Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Internetverbindung wird getrennt (https://www.trojaner-board.de/78989-internetverbindung-getrennt.html)

SigurRos 31.10.2009 10:04
Internetverbindung wird getrennt
 
Hallo,

seit einige Tagen kommt es manchmal vor, dass die Internetverbindung abbricht und es bis zu einer Stunde dauert, bis ich wieder online bin.
Wiederherstellung zu einem Tag an dem dies noch nicht vorkam durch die Systemwiederherstellung nützte nichts.

Logfile of random's system information tool 1.06 (written by random/random)
Run by ICH at 2009-10-31 09:54:40
Microsoft Windows XP Professional Service Pack 3
System drive C: has 6 GB (27%) free of 21 GB
Total RAM: 1023 MB (45% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:54:42, on 31.10.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
C:\Programme\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\Rundll32.exe
C:\Programme\Microsoft IntelliPoint\ipoint.exe
C:\Programme\Microsoft IntelliType Pro\itype.exe
C:\Programme\FRITZ!DSL\Awatch.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programme\Java\jre6\bin\jusched.exe
C:\Programme\PureText\PureText.exe
C:\Programme\PhraseExpress\phraseexpress.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\TomTom HOME 2\TomTomHOMEService.exe
C:\Programme\Alwil Software\Avast4\ashMaiSv.exe
C:\Programme\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\CNAB3RPK.EXE
C:\Programme\aborange DayDisplay\DayDisplay.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Microsoft Office\Office12\WINWORD.EXE
C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\Dokumente und Einstellungen\ICH\Desktop\RSIT.exe
C:\Programme\Trend Micro\HijackThis\ICH.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Programme\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Programme\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Programme\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [IntelliPoint] "C:\Programme\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [itype] "C:\Programme\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [AWatch] C:\Programme\FRITZ!DSL\Awatch.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Programme\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime Alternative\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [PureText] "C:\Programme\PureText\PureText.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: DSL-Manager.lnk = C:\Programme\DSL-Manager\DslMgr.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: DSL-Manager.lnk = C:\Programme\DSL-Manager\DslMgr.exe (User 'Default user')
O4 - Startup: phraseexpress.lnk = C:\Programme\PhraseExpress\phraseexpress.exe
O4 - Startup: Verbinden.lnk = ?
O4 - Startup: Verknüpfung mit DayDisplay.lnk = C:\Programme\aborange DayDisplay\DayDisplay.exe
O4 - Global Startup: PhraseExpress.lnk = C:\Programme\PhraseExpress\phraseexpress.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Programme\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Programme\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Programme\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Programme\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Download with Xilisoft Download YouTube Video - C:\Programme\Xilisoft\Download YouTube Video\upod_link.HTM
O8 - Extra context menu item: Download with Xilisoft YouTube Video Converter - C:\Programme\Xilisoft\YouTube Video Converter\upod_link.HTM
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open Link Target in Firefox - file://C:\Dokumente und Einstellungen\ICH\Anwendungsdaten\Mozilla\Firefox\Profiles\9573j5qt.default\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewlink.html
O8 - Extra context menu item: View This Page in Firefox - file://C:\Dokumente und Einstellungen\ICH\Anwendungsdaten\Mozilla\Firefox\Profiles\9573j5qt.default\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewpage.html
O9 - Extra button: Ausfüllen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Programme\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: RF - Formular ausfüllen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Programme\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Speichern - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Programme\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: RF - Formular speichern - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Programme\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Programme\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RF - RoboForm-Leiste ein/aus - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Programme\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O16 - DPF: {076169AA-8C3D-4CFC-AC23-3ACA88FC21B5} (F-Secure Online Scanner Launcher) - h**p://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{26EB433E-7D35-487D-ADC4-65C1E4335806}: NameServer = 192.168.122.252,192.168.122.253
O17 - HKLM\System\CCS\Services\Tcpip\..\{9428593B-4BC6-4945-A452-AD230BC14DBC}: NameServer = 194.97.173.124 194.97.173.125
O17 - HKLM\System\CS1\Services\Tcpip\..\{26EB433E-7D35-487D-ADC4-65C1E4335806}: NameServer = 192.168.122.252,192.168.122.253
O17 - HKLM\System\CS2\Services\Tcpip\..\{26EB433E-7D35-487D-ADC4-65C1E4335806}: NameServer = 192.168.122.252,192.168.122.253
O18 - Protocol: haufereader - (no CLSID) - (no file)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Unknown owner - C:\Programme\Lavasoft\Ad-Aware\aawservice.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
O23 - Service: Haufe iDesk-Service in C:\Programme\Haufe\iDesk\iDeskService\Zope (HRService) - Unknown owner - C:\Programme\Haufe\iDesk\iDeskService\iDeskService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Programme\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Programme\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

--
End of file - 9863 bytes

SigurRos 31.10.2009 10:05
======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Automatische Problemsuche.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}]
Octh Class - C:\Programme\Orbitdownloader\orbitcth.dll [2009-08-04 179472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{724d43a9-0d85-11d4-9908-00400523e39a}]
C:\Programme\Siber Systems\AI RoboForm\roboform.dll [2009-10-24 5976904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf00e119-21a3-4fd1-b178-3b8537e75c92}]
IeMonitorBho Class - C:\Programme\Megaupload\Mega Manager\MegaIEMn.dll [2009-06-29 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Programme\Java\jre6\bin\jp2ssv.dll [2009-07-31 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-31 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{724d43a0-0d85-11d4-9908-00400523e39a} - &RoboForm - C:\Programme\Siber Systems\AI RoboForm\roboform.dll [2009-10-24 5976904]
{C55BBCD6-41AD-48AD-9953-3609C48EACC7} - Grab Pro - C:\Programme\Orbitdownloader\GrabPro.dll [2009-08-04 662720]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"P17Helper"=Rundll32 P17.dll,P17Helper []
"IntelliPoint"=C:\Programme\Microsoft IntelliPoint\ipoint.exe [2008-06-10 1406024]
"itype"=C:\Programme\Microsoft IntelliType Pro\itype.exe [2008-06-10 1442888]
"AWatch"=C:\Programme\FRITZ!DSL\Awatch.exe [2003-11-06 520192]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-09-15 81000]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"Malwarebytes Anti-Malware (reboot)"=C:\Programme\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]
"QuickTime Task"=C:\Programme\QuickTime Alternative\QTTask.exe [2009-09-05 417792]
"AtiPTA"=C:\WINDOWS\system32\atiptaxx.exe [2006-02-22 344064]
"Adobe Reader Speed Launcher"=C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
"Adobe ARM"=C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]
"SunJavaUpdateSched"=C:\Programme\Java\jre6\bin\jusched.exe [2009-07-31 149280]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SetDefaultMIDI"=C:\WINDOWS\MIDIDef.exe [2002-12-03 49152]
"PureText"=C:\Programme\PureText\PureText.exe [2003-08-21 28672]

C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
PhraseExpress.lnk - C:\Programme\PhraseExpress\phraseexpress.exe

C:\Dokumente und Einstellungen\ICH\Startmenü\Programme\Autostart
phraseexpress.lnk - C:\Programme\PhraseExpress\phraseexpress.exe
Verbinden.lnk -
Verknüpfung mit DayDisplay.lnk - C:\Programme\aborange DayDisplay\DayDisplay.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-12-05 122880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\usmt\migwiz.exe"="C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Assistent zum Übertragen von Dateien und Einstellungen"
"C:\WINDOWS\system32\CNAB3RPK.EXE"="C:\WINDOWS\system32\CNAB3RPK.EXE:*:Enabled:Canon LBP3000 RPC Server Process"
"C:\Programme\Orbitdownloader\orbitdm.exe"="C:\Programme\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit"
"C:\Programme\Orbitdownloader\orbitnet.exe"="C:\Programme\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit"
"C:\Programme\VideoLAN\VLC\vlc.exe"="C:\Programme\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\Programme\Internet Explorer\iexplore.exe"="C:\Programme\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Programme\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe"="C:\Programme\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe:*:Enabled:SiSoftware Deployment Agent Service"
"C:\Programme\SiSoftware\SiSoftware Sandra Lite XII.SP2c\WNt500x86\RpcSandraSrv.exe"="C:\Programme\SiSoftware\SiSoftware Sandra Lite XII.SP2c\WNt500x86\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service"
"C:\Programme\PhraseExpress\PhraseExpress.exe"="C:\Programme\PhraseExpress\PhraseExpress.exe:*:Enabled:PhraseExpress"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2009-10-31 09:27:38 ----SHD---- C:\Config.Msi
2009-10-31 09:19:35 ----A---- C:\WINDOWS\system32\TURegOpt.exe
2009-10-31 09:19:01 ----D---- C:\Programme\TuneUp Utilities 2010
2009-10-31 09:18:30 ----SHD---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2009-10-31 08:15:16 ----D---- C:\rsit
2009-10-24 03:40:55 ----A---- C:\WINDOWS\system32\pthreadGC2.dll
2009-10-24 03:37:53 ----D---- C:\Programme\Citrix
2009-10-23 13:31:22 ----D---- C:\Programme\Megaupload
2009-10-23 13:31:05 ----D---- C:\Dokumente und Einstellungen\ICH\Anwendungsdaten\InstallShield
2009-10-23 13:18:09 ----A---- C:\WINDOWS\system32\pdfcmnnt.dll
2009-10-23 13:18:08 ----D---- C:\Programme\PDFCreator
2009-10-23 13:18:08 ----A---- C:\WINDOWS\system32\MSMPIDE.DLL
2009-10-23 13:18:08 ----A---- C:\WINDOWS\system32\MSCC2DE.DLL
2009-10-23 13:14:54 ----A---- C:\WINDOWS\system32\javaws.exe
2009-10-23 13:14:54 ----A---- C:\WINDOWS\system32\javaw.exe
2009-10-23 13:14:54 ----A---- C:\WINDOWS\system32\java.exe
2009-10-21 16:12:01 ----D---- C:\Programme\Microsoft Works
2009-10-21 16:11:46 ----D---- C:\Programme\Gemeinsame Dateien\DESIGNER
2009-10-17 07:49:15 ----D---- C:\Programme\BurningStudioPortable
2009-10-16 18:55:59 ----D---- C:\Dokumente und Einstellungen\ICH\Anwendungsdaten\metaspinner net GmbH
2009-10-16 17:32:44 ----D---- C:\Dokumente und Einstellungen\ICH\Anwendungsdaten\DVD Flick
2009-10-16 17:32:26 ----D---- C:\Programme\DVD Flick
2009-10-16 16:55:17 ----D---- C:\Programme\Ashampoo
2009-10-14 19:06:26 ----D---- C:\Dokumente und Einstellungen\ICH\Anwendungsdaten\ICAClient
2009-10-14 17:14:26 ----D---- C:\Dokumente und Einstellungen\ICH\Anwendungsdaten\Citrix
2009-10-11 14:54:44 ----D---- C:\Programme\Screen Capturer
2009-10-11 14:54:26 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ScreenCapture
2009-10-09 16:01:29 ----D---- C:\Programme\a-squared Free
2009-10-09 15:52:24 ----D---- C:\Programme\a-squared HiJackFree
2009-10-03 09:17:00 ----A---- C:\WINDOWS\system32\atiok3x2.dll
2009-10-03 09:16:59 ----A---- C:\WINDOWS\system32\atioglx2.dll
2009-10-03 09:16:59 ----A---- C:\WINDOWS\system32\ATIDEMGX.dll
2009-10-03 09:02:00 ----N---- C:\WINDOWS\system32\ati2sgag.exe
2009-10-03 08:59:05 ----A---- C:\WINDOWS\Radeon Omega Drivers v3.8.252 Uninstall.exe
2009-10-03 08:23:21 ----A---- C:\WINDOWS\WININIT.INI
2009-10-03 08:14:52 ----D---- C:\Programme\ATI Technologies
2009-10-02 05:59:02 ----D---- C:\Programme\TV-Browser

======List of files/folders modified in the last 1 months======

2009-10-31 09:30:07 ----D---- C:\WINDOWS\Prefetch
2009-10-31 09:28:46 ----SHD---- C:\WINDOWS\Installer
2009-10-31 09:28:10 ----D---- C:\Programme
2009-10-31 09:27:43 ----D---- C:\WINDOWS\system32
2009-10-31 09:19:44 ----SD---- C:\WINDOWS\Tasks
2009-10-31 09:18:49 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
2009-10-31 09:18:42 ----AD---- C:\WINDOWS
2009-10-31 08:16:17 ----D---- C:\WINDOWS\Temp
2009-10-31 08:10:31 ----D---- C:\Programme\Mozilla Firefox
2009-10-31 08:09:45 ----D---- C:\Programme\Mozilla Thunderbird
2009-10-30 23:43:44 ----N---- C:\WINDOWS\SchedLgU.Txt
2009-10-30 23:28:38 ----D---- C:\Programme\Idoswin Pro
2009-10-30 07:52:26 ----HD---- C:\WINDOWS\inf
2009-10-30 07:52:25 ----D---- C:\WINDOWS\system32\CatRoot2
2009-10-30 07:47:16 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-10-30 07:47:16 ----D---- C:\WINDOWS\system32\drivers
2009-10-30 07:47:11 ----D---- C:\WINDOWS\system32\FRITZdsl
2009-10-28 19:33:48 ----D---- C:\WINDOWS\WinSxS
2009-10-28 19:33:41 ----D---- C:\Programme\Xilisoft
2009-10-28 19:24:47 ----D---- C:\Programme\XPcleanv5
2009-10-28 18:55:56 ----D---- C:\Programme\MSD 0.655
2009-10-27 17:10:31 ----RSD---- C:\WINDOWS\assembly
2009-10-26 06:56:34 ----D---- C:\Dokumente und Einstellungen\ICH\Anwendungsdaten\GoodSync
2009-10-25 14:26:48 ----AC---- C:\WINDOWS\MegaManager.INI
2009-10-25 08:11:36 ----D---- C:\Dokumente und Einstellungen\ICH\Anwendungsdaten\vlc
2009-10-25 08:09:21 ----D---- C:\Programme\Ziepod
2009-10-25 07:22:05 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-10-24 03:31:28 ----D---- C:\Dokumente und Einstellungen\ICH\Anwendungsdaten\Audacity
2009-10-24 03:31:19 ----D---- C:\Programme\Audacity 1.3 Beta (Unicode)
2009-10-23 13:31:21 ----HD---- C:\Programme\InstallShield Installation Information
2009-10-23 13:18:35 ----D---- C:\Programme\Registry System Wizard
2009-10-23 13:16:14 ----D---- C:\Programme\XnView
2009-10-23 13:15:37 ----D---- C:\Programme\pdfsam
2009-10-23 13:14:50 ----D---- C:\Programme\Java
2009-10-23 13:13:43 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PhraseExpress
2009-10-23 13:13:38 ----D---- C:\Programme\PhraseExpress
2009-10-23 12:49:00 ----D---- C:\Programme\aborange DayDisplay
2009-10-21 20:14:13 ----D---- C:\Dokumente und Einstellungen\ICH\Anwendungsdaten\Orbit
2009-10-21 16:13:58 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft Help
2009-10-21 16:12:38 ----D---- C:\Programme\Gemeinsame Dateien\Microsoft Shared
2009-10-21 16:11:46 ----D---- C:\Programme\Gemeinsame Dateien
2009-10-21 16:11:41 ----RSD---- C:\WINDOWS\Fonts
2009-10-21 15:52:50 ----AC---- C:\WINDOWS\avisplitter.ini
2009-10-21 13:17:36 ----D---- C:\Programme\Preispiraten6
2009-10-21 11:52:52 ----D---- C:\Programme\FRITZ!DSL
2009-10-21 11:50:22 ----D---- C:\WINDOWS\system32\config
2009-10-21 11:50:01 ----D---- C:\WINDOWS\system32\wbem
2009-10-21 11:50:00 ----D---- C:\WINDOWS\Registration
2009-10-17 13:25:20 ----A---- C:\Log.txt
2009-10-17 12:55:20 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Adobe
2009-10-17 12:40:00 ----D---- C:\Programme\Gemeinsame Dateien\Adobe
2009-10-17 07:53:51 ----D---- C:\Dokumente und Einstellungen\ICH\Anwendungsdaten\Ashampoo
2009-10-14 19:10:49 ----D---- C:\WINDOWS\Debug
2009-10-14 19:10:48 ----D---- C:\WINDOWS\Minidump
2009-10-14 16:48:30 ----D---- C:\WINDOWS\Microsoft.NET
2009-10-14 06:15:53 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-10-14 06:15:51 ----D---- C:\Programme\Internet Explorer
2009-10-14 06:15:43 ----D---- C:\WINDOWS\ie8updates
2009-10-14 06:15:40 ----HD---- C:\WINDOWS\$hf_mig$
2009-10-11 07:07:42 ----D---- C:\Dokumente und Einstellungen\ICH\Anwendungsdaten\Adobe
2009-10-08 17:30:30 ----D---- C:\WINDOWS\system32\NtmsData
2009-10-07 10:04:50 ----D---- C:\Dokumente und Einstellungen
2009-10-03 08:08:14 ----D---- C:\Programme\MultiRes
2009-10-02 19:01:57 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-09-15 27408]
R1 AmdK7;AMD K7-Prozessortreiber; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2008-04-14 41856]
R1 ASPI32;ASPI32; C:\WINDOWS\system32\drivers\ASPI32.sys [2007-02-06 16512]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-09-15 114768]
R1 NETDSL;AVM PPP over Ethernet; C:\WINDOWS\system32\DRIVERS\netdsl.sys [2003-10-30 11264]
R2 aadev;AVM ADSL Adapter Device; C:\WINDOWS\System32\DRIVERS\aadev.sys [2003-10-30 27648]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-09-15 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-09-15 94160]
R2 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2009-02-17 24232]
R3 AnyDVD;AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [2008-08-01 99648]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-09-15 23152]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2007-12-05 2782208]
R3 AVMDSLPPPOE;AVM DSL PPPoE CAPI Treiber; C:\WINDOWS\system32\DRIVERS\avmdsloe.sys [2003-10-20 39808]
R3 AVMNDSL;AVM DSL NDIS WAN CAPI Treiber; C:\WINDOWS\system32\DRIVERS\avmndsl.sys [2003-10-20 38992]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys [2005-01-10 138752]
R3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2006-12-26 34760]
R3 ElbyDelay;ElbyDelay; C:\WINDOWS\System32\Drivers\ElbyDelay.sys [2007-02-16 11984]
R3 FDLUBASE;AVM FRITZ!Card DSL SL USB (WinXP/2000); C:\WINDOWS\system32\DRIVERS\fdlubase.sys [2003-10-20 674048]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\DRIVERS\ctoss2k.sys [2005-01-10 106496]
R3 P17xfi;Sound Blaster X-Fi Xtreme Audio; C:\WINDOWS\system32\drivers\P17xfi.sys [2007-06-13 1174528]
R3 p17xfilt;p17xfilt; C:\WINDOWS\system32\drivers\p17xfilt.sys [2007-08-20 1656960]
R3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2008-06-10 31048]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys []
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 atimtag;atimtag; C:\WINDOWS\System32\DRIVERS\atimtag.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 dsltestSp5;dsltestSp5 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\dsltestSp5.sys []
S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2009-01-25 85969]
S3 MODEMCSA;Unimodem-Datenstromfiltergerät; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 NETFWDSL;AVM FRITZ!web DSL PPP; C:\WINDOWS\system32\DRIVERS\NETFWDSL.SYS [2003-10-30 366080]
S3 P17;Sound Blaster Audigy; C:\WINDOWS\system32\drivers\P17.sys [2005-07-07 1389056]
S3 SANDRA;SANDRA; \??\C:\Programme\SiSoftware\SiSoftware Sandra Lite XII.SP2c\WNt500x86\Sandra.sys []
S3 SISNIC;SiS-PCI-Fast Ethernet- Adaptertreiber; C:\WINDOWS\System32\DRIVERS\sisnic.sys [2008-04-13 32768]
S3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51; C:\WINDOWS\system32\DRIVERS\sisnicxp.sys [2006-02-14 32768]
S3 TSMPacket;DSL-Manager Service; C:\WINDOWS\system32\DRIVERS\tsmpkt.sys []
S3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB-Scannertreiber; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Programme\Alwil Software\Avast4\aswUpdSv.exe [2009-09-15 18752]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-12-05 495616]
R2 avast! Antivirus;avast! Antivirus; C:\Programme\Alwil Software\Avast4\ashServ.exe [2009-09-15 138680]
R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2009-07-31 153376]
R2 TomTomHOMEService;TomTomHOMEService; C:\Programme\TomTom HOME 2\TomTomHOMEService.exe [2009-08-27 92008]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2009-10-30 1021256]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Programme\Alwil Software\Avast4\ashMaiSv.exe [2009-09-15 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Programme\Alwil Software\Avast4\ashWebSv.exe [2009-09-15 352920]
S2 aawservice;Lavasoft Ad-Aware Service; C:\Programme\Lavasoft\Ad-Aware\aawservice.exe []
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2007-09-28 593920]
S2 HRService;Haufe iDesk-Service in C:\Programme\Haufe\iDesk\iDeskService\Zope; C:\Programme\Haufe\iDesk\iDeskService\iDeskService.exe []
S3 aspnet_state;ASP.NET-Zustandsdienst; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 de_serv;AVM FRITZ!web Routing Service; C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe [2003-10-30 196668]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service; C:\Programme\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe [2009-08-17 99176]
S3 WMPNetworkSvc;Windows Media Player-Netzwerkfreigabedienst; C:\Programme\Windows Media Player\WMPNetwk.exe [2006-11-03 920576]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 NMIndexingService;NMIndexingService; C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe []

-----------------EOF-----------------

cosinus 14.11.2009 16:25
Hallo,

nach zwei Wochen brauchen wir neue Logfiles. Bitte diese Liste beachten und abarbeiten. Beim Scan mit MalwareBytes auch alle externen Speicher (ext. Platten, USB-Sticks, ... mit anklemmen!!
Die Logfiles kannst Du zB alle in eine Datei zippen und auf File-Upload.net hochladen und hier verlinken, denn 1. sind manche Logfiles fürs Board nämlich zu groß und 2. kann ich mit einem Klick mir gleich alle auf einmal runterladen.


Alle Zeitangaben in WEZ +1. Es ist jetzt 23:04 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131