Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
internet problem

internet problem


Log-Analyse und Auswertung: internet problem

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 16.08.2008, 19:20   #5
abhijat
 
internet problem - Standard

internet problem


so nun der 2. teil

SASW:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/16/2008 at 09:18 AM

Application Version : 4.15.1000

Core Rules Database Version : 3538
Trace Rules Database Version: 1527

Scan type : Complete Scan
Total Scan Time : 01:10:27

Memory items scanned : 411
Memory threats detected : 0
Registry items scanned : 7032
Registry threats detected : 27
File items scanned : 100824
File threats detected : 40

Adware.Vundo Variant
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8071E65A-3F56-4426-8372-8667CD213057}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{8071E65A-3F56-4426-8372-8667CD213057}

Adware.Tracking Cookie
C:\Documents and Settings\name\Cookies\name@2o7[1].txt
C:\Documents and Settings\name\Cookies\name@traffictrack[2].txt
C:\Documents and Settings\name\Cookies\name@fastclick[1].txt
C:\Documents and Settings\name\Cookies\name@apmebf[2].txt
C:\Documents and Settings\name\Cookies\name@adserver.71i[1].txt
C:\Documents and Settings\name\Cookies\name@zedo[1].txt
C:\Documents and Settings\name\Cookies\name@weborama[2].txt
C:\Documents and Settings\name\Cookies\name@ads.realtechnetwork[1].txt
C:\Documents and Settings\name\Cookies\name@server.cpmstar[1].txt
C:\Documents and Settings\name\Cookies\name@sevenoneintermedia.112.2o7[1].txt
C:\Documents and Settings\name\Cookies\name@ads.admediate[2].txt
C:\Documents and Settings\name\Cookies\name@komtrack[2].txt
C:\Documents and Settings\name\Cookies\name@bs.serving-sys[2].txt
C:\Documents and Settings\name\Cookies\name@doubleclick[1].txt
C:\Documents and Settings\name\Cookies\namen@atwola[2].txt
C:\Documents and Settings\name\Cookies\name@ad.zanox[2].txt
C:\Documents and Settings\name\Cookies\name@msnportal.112.2o7[1].txt
C:\Documents and Settings\namen\Cookies\namen@data.coremetrics[1].txt
C:\Documents and Settings\name\Cookies\name@eas.apm.emediate[2].txt
C:\Documents and Settings\namen\Cookies\name@serving-sys[2].txt
C:\Documents and Settings\name\Cookies\name@ad.trackbar[1].txt
C:\Documents and Settings\name\Cookies\namen@statse.webtrendslive[2].txt
C:\Documents and Settings\name\Cookies\name@mediaplex[1].txt
C:\Documents and Settings\name\Cookies\name@stats.adbrite[1].txt
C:\Documents and Settings\name\Cookies\name@ad.yieldmanager[2].txt
C:\Documents and Settings\name\Cookies\name@atdmt[2].txt
C:\Documents and Settings\name\Cookies\name@adsby.aim4media[1].txt
C:\Documents and Settings\name\Cookies\name@tradedoubler[2].txt
C:\Documents and Settings\name\Cookies\name@tto2.traffictrack[1].txt
C:\Documents and Settings\name\Cookies\name@www.etracker[1].txt
C:\Documents and Settings\name\Cookies\namen@adserver.easyad[1].txt
C:\Documents and Settings\name\Cookies\name@partners.webmasterplan[1].txt
C:\Documents and Settings\name\Cookies\name@adopt.euroclick[1].txt

Malware.DriveCleaner
HKCR\UDCPChk.UDCPChk
HKCR\UDCPChk.UDCPChk\CLSID
HKCR\UDCPChk.UDCPChk\CurVer
HKCR\UDCPChk.UDCPChk.1
HKCR\UDCPChk.UDCPChk.1\CLSID
HKCR\CLSID\{943B96A4-9BF6-42fe-8D0B-4BCA71C3632F}
HKCR\CLSID\{943B96A4-9BF6-42fe-8D0B-4BCA71C3632F}\Implemented Categories
HKCR\CLSID\{943B96A4-9BF6-42fe-8D0B-4BCA71C3632F}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}
HKCR\CLSID\{943B96A4-9BF6-42fe-8D0B-4BCA71C3632F}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}
HKCR\CLSID\{943B96A4-9BF6-42fe-8D0B-4BCA71C3632F}\ProgID
HKCR\CLSID\{943B96A4-9BF6-42fe-8D0B-4BCA71C3632F}\Programmable
HKCR\CLSID\{943B96A4-9BF6-42fe-8D0B-4BCA71C3632F}\TypeLib
HKCR\CLSID\{943B96A4-9BF6-42fe-8D0B-4BCA71C3632F}\VersionIndependentProgID
HKCR\TypeLib\{4F43B1F3-0CE8-493B-96D2-990CEC05EDBB}
HKCR\TypeLib\{4F43B1F3-0CE8-493B-96D2-990CEC05EDBB}\1.0
HKCR\TypeLib\{4F43B1F3-0CE8-493B-96D2-990CEC05EDBB}\1.0\0
HKCR\TypeLib\{4F43B1F3-0CE8-493B-96D2-990CEC05EDBB}\1.0\0\win32
HKCR\TypeLib\{4F43B1F3-0CE8-493B-96D2-990CEC05EDBB}\1.0\FLAGS
HKCR\TypeLib\{4F43B1F3-0CE8-493B-96D2-990CEC05EDBB}\1.0\HELPDIR
HKCR\Interface\{5954B2DB-09A7-4023-847C-107539DC560D}
HKCR\Interface\{5954B2DB-09A7-4023-847C-107539DC560D}\ProxyStubClsid
HKCR\Interface\{5954B2DB-09A7-4023-847C-107539DC560D}\ProxyStubClsid32
HKCR\Interface\{5954B2DB-09A7-4023-847C-107539DC560D}\TypeLib
HKCR\Interface\{5954B2DB-09A7-4023-847C-107539DC560D}\TypeLib#Version

Trojan.Media-Codec/V4
HKU\S-1-5-21-854245398-776561741-725345543-1003\Software\Online Add-on

Rogue.AntiVirus 2009
C:\PROGRAM FILES\AV9\AV2009.EXE

Adware.Vundo Variant/Rel
C:\WINDOWS\SYSTEM32\BBADD.INI

Rogue.IEUpdates-Installer
C:\WINDOWS\SYSTEM32\IEUPDATES.EXE


Malwarebytes:

Malwarebytes' Anti-Malware 1.24
Datenbank Version: 1056
Windows 5.1.2600 Service Pack 2

14:48:08 16.08.2008
mbam-log-8-16-2008 (14-47-57).txt

Scan-Methode: Vollständiger Scan (C:\|D:\|)
Durchsuchte Objekte: 132518
Laufzeit: 1 hour(s), 16 minute(s), 30 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 1
Infizierte Dateien: 5

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> No action taken.

Infizierte Verzeichnisse:
C:\Program Files\AV9 (Rogue.Antivirus2009) -> No action taken.

Infizierte Dateien:
C:\WINDOWS\rundll16.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\system32\vcmgcd32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\logo1_.exe (Worm.Viking) -> No action taken.


frisches hijack:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:00:43, on 16.08.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ElkCtrl.exe
C:\WINDOWS\system32\lvcomsx.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Secunia\PSI (RC3)\psi.exe
C:\Program Files\Opera\Opera.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Secunia PSI (RC3).lnk = C:\Program Files\Secunia\PSI (RC3)\psi.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: Download with Xilisoft Download YouTube Video - C:\Program Files\Xilisoft\Download YouTube Video\upod_link.HTM
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - hxxp://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1194457158921
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe

--
End of file - 6762 bytes


und Iclean:

iclean log 16.08.2008 19:59:55

Windows XP SP2, Kernel functions unavailable

Processes
---------
532 - \SystemRoot\System32\smss.exe - \SystemRoot\System32\smss.exe
824 - \??\C:\WINDOWS\system32\csrss.exe - \??\C:\WINDOWS\system32\csrss.exe
856 - \??\C:\WINDOWS\system32\winlogon.exe - \??\C:\WINDOWS\system32\winlogon.exe
904 - C:\WINDOWS\system32\services.exe - Services and Controller app
916 - C:\WINDOWS\system32\lsass.exe - LSA Shell (Export Version)
1076 - C:\WINDOWS\system32\Ati2evxx.exe - ATI External Event Utility EXE Module
1088 - C:\WINDOWS\system32\svchost.exe - Generic Host Process for Win32 Services
1188 - C:\WINDOWS\system32\svchost.exe - Generic Host Process for Win32 Services
1220 - C:\WINDOWS\system32\svchost.exe - Generic Host Process for Win32 Services
1320 - C:\WINDOWS\system32\svchost.exe - Generic Host Process for Win32 Services
1528 - C:\WINDOWS\system32\Ati2evxx.exe - ATI External Event Utility EXE Module
1600 - C:\WINDOWS\system32\spoolsv.exe - Spooler SubSystem App
1648 - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe - Antivirus On-Access Service
2040 - C:\WINDOWS\system32\svchost.exe - Generic Host Process for Win32 Services
224 - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe - Antivirus Scheduler
248 - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe - Apple Mobile Device Service
1160 - C:\WINDOWS\System32\alg.exe - Application Layer Gateway Service
772 - C:\WINDOWS\Explorer.EXE - Windows Explorer
752 - C:\WINDOWS\system32\ElkCtrl.exe - Logitech Camera Service(E)
1300 - C:\WINDOWS\system32\lvcomsx.exe - LVCom Server
1388 - C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe - ATI Desktop Control Panel
1432 - C:\WINDOWS\SOUNDMAN.EXE - Realtek Sound Manager
1440 - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe - Antivirus System Tray Tool
1480 - C:\Program Files\iTunes\iTunesHelper.exe - iTunesHelper Module (Signed)
1356 - C:\WINDOWS\system32\ctfmon.exe - CTF Loader
1540 - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe - SUPERAntiSpyware (Signed)
864 - C:\Program Files\Logitech\SetPoint\SetPoint.exe - Logitech SetPoint Event Manager (UNICODE)
2168 - C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE - Logitech KHAL Main Process
2304 - C:\Program Files\VIA\RAID\raid_tool.exe - VIA RAID Tool
2356 - C:\Program Files\iPod\bin\iPodService.exe - iPodService Module (Signed)
2472 - C:\Program Files\Secunia\PSI (RC3)\psi.exe - Secunia PSI
3892 - C:\Program Files\Opera\Opera.exe - Opera Internet Browser
672 - C:\WINDOWS\system32\svchost.exe - Generic Host Process for Win32 Services
3012 - D:\Instal files\iclean.exe - Interactive Cleaner

Services
--------
C:\WINDOWS\system32\svchost.exe=Akamai
C:\WINDOWS\system32\alg.exe=ALG
c:\program files\avira\antivir personaledition classic\sched.exe=AntiVirScheduler
c:\program files\avira\antivir personaledition classic\avguard.exe=AntiVirService
c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe=Apple Mobile Device
C:\WINDOWS\system32\ati2evxx.exe=Ati HotKey Poller
C:\WINDOWS\system32\svchost.exe=AudioSrv
C:\WINDOWS\system32\svchost.exe=BITS
C:\WINDOWS\system32\svchost.exe=Browser
C:\WINDOWS\system32\svchost.exe=CryptSvc
C:\WINDOWS\system32\svchost.exe=DcomLaunch
C:\WINDOWS\system32\svchost.exe=Dhcp
C:\WINDOWS\system32\svchost.exe=dmserver
C:\WINDOWS\system32\services.exe=Eventlog
c:\windows\system32\svchost.exe=EventSystem
C:\WINDOWS\system32\svchost.exe=helpsvc
c:\program files\ipod\bin\ipodservice.exe=iPod Service
C:\WINDOWS\system32\svchost.exe=lanmanserver
C:\WINDOWS\system32\svchost.exe=lanmanworkstation
C:\WINDOWS\system32\svchost.exe=LmHosts
C:\WINDOWS\system32\svchost.exe=Netman
C:\WINDOWS\system32\svchost.exe=Nla
C:\WINDOWS\system32\services.exe=PlugPlay
C:\WINDOWS\system32\lsass.exe=ProtectedStorage
C:\WINDOWS\system32\svchost.exe=RasMan
C:\WINDOWS\system32\svchost.exe=RemoteRegistry
C:\WINDOWS\system32\svchost.exe=RpcSs
C:\WINDOWS\system32\lsass.exe=SamSs
C:\WINDOWS\system32\svchost.exe=Schedule
C:\WINDOWS\system32\svchost.exe=SENS
C:\WINDOWS\system32\svchost.exe=SharedAccess
C:\WINDOWS\system32\svchost.exe=ShellHWDetection
C:\WINDOWS\system32\spoolsv.exe=Spooler
C:\WINDOWS\system32\svchost.exe=srservice
C:\WINDOWS\system32\svchost.exe=stisvc
C:\WINDOWS\system32\svchost.exe=TapiSrv
C:\WINDOWS\system32\svchost.exe=TermService
C:\WINDOWS\system32\svchost.exe=Themes
C:\WINDOWS\system32\svchost.exe=UxTuneUp
C:\WINDOWS\system32\svchost.exe=WebClient
C:\WINDOWS\system32\svchost.exe=winmgmt
C:\WINDOWS\system32\svchost.exe=wscsvc
C:\WINDOWS\system32\svchost.exe=wuauserv
C:\WINDOWS\system32\svchost.exe=WZCSVC

Registry
--------
000=HKCU\Run: CTFMON.EXE=c:\windows\system32\ctfmon.exe
000=HKCU\Run: SUPERAntiSpyware=c:\program files\superantispyware\superantispyware.exe
000=HKLM\Run: ATIPTA=c:\program files\ati technologies\ati control panel\atiptaxx.exe
000=HKLM\Run: avgnt="c:\program files\avira\antivir personaledition classic\avgnt.exe" /min
000=HKLM\Run: iTunesHelper="c:\program files\itunes\ituneshelper.exe"
000=HKLM\Run: LogitechCameraService(E)=c:\windows\system32\elkctrl.exe
000=HKLM\Run: QuickTime Task="c:\program files\quicktime\qttask.exe" -atboottime
000=HKLM\Run: SoundMan=c:\windows\soundman.exe
001=Firewall bypass: %windir%\Network Diagnostic\xpnetdiag.exe=c:\windows\network diagnostic\xpnetdiag.exe
001=Firewall bypass: %windir%\system32\sessmgr.exe=c:\windows\system32\sessmgr.exe
001=Firewall bypass: C:\Program Files\ICQ6\ICQ.exe=c:\program files\icq6\icq.exe
001=Firewall bypass: C:\Program Files\iTunes\iTunes.exe=c:\program files\itunes\itunes.exe
001=Firewall bypass: C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe=c:\program files\ivt corporation\bluesoleil\bluesoleil.exe
001=Firewall bypass: C:\Program Files\Metin2_Germany\metin2.bin=c:\program files\metin2_germany\metin2.bin
001=Firewall bypass: C:\Program Files\Microsoft Games\Age of Empires II\EMPIRES2.EXE=c:\program files\microsoft games\age of empires ii\empires2.exe
001=Firewall bypass: C:\Program Files\Microsoft Games\Age of Empires II\EMPIRES2.ICD=c:\program files\microsoft games\age of empires ii\empires2.icd
001=Firewall bypass: C:\Program Files\Opera\Opera.exe=c:\program files\opera\opera.exe
001=Firewall bypass: C:\Program Files\Skype\Phone\Skype.exe=c:\program files\skype\phone\skype.exe
001=Firewall bypass: C:\Program Files\Valve\hl.exe=c:\program files\valve\hl.exe
001=Firewall bypass: C:\Program Files\Warcraft III\War3.exe=c:\program files\warcraft iii\war3.exe
001=Firewall bypass: C:\Program Files\Warcraft III\Warcraft III.exe=c:\program files\warcraft iii\warcraft iii.exe
001=Firewall bypass: C:\WINDOWS\system32\dplaysvr.exe=c:\windows\system32\dplaysvr.exe
020=SSODL: CDBurn=C:\WINDOWS\system32\shell32.dll
020=SSODL: PostBootReminder=C:\WINDOWS\system32\shell32.dll
020=SSODL: SysTray=C:\WINDOWS\system32\stobject.dll
020=SSODL: WebCheck=c:\windows\system32\webcheck.dll
020=SSODL: WPDShServiceObj=c:\windows\system32\wpdshserviceobj.dll
030=BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=(null) ()
030=BHO: {72853161-30C5-4D22-B7F9-0BBC1D38A37E}=c:\progra~1\micros~3\office12\gra8e1~1.dll (Groove GFS Browser Helper)
031=Toolbar: {01E04581-4EEE-11D0-BFE9-00AA005B4383}=C:\WINDOWS\system32\browseui.dll
031=Toolbar: {0E5CBF21-D15F-11D0-8301-00AA005B4383}=C:\WINDOWS\system32\shell32.dll
031=Toolbar: {855F3B16-6D32-4FE6-8A56-BBB695989046}=(null)
031=Toolbar: {F2CF5485-4E02-4F68-819C-B92DE9277049}=c:\windows\system32\ieframe.dll
031=Toolbar: ITBar7Layout=(null)

Startup Folders
---------------
Common: desktop.ini
Common: logitech setpoint.lnk -> C:\PROGRA~1\Logitech\SetPoint\SetPoint.exe
Common: via raid tool.lnk -> C:\PROGRA~1\VIA\RAID\RAID_T~1.EXE
Personal: desktop.ini
Personal: Secunia PSI (RC3).lnk -> C:\PROGRA~1\Secunia\PSI(RC~1\psi.exe

HOSTS
-----
# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost
127.0.0.1 mpa.one.microsoft.com


hofffentlich bin ich jetze sauber [/SIZE]


 

Themen zu internet problem
adobe, antivir, auswerten, avira, bho, browser, dsl, explorer, frage, helfen, hijack, hijackthis, hkus\s-1-5-18, internet, internet explorer, internet problem, magix, malware, object, pdf, problem, senden, server, software, spyware, system, windows, windows xp


« Viele Internetseiten lassen sich nicht mehr öffnen | PC stürzt ab / Virus? »


Ähnliche Themen: internet problem


  1. Problem mit dem Internet
    Plagegeister aller Art und deren Bekämpfung - 07.06.2014 (26)
  2. Internet Problem, 1 Pc zieht volle Internet Leistung!
    Log-Analyse und Auswertung - 14.11.2013 (10)
  3. Internet läuft langsam .. DNS Problem ? Manchmal friert alles ein Neustart behebt Problem
    Log-Analyse und Auswertung - 25.04.2012 (1)
  4. Problem mit dem Internet!
    Log-Analyse und Auswertung - 30.07.2011 (1)
  5. Internet Problem
    Netzwerk und Hardware - 08.09.2010 (2)
  6. Problem mit Internet
    Alles rund um Windows - 13.03.2010 (1)
  7. Problem mit dem Internet
    Log-Analyse und Auswertung - 27.04.2009 (2)
  8. Internet Problem
    Log-Analyse und Auswertung - 22.03.2009 (6)
  9. Internet-Problem
    Alles rund um Windows - 06.01.2009 (27)
  10. Internet Problem
    Log-Analyse und Auswertung - 04.08.2008 (1)
  11. Problem mit dem Internet
    Log-Analyse und Auswertung - 18.08.2007 (8)
  12. Problem mit dem Internet
    Alles rund um Windows - 14.05.2006 (13)
  13. Problem mit Internet und cpu
    Plagegeister aller Art und deren Bekämpfung - 26.11.2005 (3)
  14. Internet Problem
    Plagegeister aller Art und deren Bekämpfung - 02.04.2005 (12)
  15. Internet Problem
    Log-Analyse und Auswertung - 25.01.2005 (2)
  16. Problem mit Internet
    Alles rund um Windows - 24.12.2004 (7)
  17. Internet Problem
    Netzwerk und Hardware - 27.05.2003 (26)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema internet problem - so nun der 2. teil SASW: SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 08/16/2008 at 09:18 AM Application Version : 4.15.1000 Core Rules Database Version : 3538 Trace Rules Database Version: 1527 - internet problem...
Archiv
Du betrachtest: internet problem auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27