Mar 09 00:42:13 2007 => Offending Key found: HKCU\Software\kazaa !!!
Fri Mar 09 00:42:14 2007 => Offending Key found: HKCU\\magnet !!!
Fri Mar 09 00:42:16 2007 => Offending Folder found: C:\Programme\navexcel
Fri Mar 09 00:42:17 2007 => Offending Folder found: C:\Dokumente und Einstellungen\Andi\Anwendungsdaten\sopcast\adv
Fri Mar 09 00:42:22 2007 => Offending file found: E:\Eigene Dateien\carpo\carposoftphone\installer.exe
Fri Mar 09 00:42:30 2007 => Offending file found: E:\Eigene Dateien\carpo\carposoftphone\installer.exe
Fri Mar 09 00:42:30 2007 => Offending file found: C:\WINDOWS\system32\unzip32.dll
Fri Mar 09 00:42:31 2007 => Offending file found: C:\WINDOWS\unvise32.exe
Fri Mar 09 00:42:35 2007 => Offending Key found: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ Explorer\MountPoints2\{21f0c5c2-6a22-11d9-abe6-806d6172696f} !!!
Fri Mar 09 00:42:35 2007 => Offending Key found: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ Explorer\MountPoints2\{21f0c5c3-6a22-11d9-abe6-806d6172696f} !!!

Fri Mar 09 00:42:13 2007 => Object "navhelper Spyware/Adware" found in File System! Action Taken: No Action Taken.
Fri Mar 09 00:42:13 2007 => Object "navhelper Spyware/Adware" found in File System! Action Taken: No Action Taken.
Fri Mar 09 00:42:13 2007 => Object "kazaa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Fri Mar 09 00:42:13 2007 => Object "navexcel Spyware/Adware" found in File System! Action Taken: No Action Taken.
Fri Mar 09 00:42:13 2007 => Object "kazaa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Fri Mar 09 00:42:14 2007 => Object "grokster Spyware/Adware" found in File System! Action Taken: No Action Taken.
Fri Mar 09 00:42:16 2007 => Object "navexcel Spyware/Adware" found in File System! Action Taken: No Action Taken.
Fri Mar 09 00:42:17 2007 => Object "titanshield antispyware Corrupted Adware/Spyware" found in File System! Action Taken: No Action Taken.
Fri Mar 09 00:42:35 2007 => Object "Possible Fujacks-type Worm" found in File System! Action Taken: No Action Taken.
Fri Mar 09 00:42:35 2007 => Object "Possible Fujacks-type Worm" found in File System! Action Taken: No Action Taken.

Fri Mar 09 03:04:18 2007 => Total Objects Scanned: 245070
Fri Mar 09 03:04:18 2007 => Total Critical Objects: 51
Fri Mar 09 03:04:18 2007 => Total Disinfected Objects: 0
Fri Mar 09 03:04:18 2007 => Total Objects Renamed: 0
Fri Mar 09 03:04:18 2007 => Total Deleted Objects: 0

Fri Mar 09 00:31:50 2007 => Virus Database Date: 3/7/2007
Fri Mar 09 00:31:50 2007 => Virus Database Count: 277676
Fri Mar 09 00:32:21 2007 => Virus Database Date: 3/8/2007
Fri Mar 09 00:32:21 2007 => Virus Database Count: 278724
Fri Mar 09 00:39:18 2007 => Virus Database Date: 3/8/2007
Fri Mar 09 00:39:18 2007 => Virus Database Count: 278724
Fri Mar 09 03:04:18 2007 => Virus Database Date: 3/8/2007
Fri Mar 09 03:04:18 2007 => Virus Database Count: 278724
Fri Mar 09 08:27:16 2007 => Virus Database Date: 3/8/2007
Fri Mar 09 08:27:16 2007 => Virus Database Count: 278724

**Karl** · 12.03.2007, 04:17

Hi,

Da solltest Du noch ein paar weitere Informationen zur Verfügung stellen.

Fertige ein Hijackthis Log deines Systems an. Dazu diese Datei runterladen und in einen eigenen Ordner entpacken, nicht aus dem Zip-Ordner starten. Jetzt benenne die Datei Hijackthis.exe um in HJT1991.exe. Dieser Schritt ist erforderlich geworden, da es Malware gibt, die das Programm ansonsten erkennt und sich vor ihm versteckt. Nun HJT1991.exe starten, auf "Scan" klicken und das Log hier posten.

Wir wollen uns mal den Inhalt einiger kritischer Verzeichnisse auf deinem System ansehen. Dazu arbeite bitte diese Anleitung ab.

Dein Thread wird dann vermutlich in das Unterforum für Hijackthislogs verschoben.

Gruß, Karl

**Grimmi** · 12.03.2007, 22:11

Hallo,
vielen Dank für die Antwort... Hier also schon mal das HJT-log .... das weitere folgt ....

Grüße Grimmi
-------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 23:13:03, on 12.03.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
C:\WINDOWS\system32\cisvc.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Programme\mst software\mst Defrag\mstDfrgS.exe
C:\Programme\Eset\nod32krn.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programme\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
D:\Programme\VMware\VMware Workstation\vmware-authd.exe
C:\Programme\Gemeinsame Dateien\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
D:\Programme\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRAMME\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
D:\Programme\HP\HP Software Update\HPWuSchd2.exe
D:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
D:\Programme\SPAMfighter\SFAgent.exe
D:\Programme\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
D:\Programme\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
D:\Programme\iTunes\iTunesHelper.exe
D:\Programme\SlySoft\CloneCD\CloneCDTray.exe
D:\Programme\CyberLink\PowerDVD\PDVDServ.exe
D:\Programme\DVBViewer\starter.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programme\Logitech\Video\LogiTray.exe
C:\Programme\Santa Cruz Networks\Festoon\Festoon.exe
C:\Programme\Eset\nod32kui.exe
C:\Programme\Skype\Phone\Skype.exe
D:\Programme\Microsoft ActiveSync\wcescomm.exe
C:\Programme\Google\GoogleToolbarNotifier\1.2.908.5008\Googl eToolbarNotifier.exe
C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe
D:\Programme\DVBViewer\DVBVCtrl.exe
C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexStoreSvr.exe
C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
D:\Programme\AnyDVD\AnyDVD.exe
C:\Programme\Logitech\Video\FxSvr2.exe
C:\Programme\iPod\bin\iPodService.exe
D:\PROGRA~1\MICROS~2\rapimgr.exe
C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
D:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\svchost.exe
D:\Programme\TechniSat DVB\bin\Server4PC.exe
D:\Programme\HP\Digital Imaging\bin\hpqimzone.exe
D:\Programme\HP\Digital Imaging\bin\hpqnrs08.exe
D:\Programme\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\HPZinw12.exe
D:\Programme\DVBViewer\dvbviewer.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Programme\Mozilla Firefox\firefox.exe
D:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\Acrobat.exe
C:\DOKUME~1\Andi\LOKALE~1\Temp\Adobelm_Cleanup.0001
C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\DOKUME~1\Andi\LOKALE~1\Temp\Adobelm_Cleanup.0001
D:\Programme\AmP\AmP.exe
C:\Dokumente und Einstellungen\Andi\Desktop\HJT1991.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://jobcenter.sueddeutsche.de/ind...e/extern/37478
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:9202;socks=localhost:9203
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programme\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: metaspinner media GmbH - {12FC9A49-CFE0-49AA-BE9E-8F4EEAFC9443} - D:\Programme\TVgenial\IEButtonTVGenialEBayInterface.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NavHelper Class - {C1E58A84-95B3-4630-B8C2-D06B77B7A0FC} - C:\Programme\NavExcel\NavHelper\v2.0.4c\NHelper.dll
O2 - BHO: Helper Class - {D80C4E21-C346-4E21-8E64-20746AA20AEB} - C:\Programme\NavExcel Search Toolbar\NavExcelBar.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: NavExcel Toolbar - {5AA06644-BC46-4220-A460-47A6EB47C96D} - C:\Programme\NavExcel Search Toolbar\NavExcelBar.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ATIPTA] C:\PROGRAMME\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
O4 - HKLM\..\Run: [HP Software Update] D:\Programme\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SPAMfighter Agent] "D:\Programme\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "D:\Programme\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "D:\Programme\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CloneCDTray] "D:\Programme\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [RemoteControl] D:\Programme\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [LanguageShortcut] D:\Programme\CyberLink\PowerDVD\Language\Language.exe
O4 - HKLM\..\Run: [DVBViewer Starter] D:\Programme\DVBViewer\starter.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programme\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programme\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Festoon] C:\Programme\Santa Cruz Networks\Festoon\Festoon.exe /BOOT
O4 - HKLM\..\Run: [nod32kui] "C:\Programme\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\Programme\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\1.2.908.5008\Googl eToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DVBV Service Ctrl] D:\Programme\DVBViewer\DVBVCtrl.exe
O4 - HKCU\..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [AnyDVD] D:\Programme\AnyDVD\AnyDVD.exe
O4 - Startup: WISO Bewerbung 2007 Reminder.lnk = D:\Programme\WISO\Bewerbung 2007\KCReminder.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = D:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier – Schnellstart.lnk = D:\Programme\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Server4PC.lnk = D:\Programme\TechniSat DVB\bin\Server4PC.exe
O8 - Extra context menu item: Alles mit FlashGet laden - D:\Programme\FlashGet\jc_all.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://D:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Mit FlashGet laden - D:\Programme\FlashGet\jc_link.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/german/...an_unicode.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (Music Manager) - http://img.od2.com/Installation/Plug...agerPlugin.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{040F9205-8819-414E-8276-8AEF0FE61EA2}: NameServer = 192.168.178.1
O18 - Protocol: Festoon - (no CLSID) - (no file)
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Unknown owner - D:\Programme\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" -win32service (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: DVBViewer Recording service (DVBVRecorder) - CM & V - D:\Programme\DVBViewer\DVBVservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: mst Defrag Service (mstDfrgS) - mst software, Martin Stiemerling, Germany - C:\Programme\mst software\mst Defrag\mstDfrgS.exe
O23 - Service: NBService - Nero AG - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programme\Eset\nod32krn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - D:\Programme\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Programme\Gemeinsame Dateien\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - D:\Programme\RealVNC\VNC4\WinVNC4.exe" -service (file missing)

-----------------------------------------------------------------------

**Grimmi** · 12.03.2007, 22:26

... und hier kommt das log der "filelist.bat"

Grüße Grimmi

Code:

----- Root ----------------------------- 
 Datentr„ger in Laufwerk C: ist WinXP_prof_sp2
 Volumeseriennummer: 8CA4-8D4E

 Verzeichnis von C:\

12.03.2007  23:19                43 filelist.txt
12.03.2007  22:02       805.306.368 pagefile.sys
11.03.2007  21:30            10.303 found.txt
09.03.2007  03:04                 0 23990098.$$$
09.03.2007  00:19                58 st_log.txt
09.03.2007  00:16        14.397.080 mwav.exe
25.01.2007  00:41             5.634 xx.rtf
07.10.2006  02:07             2.372 filelist.bat
11.09.2006  18:01                 6 AVPCallback.log
11.09.2006  15:00               391 abc.lnk
22.08.2006  21:34       267.386.880 timeshift.dat
12.08.2006  21:15            41.356 ASLog.txt
14.07.2006  21:28               287 startmwav.bat
29.06.2006  23:19               211 boot.ini
29.06.2006  23:08            47.564 NTDETECT.COM
29.06.2006  23:08           251.184 ntldr
19.01.2005  15:28                 0 IO.SYS
19.01.2005  15:28                 0 CONFIG.SYS
19.01.2005  15:28                 0 AUTOEXEC.BAT
19.01.2005  15:28                 0 MSDOS.SYS
23.08.2001  13:00             4.952 bootfont.bin
              21 Datei(en)  1.087.454.689 Bytes
               0 Verzeichnis(se),  4.306.219.008 Bytes frei
 
----- System32 ------------------------- 
 Datentr„ger in Laufwerk C: ist WinXP_prof_sp2
 Volumeseriennummer: 8CA4-8D4E

 Verzeichnis von C:\WINDOWS\system32

12.03.2007  22:07           407.232 perfh009.dat
12.03.2007  22:07           422.662 perfh007.dat
12.03.2007  22:07            64.786 perfc009.dat
12.03.2007  22:07            77.752 perfc007.dat
12.03.2007  22:07           984.720 PerfStringBackup.INI
11.03.2007  22:17                 0 mapisvc.inf
11.03.2007  22:15           298.104 imon.dll
11.03.2007  13:19             4.096 crash
10.03.2007  21:30             2.206 wpa.dbl
01.03.2007  23:34             1.633 lvcoinst.log
01.03.2007  00:05            86.016 ElbyCDIO.dll
28.02.2007  11:09            46.587 hpuninstal05.txt
28.02.2007  11:07            41.583 hpinstal05.txt
24.02.2007  23:45             8.925 rundll32.exe.Z-missing.txt
21.02.2007  23:16           296.456 FNTCACHE.DAT
20.02.2007  11:10           122.142 TZLog.log
07.02.2007  23:01        12.293.536 MRT.exe
02.02.2007  21:17           307.200 atiiiexx.dll
02.02.2007  21:04           307.200 ATIDEMGX.dll
02.02.2007  21:03           264.704 ati2dvag.dll
02.02.2007  20:57           118.784 atipdlxx.dll
02.02.2007  20:56           110.592 Oemdspif.dll
02.02.2007  20:56            26.112 Ati2mdxx.exe
02.02.2007  20:56            42.496 ati2edxx.dll
02.02.2007  20:56           110.592 ati2evxx.dll
02.02.2007  20:55           446.464 ati2evxx.exe
02.02.2007  20:54            53.248 ATIDDC.DLL
02.02.2007  20:46         2.827.968 ati3duag.dll
02.02.2007  20:40         1.272.960 ativvaxx.dll
02.02.2007  20:40         3.107.788 ativvaxx.dat
02.02.2007  20:27           241.664 atikvmag.dll
02.02.2007  20:25            17.408 atitvo32.dll
02.02.2007  20:20           348.160 ati2cqag.dll
02.02.2007  20:19         5.312.512 atioglxx.dll
02.02.2007  18:34           520.192 ati2sgag.exe
02.02.2007  17:19                57 peer.ini
31.01.2007  19:28                34 BD2030.DAT
30.01.2007  17:21           128.813 atiicdxx.dat
29.01.2007  09:58            60.416 tzchange.exe
25.01.2007  13:52           617.472 urlmon.dll
23.01.2007  20:30           546.304 hhctrl.ocx
23.01.2007  00:05             2.775 german.lng
04.01.2007  14:41           664.576 wininet.dll
04.01.2007  14:41           474.624 shlwapi.dll
04.01.2007  14:41         1.494.528 shdocvw.dll
04.01.2007  14:41            39.424 pngfilt.dll
04.01.2007  14:41           532.480 mstime.dll
04.01.2007  14:40           146.432 msrating.dll
04.01.2007  14:40           448.512 mshtmled.dll
04.01.2007  14:40         3.077.632 mshtml.dll
04.01.2007  14:40            16.384 jsproxy.dll
04.01.2007  14:40            96.768 inseng.dll
04.01.2007  14:40           251.392 iepeers.dll
04.01.2007  14:40            55.808 extmgr.dll
04.01.2007  14:40           357.888 dxtmsft.dll
04.01.2007  14:40         1.056.256 danim.dll
04.01.2007  14:40           205.312 dxtrans.dll
04.01.2007  14:40           152.064 cdfview.dll
04.01.2007  14:40         1.023.488 browseui.dll
04.01.2007  12:52           123.392 xpsp3res.dll
19.12.2006  22:49           135.168 shsvcs.dll
19.12.2006  22:49         8.494.592 shell32.dll
19.12.2006  19:17           334.336 wiaservc.dll
13.12.2006  01:11               105 Planium.INI
07.12.2006  07:40         2.362.184 wmvcore.dll
06.12.2006  09:32             6.973 atifglpf.xml
02.12.2006  21:54        
 
----- Prefetch ------------------------- 
 Datentr„ger in Laufwerk C: ist WinXP_prof_sp2
 Volumeseriennummer: 8CA4-8D4E

 Verzeichnis von C:\WINDOWS\Prefetch

12.03.2007  23:19            12.200 CMD.EXE-087B4001.pf
12.03.2007  23:19            53.866 FIND.EXE-0EC32F1E.pf
12.03.2007  23:18            23.342 WINZIP32.EXE-2F3C90C9.pf
12.03.2007  23:17            16.334 VERCLSID.EXE-3667BD89.pf
12.03.2007  23:13            56.026 NOTEPAD.EXE-336351A9.pf
12.03.2007  23:12            18.178 HJT1991.EXE-1E8CA585.pf
12.03.2007  23:07            43.798 ALBUMDB2.EXE-36D06D95.pf
12.03.2007  23:05             5.462 NHUNINSTALLER.EXE-00374053.pf
12.03.2007  22:57            79.358 FIREFOX.EXE-1D57670A.pf
12.03.2007  22:52            15.554 AMP.EXE-3792DD3A.pf
12.03.2007  22:49            59.594 ADOBELM_CLEANUP.0001-381D863F.pf
12.03.2007  22:49             9.836 ADOBELMSVC.EXE-0665217B.pf
12.03.2007  22:48            83.898 ACROBAT.EXE-2F8BD09F.pf
12.03.2007  22:10            90.634 CIDAEMON.EXE-27AE97A4.pf
12.03.2007  22:07            66.030 WMIPRVSE.EXE-28F301A9.pf
12.03.2007  22:07            24.524 WMIADAP.EXE-2DF425B2.pf
12.03.2007  22:06            22.198 HPRBLOG.EXE-07E5D5C4.pf
12.03.2007  22:05           148.238 DVBVIEWER.EXE-3A37F1CF.pf
12.03.2007  22:05            56.764 HPZINW12.EXE-0F63664A.pf
12.03.2007  22:05            55.944 HPQSTE08.EXE-25A68A66.pf
12.03.2007  22:05            93.830 WUAUCLT.EXE-399A8E72.pf
12.03.2007  22:05            24.496 HPQNRS08.EXE-24B36CA7.pf
12.03.2007  22:05            51.620 HPQIMZONE.EXE-102F5A10.pf
12.03.2007  22:05            22.192 SERVER4PC.EXE-294EB6CC.pf
12.03.2007  22:05            23.016 SVCHOST.EXE-3530F672.pf
12.03.2007  22:05            50.208 HPQTHB08.EXE-035AE6AC.pf
12.03.2007  22:05            11.946 READER_SL.EXE-2A604B5A.pf
12.03.2007  22:05            14.282 KCREMINDER.EXE-09C429F3.pf
12.03.2007  22:05            11.332 ACROBAT_SL.EXE-063D44E3.pf
12.03.2007  22:05            60.824 FXSVR2.EXE-060F7A64.pf
12.03.2007  22:05            54.358 CCC.EXE-1B087988.pf
12.03.2007  22:05             7.032 RAPIMGR.EXE-25C43841.pf
12.03.2007  22:05            10.444 ADOBE GAMMA LOADER.EXE-1FD09C3A.pf
12.03.2007  22:05            22.650 SKYPE.EXE-21F19BC8.pf
12.03.2007  22:05            16.786 NOD32KUI.EXE-1CFA80BF.pf
12.03.2007  22:05            26.372 FESTOON.EXE-1A2B21D7.pf
12.03.2007  22:05            26.210 LOGITRAY.EXE-12374063.pf
12.03.2007  22:05            13.096 ISSTART.EXE-04190A5C.pf
12.03.2007  22:05            10.942 STARTER.EXE-0C2A8E5D.pf
12.03.2007  22:05             9.542 LANGUAGE.EXE-0C543E78.pf
12.03.2007  22:05            35.254 PDVDSERV.EXE-19072CB6.pf
12.03.2007  22:05         1.144.842 NTOSBOOT-B00DFAAD.pf
12.03.2007  11:35            32.868 LOGONUI.EXE-0AF22957.pf
12.03.2007  11:34            12.160 SHUTDOWN.EXE-12DAD820.pf
12.03.2007  11:34            17.786 SFOLMONI.EXE-1D7157D7.pf
12.03.2007  11:34            85.114 OUTLOOK.EXE-1EE65116.pf
12.03.2007  11:34            54.528 WCESMGR.EXE-02A417D3.pf
12.03.2007  11:34            23.724 NEROMOBILEAD.EXE-1D6BD693.pf
12.03.2007  11:16           494.504 Layout.ini
12.03.2007  11:11            40.418 SSSTARS.SCR-2D6FC20D.pf
12.03.2007  10:56            94.414 WINWORD.EXE-218A1AF8.pf
12.03.2007  01:08             5.584 LVCOMSX.EXE-0AC1D558.pf
12.03.2007  01:06            75.864 POWERDVD.EXE-28BB77AA.pf
12.03.2007  00:05            63.518 ACROBATINFO.EXE-0C141C74.pf
12.03.2007  00:01            13.574 RUNDLL32.EXE-451FC2C0.pf
11.03.2007  23:35            22.240 MSDTC.EXE-0E6E4AF7.pf
11.03.2007  23:35            28.262 DLLHOST.EXE-1ECB6754.pf
11.03.2007  23:35            26.494 DLLHOST.EXE-293BBCC4.pf
11.03.2007  23:35            21.234 VSSVC.EXE-0F74375A.pf
11.03.2007  23:35            21.762 NBSERVICE.EXE-00252459.pf
11.03.2007  23:35            60.842 BACKITUP.EXE-0FB4B1BE.pf
11.03.2007  23:00            62.832 INDESIGN.EXE-1810E5D3.pf
11.03.2007  22:23            58.246 DRWTSN32.EXE-2B4B52AC.pf
11.03.2007  22:22            18.192 ALG.EXE-0F138680.pf
11.03.2007  22:22            13.432 IPODSERVICE.EXE-233792DA.pf
11.03.2007  22:22           114.788 MSIEXEC.EXE-2F8A8CAE.pf
11.03.2007  22:22             7.498 VMNETDHCP.EXE-0FC94CF4.pf
11.03.2007  22:22            77.642 WINVNC4.EXE-2668B83B.pf
11.03.2007  22:15            13.340 NDNTGEST.EXE-2AC5C181.pf
11.03.2007  22:15            49.174 SETUP.EXE-342783A9.pf
11.03.2007  22:06            40.248 NERO.EXE-2031B565.pf
11.03.2007  22:06            42.474 NEROSTARTSMART.EXE-0A488AA3.pf
11.03.2007  21:59            96.354 WINRAR.EXE-1A0EFB18.pf
11.03.2007  21:56            95.950 EXPLORER.EXE-082F38A9.pf
11.03.2007  19:45            23.090 HPQTRA08.EXE-266A33F3.pf
11.03.2007  19:45            35.964 SFAGENT.EXE-1E9144E5.pf
11.03.2007  19:45            26.572 APDPROXY.EXE-1925C805.pf
11.03.2007  19:44            19.098 REALSCHED.EXE-0A2A7558.pf
11.03.2007  19:44             6.420 ATIPRBXX.EXE-2EF3CAC1.pf
11.03.2007  19:44            20.438 USERINIT.EXE-30B18140.pf
11.03.2007  19:39            12.682 REGSVR32.EXE-25EEFE2F.pf
09.03.2007  20:44            86.582 IEXPLORE.EXE-2CA9778D.pf
              82 Datei(en)      4.798.958 Bytes
               0 Verzeichnis(se),  4.306.092.032 Bytes frei
 
----- Windows -------------------------- 
 Datentr„ger in Laufwerk C: ist WinXP_prof_sp2
 Volumeseriennummer: 8CA4-8D4E

 Verzeichnis von C:\WINDOWS

12.03.2007  22:03                 0 0.log
12.03.2007  22:03               159 wiadebug.log
12.03.2007  22:03                50 wiaservc.log
12.03.2007  22:02             2.048 bootstat.dat
12.03.2007  11:35         1.903.525 WindowsUpdate.log
12.03.2007  11:35            32.536 SchedLgU.Txt
12.03.2007  01:08               116 NeroDigital.ini
11.03.2007  10:58             6.784 setupapi.log
09.03.2007  00:42         8.908.030 REGBK00.ZIP
09.03.2007  00:39                50 Lic.xxx
09.03.2007  00:38           330.468 ntbtlog.txt
09.03.2007  00:31             1.721 win.ini
01.03.2007  14:09                52 videodeLuxe.INI
20.02.2007  10:17               612 CleaningLab.INI
20.02.2007  09:25             1.226 wincmd.ini
08.02.2007  23:01               416 BRWMARK.INI
06.02.2007  21:27               282 mfBCK.INI
06.02.2007  12:22           107.132 UninstallThunderbird.exe
06.02.2007  12:22             9.433 mozver.dat
30.01.2007  19:33                 0 Explorer.EXE.Z-missing.txt
29.01.2007  22:26           316.640 WMSysPr9.prx
24.01.2007  12:41                 0 hpqEmlSz.INI
23.01.2007  00:05               604 WISO.INI
23.01.2007  00:05               260 BUHL.INI
14.12.2006  23:39                56 UI.INI
14.12.2006  23:19               116 DTABEG~1.INI
12.12.2006  08:52         3.145.782 BGInfo.bmp
05.12.2006  01:27             4.359 ODBCINS
 
----- Tasks ---------------------------- 
 Datentr„ger in Laufwerk C: ist WinXP_prof_sp2
 Volumeseriennummer: 8CA4-8D4E

 Verzeichnis von C:\WINDOWS\tasks

12.03.2007  22:02                 6 SA.DAT
11.03.2007  23:39               450 20070206_233500_Andi.job
28.02.2007  16:24               276 AppleSoftwareUpdate.job

 
----- Wintemp -------------------------- 
 Datentr„ger in Laufwerk C: ist WinXP_prof_sp2
 Volumeseriennummer: 8CA4-8D4E

 Verzeichnis von C:\WINDOWS\temp

12.03.2007  22:06               108 teredo.txt
12.03.2007  22:03                85 vmware-vmount.log
12.03.2007  22:03            16.384 Perflib_Perfdata_578.dat
12.03.2007  10:53                85 vmware-vmount-1.log
12.03.2007  10:53            16.384 Perflib_Perfdata_3d0.dat
11.03.2007  22:21                85 vmware-vmount-2.log
11.03.2007  22:20            16.384 Perflib_Perfdata_490.dat
11.03.2007  19:28                85 vmware-vmount-3.log
11.03.2007  19:28            16.384 Perflib_Perfdata_38c.dat
11.03.2007  10:45                85 vmware-vmount-4.log
11.03.2007  10:45            16.384 Perflib_Perfdata_358.dat
10.03.2007  21:30                85 vmware-vmount-5.log
10.03.2007  21:30            16.384 Perflib_Perfdata_384.dat
09.03.2007  20:08                85 vmware-vmount-6.log
09.03.2007  20:08            16.384 Perflib_Perfdata_874.dat
09.03.2007  12:15                85 vmware-vmount-7.log
09.03.2007  12:15            16.384 Perflib_Perfdata_36c.dat
08.03.2007  20:11                85 vmware-vmount-8.log
              18 Datei(en)        131.945 Bytes
               0 Verzeichnis(se),  4.306.079.744 Bytes frei
 
----- Temp ----------------------------- 
 Datentr„ger in Laufwerk C: ist WinXP_prof_sp2
 Volumeseriennummer: 8CA4-8D4E

 Verzeichnis von C:\DOKUME~1\Andi\LOKALE~1\Temp

12.03.2007  23:12            16.384 ~DF8292.tmp
12.03.2007  23:07               432 WcesView.log
12.03.2007  22:49            59.964 Adobelm_Cleanup.0001
12.03.2007  22:48               355 Acr57A.tmp
12.03.2007  22:48             3.057 Acr578.tmp
12.03.2007  22:48             3.595 Acr576.tmp
12.03.2007  22:06                 5 Twain001.Mtx
12.03.2007  22:06             1.616 TWAIN.LOG
12.03.2007  22:06               156 Twunk001.MTX
12.03.2007  22:06                 0 sqlite_qlICmTG3Wj4YHPh
12.03.2007  22:06             7.401 LVCOMSX.LOG
12.03.2007  22:06                 0 sqlite_dOtRQyTduVGiRNe
12.03.2007  22:05                 0 sqlite_QfWjb2QMp7utkWK
12.03.2007  22:05                 0 sqlite_xGn55ycEorkaBc1
12.03.2007  22:05                 0 sqlite_afx4XhOczB9mud4
12.03.2007  22:05                 0 sqlite_5aFd1Q21dX4HGPU
12.03.2007  22:05                 0 sqlite_fZc1JtdHbj2Ia4v
12.03.2007  22:05             2.048 sqlite_MUBUvqBc4l5cTwC
12.03.2007  22:05               119 STS19.tmp
12.03.2007  22:05            16.384 ~DF381F.tmp
12.03.2007  22:04            47.122 DIO13.tmp
12.03.2007  22:04             1.285 MARF.tmp
12.03.2007  22:04                 0 JETE.tmp
12.03.2007  22:04               375 WCESCOMM.LOG
12.03.2007  11:35           368.753 hpodvd09.log
12.03.2007  11:35         1.032.350 WCESLog.log
12.03.2007  11:34            22.157 WCESMgr.log
12.03.2007  10:55               119 STS17.tmp
12.03.2007  10:54            47.122 DIO15.tmp
12.03.2007  10:54             1.285 MAR8.tmp
11.03.2007  22:22               119 STS27.tmp
11.03.2007  22:21            47.122 DIOE.tmp
11.03.2007  22:21             1.285 MARC.tmp
11.03.2007  19:41            73.276 ~e5.0001
11.03.2007  19:29               119 STS11.tmp
11.03.2007  19:29            47.122 DIO8.tmp
11.03.2007  19:28             1.285 MAR6.tmp
11.03.2007  10:47            16.384 ~DF2820.tmp
11.03.2007  10:47               119 STS9.tmp
11.03.2007  10:47            47.122 DIO7.tmp
11.03.2007  10:47             1.285 MAR5.tmp
10.03.2007  21:33               119 STS8.tmp
10.03.2007  21:33            16.384 ~DFF924.tmp
10.03.2007  21:33            47.122 DIO6.tmp
10.03.2007  21:33             1.285 MAR4.tmp
09.03.2007  21:02            20.409 sop_ad.jpg
09.03.2007  20:56         1.714.880 UpdatePack.exe
09.03.2007  20:56             5.922 tmp.xml
09.03.2007  20:56               423 TmpCfg.Ini
09.03.2007  20:09               524 STS15.tmp
09.03.2007  20:08             1.285 MAR3.tmp
09.03.2007  12:54               524 STS28.tmp
09.03.2007  12:41            47.122 DIO20.tmp
09.03.2007  12:15            47.122 DIO4.tmp
09.03.2007  12:15             1.285 MAR2.tmp
09.03.2007  00:27             4.524 MWAV.LOG
09.03.2007  00:27               196 sfdb.dat
09.03.2007  00:26             1.391 mwXface.log
09.03.2007  00:17           241.664 MYDB.DLL
09.03.2007  00:12                 0 Twunk002.MTX
08.03.2007  20:11            16.384 ~DF5F83.tmp
07.03.2007  16:01             1.492 daily-ex.avc
07.03.2007  16:01            46.751 unp036.avc
07.03.2007  16:01            25.832 daily.avc
07.03.2007  16:01            20.192 avp.klb
07.03.2007  16:01            35.789 dailyc.avc
07.03.2007  16:01            64.730 unp016.avc
07.03.2007  16:01             3.150 daily-ec.avc
07.03.2007  16:01             6.421 fa001.avc
06.03.2007  20:02           100.898 Chinese.Age
06.03.2007  20:02           108.998 Icelandic.Age
06.03.2007  20:02           113.822 Polish.Age
06.03.2007  20:02           110.717 Finnish.Age
06.03.2007  20:02           115.156 French.Age
06.03.2007  20:02           113.941 Spanish.Age
06.03.2007  20:02           113.760 Spanishl.Age
06.03.2007  20:02           109.680 Romanian.Age
06.03.2007  20:02           113.178 Portuguese.Age
06.03.2007  20:02           121.272 Italian.Age
06.03.2007  20:02           123.710 German.Age
06.03.2007  20:02           123.710 language.ini
05.03.2007  18:45           499.712 Download.exe
04.03.2007  16:58            18.427 global.daz
04.03.2007  16:58            46.820 phupdn.txz
04.03.2007  16:49           150.980 phupdn.txt
03.03.2007  13:08            29.773 fa.avc
03.03.2007  13:08            25.172 ext008.avc
03.03.2007  13:08             2.749 avp.set
03.03.2007  13:08            25.987 unp037.avc
03.03.2007  13:08             7.951 ext001c.avc
03.03.2007  13:08            50.015 base131.avc
03.03.2007  13:08            49.891 base132.avc
03.03.2007  13:08             1.766 base133.avc
03.03.2007  13:08           119.875 base001c.avc
01.03.2007  16:59           212.325 spydb.avs
01.03.2007  16:40            10.749 tamil.con
01.03.2007  03:29            35.840 unregx.exe
01.03.2007  03:29            43.520 setpriv.exe
01.03.2007  03:26           159.232 esupdate.exe
01.03.2007  03:25           114.688 avpmhook.dll
01.03.2007  02:58           139.264 msvl64.dll
01.03.2007  02:54           405.056 mexe.com
01.03.2007  02:54           405.056 mwavscan.com
01.03.2007  02:53           139.264 msvlclnt.dll
01.03.2007  02:50            44.096 Getvlist.exe
28.02.2007  10:26            38.822 unp026.avc
28.02.2007  10:26             6.641 smart.avc
27.02.2007  10:56            45.812 unp001.avc
27.02.2007  10:56            44.211 unp034.avc
27.02.2007  10:56            49.296 base029.avc
27.02.2007  10:56           115.953 krnunp.avc
25.02.2007  00:12             8.636 Chinese.con
25.02.2007  00:12            11.623 Icelandic.con
25.02.2007  00:12            11.502 Finnish.con
25.02.2007  00:12            12.672 Polish.con
25.02.2007  00:12            12.710 French.con
25.02.2007  00:12            11.810 Spanish.con
25.02.2007  00:11            11.827 Spanishl.con
25.02.2007  00:11            11.471 Romanian.con
25.02.2007  00:11            12.466 Portuguese.con
25.02.2007  00:11            11.489 Italian.con
25.02.2007  00:11            14.937 config.lan
25.02.2007  00:11            14.937 German.con
24.02.2007  13:24            77.151 ca.avc
24.02.2007  13:24            21.837 gen005.avc
23.02.2007  17:47            10.986 English.con
21.02.2007  17:52            50.516 English.Age
21.02.2007  17:52            50.516 tamil.Age
18.02.2007  19:26            20.574 unp000.avc
18.02.2007  19:26            31.998 krnexe.avc
14.02.2007  13:01             5.194 tamil.dow
14.02.2007  13:01             5.194 English.dow
14.02.2007  12:36           406.528 viewtcp.exe
13.02.2007  17:31             1.696 eicar.avc
13.02.2007  17:31             1.828 chuka.avc
13.02.2007  17:31            37.361 krnjava.avc
13.02.2007  12:14            58.870 mwav.bmp
12.02.2007  18:04            46.541 unp033.avc
12.02.2007  18:04            65.819 unp010.avc
12.02.2007  18:04            66.469 unp023.avc
12.02.2007  18:04            49.588 base130.avc
07.02.2007  10:06            55.520 unp014.avc
07.02.2007  10:06            50.451 unp030.avc
07.02.2007  10:06            49.774 base129.avc
07.02.2007  10:06            50.006 base128.avc
05.02.2007  22:48            54.237 global.dat
03.02.2007  13:11            97.792 MWAVL.exe
02.02.2007  20:14            29.535 gen001.avc
02.02.2007  20:14            48.820 base018.avc
02.02.2007  17:41            28.736 faristream.ppl
02.02.2007  17:41            28.736 farbuffer.ppl
02.02.2007  17:41            94.313 ScanningProcess.exe
02.02.2007  17:40            49.152 ikave.dll
02.02.2007  17:40           274.514 kave.dll
29.01.2007  14:21             1.694 English.tcp
29.01.2007  14:21             1.694 tamil.tcp
29.01.2007  11:54            49.989 base127.avc
26.01.2007  17:57            50.988 base028.avc
26.01.2007  17:57            50.894 base030.avc
26.01.2007  17:57            50.501 base027.avc
23.01.2007  15:55            49.976 base125.avc
23.01.2007  15:55            79.175 krnexe32.avc
19.01.2007  15:08            58.425 unp015.avc
19.01.2007  15:08            57.551 unp035.avc
19.01.2007  15:08            52.779 unp003.avc
19.01.2007  15:08            49.791 base118.avc
19.01.2007  15:08            47.710 base003.avc
15.01.2007  10:27            49.787 base126.avc
11.01.2007  12:06            50.201 base120.avc
11.01.2007  12:06            49.556 base110.avc
11.01.2007  12:06            48.206 base015.avc
09.01.2007  18:45            50.048 ext007.avc
09.01.2007  18:45            49.875 base113.avc
08.01.2007  19:18            57.112 unp019.avc
08.01.2007  19:18            49.691 base082.avc
06.01.2007  17:04            49.720 base117.avc
06.01.2007  17:04            49.084 base101.avc
06.01.2007  12:15            48.255 base095.avc
06.01.2007  12:15            49.820 base100.avc
06.01.2007  11:39            48.914 base080.avc
06.01.2007  11:39            49.661 base045.avc
06.01.2007  11:39            49.609 base067.avc
06.01.2007  11:39            49.689 base044.avc
05.01.2007  19:54            49.948 base121.avc
05.01.2007  19:54            49.940 base124.avc
05.01.2007  19:54            49.783 base041.avc
05.01.2007  18:01            49.894 base070.avc
28.12.2006  12:57           383.488 MDownload.exe
27.12.2006  23:19            49.693 base114.avc
26.12.2006  19:31            37.356 unp031.avc
26.12.2006  19:31            17.845 unp029.avc
26.12.2006  19:31            49.963 base123.avc
26.12.2006  19:31            49.891 base122.avc
26.12.2006  19:31            50.398 base119.avc
26.12.2006  19:31            49.819 base112.avc
24.12.2006  16:55            47.621 ext004.avc
24.12.2006  16:55            31.167 unp024.avc
24.12.2006  16:55            55.368 unp006.avc
24.12.2006  16:55            47.834 base038.avc
24.12.2006  16:55            49.009 base011.avc
21.12.2006  15:15            49.467 ext006.avc
21.12.2006  15:15            69.896 unp002.avc
21.12.2006  15:15            46.892 base035.avc
19.12.2006  14:29             3.245 0092CF7E.key
16.12.2006  11:30            47.823 ext002.avc
16.12.2006  11:30            49.660 ext005.avc
16.12.2006  11:30            40.161 unp028.avc
16.12.2006  11:30            49.550 base115.avc
16.12.2006  11:30            49.917 base107.avc
16.12.2006  11:30            48.997 base085.avc
16.12.2006  11:30            49.493 base060.avc
16.12.2006  11:30            49.343 base022.avc
13.12.2006  12:53            43.721 unp032.avc
11.12.2006  18:40           135.300 TrafficMonitor2.ppl
08.12.2006  17:55            50.024 base066.avc
08.12.2006  17:55            49.618 base032.avc
06.12.2006  07:25            50.037 base116.avc
05.12.2006  10:12            33.630 unp020.avc
05.12.2006  10:12            49.451 base105.avc
05.12.2006  10:08                48 vssver.scc
04.12.2006  13:50               677 esupd.ini
03.12.2006  10:44             1.886 French.tcp
02.12.2006  18:11             7.187 French.lic
02.12.2006  09:58            47.469 unp027.avc

**Karl** · 13.03.2007, 07:17

Nun, ein gewisser Befall mit Spy und Adware liegt vor. In dem Escan Log tauchen aber auch diverse Fehlalarme auf. Bei RealVNC solltest Du darauf achten, ob Du die aktuelle Version hast, wenn nicht, dann aktualisieren.

Lade und installiere (soweit noch nicht vorhanden) Spybot S&D und Adaware Personal. Bei Spybot darauf achten, daß der residente Teatimer nicht installiert wird. Beide Programme updaten.
Im Anschluß daran in den abgesicherten Modus gehen. Beide Programme laufen lassen, alle Funde entfernen lassen. Logfiles der Programme speichern. In Spybot dazu nach dem Scan im Ergebnisfenster rechte Maustaste -> "Ergebnisse in Datei speichern".
Danach zurück in den normalen Modus und die Logfiles posten. Füge vor jedes Log diese Zeile ein:

[CODE]

und dahinter jeweils diese:

[/CODE]

Außerdem dann ein neues Hijackthis posten.

Thema: e-scan log

Themen-Optionen

e-scan log

AW: e-scan log

AW: e-scan log

AW: e-scan log

AW: e-scan log

Aktive Benutzer

Aktive Benutzer

Ähnliche Themen

Please scan my Hijackthis Log.thanks

Can you check my log scan?

even though I've fix the wrong log it wouldn't despear of new hijackthis scan

fixen-scan-böse-fixen-scan-böse-fixen-scan...

Can someone scan this log file

Berechtigungen