Hallo!
Da der PC von meiner Mutter auch voller Viren und Sonstigem ist,
habe ich auch bei ihr die 4 Programme durchlaufen lassen. Hier die Reports!
Ich würde mich freuen, wenn ihr mir auch da weiterhelfen könntet.
Vielen Dank schonmal!!!
Liebe Grüße
David
__________________________________________________________________
zu 1. CCleaner
3GP Video Converter 3
Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Reader 8.1.2 - Deutsch
AirPlus G
Alive Video Converter (version 3.1.2.8)
Alphaload Software 4.1.4
ANIO Service
ANIWZCS2 Service
AutoCAD R14.0 - Deutsch
Avira AntiVir Personal - Free Antivirus
bit media ECDL 4 Plus Office 2003 Edition
Canon iP5200
Canon Setup Utility 2.0
Canon Utilities Easy-PhotoPrint
Canon Utilities Easy-PrintToolBox
CCleaner (remove only)
CD-LabelPrint
Corel Uninstaller
dakota.ag
Easy-WebPrint
Google Earth
Google Toolbar for Internet Explorer
Google Updater
Hauppauge WinTV Scheduler
Hauppauge WinTV2000
HP PhotoSmart Scanner-Software
ICQ Toolbar
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office XP Professional mit FrontPage
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
MP3 Player
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Nero 6
neroxml
Online Manuals for WinTV (German)
PowerDVD
QuickTime
Salon Styler Pro Demo
STOIK Video Converter 2
TrekStor Windows98 SE driver
UnderCoverXP 1.08
VTPlus32 für WinTV (German)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR
_______________________________________________________________
zu 2. Malwarebytes
Malwarebytes' Anti-Malware 1.34
Datenbank Version: 1749
Windows 5.1.2600 Service Pack 3
19.03.2009 16:20:14
mbam-log-2009-03-19 (16-20-14).txt
Scan-Methode: Vollständiger Scan (A:\|C:\|D:\|E:\|)
Durchsuchte Objekte: 129703
Laufzeit: 1 hour(s), 28 minute(s), 23 second(s)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 11
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 5
Infizierte Dateien: 15
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\videoegg.activexloader.1 (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{af2e62b6-f9e1-4d4f-a10a-9dc8e6dcbcc0} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{90b5a95a-afd5-4d11-b9bd-a69d53d22226} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8109fd3d-d891-4f80-8339-50a4913ace6f} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{12c7290a-157b-4f43-b109-97e792c598ed} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{12c7290a-157b-4f43-b109-97e792c598ed} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{12c7290a-157b-4f43-b109-97e792c598ed} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XP Police Antivirus (Rogue.XP-Police-Antivirus) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Adware.BHO) -> Quarantined and deleted successfully.
Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\policeav (Rogue.XPPoliceAntivirus) -> Quarantined and deleted successfully.
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
C:\Programme\Hotbar (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Programme\XPPoliceAntivirus (Rogue.XPPoliceAntivirus) -> Quarantined and deleted successfully.
C:\Programme\XPPoliceAntivirus\plugins (Rogue.XPPoliceAntivirus) -> Quarantined and deleted successfully.
C:\Programme\XPPoliceAntivirus\sounds (Rogue.XPPoliceAntivirus) -> Quarantined and deleted successfully.
Infizierte Dateien:
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\VideoEgg\user.dat (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Programme\XPPoliceAntivirus\AVCoreFn.dll (Rogue.XPPoliceAntivirus) -> Quarantined and deleted successfully.
C:\Programme\XPPoliceAntivirus\bdconf.cfg (Rogue.XPPoliceAntivirus) -> Quarantined and deleted successfully.
C:\Programme\XPPoliceAntivirus\Core.dll (Rogue.XPPoliceAntivirus) -> Quarantined and deleted successfully.
C:\Programme\XPPoliceAntivirus\xppolice.exe (Rogue.XPPoliceAntivirus) -> Quarantined and deleted successfully.
C:\Programme\XPPoliceAntivirus\plugins\vb0.dat (Rogue.XPPoliceAntivirus) -> Quarantined and deleted successfully.
C:\Programme\XPPoliceAntivirus\plugins\vb1.dat (Rogue.XPPoliceAntivirus) -> Quarantined and deleted successfully.
C:\Programme\XPPoliceAntivirus\plugins\vb2.dat (Rogue.XPPoliceAntivirus) -> Quarantined and deleted successfully.
C:\Programme\XPPoliceAntivirus\sounds\alert.wav (Rogue.XPPoliceAntivirus) -> Quarantined and deleted successfully.
C:\Programme\XPPoliceAntivirus\sounds\click.wav (Rogue.XPPoliceAntivirus) -> Quarantined and deleted successfully.
C:\Programme\XPPoliceAntivirus\sounds\fire.wav (Rogue.XPPoliceAntivirus) -> Quarantined and deleted successfully.
C:\WINDOWS\iehost.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Ulla\Desktop\XP Police Antivirus.lnk (Rogue.XP-Police-Antivirus) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Ulla\Startmenü\XP Police Antivirus.lnk (Rogue.XP-Police-Antivirus) -> Quarantined and deleted successfully.
C:\Programme\ICQToolbar\toolbaru.dll (Adware.BHO) -> Quarantined and deleted successfully.
___________________________________________________________________________
zu 3. WondowsScan
Leider kein Report möglich. Zugriff wurde verweigert beim Scannen!
___________________________________________________________________________
zu 4. Hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:30:03, on 19.03.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Aveo\Attune\bin\attune_ce.exe
C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Corel\Graphics8\Programs\MFIndexer.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll (file missing)
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [AttuneClientEngine] C:\PROGRA~1\Aveo\Attune\bin\attune_ce.exe
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Programme\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [BearFlix] "C:\Programme\BearFlix\BearFlix.exe" /pause
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Programme\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Corel MEDIA FOLDERS INDEXER 8.LNK = C:\Corel\Graphics8\Programs\MFIndexer.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Easy-WebPrint - Drucken - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint - Vorschau - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.branchenfinder-kib.de
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe…pDownloader.cab
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Programme\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
--
End of file - 6750 bytes