internet problem

abhijat · 15.08.2008, 15:30

hallo erstmal.
Bin erst seit heute hier und absoulter Neuling in sache Vieren und so.
Also ich folgendes problem, ich hab seit bisschen mehr als einer Woche eine total langsame dsl Leistung. Sie liegt deutlich unter dsl 1000 anstatt der angegebenen 6000,
ich hab antivir durchlaufen lassen aber der hat nichts gefunden.
Da dachte ich mir ich such mal im Internet, wo ich erfahren hab das antivir nicht nach Spyware und Malware und Dialer sucht, ich weiss aber auch nicht genau was das ist,nur das es nicht gut fuer den pc ist.
Dann hab ich mir gedacht vllt. hat sich jemand in meinen pc gehackt und dann bin ich auf dieses Forum und hijack gestossen.
Ich hab hijack installiert und nach er anleitung durchlaufen lassen.
Jetzt wollte ich mal fragen ob ihr mir den Text mal auswerten koennt?

hoffe ihr koennt mir helfen!!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:12:44, on 15.08.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\lvcomsx.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://google.icq.com/search/search_frame.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4D4912C3-D2FA-41B3-B9AF-792D7F7E2DF5} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {8071E65A-3F56-4426-8372-8667CD213057} - (no file)
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: Download with Xilisoft Download YouTube Video - C:\Program Files\Xilisoft\Download YouTube Video\upod_link.HTM
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - hxxp://cdn.drivecleaner.com/installdrivecleanerstart_de.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - hxxp://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1194457158921
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: ddccc - C:\WINDOWS\system32\ddccc.dll (file missing)
O20 - Winlogon Notify: fccdaxy - fccdaxy.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe

--
End of file - 7411 bytes

undoreal · 15.08.2008, 18:46

Halli hallo abhijat

Um alle weiteren Hilfeleistungen zu erleichtern und deine Systemsicherheit zu erhöhen arbeite bitte folgendes gründlich ab:

Software Updates aller installierten Programme auf die neueste Version (Secunia PSI kann hier wertvolle Hilfe leisten).
.
Update der Viren-Signaturen deines Anti-Viren Programmes.
.
Treiberupdate der Hardware (Grafikkarte, Soundkarte).
.
Windows Update -> Der Frischmacher.
.
Vernünftige Ordneransicht -> Einstellungen.
.
Abschalten unnötiger Dienste:
XP_ dingens.org
Vista_ TechNET
.
Firewall aktivieren: (Wenn beim installiertem AV-Prog eine Firewall dabei ist so kann diese verwendet werden!)
XP_ Firewall
Vista_ Firewall
.
Oben genannte Konfigurationen sind grundlegend wichtig! Führe sie also gewissenhaft durch und poste wenn es zu Problemen gekommen ist die du nicht selbstständig mit Hilfe der Boardsuche, Google oder Freunden lösen konntest.

Häufig gestellte Fragen: XP | Vista

1) Deaktiviere die Systemwiederherstellung auf allen Laufwerken. Nachdem die Bereinigung KOMPLETT beendet ist kann sie wieder aktiviert werden.

2) Deinstalliere Java über die Systemsteuerung.

3) Blacklight bitte laufen lassen und das log posten.. evtl. Funde bitte umbennen/beheben lassen!

4) Run Combofix. Poste den erscheinenden Text.

5) Überprüfe dein System mit SASW.

6) Mache einen letzten Maleware-Check mit Malewarebytes.

7) Räume mit cCleaner auf. (Punkt 1 und 2)

8) Poste ein frisches HijackThis log sowie einen iClean Bericht (Prog in eigenem Ordner öffnen->"Yes"->File->Report).
Hinweis zum iClean Bericht: Sollten extrem viele 032 und 033 redirected Einträge im log auftauchen so kürze diese bitte damit das log nicht zu lang wird.

9) Systemanalyse:
Deaktiviere den Wächter/On-Access-Modul (Echtzeit-Scanner) deines AntiViren Programmes.

Downloade AVZ und speichere es in einen eigenen Ordner auf dem Desktop.

Entpacke es in diesem Ordner und starte die Anwendung durch einen Doppelklick auf die AVZ.exe.

Unter File -> Database Update Start drücken.

Unter File -> System Analys, die Option Attach System Analysis log to ZIP anhaken und Start drücken. Wähle als Speicherort den von dir erstellten AVZ-Ordner.

Nachdem der Scan beendet ist lade die avz_sysinfo.zip bei Rapidshare hoch und poste den Download-Link.

abhijat · 16.08.2008, 06:25

danke fuer die schnelle Antwort!!!!
werd ich mal probieren.

abhijat · 16.08.2008, 19:19

[SIZE="1"]so hab jetzt alles genau nach der anleitung gemacht.
ich hab keine log file vom backlight bekommen

Combofix:

ComboFix 08-08-15.04 - Tschen-Min 2008-08-16 13:05:30.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.199 [GMT 2:00]
Running from: D:\Instal files\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\name\Application Data\macromedia\Flash Player\#SharedObjects\6Y77UUNW\interclick.com
C:\Documents and Settings\name\Application Data\macromedia\Flash Player\#SharedObjects\6Y77UUNW\interclick.com\ud.sol
C:\Documents and Settings\name\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\name\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\name\Cookies\tschen-min@metacafe[2].txt
C:\Program Files\Common Files\drivecleaner free
C:\WINDOWS\regedit.com
C:\WINDOWS\system32\cccdd.bak1
C:\WINDOWS\system32\cccdd.ini
C:\WINDOWS\system32\taskmgr.com

.
((((((((((((((((((((((((( Files Created from 2008-07-16 to 2008-08-16 )))))))))))))))))))))))))))))))
.

2008-08-16 09:28 . 2008-08-16 09:28 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-08-16 09:22 . 2008-08-16 09:22 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-08-16 08:04 . 2008-08-16 08:04 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-08-16 08:04 . 2008-08-16 08:04 <DIR> d-------- C:\Documents and Settings\name\Application Data\SUPERAntiSpyware.com
2008-08-16 08:04 . 2008-08-16 08:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-08-16 07:46 . 2008-06-13 15:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-08-16 07:46 . 2008-06-13 15:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-08-16 07:39 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-08-16 07:39 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-08-16 07:39 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-08-16 07:26 . 2008-08-16 07:26 <DIR> d-------- C:\Program Files\Secunia
2008-08-15 16:12 . 2008-08-15 16:12 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-14 21:49 . 2008-08-14 21:49 126,976 --a------ C:\WINDOWS\War3Unin.exe
2008-08-14 21:49 . 2008-08-14 21:52 17,932 --a------ C:\WINDOWS\War3Unin.dat
2008-08-14 21:49 . 2008-08-14 21:49 2,829 --a------ C:\WINDOWS\War3Unin.pif
2008-08-14 21:46 . 2008-08-14 22:13 <DIR> d-------- C:\Program Files\Warcraft III
2008-08-09 15:24 . 2008-08-10 13:10 2,318,976 --a------ C:\WINDOWS\system32\TUKernel.exe
2008-08-08 15:14 . 2008-08-16 09:18 <DIR> d-------- C:\Program Files\AV9
2008-07-29 22:27 . 2008-07-29 22:59 <DIR> d-------- C:\Program Files\Cheat Engine

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-16 10:59 --------- d-----w C:\Program Files\Common Files\Akamai
2008-08-16 10:58 0 ----a-w C:\WINDOWS\system32\drivers\lvuvc.hs
2008-08-16 07:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-08-16 06:03 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-08-08 15:23 --------- d-----w C:\Documents and Settings\name\Application Data\Metacafe
2008-08-08 10:45 --------- d-----w C:\Program Files\Metin2_Germany
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 18:22 --------- d-----w C:\Program Files\QIP
2008-07-07 18:20 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-26 12:35 --------- d-----w C:\Program Files\iTunes
2008-06-26 12:34 --------- d-----w C:\Program Files\iPod
2008-06-26 12:33 --------- d-----w C:\Program Files\QuickTime
2008-06-26 12:32 --------- d-----w C:\Program Files\Common Files\Apple
2008-06-26 12:32 --------- d-----w C:\Program Files\Apple Software Update
2008-06-26 12:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-06-26 07:23 --------- d-----w C:\Documents and Settings\name\Application Data\GRETECH
2008-06-26 07:12 --------- d-----w C:\Program Files\GRETECH
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 16:57 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-21 20:55 10,363,638 ----a-w C:\Program Files\cell_shaded_players_and_weapons.rar
2008-06-21 20:55 --------- d-----w C:\Program Files\cell_shaded_players_and_weapons
2008-06-20 17:36 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:44 360,960 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:32 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-19 14:37 --------- d-----w C:\Program Files\Metacafe
2008-06-16 08:31 7,808 ----a-w C:\WINDOWS\system32\drivers\psi_mf.sys
2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-05-30 23:22 815,104 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-05-30 23:22 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-05-30 23:22 683,520 ----a-w C:\WINDOWS\system32\DivX.dll
2008-05-30 23:22 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-05-30 23:22 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-05-30 23:22 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-05-30 23:22 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-05-28 22:26 128,840 ----a-w C:\WINDOWS\system32\Metacafe.scr
2008-05-22 22:22 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-05-22 22:22 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-05-22 22:20 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-05-22 22:20 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-05-22 22:19 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-05-22 22:19 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-05-22 22:19 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-05-22 22:18 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-02-01 13:49 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-09-15 12:53 176 ----a-w C:\Program Files\INSTALL.LOG
2006-09-17 16:09 67 ----a-w C:\Program Files\file_id.diz
2006-05-06 16:42 7,260,160 ----a-w C:\Program Files\mozilla firefox\plugins\libvlc.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2005-06-14 14:00 15360]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechCameraService(E)"="C:\WINDOWS\system32\ElkCtrl.exe" [2004-11-01 18:22 262144]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-09-29 07:15 344064]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-28 15:10 266497]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 10:50 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-06-02 11:13 267048]
"SoundMan"="SOUNDMAN.EXE" [2004-02-26 10:53 65024 C:\WINDOWS\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2005-06-14 14:00 15360]

C:\Documents and Settings\name\Start Menu\Programs\Startup\
Secunia PSI (RC3).lnk - C:\Program Files\Secunia\PSI (RC3)\psi.exe [2008-06-16 11:03:08 663552]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-05-28 18:11:12 450560]
VIA RAID TOOL.lnk - C:\Program Files\VIA\RAID\raid_tool.exe [2007-05-28 17:53:14 565248]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoChangeKeyboardNavigationIndicators"= 0 (0x0)
"NoSMConfigurePrograms"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoStart IR.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoStart IR.lnk
backup=C:\WINDOWS\pss\AutoStart IR.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk
backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Metacafe.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Metacafe.lnk
backup=C:\WINDOWS\pss\Metacafe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PowerMenu.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PowerMenu.lnk
backup=C:\WINDOWS\pss\PowerMenu.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Tschen-Min^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\Tschen-Min\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Tschen-Min^Start Menu^Programs^Startup^Metacafe.lnk]
path=C:\Documents and Settings\Tschen-Min\Start Menu\Programs\Startup\Metacafe.lnk
backup=C:\WINDOWS\pss\Metacafe.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-05-11 03:06 40048 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2006-02-01 16:45 98304 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2007-09-18 16:16 171464 C:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-27 00:47 31016 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-06-02 11:13 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraAssistant]
--a------ 2005-09-07 06:33 434176 C:\Program Files\Logitech\Video\CameraAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
--a------ 2005-01-18 17:07 196608 C:\Program Files\Logitech\Video\ManifestEngine.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideo[inspector]]
--a------ 2005-09-07 06:39 73728 C:\Program Files\Logitech\Video\InstallHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
--a------ 2005-09-01 13:04 221184 C:\WINDOWS\system32\LVCOMSX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 15:40 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
--a------ 2005-06-14 14:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
--a------ 2005-06-14 14:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
--a------ 2006-11-10 12:35 90112 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-06-26 17:39 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
--a------ 2005-05-20 14:46 28160 C:\WINDOWS\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]
--------- 2003-12-11 11:50 20992 C:\WINDOWS\LOGI_MWX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AVG Anti-Spyware Guard"=2 (0x2)
"wuauserv"=2 (0x2)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"LVPrcSrv"=2 (0x2)
"iPod Service"=3 (0x3)
"gusvc"=2 (0x2)
"BlueSoleil Hid Service"=2 (0x2)
"AntiVirService"=2 (0x2)
"AntiVirScheduler"=2 (0x2)
"usnjsvc"=3 (0x3)
"UleadBurningHelper"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"29771875692906750029808563740813"=C:\Program Files\AV9\av2009.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.EXE"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"C:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"=
"C:\\Program Files\\Valve\\hl.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Opera\\Opera.exe"=
"C:\\Program Files\\Metin2_Germany\\metin2.bin"=
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"C:\\Program Files\\Warcraft III\\War3.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9420:TCP"= 9420:TCP:Red Swoosh
"5000:UDP"= 5000:UDP:Red Swoosh

R0 viasraid;viasraid;C:\WINDOWS\system32\DRIVERS\viasraid.sys [2003-10-31 05:22]
R2 Akamai;Akamai;C:\WINDOWS\System32\svchost.exe [2005-06-14 14:00]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2005-06-14 14:00]
R3 PSI;PSI;C:\WINDOWS\system32\DRIVERS\psi_mf.sys [2008-06-16 10:31]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 16:18]
S3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2005-09-01 13:11]
S3 UPnPService;UPnPService;C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 18:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5683A0A9-36E3-A6E1-C5AE-0DD855D1F56C}]
C:\WINDOWS\system32\Bifrost\explorer.exe s
.
Contents of the 'Scheduled Tasks' folder

2008-08-08 C:\WINDOWS\Tasks\1-Klick-Wartung.job
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe [2007-04-26 20:08]

2008-07-31 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]
.
- - - - ORPHANS REMOVED - - - -

Notify-ddccc - C:\WINDOWS\system32\ddccc.dll
Notify-fccdaxy - fccdaxy.dll
MSConfigStartUp-avgnt - C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
MSConfigStartUp-MsnMsgr - C:\Program Files\MSN Messenger\MsnMsgr.Exe
MSConfigStartUp-PeerGuardian - C:\Program Files\PeerGuardian2\pg2.exe
MSConfigStartUp-PowerStrip - c:\program files\powerstrip\pstrip.exe
MSConfigStartUp-SpybotSD TeaTimer - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
MSConfigStartUp-SunJavaUpdateSched - C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\name\Application Data\Mozilla\Firefox\Profiles\s9f2x19i.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://start.icq-tools.de

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-16 13:09:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\sccfg.sys 20 bytes

scan completed successfully
hidden files: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/rswin_3333.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/rswin_3333.dll"
.
Completion time: 2008-08-16 13:12:39
ComboFix-quarantined-files.txt 2008-08-16 11:12:20

Pre-Run: 29,580,939,264 bytes free
Post-Run: 34,339,856,384 bytes free

283 --- E O F --- 2008-08-16 07:31:21

abhijat · 16.08.2008, 19:20

so nun der 2. teil

SASW:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/16/2008 at 09:18 AM

Application Version : 4.15.1000

Core Rules Database Version : 3538
Trace Rules Database Version: 1527

Scan type : Complete Scan
Total Scan Time : 01:10:27

Memory items scanned : 411
Memory threats detected : 0
Registry items scanned : 7032
Registry threats detected : 27
File items scanned : 100824
File threats detected : 40

Adware.Vundo Variant
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8071E65A-3F56-4426-8372-8667CD213057}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{8071E65A-3F56-4426-8372-8667CD213057}

Adware.Tracking Cookie
C:\Documents and Settings\name\Cookies\name@2o7[1].txt
C:\Documents and Settings\name\Cookies\name@traffictrack[2].txt
C:\Documents and Settings\name\Cookies\name@fastclick[1].txt
C:\Documents and Settings\name\Cookies\name@apmebf[2].txt
C:\Documents and Settings\name\Cookies\name@adserver.71i[1].txt
C:\Documents and Settings\name\Cookies\name@zedo[1].txt
C:\Documents and Settings\name\Cookies\name@weborama[2].txt
C:\Documents and Settings\name\Cookies\name@ads.realtechnetwork[1].txt
C:\Documents and Settings\name\Cookies\name@server.cpmstar[1].txt
C:\Documents and Settings\name\Cookies\name@sevenoneintermedia.112.2o7[1].txt
C:\Documents and Settings\name\Cookies\name@ads.admediate[2].txt
C:\Documents and Settings\name\Cookies\name@komtrack[2].txt
C:\Documents and Settings\name\Cookies\name@bs.serving-sys[2].txt
C:\Documents and Settings\name\Cookies\name@doubleclick[1].txt
C:\Documents and Settings\name\Cookies\namen@atwola[2].txt
C:\Documents and Settings\name\Cookies\name@ad.zanox[2].txt
C:\Documents and Settings\name\Cookies\name@msnportal.112.2o7[1].txt
C:\Documents and Settings\namen\Cookies\namen@data.coremetrics[1].txt
C:\Documents and Settings\name\Cookies\name@eas.apm.emediate[2].txt
C:\Documents and Settings\namen\Cookies\name@serving-sys[2].txt
C:\Documents and Settings\name\Cookies\name@ad.trackbar[1].txt
C:\Documents and Settings\name\Cookies\namen@statse.webtrendslive[2].txt
C:\Documents and Settings\name\Cookies\name@mediaplex[1].txt
C:\Documents and Settings\name\Cookies\name@stats.adbrite[1].txt
C:\Documents and Settings\name\Cookies\name@ad.yieldmanager[2].txt
C:\Documents and Settings\name\Cookies\name@atdmt[2].txt
C:\Documents and Settings\name\Cookies\name@adsby.aim4media[1].txt
C:\Documents and Settings\name\Cookies\name@tradedoubler[2].txt
C:\Documents and Settings\name\Cookies\name@tto2.traffictrack[1].txt
C:\Documents and Settings\name\Cookies\name@www.etracker[1].txt
C:\Documents and Settings\name\Cookies\namen@adserver.easyad[1].txt
C:\Documents and Settings\name\Cookies\name@partners.webmasterplan[1].txt
C:\Documents and Settings\name\Cookies\name@adopt.euroclick[1].txt

Malware.DriveCleaner
HKCR\UDCPChk.UDCPChk
HKCR\UDCPChk.UDCPChk\CLSID
HKCR\UDCPChk.UDCPChk\CurVer
HKCR\UDCPChk.UDCPChk.1
HKCR\UDCPChk.UDCPChk.1\CLSID
HKCR\CLSID\{943B96A4-9BF6-42fe-8D0B-4BCA71C3632F}
HKCR\CLSID\{943B96A4-9BF6-42fe-8D0B-4BCA71C3632F}\Implemented Categories
HKCR\CLSID\{943B96A4-9BF6-42fe-8D0B-4BCA71C3632F}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}
HKCR\CLSID\{943B96A4-9BF6-42fe-8D0B-4BCA71C3632F}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}
HKCR\CLSID\{943B96A4-9BF6-42fe-8D0B-4BCA71C3632F}\ProgID
HKCR\CLSID\{943B96A4-9BF6-42fe-8D0B-4BCA71C3632F}\Programmable
HKCR\CLSID\{943B96A4-9BF6-42fe-8D0B-4BCA71C3632F}\TypeLib
HKCR\CLSID\{943B96A4-9BF6-42fe-8D0B-4BCA71C3632F}\VersionIndependentProgID
HKCR\TypeLib\{4F43B1F3-0CE8-493B-96D2-990CEC05EDBB}
HKCR\TypeLib\{4F43B1F3-0CE8-493B-96D2-990CEC05EDBB}\1.0
HKCR\TypeLib\{4F43B1F3-0CE8-493B-96D2-990CEC05EDBB}\1.0\0
HKCR\TypeLib\{4F43B1F3-0CE8-493B-96D2-990CEC05EDBB}\1.0\0\win32
HKCR\TypeLib\{4F43B1F3-0CE8-493B-96D2-990CEC05EDBB}\1.0\FLAGS
HKCR\TypeLib\{4F43B1F3-0CE8-493B-96D2-990CEC05EDBB}\1.0\HELPDIR
HKCR\Interface\{5954B2DB-09A7-4023-847C-107539DC560D}
HKCR\Interface\{5954B2DB-09A7-4023-847C-107539DC560D}\ProxyStubClsid
HKCR\Interface\{5954B2DB-09A7-4023-847C-107539DC560D}\ProxyStubClsid32
HKCR\Interface\{5954B2DB-09A7-4023-847C-107539DC560D}\TypeLib
HKCR\Interface\{5954B2DB-09A7-4023-847C-107539DC560D}\TypeLib#Version

Trojan.Media-Codec/V4
HKU\S-1-5-21-854245398-776561741-725345543-1003\Software\Online Add-on

Rogue.AntiVirus 2009
C:\PROGRAM FILES\AV9\AV2009.EXE

Adware.Vundo Variant/Rel
C:\WINDOWS\SYSTEM32\BBADD.INI

Rogue.IEUpdates-Installer
C:\WINDOWS\SYSTEM32\IEUPDATES.EXE

Malwarebytes:

Malwarebytes' Anti-Malware 1.24
Datenbank Version: 1056
Windows 5.1.2600 Service Pack 2

14:48:08 16.08.2008
mbam-log-8-16-2008 (14-47-57).txt

Scan-Methode: Vollständiger Scan (C:\|D:\|)
Durchsuchte Objekte: 132518
Laufzeit: 1 hour(s), 16 minute(s), 30 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 1
Infizierte Dateien: 5

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> No action taken.

Infizierte Verzeichnisse:
C:\Program Files\AV9 (Rogue.Antivirus2009) -> No action taken.

Infizierte Dateien:
C:\WINDOWS\rundll16.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\system32\vcmgcd32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\logo1_.exe (Worm.Viking) -> No action taken.

frisches hijack:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:00:43, on 16.08.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ElkCtrl.exe
C:\WINDOWS\system32\lvcomsx.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Secunia\PSI (RC3)\psi.exe
C:\Program Files\Opera\Opera.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Secunia PSI (RC3).lnk = C:\Program Files\Secunia\PSI (RC3)\psi.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: Download with Xilisoft Download YouTube Video - C:\Program Files\Xilisoft\Download YouTube Video\upod_link.HTM
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - hxxp://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1194457158921
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe

--
End of file - 6762 bytes

und Iclean:

iclean log 16.08.2008 19:59:55

Windows XP SP2, Kernel functions unavailable

Processes
---------
532 - \SystemRoot\System32\smss.exe - \SystemRoot\System32\smss.exe
824 - \??\C:\WINDOWS\system32\csrss.exe - \??\C:\WINDOWS\system32\csrss.exe
856 - \??\C:\WINDOWS\system32\winlogon.exe - \??\C:\WINDOWS\system32\winlogon.exe
904 - C:\WINDOWS\system32\services.exe - Services and Controller app
916 - C:\WINDOWS\system32\lsass.exe - LSA Shell (Export Version)
1076 - C:\WINDOWS\system32\Ati2evxx.exe - ATI External Event Utility EXE Module
1088 - C:\WINDOWS\system32\svchost.exe - Generic Host Process for Win32 Services
1188 - C:\WINDOWS\system32\svchost.exe - Generic Host Process for Win32 Services
1220 - C:\WINDOWS\system32\svchost.exe - Generic Host Process for Win32 Services
1320 - C:\WINDOWS\system32\svchost.exe - Generic Host Process for Win32 Services
1528 - C:\WINDOWS\system32\Ati2evxx.exe - ATI External Event Utility EXE Module
1600 - C:\WINDOWS\system32\spoolsv.exe - Spooler SubSystem App
1648 - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe - Antivirus On-Access Service
2040 - C:\WINDOWS\system32\svchost.exe - Generic Host Process for Win32 Services
224 - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe - Antivirus Scheduler
248 - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe - Apple Mobile Device Service
1160 - C:\WINDOWS\System32\alg.exe - Application Layer Gateway Service
772 - C:\WINDOWS\Explorer.EXE - Windows Explorer
752 - C:\WINDOWS\system32\ElkCtrl.exe - Logitech Camera Service(E)
1300 - C:\WINDOWS\system32\lvcomsx.exe - LVCom Server
1388 - C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe - ATI Desktop Control Panel
1432 - C:\WINDOWS\SOUNDMAN.EXE - Realtek Sound Manager
1440 - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe - Antivirus System Tray Tool
1480 - C:\Program Files\iTunes\iTunesHelper.exe - iTunesHelper Module (Signed)
1356 - C:\WINDOWS\system32\ctfmon.exe - CTF Loader
1540 - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe - SUPERAntiSpyware (Signed)
864 - C:\Program Files\Logitech\SetPoint\SetPoint.exe - Logitech SetPoint Event Manager (UNICODE)
2168 - C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE - Logitech KHAL Main Process
2304 - C:\Program Files\VIA\RAID\raid_tool.exe - VIA RAID Tool
2356 - C:\Program Files\iPod\bin\iPodService.exe - iPodService Module (Signed)
2472 - C:\Program Files\Secunia\PSI (RC3)\psi.exe - Secunia PSI
3892 - C:\Program Files\Opera\Opera.exe - Opera Internet Browser
672 - C:\WINDOWS\system32\svchost.exe - Generic Host Process for Win32 Services
3012 - D:\Instal files\iclean.exe - Interactive Cleaner

Services
--------
C:\WINDOWS\system32\svchost.exe=Akamai
C:\WINDOWS\system32\alg.exe=ALG
c:\program files\avira\antivir personaledition classic\sched.exe=AntiVirScheduler
c:\program files\avira\antivir personaledition classic\avguard.exe=AntiVirService
c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe=Apple Mobile Device
C:\WINDOWS\system32\ati2evxx.exe=Ati HotKey Poller
C:\WINDOWS\system32\svchost.exe=AudioSrv
C:\WINDOWS\system32\svchost.exe=BITS
C:\WINDOWS\system32\svchost.exe=Browser
C:\WINDOWS\system32\svchost.exe=CryptSvc
C:\WINDOWS\system32\svchost.exe=DcomLaunch
C:\WINDOWS\system32\svchost.exe=Dhcp
C:\WINDOWS\system32\svchost.exe=dmserver
C:\WINDOWS\system32\services.exe=Eventlog
c:\windows\system32\svchost.exe=EventSystem
C:\WINDOWS\system32\svchost.exe=helpsvc
c:\program files\ipod\bin\ipodservice.exe=iPod Service
C:\WINDOWS\system32\svchost.exe=lanmanserver
C:\WINDOWS\system32\svchost.exe=lanmanworkstation
C:\WINDOWS\system32\svchost.exe=LmHosts
C:\WINDOWS\system32\svchost.exe=Netman
C:\WINDOWS\system32\svchost.exe=Nla
C:\WINDOWS\system32\services.exe=PlugPlay
C:\WINDOWS\system32\lsass.exe=ProtectedStorage
C:\WINDOWS\system32\svchost.exe=RasMan
C:\WINDOWS\system32\svchost.exe=RemoteRegistry
C:\WINDOWS\system32\svchost.exe=RpcSs
C:\WINDOWS\system32\lsass.exe=SamSs
C:\WINDOWS\system32\svchost.exe=Schedule
C:\WINDOWS\system32\svchost.exe=SENS
C:\WINDOWS\system32\svchost.exe=SharedAccess
C:\WINDOWS\system32\svchost.exe=ShellHWDetection
C:\WINDOWS\system32\spoolsv.exe=Spooler
C:\WINDOWS\system32\svchost.exe=srservice
C:\WINDOWS\system32\svchost.exe=stisvc
C:\WINDOWS\system32\svchost.exe=TapiSrv
C:\WINDOWS\system32\svchost.exe=TermService
C:\WINDOWS\system32\svchost.exe=Themes
C:\WINDOWS\system32\svchost.exe=UxTuneUp
C:\WINDOWS\system32\svchost.exe=WebClient
C:\WINDOWS\system32\svchost.exe=winmgmt
C:\WINDOWS\system32\svchost.exe=wscsvc
C:\WINDOWS\system32\svchost.exe=wuauserv
C:\WINDOWS\system32\svchost.exe=WZCSVC

Registry
--------
000=HKCU\Run: CTFMON.EXE=c:\windows\system32\ctfmon.exe
000=HKCU\Run: SUPERAntiSpyware=c:\program files\superantispyware\superantispyware.exe
000=HKLM\Run: ATIPTA=c:\program files\ati technologies\ati control panel\atiptaxx.exe
000=HKLM\Run: avgnt="c:\program files\avira\antivir personaledition classic\avgnt.exe" /min
000=HKLM\Run: iTunesHelper="c:\program files\itunes\ituneshelper.exe"
000=HKLM\Run: LogitechCameraService(E)=c:\windows\system32\elkctrl.exe
000=HKLM\Run: QuickTime Task="c:\program files\quicktime\qttask.exe" -atboottime
000=HKLM\Run: SoundMan=c:\windows\soundman.exe
001=Firewall bypass: %windir%\Network Diagnostic\xpnetdiag.exe=c:\windows\network diagnostic\xpnetdiag.exe
001=Firewall bypass: %windir%\system32\sessmgr.exe=c:\windows\system32\sessmgr.exe
001=Firewall bypass: C:\Program Files\ICQ6\ICQ.exe=c:\program files\icq6\icq.exe
001=Firewall bypass: C:\Program Files\iTunes\iTunes.exe=c:\program files\itunes\itunes.exe
001=Firewall bypass: C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe=c:\program files\ivt corporation\bluesoleil\bluesoleil.exe
001=Firewall bypass: C:\Program Files\Metin2_Germany\metin2.bin=c:\program files\metin2_germany\metin2.bin
001=Firewall bypass: C:\Program Files\Microsoft Games\Age of Empires II\EMPIRES2.EXE=c:\program files\microsoft games\age of empires ii\empires2.exe
001=Firewall bypass: C:\Program Files\Microsoft Games\Age of Empires II\EMPIRES2.ICD=c:\program files\microsoft games\age of empires ii\empires2.icd
001=Firewall bypass: C:\Program Files\Opera\Opera.exe=c:\program files\opera\opera.exe
001=Firewall bypass: C:\Program Files\Skype\Phone\Skype.exe=c:\program files\skype\phone\skype.exe
001=Firewall bypass: C:\Program Files\Valve\hl.exe=c:\program files\valve\hl.exe
001=Firewall bypass: C:\Program Files\Warcraft III\War3.exe=c:\program files\warcraft iii\war3.exe
001=Firewall bypass: C:\Program Files\Warcraft III\Warcraft III.exe=c:\program files\warcraft iii\warcraft iii.exe
001=Firewall bypass: C:\WINDOWS\system32\dplaysvr.exe=c:\windows\system32\dplaysvr.exe
020=SSODL: CDBurn=C:\WINDOWS\system32\shell32.dll
020=SSODL: PostBootReminder=C:\WINDOWS\system32\shell32.dll
020=SSODL: SysTray=C:\WINDOWS\system32\stobject.dll
020=SSODL: WebCheck=c:\windows\system32\webcheck.dll
020=SSODL: WPDShServiceObj=c:\windows\system32\wpdshserviceobj.dll
030=BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=(null) ()
030=BHO: {72853161-30C5-4D22-B7F9-0BBC1D38A37E}=c:\progra~1\micros~3\office12\gra8e1~1.dll (Groove GFS Browser Helper)
031=Toolbar: {01E04581-4EEE-11D0-BFE9-00AA005B4383}=C:\WINDOWS\system32\browseui.dll
031=Toolbar: {0E5CBF21-D15F-11D0-8301-00AA005B4383}=C:\WINDOWS\system32\shell32.dll
031=Toolbar: {855F3B16-6D32-4FE6-8A56-BBB695989046}=(null)
031=Toolbar: {F2CF5485-4E02-4F68-819C-B92DE9277049}=c:\windows\system32\ieframe.dll
031=Toolbar: ITBar7Layout=(null)

Startup Folders
---------------
Common: desktop.ini
Common: logitech setpoint.lnk -> C:\PROGRA~1\Logitech\SetPoint\SetPoint.exe
Common: via raid tool.lnk -> C:\PROGRA~1\VIA\RAID\RAID_T~1.EXE
Personal: desktop.ini
Personal: Secunia PSI (RC3).lnk -> C:\PROGRA~1\Secunia\PSI(RC~1\psi.exe

HOSTS
-----
# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost
127.0.0.1 mpa.one.microsoft.com

hofffentlich bin ich jetze sauber

[/SIZE]

undoreal · 17.08.2008, 16:32

Nutzt du FolderLock?

Lasse Anti-Malware bitte nocheinmal laufen und die Funde löschen.

Und update dein System auf Service Pack3 !!

Dateien Online überprüfen lassen:

* Lasse dir auch die versteckten Dateien anzeigen!

* Suche die Seite Virtustotal auf. Kopiere folgenden Dateipfad per copy and paste in das Eingabefeld neben dem "Durchsuchen"-Button. Klicke danach auf "Senden der Datei"!

* Alternativ kannst du dir die Datei natürlich auch über den "Durchsuchen"-Button selbst heraussuchen.

Zitat:

C:\WINDOWS\War3Unin.exe
C:\WINDOWS\War3Unin.dat
C:\WINDOWS\War3Unin.pif
C:\WINDOWS\system32\TUKernel.exe
C:\WINDOWS\system32\drivers\lvuvc.hs
C:\WINDOWS\system32\es.dll
C:\WINDOWS\system32\divx_xx07.dll
C:\WINDOWS\system32\DivXCodecVersionChecker.exe
C:\WINDOWS\system32\DivXWMPExtType.dll

Lade nun nacheinander jede/alle Datei/Dateien hoch, und warte bis der Scan vorbei ist. (kann bis zu 2 Minuten dauern.)
* Poste im Anschluss das Ergebnis der Auswertung, alles abkopieren und in einen Beitrag einfügen.
(Wichtig: Auch die Größenangabe sowie den HASH mit kopieren!)

abhijat · 20.08.2008, 11:48

Hali Hallo

sry das es solange gedauert hat.
hatte keine zeit gefunden.

A C:\WINDOWS\War3Unin.exe
B C:\WINDOWS\War3Unin.dat
C C:\WINDOWS\War3Unin.pif
D C:\WINDOWS\system32\TUKernel.exe
E C:\WINDOWS\system32\drivers\lvuvc.hs
F C:\WINDOWS\system32\es.dll
G C:\WINDOWS\system32\divx_xx07.dll
H C:\WINDOWS\system32\DivXCodecVersionChecker.exe
I C:\WINDOWS\system32\DivXWMPExtType.dll

A: MD5: 54e95b9aabde3ba8e52e223fb65e34d9
First received: -
Datum 2008.06.19 15:39:15 (CET) [>61D]
Ergebnisse 0/33
Permalink: analisis/d229eb0ce748555bf704be59404d477a

B: MD5: 7c8e6e37182cbfee78821b1a0bd15a82
First received: -
Datum 2008.08.18 13:48:30 (CET) [+1D]
Ergebnisse 0/36
Permalink: analisis/06452ace7cdc6a877304a61ff321f479

c: MD5: 93e89d2c2656a531ec0f63a48e0ea5a9
First received: -
Datum 2008.08.18 13:49:13 (CET) [+1D]
Ergebnisse 0/36
Permalink: analisis/0e25ac529898fd8cbcba9b2c18ad1d1f

D: MD5: 68178706929ee65a08e252d20e599a69
First received: -
Datum 2008.08.18 13:51:59 (CET) [+1D]
Ergebnisse 0/34
Permalink: analisis/221668c0829caba44542d43adc1cf06e

E: 0 bytes size received / Se ha recibido un archivo vacio

F: MD5: 60d1a6342238378bfb7545c81ee3606c
First received: -
Datum 2008.08.16 22:23:17 (CET) [>3D]
Ergebnisse 0/35
Permalink: analisis/74e37f48c86457aa693302d7f82415f5

G: MD5: d2be663e8324948e5c2e58886d72df05
First received: -
Datum 2008.08.20 12:24:13 (CET) [<1D]
Ergebnisse 0/36
Permalink: analisis/20b50121d1f6b4b33b81d869657542df

H: MD5: d4f09db46a6e2f237ff31bd84e68ec6e
First received: -
Datum 2008.08.20 12:24:13 (CET) [<1D]
Ergebnisse 0/36
Permalink: analisis/eb63303e334276b2c5a32ebd9ae69ef3

I: MD5: 85f907acd7befe530502a0924376ba6a
First received: -
Datum 2008.08.14 13:22:09 (CET) [>5D]
Ergebnisse 0/36
Permalink: analisis/443f7db990abe5a88769a63c5e58d19e

so das waren alle datein und jetzt der neue malware report:

Malwarebytes' Anti-Malware 1.24
Datenbank Version: 1061
Windows 5.1.2600 Service Pack 2

13:39:34 18.08.2008
mbam-log-8-18-2008 (13-39-34).txt

Scan-Methode: Vollständiger Scan (C:\|D:\|)
Durchsuchte Objekte: 131921
Laufzeit: 1 hour(s), 13 minute(s), 57 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
D:\Instal files\qip\qip8040.exe (Adware.Sogou) -> Quarantined and deleted successfully.

undoreal · 20.08.2008, 12:01

Wie sieht's bei dir aus? Noch Probleme? Wenn ja dann poste bitte noch das AVZ4 log.

abhijat · 21.08.2008, 18:08

also eigentlich hab ich keine probleme mehr

und hiermit moechte ich noch einmal danke danke sagen dafuer das du dich
so bemueht hast mir zu helfen die schaedlinge auf meinem rechner zu entfernen wirklich einsame spitze:aplaus:

end lich vieren frei

20.08.2008, 12:01	#8
undoreal /// AVZ-Toolkit Guru	internet problem Wie sieht's bei dir aus? Noch Probleme? Wenn ja dann poste bitte noch das AVZ4 log. __________________ - Sämtliche Hilfestellungen im Forum werden ohne Gewährleistung oder Haftung gegeben - Mit Sicherheit durch's Netz Trojaner Board Spenden Konto

internet problem

Log-Analyse und Auswertung: internet problem