| |
| |||||||
Log-Analyse und Auswertung: Blick drauf setzenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
15.08.2007, 15:56
| #1 |
 |  Blick drauf setzen Also nochmal sry dass ich gegen die Regel verstoßen habe. Ich nutze Windows XP und dass Problem ist wenn ich was downloade und dass instaliere mach einfach neustart. Dass ist aber nicht immer so manchmal kann ich auch sachen Problemlos instalieren. Also sollte ihr mal ein blick auf die Prozesse setzten. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:08:09, on 15.08.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\Programme\ATI Technologies\ATI.ACE\cli.exe C:\Programme\McAfee\MSK\MskAgent.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe C:\Programme\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe C:\Programme\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe C:\Programme\SiteAdvisor\6066\SiteAdv.exe C:\Programme\Virtual CD v8\System\VC8Play.exe C:\WINDOWS\system32\ppfsys.exe C:\windows\hffext\hffsrv.exe C:\Programme\Java\jre1.6.0_02\bin\jusched.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\MSN Messenger\MsnMsgr.Exe C:\Programme\Skype\Phone\Skype.exe C:\Programme\BitTorrent\bittorrent.exe C:\Programme\Messenger\msmsgs.exe C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe C:\Programme\Virtual CD v8\System\VC8Tray.exe C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Programme\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\ATKKBService.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe C:\Programme\Gemeinsame Dateien\McAfee\HackerWatch\HWAPI.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\programme\gemeinsame dateien\mcafee\mna\mcnasvc.exe C:\Programme\Skype\Plugin Manager\SkypePM.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe C:\PROGRA~1\McAfee\MSC\mcpromgr.exe c:\PROGRA~1\GEMEIN~1\mcafee\mcproxy\mcproxy.exe c:\PROGRA~1\GEMEIN~1\mcafee\redirsvc\redirsvc.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Programme\McAfee\MPF\MPFSrv.exe C:\PROGRA~1\McAfee\MPS\mps.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Programme\McAfee\MSK\MskSrver.exe C:\Programme\McAfee\MPS\mpsevh.exe C:\Programme\SiteAdvisor\6066\SAService.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Virtual CD v8\System\VC8SecS.exe C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe C:\Programme\ATI Technologies\ATI.ACE\cli.exe C:\Programme\ATI Technologies\ATI.ACE\cli.exe C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexStoreSvr.exe C:\Programme\Mozilla Firefox\firefox.exe C:\WINDOWS\ISW\alice\signup\connctas.exe C:\WINDOWS\System32\svchost.exe C:\Programme\MSN Messenger\usnsvc.exe C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe C:\Dokumente und Einstellungen\Pascal\Desktop\HiJackThis202.exe |
|
15.08.2007, 15:59
| #2 |
| | Blick drauf setzen So Rene-gad hat empfohlen die datein bei www.virustotal.com zu Prüfen und dann HJT-Log hir posten.
__________________C:\WINDOWS\system32\ppfsys.exe C:\windows\hffext\hffsrv.exe Ich konnte die datei aber nicht finden. Dann hat Rene-gad wieder was vorgeschlagen. Dass hab ich dann auch gemacht aber wie soll ich bei den Suchergebnissen die Datei da nu hochladen? |
|
15.08.2007, 16:07
| #3 |
| | Blick drauf setzen So hab die Datei einfach von der Suche auf den detops kopiert und dann hogeladen hir dass ergebnis.
__________________Von der Datei ppfsys.exe. AhnLab-V3 2007.8.15.0 2007.08.14 - AntiVir 7.4.1.62 2007.08.15 - Authentium 4.93.8 2007.08.15 - Avast 4.7.1029.0 2007.08.13 - AVG 7.5.0.476 2007.08.14 - BitDefender 7.2 2007.08.15 - CAT-QuickHeal 9.00 2007.08.14 (Suspicious) - DNAScan ClamAV 0.91 2007.08.15 - DrWeb 4.33 2007.08.15 - eSafe 7.0.15.0 2007.08.10 Suspicious Trojan/Worm eTrust-Vet 31.1.5061 2007.08.15 - Ewido 4.0 2007.08.15 - FileAdvisor 1 2007.08.15 - Fortinet 2.91.0.0 2007.08.15 - F-Prot 4.3.2.48 2007.08.14 - F-Secure 6.70.13030.0 2007.08.15 - Ikarus T3.1.1.12 2007.08.15 - Kaspersky 4.0.2.24 2007.08.15 - McAfee 5097 2007.08.14 - Microsoft 1.2704 2007.08.15 - NOD32v2 2464 2007.08.15 - Norman 5.80.02 2007.08.15 - Panda 9.0.0.4 2007.08.14 - Prevx1 V2 2007.08.15 - Rising 19.36.22.00 2007.08.15 - Sophos 4.20.0 2007.08.12 - Sunbelt 2.2.907.0 2007.08.14 VIPRE.Suspicious Symantec 10 2007.08.15 - TheHacker 6.1.8.168 2007.08.14 - VBA32 3.12.2.2 2007.08.14 - VirusBuster 4.3.26:9 2007.08.15 - Webwasher-Gateway 6.0.1 2007.08.15 - |
|
15.08.2007, 16:51
| #4 |
| | Blick drauf setzen So hir nur der Berich von der Datei hffsrv.exe. Dass ist nich alles weil es bei TheHacker einfach ncht weiter ging.  Aber ich kenne es dass ist ein Pogramm wo mann ordner mit Passwort fesehen konnte am Bild von der exe sehen. AhnLab-V3 2007.8.15.0 2007.08.14 - AntiVir 7.4.1.62 2007.08.15 - Authentium 4.93.8 2007.08.15 - Avast 4.7.1029.0 2007.08.13 - AVG 7.5.0.476 2007.08.14 - BitDefender 7.2 2007.08.15 - CAT-QuickHeal 9.00 2007.08.14 - ClamAV 0.91 2007.08.15 - DrWeb 4.33 2007.08.15 - eSafe 7.0.15.0 2007.08.10 - eTrust-Vet 31.1.5061 2007.08.15 - Ewido 4.0 2007.08.15 - FileAdvisor 1 2007.08.15 - Fortinet 2.91.0.0 2007.08.15 - F-Prot 4.3.2.48 2007.08.14 - F-Secure 6.70.13030.0 2007.08.15 - Ikarus T3.1.1.12 2007.08.15 - Kaspersky 4.0.2.24 2007.08.15 - McAfee 5097 2007.08.14 - Microsoft 1.2704 2007.08.15 - NOD32v2 2464 2007.08.15 - Norman 5.80.02 2007.08.15 - Panda 9.0.0.4 2007.08.14 Suspicious file Prevx1 V2 2007.08.15 - Rising 19.36.22.00 2007.08.15 - Sophos 4.20.0 2007.08.12 - Sunbelt 2.2.907.0 2007.08.14 - Symantec 10 2007.08.15 - TheHacker 6.1.8.168 2007.08.14 - |
|
15.08.2007, 17:10
| #5 | |
| > MalwareDB   | Blick drauf setzen OT: Zitat:
Unabhänig von den Virustotal Logs ist Dein HijackThis Logfile sehr unvollständig. Gab es beim ausführen Probleme? Hier noch mal eine bebilderte Anleitung zum nachlesen. Bata |
|
15.08.2007, 17:36
| #6 |
| | Blick drauf setzen So ist der aber richtig.  Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:35:20, on 15.08.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\Programme\ATI Technologies\ATI.ACE\cli.exe C:\Programme\McAfee\MSK\MskAgent.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe C:\Programme\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe C:\Programme\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe C:\Programme\SiteAdvisor\6066\SiteAdv.exe C:\Programme\Virtual CD v8\System\VC8Play.exe C:\WINDOWS\system32\ppfsys.exe C:\windows\hffext\hffsrv.exe C:\Programme\Java\jre1.6.0_02\bin\jusched.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\BitTorrent\bittorrent.exe C:\Programme\Messenger\msmsgs.exe C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe C:\Programme\Virtual CD v8\System\VC8Tray.exe C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Programme\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\ATKKBService.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe C:\Programme\Gemeinsame Dateien\McAfee\HackerWatch\HWAPI.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\programme\gemeinsame dateien\mcafee\mna\mcnasvc.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe C:\PROGRA~1\McAfee\MSC\mcpromgr.exe c:\PROGRA~1\GEMEIN~1\mcafee\mcproxy\mcproxy.exe c:\PROGRA~1\GEMEIN~1\mcafee\redirsvc\redirsvc.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Programme\McAfee\MPF\MPFSrv.exe C:\PROGRA~1\McAfee\MPS\mps.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Programme\McAfee\MSK\MskSrver.exe C:\Programme\McAfee\MPS\mpsevh.exe C:\Programme\SiteAdvisor\6066\SAService.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Virtual CD v8\System\VC8SecS.exe C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe C:\Programme\ATI Technologies\ATI.ACE\cli.exe C:\Programme\ATI Technologies\ATI.ACE\cli.exe C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexStoreSvr.exe C:\Programme\Mozilla Firefox\firefox.exe C:\WINDOWS\System32\svchost.exe C:\Programme\MSN Messenger\usnsvc.exe C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe C:\Programme\AntiVir PersonalEdition Classic\avguard.exe C:\Programme\Game Cam v1.4\GameCam.exe C:\WINDOWS\ISW\alice\signup\connctas.exe C:\Programme\MSN Messenger\msnmsgr.exe C:\Programme\Internet Explorer\IEXPLORE.EXE C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Dokumente und Einstellungen\Pascal\Desktop\HiJackThis202.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.treiber.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Programme\SiteAdvisor\6066\SiteAdv.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\programme\mcafee\virusscan\scriptcl.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Programme\SiteAdvisor\6066\SiteAdv.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [MskAgentexe] C:\Programme\McAfee\MSK\MskAgent.exe O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [WorksFUD] C:\Programme\Microsoft Works\wkfud.exe O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Programme\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Programme\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe O4 - HKLM\..\Run: [Ulead Photo Express 5 SE Calendar Checker] C:\Programme\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe O4 - HKLM\..\Run: [SiteAdvisor] C:\Programme\SiteAdvisor\6066\SiteAdv.exe O4 - HKLM\..\Run: [VC8Player] C:\Programme\Virtual CD v8\System\VC8Play.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [System: PPFSYS.EXE Don`t remove it!] ppfsys.exe O4 - HKLM\..\Run: [hffsrv] c:\windows\hffext\hffsrv.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [BitTorrent] "C:\Programme\BitTorrent\bittorrent.exe" --force_start_minimized O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/german/partner/de/kavwebscan_unicode.cab O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{C2346CCE-F250-4B72-9D6D-2E7D26C1BAAE}: NameServer = 213.191.74.18 213.191.92.86 O18 - Protocol: bw+0 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bw+0s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bw-0 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bw-0s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bw00 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bw00s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bw10 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bw10s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bw20 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bw20s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bw30 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bw30s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bw40 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bw40s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bw50 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bw50s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bw60 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bw60s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bw70 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bw70s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bw80 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bw80s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bw90 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bw90s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bwa0 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bwa0s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bwb0 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bwb0s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bwc0 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bwc0s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bwd0 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bwd0s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bwe0 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bwe0s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bwf0 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bwf0s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - (no file) O18 - Protocol: bwg0 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bwg0s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bwh0 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bwh0s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bwi0 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bwi0s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bwj0 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bwj0s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bwk0 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bwk0s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bwl0 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bwl0s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bwm0 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bwm0s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bwn0 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bwn0s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bwo0 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bwo0s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bwp0 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bwp0s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bwq0 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bwq0s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bwr0 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bwr0s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bws0 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bws0s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bwt0 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bwt0s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bwu0 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bwu0s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bwv0 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bwv0s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bww0 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bww0s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bwx0 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bwx0s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bwy0 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bwy0s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bwz0 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bwz0s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: offline-8876480 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O23 - Service: McAfee Application Installer Cleanup (0034391187186331) (0034391187186331mcinstcleanup) - McAfee, Inc. - C:\WINDOWS\TEMP\003439~1.EXE O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\GEMEIN~1\McAfee\EmProxy\emproxy.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Programme\Gemeinsame Dateien\McAfee\HackerWatch\HWAPI.exe O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\programme\gemeinsame dateien\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\GEMEIN~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\GEMEIN~1\mcafee\redirsvc\redirsvc.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Programme\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Programme\McAfee\MSK\MskSrver.exe O23 - Service: NBService - Nero AG - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Programme\SiteAdvisor\6066\SAService.exe O23 - Service: Virtual CD v8 Management Service (VC8SecS) - H+H Software GmbH - C:\Programme\Virtual CD v8\System\VC8SecS.exe -- End of file - 18908 bytes |
|
15.08.2007, 17:56
| #7 | |
| > MalwareDB | Blick drauf setzen Fixe diese Einträge: Zitat:
C:\WINDOWS\system32\ppfsys.exe mittels Killbox, benutze es wie angegeben. Danach poste ein neues HJT Logfile. Bata |
|
15.08.2007, 18:29
| #8 |
| | Blick drauf setzen So habe die datei mit der Killbox gelöscht. Bitte erklär mir was du meinst mit Fixe diese Einträge wo und wie mache ich dass bitte ganz genau erklären. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:50:13, on 15.08.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\Programme\ATI Technologies\ATI.ACE\cli.exe C:\Programme\McAfee\MSK\MskAgent.exe C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe C:\Programme\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe C:\Programme\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe C:\Programme\SiteAdvisor\6066\SiteAdv.exe C:\Programme\Virtual CD v8\System\VC8Play.exe C:\windows\hffext\hffsrv.exe C:\Programme\Java\jre1.6.0_02\bin\jusched.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\MSN Messenger\MsnMsgr.Exe C:\Programme\Skype\Phone\Skype.exe C:\Programme\BitTorrent\bittorrent.exe C:\Programme\Messenger\msmsgs.exe C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe C:\Programme\Virtual CD v8\System\VC8Tray.exe C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Programme\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\ATKKBService.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Programme\Skype\Plugin Manager\SkypePM.exe C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe C:\Programme\Gemeinsame Dateien\McAfee\HackerWatch\HWAPI.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\programme\gemeinsame dateien\mcafee\mna\mcnasvc.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe C:\PROGRA~1\McAfee\MSC\mcpromgr.exe c:\PROGRA~1\GEMEIN~1\mcafee\mcproxy\mcproxy.exe c:\PROGRA~1\GEMEIN~1\mcafee\redirsvc\redirsvc.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Programme\McAfee\MPF\MPFSrv.exe C:\PROGRA~1\McAfee\MPS\mps.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Programme\McAfee\MSK\MskSrver.exe C:\Programme\SiteAdvisor\6066\SAService.exe C:\Programme\McAfee\MPS\mpsevh.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Virtual CD v8\System\VC8SecS.exe C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexStoreSvr.exe C:\Programme\ATI Technologies\ATI.ACE\cli.exe C:\Programme\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\ISW\alice\signup\connctas.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Programme\MSN Messenger\usnsvc.exe C:\Dokumente und Einstellungen\Pascal\Desktop\HiJackThis202.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Treiber.de: Aktuelle Treiber für alle Systeme R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Programme\SiteAdvisor\6066\SiteAdv.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\programme\mcafee\virusscan\scriptcl.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Programme\SiteAdvisor\6066\SiteAdv.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [MskAgentexe] C:\Programme\McAfee\MSK\MskAgent.exe O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [WorksFUD] C:\Programme\Microsoft Works\wkfud.exe O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Programme\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Programme\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe O4 - HKLM\..\Run: [Ulead Photo Express 5 SE Calendar Checker] C:\Programme\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe O4 - HKLM\..\Run: [SiteAdvisor] C:\Programme\SiteAdvisor\6066\SiteAdv.exe O4 - HKLM\..\Run: [VC8Player] C:\Programme\Virtual CD v8\System\VC8Play.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [hffsrv] c:\windows\hffext\hffsrv.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [BitTorrent] "C:\Programme\BitTorrent\bittorrent.exe" --force_start_minimized O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/german/...an_unicode.cab O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/DE-DE/.../GAME_UNO1.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase8300.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{C2346CCE-F250-4B72-9D6D-2E7D26C1BAAE}: NameServer = 213.191.74.18 213.191.92.86 O18 - Protocol: bw+0 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bw+0s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bw-0 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bw-0s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bw00 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bw00s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bw10 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bw10s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bw20 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bw20s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bw30 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bw30s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bw40 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bw40s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bw50 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bw50s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bw60 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bw60s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bw70 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bw70s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bw80 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bw80s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bw90 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bw90s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bwa0 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bwa0s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bwb0 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bwb0s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bwc0 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bwc0s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bwd0 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bwd0s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bwe0 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bwe0s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bwf0 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bwf0s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - (no file) O18 - Protocol: bwg0 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bwg0s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bwh0 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bwh0s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bwi0 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bwi0s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bwj0 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bwj0s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bwk0 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bwk0s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bwl0 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bwl0s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bwm0 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bwm0s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bwn0 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bwn0s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bwo0 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bwo0s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bwp0 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bwp0s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bwq0 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bwq0s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bwr0 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bwr0s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bws0 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bws0s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bwt0 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bwt0s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bwu0 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bwu0s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bwv0 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bwv0s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bww0 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bww0s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bwx0 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bwx0s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bwy0 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bwy0s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bwz0 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: bwz0s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: offline-8876480 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file) O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\GEMEIN~1\McAfee\EmProxy\emproxy.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Programme\Gemeinsame Dateien\McAfee\HackerWatch\HWAPI.exe O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\programme\gemeinsame dateien\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\GEMEIN~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\GEMEIN~1\mcafee\redirsvc\redirsvc.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Programme\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Programme\McAfee\MSK\MskSrver.exe O23 - Service: NBService - Nero AG - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Programme\SiteAdvisor\6066\SAService.exe O23 - Service: Virtual CD v8 Management Service (VC8SecS) - H+H Software GmbH - C:\Programme\Virtual CD v8\System\VC8SecS.exe -- End of file - 18543 bytes Geändert von Das Perd mit dem Virus (15.08.2007 um 18:50 Uhr) |
|
15.08.2007, 18:37
| #9 |
| > MalwareDB | Blick drauf setzen Editiere das Log bitte noch, da gibt es einen Button "editieren". Fixen kannst Du mit HJT, nachdem Du das System gescannt hast, es reicht "do a system scan only" Haken setzen und dann "Fix checked" wählen. Dann ein neues Log posten. Killbox lief ohne Probleme durch? Da gibt es nun einen Ordner c:\Killbox! . Dort sollte ein Logfile liegen, dies auch posten, die Backups löschen. Bata |
|
15.08.2007, 18:48
| #10 |
| | Blick drauf setzen Killbox lief ohne Probleme durch und die Backups sind nu gelöscht. Mehr steht da nicht Pocket Killbox version 2.0.0.881 Running on Windows XP as Pascal(Administrator) was started @ Mittwoch, August 15, 2007, 7:12 PM # 1 [Delete on Reboot] Path = C:\WINDOWS\system32\ppfsys.exe I Rebooted @ 7:19:43 PM Killbox Closed(Exit) @ 7:20:08 PM Geändert von Das Perd mit dem Virus (15.08.2007 um 19:02 Uhr) |
|
15.08.2007, 18:59
| #11 |
| | Blick drauf setzen So jetz hab ich dass gefixt. Und ein neues Log hir: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:58:51, on 15.08.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\Programme\ATI Technologies\ATI.ACE\cli.exe C:\Programme\McAfee\MSK\MskAgent.exe C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe C:\Programme\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe C:\Programme\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe C:\Programme\SiteAdvisor\6066\SiteAdv.exe C:\Programme\Virtual CD v8\System\VC8Play.exe C:\windows\hffext\hffsrv.exe C:\Programme\Java\jre1.6.0_02\bin\jusched.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\MSN Messenger\MsnMsgr.Exe C:\Programme\Skype\Phone\Skype.exe C:\Programme\BitTorrent\bittorrent.exe C:\Programme\Messenger\msmsgs.exe C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe C:\Programme\Virtual CD v8\System\VC8Tray.exe C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Programme\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\ATKKBService.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Programme\Skype\Plugin Manager\SkypePM.exe C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe C:\Programme\Gemeinsame Dateien\McAfee\HackerWatch\HWAPI.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\programme\gemeinsame dateien\mcafee\mna\mcnasvc.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe C:\PROGRA~1\McAfee\MSC\mcpromgr.exe c:\PROGRA~1\GEMEIN~1\mcafee\mcproxy\mcproxy.exe c:\PROGRA~1\GEMEIN~1\mcafee\redirsvc\redirsvc.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Programme\McAfee\MPF\MPFSrv.exe C:\PROGRA~1\McAfee\MPS\mps.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Programme\McAfee\MSK\MskSrver.exe C:\Programme\SiteAdvisor\6066\SAService.exe C:\Programme\McAfee\MPS\mpsevh.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Virtual CD v8\System\VC8SecS.exe C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexStoreSvr.exe C:\Programme\ATI Technologies\ATI.ACE\cli.exe C:\Programme\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\ISW\alice\signup\connctas.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Programme\MSN Messenger\usnsvc.exe C:\Dokumente und Einstellungen\Pascal\Desktop\HiJackThis202.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.treiber.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Programme\SiteAdvisor\6066\SiteAdv.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\programme\mcafee\virusscan\scriptcl.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Programme\SiteAdvisor\6066\SiteAdv.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [MskAgentexe] C:\Programme\McAfee\MSK\MskAgent.exe O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [WorksFUD] C:\Programme\Microsoft Works\wkfud.exe O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Programme\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Programme\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe O4 - HKLM\..\Run: [Ulead Photo Express 5 SE Calendar Checker] C:\Programme\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe O4 - HKLM\..\Run: [SiteAdvisor] C:\Programme\SiteAdvisor\6066\SiteAdv.exe O4 - HKLM\..\Run: [VC8Player] C:\Programme\Virtual CD v8\System\VC8Play.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [hffsrv] c:\windows\hffext\hffsrv.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [BitTorrent] "C:\Programme\BitTorrent\bittorrent.exe" --force_start_minimized O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/german/partner/de/kavwebscan_unicode.cab O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{C2346CCE-F250-4B72-9D6D-2E7D26C1BAAE}: NameServer = 213.191.74.18 213.191.92.86 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\GEMEIN~1\McAfee\EmProxy\emproxy.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Programme\Gemeinsame Dateien\McAfee\HackerWatch\HWAPI.exe O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\programme\gemeinsame dateien\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\GEMEIN~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\GEMEIN~1\mcafee\redirsvc\redirsvc.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Programme\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Programme\McAfee\MSK\MskSrver.exe O23 - Service: NBService - Nero AG - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Programme\SiteAdvisor\6066\SAService.exe O23 - Service: Virtual CD v8 Management Service (VC8SecS) - H+H Software GmbH - C:\Programme\Virtual CD v8\System\VC8SecS.exe -- End of file - 12634 bytes |
|
15.08.2007, 19:42
| #12 |
| > MalwareDB | Blick drauf setzen Ok, hat geklappt. Poste nun die Logs der complete.bat, aber nur die Dateien/Ordner der letzten 30 Tage posten. Bata |
|
15.08.2007, 20:19
| #13 |
| | Blick drauf setzen Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 94E3-61D6 Verzeichnis von C:\ 15.08.2007 18:24 65.536 asusdisp.log 16.07.2007 15:33 213 boot.ini 15.08.2007 21:10 0 DC.txt 15.08.2007 21:08 114 DP.txt 15.08.2007 21:09 104.150 DSYS32.txt 15.08.2007 20:54 12.274 Dsystemp.txt 15.08.2007 21:09 5.569 DW.txt 27.07.2007 19:08 10.703 GoGetHardware Report.html 27.07.2007 19:07 2.865 GoGetHardware Report.rtf 15.08.2007 21:08 764 OC.txt 15.08.2007 21:08 4.995 OP.txt 15.08.2007 21:09 8.682 OW.txt 15.08.2007 21:03 1.610.612.736 pagefile.sys 15.08.2007 20:55 4.483 prefetch.txt 22 Datei(en) 1.611.136.995 Bytes 0 Verzeichnis(se), 135.199.555.584 Bytes frei Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 94E3-61D6 Verzeichnis von C:\ 15.08.2007 19:31 <DIR> !KillBox 06.08.2007 21:34 <DIR> $VAULT$.AVG 15.08.2007 12:07 <DIR> Config.Msi 06.08.2007 20:22 <DIR> Dokumente und Einstellungen 27.07.2007 19:08 <DIR> images 14.08.2007 17:02 <DIR> Program Files 15.08.2007 20:48 <DIR> Programme 29.07.2007 18:33 <DIR> SIERRA 15.08.2007 21:05 <DIR> WINDOWS 0 Datei(en) 0 Bytes 11 Verzeichnis(se), 135.199.551.488 Bytes frei Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 94E3-61D6 Verzeichnis von C:\Programme Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 94E3-61D6 Verzeichnis von C:\Programme 15.08.2007 20:48 <DIR> . 15.08.2007 20:48 <DIR> .. 15.08.2007 17:54 <DIR> AntiVir PersonalEdition Classic 08.08.2007 16:17 <DIR> Apple Software Update 21.07.2007 22:32 <DIR> CCleaner 15.08.2007 20:48 <DIR> CleanUp! 02.08.2007 16:56 <DIR> Codemasters 14.08.2007 17:02 <DIR> eRightSoft 06.08.2007 21:18 <DIR> ExePW 09.07.2007 18:24 <DIR> Free WMA to MP3 Converter 13.08.2007 18:01 <DIR> Game Cam v1.4 29.07.2007 13:41 <DIR> Gemeinsame Dateien 25.06.2007 16:41 <DIR> GoGetHardware 08.07.2007 15:29 <DIR> Gothic III Demo 06.08.2007 20:21 <DIR> Grisoft 14.08.2007 17:01 <DIR> GXTranscoder.net 25.06.2007 15:52 <DIR> Hamachi 15.07.2007 21:24 <DIR> hyper Cam 09.08.2007 22:02 <DIR> iColorFolder 29.07.2007 17:38 <DIR> InstallShield Installation Information 15.08.2007 12:03 <DIR> Internet Explorer 27.07.2007 23:04 <DIR> Java 21.07.2007 10:43 <DIR> Lavasoft 06.08.2007 14:39 <DIR> Macromedia 15.08.2007 19:22 <DIR> McAfee 08.08.2007 15:17 <DIR> MediaCoder 08.08.2007 19:17 <DIR> Mozilla Firefox 08.08.2007 16:18 <DIR> QuickTime 09.08.2007 21:57 <DIR> SiteAdvisor 12.08.2007 14:41 <DIR> SpeedFan 01.08.2007 15:27 <DIR> Spybot - Search & Destroy 16.07.2007 14:53 <DIR> Team17 Software Ltd 26.07.2007 18:33 <DIR> Teamspeak2_RC2 16.07.2007 13:58 <DIR> TGTSoft 30.07.2007 21:49 <DIR> TuneUp Utilities 2007 25.06.2007 16:31 <DIR> TypingMaster 25.06.2007 16:48 <DIR> Ulead Systems 24.06.2007 14:54 <DIR> Uninstall Information 26.07.2007 15:19 <DIR> Unlocker 13.07.2007 15:56 <DIR> Utimaco 10.07.2007 19:41 <DIR> Virtual CD v8 25.07.2007 21:17 <DIR> Warcraft III 19.07.2007 19:02 <DIR> Windows Live Safety Center 13.07.2007 18:14 <DIR> WinRAR 12.08.2007 11:41 <DIR> Xfire 0 Datei(en) 0 Bytes 95 Verzeichnis(se), 135.199.543.296 Bytes frei Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 94E3-61D6 Verzeichnis von C:\WINDOWS 15.08.2007 21:05 0 0.log 15.08.2007 21:05 1.328.478 WindowsUpdate.log 15.08.2007 21:05 159 wiadebug.log 15.08.2007 21:05 50 wiaservc.log 15.08.2007 21:04 2.048 bootstat.dat 15.08.2007 21:02 32.572 SchedLgU.Txt 15.08.2007 12:38 147 Ulead32.ini 13.08.2007 18:29 69 NeroDigital.ini 13.08.2007 11:26 1.501 win.ini 11.08.2007 16:55 54.156 QTFont.qfn 11.08.2007 15:17 71 pex.INI 10.08.2007 19:22 1.409 QTFont.for 10.08.2007 19:17 0 oodcnt.INI 09.08.2007 13:50 1.080 gramit32.cfg 01.08.2007 13:04 50 Lic.xxx 31.07.2007 15:46 346 SIERRA.INI 31.07.2007 15:46 346 SIERRA.IN~ 29.07.2007 18:37 37 Viewer.ini 27.07.2007 23:04 1.261 mozver.dat Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 94E3-61D6 Verzeichnis von C:\WINDOWS 15.08.2007 21:05 <DIR> . 15.08.2007 21:05 <DIR> .. 15.08.2007 11:07 <DIR> $hf_mig$ Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 94E3-61D6 Verzeichnis von C:\WINDOWS\system32 15.08.2007 21:06 13.646 wpa.dbl 15.08.2007 21:05 31.640 Config.MPF 14.08.2007 13:55 43.520 CmdLineExt03.dll 07.08.2007 16:52 87.806 iklog.log 06.08.2007 14:52 45 initdebug.nfo 03.08.2007 06:34 16.789.464 MRT.exe 02.08.2007 17:15 400.760 perfh009.dat 02.08.2007 17:15 75.186 perfc007.dat 02.08.2007 17:15 415.454 perfh007.dat 02.08.2007 17:15 62.422 perfc009.dat 02.08.2007 17:15 940.154 PerfStringBackup.INI 27.07.2007 23:04 5.214 jupdate-1.6.0_02-b06.log 26.07.2007 18:33 34.064 lhacm.acm 21.07.2007 22:00 3.137 x_dtrace_log 21.07.2007 21:51 14 getfile.dat 19.07.2007 08:56 3.583.488 mshtml.dll Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 94E3-61D6 Verzeichnis von C:\DOKUME~1\Pascal\LOKALE~1\Temp 15.08.2007 21:09 7.914 jusched.log 15.08.2007 21:05 16.384 Perflib_Perfdata_1588.dat 15.08.2007 21:05 16.384 Perflib_Perfdata_1598.dat 15.08.2007 21:05 16.384 Perflib_Perfdata_e4c.dat 15.08.2007 21:04 16.384 Perflib_Perfdata_354.dat 15.08.2007 20:36 1.384 wmplog00.sqm 15.08.2007 19:12 16.384 ~DF58EA.tmp 15.08.2007 14:28 72.192 ~e5.0001 15.08.2007 14:07 114.688 ~DFDAC4.tmp 14.08.2007 21:34 296 MSI9c6c9.LOG 14.08.2007 18:56 512 ~DF3E72.tmp 14.08.2007 18:56 65.536 ~DF3E5B.tmp 14.08.2007 18:56 512 ~DF1558.tmp 14.08.2007 18:56 65.536 ~DF150C.tmp 14.08.2007 13:55 4.592 SIntfIcn.ani 14.08.2007 13:55 24.744 SIntfNT.dll 14.08.2007 13:55 20.016 SIntf32.dll 14.08.2007 13:55 12.305 SIntf16.dll 14.08.2007 13:26 16.384 Perflib_Perfdata_13ec.dat 11.08.2007 22:16 2.996 java_install_reg.log 11.08.2007 15:04 512 ~DF17BF.tmp 11.08.2007 15:04 65.536 ~DF174C.tmp 11.08.2007 15:04 16.384 Perflib_Perfdata_c8c.dat 11.08.2007 12:19 798.234 IMT86.xml 11.08.2007 12:19 426 IMT85.xml 11.08.2007 12:19 2.036 IMT84.xml 11.08.2007 11:01 16.384 Perflib_Perfdata_107c.dat 11.08.2007 11:01 16.384 Perflib_Perfdata_1084.dat 10.08.2007 22:48 798.234 IMTB4.xml 10.08.2007 22:48 426 IMTB3.xml 10.08.2007 22:48 2.036 IMTB2.xml 10.08.2007 22:48 798.234 IMTB1.xml 10.08.2007 22:48 426 IMTB0.xml 10.08.2007 22:48 2.036 IMTAF.xml 09.08.2007 22:24 30.931 tmp97.tmp 09.08.2007 22:24 30.931 VUA_XmlReport_PETER-7959A3059.xml 09.08.2007 22:21 17.644 VUA_QueryAppBlock_PETER-7959A3059.xml 09.08.2007 22:20 1.199.505 VUA_Bucketizer_PETER-7959A3059.xml 09.08.2007 22:20 3.435.696 VUA_Collector_PETER-7959A3059.xml 09.08.2007 22:17 9.172 VUA_WinSat_PETER-7959A3059.xml 09.08.2007 11:02 22.245 Turkish.bin 09.08.2007 11:02 21.958 Norwegian.bin 09.08.2007 11:02 26.076 Hungarian.bin 09.08.2007 11:02 19.553 Hebrew.bin 09.08.2007 11:02 22.853 Finnish.bin 09.08.2007 11:02 24.310 Czech.bin 09.08.2007 11:02 25.067 Portuguese(Brazil).bin 09.08.2007 11:02 24.219 Polish.bin 09.08.2007 11:02 25.080 Greek.bin 09.08.2007 11:02 21.977 Thai.bin 09.08.2007 11:02 20.974 Arabic.bin 09.08.2007 11:02 16.404 SimChin.bin 09.08.2007 11:02 21.911 English.bin 09.08.2007 11:02 26.256 Portuguese.bin 09.08.2007 11:02 24.088 SWEDISH.bin 09.08.2007 11:02 27.754 Spanish.bin 09.08.2007 11:02 26.125 Russian.bin 09.08.2007 11:02 27.409 Italian.bin 09.08.2007 11:02 25.746 German.bin 09.08.2007 11:02 27.237 French.bin 09.08.2007 11:02 16.949 TradChin.bin 09.08.2007 11:02 25.741 Dutch.bin 09.08.2007 11:02 22.769 Danish.bin 09.08.2007 11:02 20.135 Korean.bin 09.08.2007 11:02 24.297 Japanese.bin 08.08.2007 21:50 977 D653F3EC.TMP 08.08.2007 16:18 836 QTInstallCode.log 08.08.2007 16:18 3.817 qtplugin.log 07.08.2007 12:20 16.384 Perflib_Perfdata_13c0.dat 07.08.2007 12:20 16.384 Perflib_Perfdata_1398.dat 07.08.2007 12:20 16.384 Perflib_Perfdata_11f0.dat 02.08.2007 17:16 3.609 netfxupdate.log 02.08.2007 17:15 10.977 netfxsl.log 02.08.2007 17:15 5.755 ASPNETSetup.log 02.08.2007 17:14 2.339 dotNetFx.log 02.08.2007 15:11 16.384 Perflib_Perfdata_11c4.dat 01.08.2007 14:49 56 kbdummy.2 01.08.2007 14:49 56 kavss.dat 01.08.2007 13:04 490 EUpdate.ini 01.08.2007 13:04 104 IUpdate.ini 01.08.2007 13:04 2.080 Download.log 01.08.2007 13:04 3.361 avp.set 01.08.2007 13:04 3.361 avp_ext.set 01.08.2007 13:04 822 remove.ini 01.08.2007 13:04 12.800 kernel.avc 01.08.2007 13:04 227 httpsite.txt 01.08.2007 13:04 111 ftpsites.txt 01.08.2007 13:04 14.738 dailyc.avc 01.08.2007 13:04 3.393 daily-ex.avx 01.08.2007 13:04 3.393 daily-ex.avc 01.08.2007 13:04 1.795 daily-ec.avc 01.08.2007 13:04 5.144 filelist.lst 01.08.2007 10:54 16.384 Perflib_Perfdata_1088.dat 30.07.2007 15:01 2.982 59ec_appcompat.txt 29.07.2007 13:41 376 MSI24c31.LOG 28.07.2007 17:07 13.539 ext999.avc 28.07.2007 17:07 11.907 ext009.avc 27.07.2007 23:01 1.160 jinstall.cfg 27.07.2007 12:46 8.376 krn003.avc 26.07.2007 10:31 4.930 base999.avc Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 94E3-61D6 Verzeichnis von C:\WINDOWS\Prefetch 15.08.2007 21:12 20.970 NOTEPAD.EXE-336351A9.pf 15.08.2007 21:10 19.294 CMD.EXE-087B4001.pf 15.08.2007 21:07 13.686 AVNOTIFY.EXE-22AE9451.pf 15.08.2007 21:07 26.472 MCUIMGR.EXE-113B692E.pf 15.08.2007 21:06 87.968 FIREFOX.EXE-1D57670A.pf 15.08.2007 21:06 46.776 WGATRAY.EXE-0ED38BED.pf 15.08.2007 21:06 29.814 WUAUCLT.EXE-399A8E72.pf 15.08.2007 21:05 77.008 CLI.EXE-02B0DB56.pf 15.08.2007 21:05 43.760 UPDATE.EXE-13D57D76.pf 15.08.2007 21:05 33.394 NMIndexStoreSvr.exe-1DBCF9FD.pf 15.08.2007 21:05 15.440 ALG.EXE-0F138680.pf 15.08.2007 21:05 15.216 PREUPD.EXE-358AA1C1.pf 15.08.2007 21:05 19.964 WMIAPSRV.EXE-1E2270A5.pf 15.08.2007 21:05 105.860 CONNCTAS.EXE-239A718A.pf 15.08.2007 21:05 50.544 IMAPI.EXE-0BF740A4.pf 15.08.2007 21:05 30.560 WMIPRVSE.EXE-28F301A9.pf 15.08.2007 21:05 53.368 NMINDEXINGSERVICE.EXE-19799BA6.pf 15.08.2007 21:05 22.602 VC8SECS.EXE-04060FB5.pf 15.08.2007 21:05 19.386 SVCHOST.EXE-3530F672.pf 15.08.2007 21:05 32.696 MPSEVH.EXE-08D7717F.pf 15.08.2007 21:05 12.204 SASERVICE.EXE-1E952E19.pf 15.08.2007 21:05 41.612 MCAGENT.EXE-03DA6B71.pf 15.08.2007 21:05 32.974 MSKSRVER.EXE-12F6EF1A.pf 15.08.2007 21:05 54.060 MCVSSHLD.EXE-15D6AD34.pf 15.08.2007 21:05 34.982 MPS.EXE-01990987.pf 15.08.2007 21:05 46.258 MPFSRV.EXE-25599261.pf 15.08.2007 21:05 16.402 MCOEMMGR.EXE-2B2AC198.pf 15.08.2007 21:05 21.626 REDIRSVC.EXE-2E6F24CE.pf 15.08.2007 21:05 26.466 MCPROXY.EXE-04E1F224.pf 15.08.2007 21:05 26.040 MCPROMGR.EXE-1B753AE0.pf 15.08.2007 21:05 19.994 MCODS.EXE-068F5A2B.pf 15.08.2007 21:05 41.194 MCSYSMON.EXE-01D38930.pf 15.08.2007 21:05 72.398 MCSHIELD.EXE-2D89DF9A.pf 15.08.2007 21:05 24.522 MCMSCSVC.EXE-112E6989.pf 15.08.2007 21:05 30.600 MCNASVC.EXE-1D1A0992.pf 15.08.2007 21:05 65.496 SKYPEPM.EXE-03F1BFBD.pf 15.08.2007 21:05 13.626 HWAPI.EXE-07DC10A7.pf 15.08.2007 21:05 23.726 AVGEMC.EXE-38E59DAC.pf 15.08.2007 21:05 7.312 LSSRVC.EXE-164808EA.pf 15.08.2007 21:05 9.864 AVGUPSVC.EXE-0DA751F2.pf 15.08.2007 21:05 20.108 AVGAMSVR.EXE-22E996D2.pf 15.08.2007 21:05 18.530 VERCLSID.EXE-3667BD89.pf 15.08.2007 21:05 7.958 ATKKBSERVICE.EXE-24FE62ED.pf 15.08.2007 21:05 27.200 SCHED.EXE-236A886F.pf 15.08.2007 21:05 48.146 AAWSERVICE.EXE-10F504AB.pf 15.08.2007 21:05 1.185.810 NTOSBOOT-B00DFAAD.pf 15.08.2007 21:02 19.182 LOGONUI.EXE-0AF22957.pf 15.08.2007 21:02 8.086 RUNDLL32.EXE-451FC2C0.pf 15.08.2007 21:01 15.994 CLEANUP.EXE-3438663A.pf 15.08.2007 20:57 19.818 RUNDLL32.EXE-12E27DD0.pf 15.08.2007 20:54 55.778 MCSVRCNT.EXE-3260D061.pf 15.08.2007 20:54 43.320 MCINFO.EXE-00303134.pf 15.08.2007 20:54 31.186 MCSYNC.EXE-0AD983E7.pf 15.08.2007 20:54 66.060 MCUPDMGR.EXE-30842AD8.pf 15.08.2007 20:54 15.472 MCVSMAP.EXE-280B7A39.pf 15.08.2007 20:48 17.148 CLEANUP452.EXE-0105662C.pf 15.08.2007 20:29 84.798 WMPLAYER.EXE-09969338.pf 15.08.2007 19:58 66.044 HIJACKTHIS202.EXE-309C7382.pf 15.08.2007 19:35 71.824 REGISTRYCLEANER.EXE-17B6D63B.pf 15.08.2007 19:35 66.578 SYSTEMOPTIMIZER.EXE-2D3174F1.pf 15.08.2007 19:35 62.592 ONECLICKMAINTENANCE.EXE-05D14B98.pf 15.08.2007 19:32 47.290 CCLEANER.EXE-065E2F3F.pf 15.08.2007 19:28 14.046 REGSVR32.EXE-25EEFE2F.pf 15.08.2007 19:28 14.516 AVGNT.EXE-36CA4640.pf 15.08.2007 19:26 59.574 WLLOGINPROXY.EXE-33926225.pf 15.08.2007 19:25 101.924 IEXPLORE.EXE-2CA9778D.pf 15.08.2007 19:24 33.422 USNSVC.EXE-1D8C2356.pf 15.08.2007 19:22 29.174 003439~1.EXE-03615F0B.pf 15.08.2007 19:12 49.460 KILLBOX.EXE-27507CF2.pf 15.08.2007 18:53 394.342 Layout.ini 15.08.2007 18:25 25.856 TASKMGR.EXE-20256C55.pf 71 Datei(en) 4.107.370 Bytes 0 Verzeichnis(se), 135.199.604.736 Bytes frei |
|
15.08.2007, 22:36
| #14 |
| > MalwareDB | Blick drauf setzen |
|
16.08.2007, 09:56
| #15 |
| | Blick drauf setzen Ich weis nicht ob ich dass richtige gedownloadet habe weil da 2 sachen waren dann hab ich dass 1 genommen und gescannt hat nichts gefunden. |
|
| Themen zu Blick drauf setzen |
| ad-aware, antivir, dateien, desktop, einstellungen, explorer, firefox, hijack, hijackthis, internet, internet explorer, messenger, micro, microsoft, mozilla, mozilla firefox, msn, msn messenger, neustart., problem, programme, prozesse, siteadvisor, system, system32, trend micro, windows, windows xp |
Linear-Darstellung
