Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Hupigon13, Win32.Delf.uv - Antivir und Hijackthis gehen nicht

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 27.05.2009, 14:23   #1
phaos
 
Hupigon13, Win32.Delf.uv - Antivir und Hijackthis gehen nicht - Standard

Hupigon13, Win32.Delf.uv - Antivir und Hijackthis gehen nicht



Hallo zusammen,

ich habe folgendes Problem: Spybot findet auf meinem Rechner einige Trojaner-Dateien (Hupigon13, Win32.Delf.uv etc) (Das Log von Spybot ist unten angehängt). Antivir lässt sich nicht mehr starten, ebenso wenig Hijackthis.
Mein System: Windows XP SP3.
Wie kann ich vorgehen?
Vielen Dank

Log von Spybot (nur der Anfang, die anderen Sachen sind glaub ich nur Gebrauchsspurenhinweise):
Microsoft.WindowsSecurityCenter.FirewallBypass: [SBI $B067B5B7] Einstellungen (Registrierungsdatenbank-Wert, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\WINDOWS\explore r.exe

Hupigon13: [SBI $D5A7DCB6] Einstellungen (Registrierungsdatenbank-Schlüssel, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe

Hupigon13: [SBI $8D4AFC92] Einstellungen (Registrierungsdatenbank-Schlüssel, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com

Hupigon13: [SBI $79919CB3] Einstellungen (Registrierungsdatenbank-Schlüssel, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe

Hupigon13: [SBI $46DBB063] Einstellungen (Registrierungsdatenbank-Schlüssel, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NOD32.exe

Win32.Delf.uv: [SBI $E73FD4D9] Einstellungen (Registrierungsdatenbank-Wert, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCONSOL.EXE\Debugger

Win32.Delf.uv: [SBI $9554BC9A] Einstellungen (Registrierungsdatenbank-Wert, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVP32.EXE\Debugger

Win32.Delf.uv: [SBI $C83CB234] Einstellungen (Registrierungsdatenbank-Wert, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAV32.EXE\Debugger

Win32.Delf.uv: [SBI $4D759A7F] Einstellungen (Registrierungsdatenbank-Wert, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPFW.EXE\Debugger

Win32.Delf.uv: [SBI $F963F0F7] Einstellungen (Registrierungsdatenbank-Wert, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapsvc.EXE\Debugger

Win32.Delf.uv: [SBI $83CDDB58] Einstellungen (Registrierungsdatenbank-Wert, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapw32.EXE\Debugger

Win32.Delf.uv: [SBI $AB0D8EB4] Einstellungen (Registrierungsdatenbank-Wert, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVNT.EXE\Debugger

Win32.Delf.uv: [SBI $C53439DD] Einstellungen (Registrierungsdatenbank-Wert, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navw32.EXE\Debugger

Win32.Delf.uv: [SBI $0809137C] Einstellungen (Registrierungsdatenbank-Wert, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVWNT.EXE\Debugger

Win32.Delf.uv: [SBI $95619944] Einstellungen (Registrierungsdatenbank-Wert, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SCAN32.EXE\Debugger

Win32.Delf.uv: [SBI $AE0ED1C1] Einstellungen (Registrierungsdatenbank-Wert, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ZONEALARM.EXE\Debugger

Online Content Ltd.: Lesezeichen (Firefox: default) (Lesezeichen, nothing done)


Common Dialogs: History (178 files) (Registrierungsdatenbank-Schlüssel, nothing done)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU

Alt 27.05.2009, 14:44   #2
Chris4You
 
Hupigon13, Win32.Delf.uv - Antivir und Hijackthis gehen nicht - Standard

Hupigon13, Win32.Delf.uv - Antivir und Hijackthis gehen nicht



Hi,

in dem Fall probieren wir mal MAM, runterladen und direkt im Downloadidalog umbenennen ggf. im abgesicherten Modus probieren (F8 beim Booten drücken).

Malwarebytes Antimalware (MAM).
Anleitung&Download hier: http://www.trojaner-board.de/51187-m...i-malware.html
Fullscan und alles bereinigen lassen! Log posten.
Alternativer Download: http://filepony.de/download-malwarebytes_anti_malware/, http://www.gt500.org/malwarebytes/mbam.jsp

chris
Ps.: Diese Reg.-Einträge:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe
verhindern das Starten der AV-Programme, wäre interessant auszuprobieren ob die vom Virus überwacht werden....
Hmmm...
Lust auf ein Experiment?
Lade Dir: http://www.chip.de/downloads/c1_downloads_12991462.html (RegCleaner) runter, navigiere zu dem Schlüssel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
und lösche dort den Eintrag "regedit.exe".
Dann versuche Regedit zu starten (start->ausführen->regedit.exe)
Wenn das geht, mache ich ein Script um den Rest weg zubekommen, damit Avira wieder läuft....
__________________

__________________

Geändert von Chris4You (27.05.2009 um 14:50 Uhr)

Alt 28.05.2009, 18:26   #3
phaos
 
Hupigon13, Win32.Delf.uv - Antivir und Hijackthis gehen nicht - Standard

Hupigon13, Win32.Delf.uv - Antivir und Hijackthis gehen nicht



Hallo Chris,
ich habe MAM ausgeführt, dieses hat auch eine ganze Reihe von Sachen gefunden, ich habs löschen lassen, und das Log gespeichert, ABER:
Jetzt funktioniert der PC nicht mehr richtig, beim Laden der Taskleiste bleibt er irgendwie hängen, ich kann nichts in Startmenü, kann keine Programme öffnen und kein Kontextmenü anzeigen. Folglich kann ich dir auch nicht mehr die Logdatei geben, die ist zwar auf dem Desktop, aber ich kann sie nicht bearbeiten. Das einzige was zu gehen scheint ist der Taskmanager. Mir kommt ungewöhnlich vor, dass in der Prozessliste nur ein einziges Prozess SYSTEM als Benutzername hat, alle anderen haben keinen. Das war doch sonst anders...?! Hab ich jetzt irgendwelche Systemdateien gelöscht durch MAM?
Vielen Dank und Grüße,

Michael
__________________

Alt 29.05.2009, 07:17   #4
Chris4You
 
Hupigon13, Win32.Delf.uv - Antivir und Hijackthis gehen nicht - Standard

Hupigon13, Win32.Delf.uv - Antivir und Hijackthis gehen nicht



Hi,

shit, dazu bräuchte ich das Log...

Notfalls wie folgt vorgehen:
TaskManager->Reiter "Anwendungen"->Neuer Task...->explorer.exe

Startet die dann?

Probiere das gleiche mit Notepad.exe, damit Du das Log mal Laden/posten kannst...

Wenn gar nichts geht, versuchen über diesen Weg MAM aufzurufen (mbam.exe),
dann auf Reiter Quarantäne, da lässt sich alles wiederherstellen...

Wir schauen mal tiefer in das System (allerdings beschleicht mich das ungute Gefühl, dass wir ggf. Neuaufsetzen müssen...)

RSIT
Random's System Information Tool (RSIT) von random/random liest Systemdetails aus und erstellt ein aussagekräftiges Logfile.

* Lade Random's System Information Tool (RSIT) herunter (http://filepony.de/download-rsit/)
* speichere es auf Deinem Desktop.
* Starte mit Doppelklick die RSIT.exe.
* Klicke auf Continue, um die Nutzungsbedingungen zu akzeptieren.
* Wenn Du HijackThis nicht installiert hast, wird RSIT das für Dich herunterladen und installieren.
* In dem Fall bitte auch die Nutzungsbedingungen von Trend Micro (http://de.trendmicro.com/de/home) für HJT akzeptieren "I accept".
* Wenn Deine Firewall fragt, bitte RSIT erlauben, ins Netz zu gehen.
* Der Scan startet automatisch, RSIT checkt nun einige wichtige System-Bereiche und produziert Logfiles als Analyse-Grundlage.
* Wenn der Scan beendet ist, werden zwei Logfiles erstellt und in Deinem Editor geöffnet.
* Bitte poste den Inhalt von C:\rsit\log.txt und C:\rsit\info.txt (<= minimiert) hier in den Thread.

chris
__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Alt 30.05.2009, 09:08   #5
phaos
 
Hupigon13, Win32.Delf.uv - Antivir und Hijackthis gehen nicht - Standard

Hupigon13, Win32.Delf.uv - Antivir und Hijackthis gehen nicht



Hallo Chris,

ich habe es nun doch geschafft den PC wieder lauffähig zu machen, nachdem ich im abgesichterten Modus avast deinstalliert habe, das hatte ich mir nämlich vor Tagen heruntergeladen, nachdem Antirvir nicht mehr ging.
Nun folgt gleich erstmal das MAM log, und danach auch noch das RSIT log.
Ich hab mir auch diesen RegCleaner heruntergeladen, weiß aber grad nicht, wie ich damit diesen Registryschlüssel von dir finde. Antivir läuft nämlich noch nicht.

MAMlog:
Malwarebytes' Anti-Malware 1.37
Datenbank Version: 2185
Windows 5.1.2600 Service Pack 3

27.05.2009 22:48:00
mbam-log-2009-05-27 (22-48-00).txt

Scan-Methode: Vollständiger Scan (C:\|F:\|)
Durchsuchte Objekte: 331590
Laufzeit: 3 hour(s), 10 minute(s), 31 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 97
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 4
Infizierte Verzeichnisse: 0
Infizierte Dateien: 9

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{386a771c-e96a-421f-8ba7-32f1b706892f} (Adware.ISTBar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7c559105-9ecf-42b8-b3f7-832e75edd959} (Adware.ISTBar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{db893839-10f0-4af9-92fa-b23528f530af} (Dialer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\netsik (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\netsik (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\netsik (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCONSOL.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVP32.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAV32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPFW.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapw32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVNT.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navw32.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVWNT.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SCAN32.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ZONEALARM.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\filemon.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\outpost.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regmon.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapro.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgrssvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvMonitor.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCenter.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HijackThis.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASMain.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASTask.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVDX.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVStart.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32X.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32krn.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPF.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OllyDBG.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regtool.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\niu.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\A2SERVICE.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVGNT.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVGUARD.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVSCAN.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdagent.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CASECURITYCENTER.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EKRN.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FAMEH32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FPAVSERVER.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FPWIN.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FSAV32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FSGK32ST.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FSMA32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsserv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwadins.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwebupw.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GFRing3.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ArcaCheck.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\arcavir.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashDisp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashEnhcd.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashServ.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashUpd.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswUpdSv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avadmin.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcenter.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcls.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconfig.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avz.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avz4.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avz_se.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdinit.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\caav.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\caavguiscan.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccupdate.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfpupdat.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmdagent.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DRWEB32.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fpscan.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardgui.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardxservice.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardxup.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navigator.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVSTUB.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Nvcc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\preupd.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pskdr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SfFnUp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Vba32arkit.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vba32ldr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Zanda.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Zlh.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zoneband.dll (Security.Hijack) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders (Trojan.Dropper) -> Data: digiwet.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\dokumente und einstellungen\michael schultheis\lokale einstellungen\temporary internet files\Content.IE5\HAYLM7AB\load[1].exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\system volume information\_restore{0ff17727-9f83-4d7c-919c-3a3eac40f985}\RP634\A0218322.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{0ff17727-9f83-4d7c-919c-3a3eac40f985}\RP636\A0218401.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\system volume information\_restore{0ff17727-9f83-4d7c-919c-3a3eac40f985}\RP641\A0219054.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\ld08.exe (Worm.Koobface) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\DRIVERS\netsik.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\adaway.lic (Rogue.AdwareAway) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\digiwet.dll (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\DRIVERS\systemntmi.sys (Rootkit.Agent) -> Quarantined and deleted successfully.


Fortsetzung....


Alt 30.05.2009, 09:11   #6
phaos
 
Hupigon13, Win32.Delf.uv - Antivir und Hijackthis gehen nicht - Standard

Hupigon13, Win32.Delf.uv - Antivir und Hijackthis gehen nicht



...folgt:

RSIT-Log:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Michael Schultheis at 2009-05-30 09:58:11
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 49 GB (43%) free of 114 GB
Total RAM: 1023 MB (41% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:58:31, on 30.05.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\avmwlanstick\WlanNetService.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\System32\oodag.exe
C:\Programme\Sandboxie\SbieSvc.exe
C:\Programme\Seagate\Sync\SeaSyncServices.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
C:\Programme\WZCBDL Service\WZCBDLS.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\D-Link\Air USB Utility\AirCFG.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\avmwlanstick\wlangui.exe
C:\Programme\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\Programme\WD\WD Anywhere Backup\MemeoBackup.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Dokumente und Einstellungen\Michael Schultheis\Eigene Dateien\Downloads\RSIT.exe
C:\Programme\trend micro\Michael Schultheis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = www.google.de
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.de
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.de
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.de
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = www.google.de
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = www.google.de
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = www.google.de
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = www.google.de
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = fritz.box
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\Search Settings\kb127\SearchSettings.dll
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll
O2 - BHO: flashget2 urlcatch - {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} - C:\Programme\FlashGet Network\FlashGet universal\ComDlls\bhoCATCH.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\Search Settings\kb127\SearchSettings.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [D-Link Air USB Utility] C:\Programme\D-Link\Air USB Utility\AirCFG.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SpybotSnD] "C:\Programme\Spybot - Search & Destroy\SpybotSD.exe"
O4 - HKLM\..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\wlangui.exe
O4 - HKLM\..\Run: [WD Drive Manager] C:\Programme\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
O4 - HKLM\..\Run: [WD Anywhere Backup] C:\Programme\WD\WD Anywhere Backup\MemeoLauncher2.exe --silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [HDDHealth] H:\HDD Health\hddhealth.exe -wl
O4 - Global Startup: Adobe Reader - Schnellstart.lnk.disabled
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Download All by FlashGet - C:\Programme\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
O8 - Extra context menu item: &Download by FlashGet - C:\Programme\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
O8 - Extra context menu item: &Download by Orbit - res://C:\Programme\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Programme\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Programme\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Programme\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1088778804203
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab
O16 - DPF: {8FA9D107-547B-4DBC-9D88-FABD891EDB0A} (shizmoo Class) - http://playroom.icq.com/odyssey_web11.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DCABE8A3-616C-4193-A970-E9382778410C}: NameServer = 192.168.0.1
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Avira AntiVir Planer (antivirschedulerservice) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (antivirservice) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira Upgrade Service (antivirupgradeservice) - Unknown owner - C:\DOKUME~1\MICHAE~1\LOKALE~1\Temp\AVSETUP_4a1a9fb9\basic\avupgsvc.exe (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: ATI Smart ATIusnsvc (ATIusnsvc) - Unknown owner - C:\WINDOWS\system32\AgCPanelFrenchb.exe
O23 - Service: AVM WLAN Connection Service - AVM Berlin - C:\Programme\avmwlanstick\WlanNetService.exe
O23 - Service: Intelligenter Hintergrundübertragungsdienst (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MemeoBackgroundService - Memeo - C:\Programme\WD\WD Anywhere Backup\MemeoBackgroundService.exe
O23 - Service: NBService - Nero AG - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\System32\oodag.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Programme\Sandboxie\SbieSvc.exe
O23 - Service: Seagate Sync Service - Seagate Technology LLC - C:\Programme\Seagate\Sync\SeaSyncServices.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: WD Drive Manager Service (WDBtnMgrSvc.exe) - WDC - C:\Programme\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
O23 - Service: Automatische Updates (wuauserv) - Unknown owner - C:\WINDOWS\
O23 - Service: WZCBDL Service (WZCBDLService) - D-Link - C:\Programme\WZCBDL Service\WZCBDLS.exe

--
End of file - 10283 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2275205704-1375463252-582915583-1006.job
C:\WINDOWS\tasks\ISP-Anmeldungserinnerung 1.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}]
Octh Class - C:\Programme\Orbitdownloader\orbitcth.dll [2009-01-20 134344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1F364306-AA45-47B5-9F9D-39A8B94E7EF1}]
FG2CatchUrl - C:\Programme\FlashGet Network\FlashGet universal\ComDlls\bhoCATCH.dll [2008-08-19 104016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll [2008-02-22 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]
SearchSettings Class - C:\Programme\Search Settings\kb127\SearchSettings.dll [2008-06-12 1111904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{C55BBCD6-41AD-48AD-9953-3609C48EACC7} - Grab Pro - C:\Programme\Orbitdownloader\GrabPro.dll [2009-01-20 646264]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"D-Link Air USB Utility"=C:\Programme\D-Link\Air USB Utility\AirCFG.exe [2003-07-23 2695168]
"ATIPTA"=C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe [2004-05-15 339968]
"SpybotSnD"=C:\Programme\Spybot - Search & Destroy\SpybotSD.exe [2008-07-30 4891984]
"AVMWlanClient"=C:\Programme\avmwlanstick\wlangui.exe [2007-12-20 1748992]
"WD Drive Manager"=C:\Programme\Western Digital\WD Drive Manager\WDBtnMgrUI.exe [2008-01-30 438272]
"WD Anywhere Backup"=C:\Programme\WD\WD Anywhere Backup\MemeoLauncher2.exe [2008-11-07 197856]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"wininet.dll"= []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=C:\Programme\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"HDDHealth"=H:\HDD Health\hddhealth.exe -wl []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
C:\Programme\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\diagent]
C:\Programme\Creative\SBLive\Diagnostics\diagent.exe [2002-04-03 135264]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail]
C:\Programme\IncrediMail\bin\IncMail.exe [2005-05-25 188459]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Programme\MSN Messenger\MsnMsgr.Exe [2006-07-29 5354792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Programme\QuickTime\qttask.exe -atboottime []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Programme\Real\RealPlayer\RealPlay.exe [2007-10-23 214296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SIDEBAR]
C:\Programme\Desktop Sidebar\dsidebar.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Programme\Java\jre1.6.0_05\bin\jusched.exe [2008-02-22 144784]

C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
Adobe Reader - Schnellstart.lnk.disabled - C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2004-05-15 86016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=
:\WINDOWS\syste
scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0
"NoDispAppearancePage"=0
"NoColorChoice"=0
"NoSizeChoice"=0
"NoDispScrSavPage"=0
"NoDispCPL"=0
"NoVisualStyleChoice"=0
"NoDispSettingsPage"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableTaskMgr"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=91000000
"NoActiveDesktop"=0
"NoThemesTab"=0
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
""=
"NoDriveTypeAutoRun"=
"NoActiveDesktopChanges"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programme\Trillian\trillian.exe"="C:\Programme\Trillian\trillian.exe:*:Enabled:Trillian"
"C:\Programme\Real\RealPlayer\realplay.exe"="C:\Programme\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\Programme\Maple 7\BIN.WNT\mserver.exe"="C:\Programme\Maple 7\BIN.WNT\mserver.exe:*:Enabled:mserver"
"C:\Programme\IncrediMail\bin\IMApp.exe"="C:\Programme\IncrediMail\bin\IMApp.exe:*:Enabled:IncrediMail"
"C:\Programme\IncrediMail\bin\IncMail.exe"="C:\Programme\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail"
"C:\Programme\IncrediMail\bin\ImpCnt.exe"="C:\Programme\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail"
"C:\Programme\IncrediMail\bin\ImLc.exe"="C:\Programme\IncrediMail\bin\ImLc.exe:*:Enabled:IncrediMail"
"C:\Programme\Azureus\Azureus.exe"="C:\Programme\Azureus\Azureus.exe:*:Enabled:Azureus"
"C:\Programme\Windows Media Player\wmplayer.exe"="C:\Programme\Windows Media Player\wmplayer.exe:*:Enabled:Windows Media Player"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Programme\Opera\Opera.exe"="C:\Programme\Opera\Opera.exe:*:Enabled:Opera Internet Browser"
"C:\Programme\ICQ6\ICQ.exe"="C:\Programme\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"C:\Programme\Mozilla Firefox\firefox.exe"="C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"E:\fsetup.exe"="E:\fsetup.exe:*:Enabled:AVM FSetup Application"
"C:\Dokumente und Einstellungen\Michael Schultheis\Eigene Dateien\Downloads\MUTE\fileSharingMUTE.exe"="C:\Dokumente und Einstellungen\Michael Schultheis\Eigene Dateien\Downloads\MUTE\fileSharingMUTE.exe:*isabled:fileSharingMUTE"
"C:\Programme\Half-Life 2\hl2.exe"="C:\Programme\Half-Life 2\hl2.exe:*isabled:hl2"
"C:\Dokumente und Einstellungen\Michael Schultheis\Eigene Dateien\Downloads\HL 2\hl2.exe"="C:\Dokumente und Einstellungen\Michael Schultheis\Eigene Dateien\Downloads\HL 2\hl2.exe:*isabled:hl2"
"C:\Dokumente und Einstellungen\Michael Schultheis\Eigene Dateien\Downloads\Counter - Strike - Source [ PC ] ++ Crack\Counter-Strike Source\Counter-Strike Source\hl2.exe"="C:\Dokumente und Einstellungen\Michael Schultheis\Eigene Dateien\Downloads\Counter - Strike - Source [ PC ] ++ Crack\Counter-Strike Source\Counter-Strike Source\hl2.exe:*isabled:hl2"
"C:\Programme\Nero\Nero 7\Nero Home\NeroHome.exe"="C:\Programme\Nero\Nero 7\Nero Home\NeroHome.exe:*isabled:Nero Home"
"C:\Programme\Gemeinsame Dateien\Ahead\Nero Web\SetupX.exe"="C:\Programme\Gemeinsame Dateien\Ahead\Nero Web\SetupX.exe:*isabled:Nero ProductSetup"
"C:\Programme\Nero\Nero 7\Nero ShowTime\ShowTime.exe"="C:\Programme\Nero\Nero 7\Nero ShowTime\ShowTime.exe:*isabled:Nero ShowTime"
"C:\Programme\Orbitdownloader\orbitnet.exe"="C:\Programme\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit"
"C:\Programme\Orbitdownloader\orbitdm.exe"="C:\Programme\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit"
"C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe"="C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil"
"C:\Dokumente und Einstellungen\Michael Schultheis\Eigene Dateien\Downloads\ChemDraw.exe"="C:\Dokumente und Einstellungen\Michael Schultheis\Eigene Dateien\Downloads\ChemDraw.exe:*:Enabled:ChemDraw Ultra 10.0"
"C:\Programme\OO Software\Defrag Professional\oodcnt.exe"="C:\Programme\OO Software\Defrag Professional\oodcnt.exe:LocalSubNet:Enabledodcnt.exe"
"C:\Programme\OO Software\Defrag Professional\oodcmd.exe"="C:\Programme\OO Software\Defrag Professional\oodcmd.exe:*:Enabledodcmd.exe"
"C:\WINDOWS\SYSTEM32\DRIVERS\svchost.exe"="C:\WINDOWS\SYSTEM32\DRIVERS\svchost.exe:*isabled:svchost"
"C:\Programme\Internet Explorer\iexplore.exe"="C:\Programme\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\UT2004\System\UT2004.exe"="C:\UT2004\System\UT2004.exe:*:Enabled:UT2004"
"C:\WINDOWS\SYSTEM32\javaw.exe"="C:\WINDOWS\SYSTEM32\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Programme\WinHTTrack\WinHTTrack.exe"="C:\Programme\WinHTTrack\WinHTTrack.exe:*:Enabled:WinHTTrack Website Copier, Web Site mirroring for professional and private purposes"
"C:\Programme\FlashGet Network\FlashGet universal\flashget.exe"="C:\Programme\FlashGet Network\FlashGet universal\flashget.exe:*:Enabled:flashget"
"C:\Programme\ICQ6.5\ICQ.exe"="C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Programme\eMule.de\emule.exe"="C:\Programme\eMule.de\emule.exe:*:Enabled:eMule"
"C:\Dokumente und Einstellungen\Michael Schultheis\Lokale Einstellungen\Temp\ImInstaller\IncrediMail\incredimail_install.exe"="C:\Dokumente und Einstellungen\Michael Schultheis\Lokale Einstellungen\Temp\ImInstaller\IncrediMail\incredimail_install.exe:*isabled:IncrediMail Installer"
"C:\Programme\iTunes\iTunes.exe"="C:\Programme\iTunes\iTunes.exe:*isabled:iTunes"
"C:\Programme\Unreal Tournament 3\Binaries\UT3.exe"="C:\Programme\Unreal Tournament 3\Binaries\UT3.exe:*isabled:UT3"
"C:\Programme\MSN Messenger\msnmsgr.exe"="C:\Programme\MSN Messenger\msnmsgr.exe:*isabled:Windows Live Messenger 8.0"
"C:\Programme\MSN Messenger\msncall.exe"="C:\Programme\MSN Messenger\msncall.exe:*isabled:Windows Live Messenger 8.0 (Phone)"
"C:\WINDOWS\SYSTEM32\ati2evxx.exe"="C:\WINDOWS\SYSTEM32\ati2evxx.exe:*:Enabled:ENABLE"
"C:\Programme\D-Link\Air USB Utility\AirCFG.exe"="C:\Programme\D-Link\Air USB Utility\AirCFG.exe:*:Enabled:ENABLE"
"C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe"="C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe:*:Enabled:ENABLE"
"C:\Programme\avmwlanstick\WLanGUI.exe"="C:\Programme\avmwlanstick\WLanGUI.exe:*:Enabled:ENABLE"
"C:\Programme\Western Digital\WD Drive Manager\WDBtnMgrUI.exe"="C:\Programme\Western Digital\WD Drive Manager\WDBtnMgrUI.exe:*:Enabled:ENABLE"
"C:\Programme\Spybot - Search & Destroy\TeaTimer.exe"="C:\Programme\Spybot - Search & Destroy\TeaTimer.exe:*:Enabled:ENABLE"
"C:\Programme\WD\WD Anywhere Backup\MemeoBackup.exe"="C:\Programme\WD\WD Anywhere Backup\MemeoBackup.exe:*:Enabled:ENABLE"
"C:\Dokumente und Einstellungen\Michael Schultheis\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe"="C:\Dokumente und Einstellungen\Michael Schultheis\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe:*:Enabled:ENABLE"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Windows Explorer"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programme\MSN Messenger\msnmsgr.exe"="C:\Programme\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\Programme\MSN Messenger\msncall.exe"="C:\Programme\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b07f7157-36ad-11dc-81d4-000f3ddf1f20}]
shell\AutoRun\command - I:\setupSNK.exe


======File associations======

.js - open - "C:\Programme\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe" "%1"

======List of files/folders created in the last 2 months======

2009-05-30 09:58:10 ----D---- C:\rsit
2009-05-27 19:33:57 ----D---- C:\Dokumente und Einstellungen\Michael Schultheis\Anwendungsdaten\Malwarebytes
2009-05-27 19:33:49 ----D---- C:\Programme\Malwarebytes' Anti-Malware
2009-05-27 19:33:49 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2009-05-26 18:37:24 ----D---- C:\Programme\Alwil Software
2009-05-26 18:21:54 ----D---- C:\Programme\Avira
2009-05-26 18:21:54 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira
2009-05-25 21:03:53 ----D---- C:\Programme\Trend Micro
2009-05-25 20:24:46 ----A---- C:\WINDOWS\ntbtlog.txt
2009-05-19 22:48:18 ----RSH---- C:\WINDOWS\system32\AgCPanelFrenchb.exe
2009-04-15 23:39:02 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-04-15 23:38:38 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-04-15 23:30:05 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-04-15 23:29:16 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-04-15 23:28:51 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-04-15 23:28:10 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$

Fortsetzung....

Alt 30.05.2009, 09:12   #7
phaos
 
Hupigon13, Win32.Delf.uv - Antivir und Hijackthis gehen nicht - Standard

Hupigon13, Win32.Delf.uv - Antivir und Hijackthis gehen nicht



...folgt:

RSIT-Log Teil 2

======List of files/folders modified in the last 2 months======

2009-05-30 09:57:51 ----D---- C:\WINDOWS\Prefetch
2009-05-30 09:57:16 ----D---- C:\Dokumente und Einstellungen\Michael Schultheis\Anwendungsdaten\Orbit
2009-05-30 09:55:07 ----D---- C:\Programme\Orbitdownloader
2009-05-30 09:51:48 ----D---- C:\WINDOWS\temp
2009-05-30 09:51:44 ----D---- C:\WINDOWS\system32\CatRoot2
2009-05-30 09:48:25 ----D---- C:\WINDOWS\SYSTEM32
2009-05-30 09:48:14 ----D---- C:\WINDOWS\system32\DRIVERS
2009-05-27 22:52:34 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-05-27 22:51:52 ----D---- C:\WINDOWS
2009-05-27 19:36:22 ----D---- C:\Dokumente und Einstellungen\Michael Schultheis\Anwendungsdaten\Azureus
2009-05-27 19:33:49 ----RD---- C:\Programme
2009-05-26 21:35:29 ----D---- C:\WINDOWS\system32\CONFIG
2009-05-26 18:32:30 ----D---- C:\WINDOWS\system32\oodag
2009-05-26 18:22:11 ----HD---- C:\WINDOWS\INF
2009-05-26 18:21:00 ----SHD---- C:\WINDOWS\Installer
2009-05-26 18:20:58 ----D---- C:\WINDOWS\WinSxS
2009-05-26 18:19:18 ----D---- C:\Programme\Spybot - Search & Destroy
2009-05-25 13:52:19 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Adobe
2009-05-25 13:51:36 ----RSHD---- C:\WINDOWS\system32\DLLCACHE
2009-05-24 17:49:16 ----A---- C:\WINDOWS\NeroDigital.ini
2009-05-14 21:25:42 ----D---- C:\Programme\DVD Decrypter
2009-05-14 21:21:33 ----A---- C:\WINDOWS\cdplayer.ini
2009-05-07 09:16:30 ----A---- C:\WINDOWS\system32\MRT.exe
2009-05-04 17:30:37 ----SD---- C:\WINDOWS\Tasks
2009-04-21 16:16:42 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-04-16 09:20:58 ----D---- C:\WINDOWS\system32\WBEM
2009-04-16 09:20:58 ----D---- C:\WINDOWS\AppPatch
2009-04-15 23:39:13 ----A---- C:\WINDOWS\imsins.BAK
2009-04-15 23:37:57 ----D---- C:\WINDOWS\system32\de-de
2009-04-15 23:37:56 ----D---- C:\Programme\Internet Explorer
2009-04-15 23:29:41 ----HD---- C:\WINDOWS\$hf_mig$
2009-04-15 14:22:42 ----RSD---- C:\WINDOWS\Fonts
2009-04-13 13:28:37 ----D---- C:\Programme\Azureus
2009-04-12 18:05:25 ----D---- C:\Programme\Postal2STP
2009-04-10 13:21:27 ----D---- C:\Programme\Trillian
2009-03-31 20:03:39 ----D---- C:\WINDOWS\system32\FxsTmp
2009-03-31 15:52:59 ----A---- C:\WINDOWS\SIERRA.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40448]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2007-04-09 31548]
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2009-03-28 5632]
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2005-04-05 267192]
R1 truecrypt;truecrypt; C:\WINDOWS\System32\drivers\truecrypt.sys [2008-09-24 235840]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-03-24 55640]
R2 CVPNDRVA;Cisco Systems IPsec Driver; \??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys []
R2 NIOC;NIOC Service; \??\C:\WINDOWS\System32\NIOC.SYS []
R2 PfModNT;PfModNT; \??\C:\WINDOWS\System32\PfModNT.sys []
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2004-05-15 745984]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\System32\DRIVERS\ctsfm2k.sys [2003-09-22 130192]
R3 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\system32\DRIVERS\dne2000.sys [2003-07-24 139604]
R3 DynCal;Dynamic Calibration Service; C:\WINDOWS\System32\Drivers\DynCal.sys [2001-05-21 8051]
R3 FWLANUSB;AVM FRITZ!WLAN; C:\WINDOWS\system32\DRIVERS\fwlanusb.sys [2007-12-20 265088]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 HidUsb;Microsoft HID Class-Treiber; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\System32\DRIVERS\ctoss2k.sys [2003-09-22 178672]
R3 P16X;Creative SB Live! Series (WDM); C:\WINDOWS\system32\drivers\P16X.sys [2003-09-22 1330048]
R3 SbieDrv;SbieDrv; \??\C:\Programme\Sandboxie\SbieDrv.sys []
R3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2-aktivierter Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 ASPI32;ASPI32; C:\WINDOWS\system32\drivers\ASPI32.sys []
S1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2007-05-02 2432]
S1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2007-05-02 2560]
S1 P3;Intel PentiumIII-Prozessortreiber; C:\WINDOWS\System32\DRIVERS\p3.sys [2008-04-14 46848]
S3 aa00vdpi;aa00vdpi; C:\WINDOWS\system32\drivers\aa00vdpi.sys []
S3 avmeject;AVM Eject; C:\WINDOWS\system32\drivers\avmeject.sys [2007-12-20 4352]
S3 BlueletAudio;Bluetooth Audio Service; C:\WINDOWS\system32\DRIVERS\blueletaudio.sys [2005-05-31 20480]
S3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys [2005-04-30 10804]
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys [2005-05-31 23000]
S3 BTHidEnum;Bluetooth HID Enumerator; C:\WINDOWS\system32\DRIVERS\vbtenum.sys [2005-04-30 11860]
S3 CCDECODE;Untertiteldecoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS\system32\DRIVERS\CVirtA.sys [2003-05-01 5220]
S3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2002-09-19 139776]
S3 EL90XBC;3Com EtherLink XL 90XB/C-Adaptertreiber; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
S3 ENTECH;ENTECH; \??\C:\WINDOWS\System32\DRIVERS\ENTECH.SYS []
S3 i81x;i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [2004-08-03 161020]
S3 iAimFP0;iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [2004-08-03 12415]
S3 iAimFP1;iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [2004-08-03 12127]
S3 iAimFP2;iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [2004-08-03 11775]
S3 iAimFP3;iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [2004-08-03 12063]
S3 iAimFP4;iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [2004-08-03 19455]
S3 iAimTV0;iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [2004-08-03 29311]
S3 iAimTV1;iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [2004-08-03 19551]
S3 iAimTV2;iAimTV2; C:\WINDOWS\System32\DRIVERS\wATV03nt.sys []
S3 iAimTV3;iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [2004-08-03 33599]
S3 iAimTV4;iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [2004-08-03 23615]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM); C:\WINDOWS\system32\DRIVERS\k510bus.sys [2007-08-23 58288]
S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\k510mdfl.sys [2007-08-23 8336]
S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\k510mdm.sys [2007-08-23 94064]
S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\k510mgmt.sys [2007-08-23 85408]
S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\k510obex.sys [2007-08-23 83344]
S3 mouhid;Maus-HID-Treiber; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-18 12288]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nm;Netzwerkmonitortreiber; C:\WINDOWS\System32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 NMSCFG;NIC Management Service Configuration Driver; \??\C:\WINDOWS\System32\drivers\NMSCFG.SYS []
S3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 PRISM_USB;D-Link Air DWL-122 Wireless USB Adapter Driver; C:\WINDOWS\System32\DRIVERS\PRISMUSB.sys [2003-04-10 636416]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2002-08-29 5888]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 58320]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 8304]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 94000]
S3 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-02-13 28376]
S3 streamip;BDA-IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 SymEvent;SymEvent; \??\C:\Programme\Symantec\SYMEVENT.SYS []
S3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2005-04-05 17976]
S3 usbscan;USB-Scannertreiber; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 utblfilt;utblfilt; C:\WINDOWS\System32\drivers\utblfilt.sys [2001-05-23 12084]
S3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys [2004-10-19 61312]
S3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys [2005-03-25 82148]
S3 vsdatant;vsdatant; \??\C:\WINDOWS\system32\vsdatant.sys []
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\System32\DRIVERS\wanatw4.sys []
S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agpCPQ;Compaq AGP-Bus-Filter; C:\WINDOWS\System32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP-Bus-Filter; C:\WINDOWS\System32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP-Bus-Filtertreiber; C:\WINDOWS\System32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\System32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\System32\DRIVERS\intelide.sys [2008-04-14 5504]
S4 sisagp;SIS AGP-Bus-Filter; C:\WINDOWS\System32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP-Bus-Filter; C:\WINDOWS\System32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 antivirschedulerservice;Avira AntiVir Planer; C:\Programme\Avira\AntiVir Desktop\sched.exe [2009-04-01 108289]
R2 antivirservice;Avira AntiVir Guard; C:\Programme\Avira\AntiVir Desktop\avguard.exe [2009-03-02 185089]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\System32\Ati2evxx.exe [2004-05-15 376832]
R2 AVM WLAN Connection Service;AVM WLAN Connection Service; C:\Programme\avmwlanstick\WlanNetService.exe [2007-12-20 364544]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\System32\CTsvcCDA.exe [1999-12-13 44032]
R2 CVPND;Cisco Systems, Inc. VPN Service; C:\Programme\Cisco Systems\VPN Client\cvpnd.exe [2004-07-22 1433616]
R2 Iprip;RIP-Überwachung; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2003-10-21 303104]
R2 O&O Defrag;O&O Defrag; C:\WINDOWS\System32\oodag.exe [2004-05-17 184320]
R2 SbieSvc;Sandboxie Service; C:\Programme\Sandboxie\SbieSvc.exe [2008-09-02 48640]
R2 Seagate Sync Service;Seagate Sync Service; C:\Programme\Seagate\Sync\SeaSyncServices.exe [2007-01-18 24120]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service; C:\Programme\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [2008-01-30 106496]
R2 WZCBDLService;WZCBDL Service; C:\Programme\WZCBDL Service\WZCBDLS.exe [2002-03-19 36864]
S2 antivirupgradeservice;Avira Upgrade Service; C:\DOKUME~1\MICHAE~1\LOKALE~1\Temp\AVSETUP_4a1a9fb9\basic\avupgsvc.exe /TEMPSTART:C:\DOKUME~1\MICHAE~1\LOKALE~1\Temp\AVSETUP_4a1a9fb9\basic\setup.exe /NOTEMPCLEANUP /CROSSUPGRADE []
S2 ATI Smart;ATI Smart; C:\WINDOWS\SYSTEM32\ati2sgag.exe [2004-05-15 516096]
S2 ATIusnsvc;ATI Smart ATIusnsvc; C:\WINDOWS\system32\AgCPanelFrenchb.exe [2009-05-19 53248]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268800]
S2 MemeoBackgroundService;MemeoBackgroundService; C:\Programme\WD\WD Anywhere Backup\MemeoBackgroundService.exe [2008-11-07 25824]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 iPod Service;iPod-Dienst; C:\Programme\iPod\bin\iPodService.exe [2007-06-28 501048]
S3 Macromedia Licensing Service;Macromedia Licensing Service; C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe [2007-04-19 68096]
S3 NBService;NBService; C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-01-15 774144]
S3 NMIndexingService;NMIndexingService; C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe [2007-01-15 266240]
S3 NMSSvc;Intel(R) NMS; C:\WINDOWS\System32\NMSSvc.exe [2002-05-03 1118208]
S3 SNDSrvc;Symantec Network Drivers Service; C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe [2005-04-05 206552]
S3 usnsvc;Messenger Sharing USN Journal Reader-Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Programme\Windows Media Player\WMPNetwk.exe [2006-11-03 920576]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------


Vielen Dank,
Michael

Alt 30.05.2009, 10:19   #8
Chris4You
 
Hupigon13, Win32.Delf.uv - Antivir und Hijackthis gehen nicht - Standard

Hupigon13, Win32.Delf.uv - Antivir und Hijackthis gehen nicht



Hi,

die startverhindernden Regeinträge sollten weg sein, ...

Wir fixen erstmal nichts, bitte combofix...

Lade Dir Avira neu runter http://www.free-av.de/de/download/1/...antivirus.html, erst mal nicht installieren.

Offline gehen, combofix ausführen, danach weiterhin offline Avira deinstallieren und die neue Version installieren, online gehen, Avira updaten,
Combofix-Log posten.
Dann stelle Dein Antivir wie folgt ein, wie hier beschrieben:
http://www.trojaner-board.de/54192-a...tellungen.html.
Fullscan und auch dieses Log posten...

Combofix
Lade Combo Fix von http://download.bleepingcomputer.com/sUBs/ComboFix.exe und speichert es auf den Desktop.
Alle Fenster schliessen und combofix.exe starten und bestätige die folgende Abfrage mit 1 und drücke Enter.

Der Scan mit Combofix kann einige Zeit in Anspruch nehmen, also habe etwas Geduld. Während des Scans bitte nichts am Rechner unternehmen
Es kann möglich sein, dass der Rechner zwischendurch neu gestartet wird.
Nach Scanende wird ein Report angezeigt, den bitte kopieren und in deinem Thread einfuegen.
Weitere Anleitung unter:http://www.bleepingcomputer.com/comb...x-benutzt-wird
Hinweis: unter : C:\WINDOWS\erdnt
wird ein Backup angelegt.
Alternative downloads: http://subs.geekstogo.com/ComboFix.exe

chris
__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Alt 30.05.2009, 15:24   #9
phaos
 
Hupigon13, Win32.Delf.uv - Antivir und Hijackthis gehen nicht - Standard

Hupigon13, Win32.Delf.uv - Antivir und Hijackthis gehen nicht



Hallo,

Wenn ich combofix starten will, kommt die Meldung, ich müsste erst Antivir deaktivieren. Aber ich weiß nicht wie...? Es ist in der Symbolleiste, und ich habs auch schon zu deinstallieren versucht, aber die Meldung kommt trotzdem. Was soll ich tun?

Vg, Michael

Alt 01.06.2009, 11:22   #10
Chris4You
 
Hupigon13, Win32.Delf.uv - Antivir und Hijackthis gehen nicht - Standard

Hupigon13, Win32.Delf.uv - Antivir und Hijackthis gehen nicht



Hi,

lösche ComboFix bzw. wenn Du ihn schon installiert hast wie folgt:
Start->Ausführen->combofix /u
Jetzt ComboFix (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) neu runterladen (er wird täglich neu erstellt), ebenfalls dieses Tool runterladen (Avira 9 hast Du ja schon runtergeladen, oder):
Avira-uninstall tool
http://dl1.pro.antivir.de/down/windows/tool_de.exe
Dann offline gehen, Avirauninstall-Tool starten, nach erfolgreicher Deinstallation Combofix laufen lassen, danach Avira 9 installieren...

chris
__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Alt 01.06.2009, 16:33   #11
phaos
 
Hupigon13, Win32.Delf.uv - Antivir und Hijackthis gehen nicht - Standard

Hupigon13, Win32.Delf.uv - Antivir und Hijackthis gehen nicht



Hallo Chris,

sorry dass ich es so kompliziert mache ;-), aber irgendwie hat noch nicht ganz geklappt. Habe das Tool laufen lassen (hat keine infizierte Datei gefunden), und Antivir steht auch nicht mehr in der Windows Software-Liste. Trotzdem - wenn ich Combofix starten will, kommt immer noch die Warnmeldung, dass Antivir noch aktiv sei. Außerdem behauptet das Windows Sicherheitscenter, dass mehrere Antivirenprogramme vorhanden seien, von denen mindestens eins aktiv ist...Soll ich einfach Combofix trotzdem mal laufen lassen?

Alt 02.06.2009, 06:40   #12
Chris4You
 
Hupigon13, Win32.Delf.uv - Antivir und Hijackthis gehen nicht - Standard

Hupigon13, Win32.Delf.uv - Antivir und Hijackthis gehen nicht



Hi,

bitte noch mal ein neues HJ-Log...
Ich möchte nachschauen, ob noch Teile von Avira aktiv sind, die wir ggf. fixen können...
Eventuell brauche ich wegen den Treibern noch ein aktuelles RST-Log, da ist ein Eintrag der
seltsam aussieht:
S2 antivirupgradeservice;Avira Upgrade Service; C:\DOKUME~1\MICHAE~1\LOKALE~1\Temp\AVSETUP_4a1a9fb 9\basic\avupgsvc.exe /TEMPSTART:C:\DOKUME~1\MICHAE~1\LOKALE~1\Temp\AVSET UP_4a1a9fb9\basic\setup.exe /NOTEMPCLEANUP /CROSSUPGRADE []
Hast Du schon mal den upgrade probiert?

Weiterhin läuft bei Dir noch Spybot, der muss unbedingt ebenfalls abgeschaltet bzw. deinstalliert werden (der Teatimer verhindert eine Bereinigung)...

Bei den Treibern habe ich noch was gefunden:
Bitte folgende Files prüfen:

Dateien Online überprüfen lassen:
  • Suche die Seite Virtustotal auf, klicke auf den Button „Durchsuchen“ und suche folgende Datei/Dateien:
Code:
ATTFilter
C:\WINDOWS\SYSTEM32\DRIVERS\svchost.exe <- das ist garantiert Malware
C:\WINDOWS\system32\drivers\aa00vdpi.sys <-????
         
  • Lade nun nacheinander jede/alle Datei/Dateien hoch, und warte bis der Scan vorbei ist. (kann bis zu 2 Minuten dauern.)
  • Poste im Anschluss das Ergebnis der Auswertung, alles abkopieren und in einen Beitrag einfügen.
  • Wichtig: Auch die Größenangabe sowie den HASH mit kopieren!

chris
__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Geändert von Chris4You (02.06.2009 um 06:56 Uhr)

Alt 02.06.2009, 10:14   #13
phaos
 
Hupigon13, Win32.Delf.uv - Antivir und Hijackthis gehen nicht - Icon19

Hupigon13, Win32.Delf.uv - Antivir und Hijackthis gehen nicht



Hallo,

Spybot habe ich mal deinstalliert.

Hijackthis log folgt unten. Ich konnte das Programm nicht direkt ausführen, daher hab ich es umbenannt und diese Anleitung http://www.trojaner-board.de/51130-anleitung-hijackthis.html befolgt.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:16:36, on 02.06.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\svchost.exe
C:\Programme\avmwlanstick\WlanNetService.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\System32\oodag.exe
C:\Programme\Sandboxie\SbieSvc.exe
C:\Programme\Seagate\Sync\SeaSyncServices.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
C:\Programme\WZCBDL Service\WZCBDLS.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\D-Link\Air USB Utility\AirCFG.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\avmwlanstick\wlangui.exe
C:\Programme\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Dokumente und Einstellungen\Michael Schultheis\Desktop\prüfung.com
C:\Programme\WD\WD Anywhere Backup\MemeoBackup.exe
C:\Programme\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = www.google.de
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.de
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.de
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.de
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = www.google.de
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = www.google.de
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = www.google.de
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = www.google.de
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = fritz.box
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\Search Settings\kb127\SearchSettings.dll
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll
O2 - BHO: flashget2 urlcatch - {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} - C:\Programme\FlashGet Network\FlashGet universal\ComDlls\bhoCATCH.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\Search Settings\kb127\SearchSettings.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [D-Link Air USB Utility] C:\Programme\D-Link\Air USB Utility\AirCFG.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SpybotSnD] "C:\Programme\Spybot - Search & Destroy\SpybotSD.exe"
O4 - HKLM\..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\wlangui.exe
O4 - HKLM\..\Run: [WD Drive Manager] C:\Programme\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
O4 - HKLM\..\Run: [WD Anywhere Backup] C:\Programme\WD\WD Anywhere Backup\MemeoLauncher2.exe --silent
O4 - HKCU\..\Run: [HDDHealth] H:\HDD Health\hddhealth.exe -wl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk.disabled
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Download All by FlashGet - C:\Programme\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
O8 - Extra context menu item: &Download by FlashGet - C:\Programme\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
O8 - Extra context menu item: &Download by Orbit - res://C:\Programme\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Programme\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Programme\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Programme\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1088778804203
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab
O16 - DPF: {8FA9D107-547B-4DBC-9D88-FABD891EDB0A} (shizmoo Class) - http://playroom.icq.com/odyssey_web11.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DCABE8A3-616C-4193-A970-E9382778410C}: NameServer = 192.168.0.1
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Avira Upgrade Service (antivirupgradeservice) - Unknown owner - C:\DOKUME~1\MICHAE~1\LOKALE~1\Temp\AVSETUP_4a1a9fb9\basic\avupgsvc.exe (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: ATI Smart ATIusnsvc (ATIusnsvc) - Unknown owner - C:\WINDOWS\system32\AgCPanelFrenchb.exe
O23 - Service: AVM WLAN Connection Service - AVM Berlin - C:\Programme\avmwlanstick\WlanNetService.exe
O23 - Service: Intelligenter Hintergrundübertragungsdienst (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MemeoBackgroundService - Memeo - C:\Programme\WD\WD Anywhere Backup\MemeoBackgroundService.exe
O23 - Service: NBService - Nero AG - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\System32\oodag.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Programme\Sandboxie\SbieSvc.exe
O23 - Service: Seagate Sync Service - Seagate Technology LLC - C:\Programme\Seagate\Sync\SeaSyncServices.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: WD Drive Manager Service (WDBtnMgrSvc.exe) - WDC - C:\Programme\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
O23 - Service: Automatische Updates (wuauserv) - Unknown owner - C:\WINDOWS\
O23 - Service: WZCBDL Service (WZCBDLService) - D-Link - C:\Programme\WZCBDL Service\WZCBDLS.exe

--
End of file - 9384 bytes


RSIT habe ich nochmal ausgeführt:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Michael Schultheis at 2009-06-02 10:56:59
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 49 GB (43%) free of 114 GB
Total RAM: 1023 MB (57% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:57:08, on 02.06.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\svchost.exe
C:\Programme\avmwlanstick\WlanNetService.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\System32\oodag.exe
C:\Programme\Sandboxie\SbieSvc.exe
C:\Programme\Seagate\Sync\SeaSyncServices.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
C:\Programme\WZCBDL Service\WZCBDLS.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\D-Link\Air USB Utility\AirCFG.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\avmwlanstick\wlangui.exe
C:\Programme\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\WD\WD Anywhere Backup\MemeoBackup.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Dokumente und Einstellungen\Michael Schultheis\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe
C:\Programme\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS\msagent\AgentSvr.exe
C:\Dokumente und Einstellungen\Michael Schultheis\Desktop\RSIT(1).exe
C:\Programme\trend micro\Michael Schultheis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = www.google.de
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.de
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.de
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.de
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = www.google.de
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = www.google.de
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = www.google.de
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = www.google.de
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = fritz.box
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\Search Settings\kb127\SearchSettings.dll
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll
O2 - BHO: flashget2 urlcatch - {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} - C:\Programme\FlashGet Network\FlashGet universal\ComDlls\bhoCATCH.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\Search Settings\kb127\SearchSettings.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [D-Link Air USB Utility] C:\Programme\D-Link\Air USB Utility\AirCFG.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SpybotSnD] "C:\Programme\Spybot - Search & Destroy\SpybotSD.exe"
O4 - HKLM\..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\wlangui.exe
O4 - HKLM\..\Run: [WD Drive Manager] C:\Programme\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
O4 - HKLM\..\Run: [WD Anywhere Backup] C:\Programme\WD\WD Anywhere Backup\MemeoLauncher2.exe --silent
O4 - HKCU\..\Run: [HDDHealth] H:\HDD Health\hddhealth.exe -wl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk.disabled
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Download All by FlashGet - C:\Programme\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
O8 - Extra context menu item: &Download by FlashGet - C:\Programme\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
O8 - Extra context menu item: &Download by Orbit - res://C:\Programme\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Programme\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Programme\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Programme\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1088778804203
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab
O16 - DPF: {8FA9D107-547B-4DBC-9D88-FABD891EDB0A} (shizmoo Class) - http://playroom.icq.com/odyssey_web11.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DCABE8A3-616C-4193-A970-E9382778410C}: NameServer = 192.168.0.1
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Avira Upgrade Service (antivirupgradeservice) - Unknown owner - C:\DOKUME~1\MICHAE~1\LOKALE~1\Temp\AVSETUP_4a1a9fb9\basic\avupgsvc.exe (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: ATI Smart ATIusnsvc (ATIusnsvc) - Unknown owner - C:\WINDOWS\system32\AgCPanelFrenchb.exe
O23 - Service: AVM WLAN Connection Service - AVM Berlin - C:\Programme\avmwlanstick\WlanNetService.exe
O23 - Service: Intelligenter Hintergrundübertragungsdienst (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MemeoBackgroundService - Memeo - C:\Programme\WD\WD Anywhere Backup\MemeoBackgroundService.exe
O23 - Service: NBService - Nero AG - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\System32\oodag.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Programme\Sandboxie\SbieSvc.exe
O23 - Service: Seagate Sync Service - Seagate Technology LLC - C:\Programme\Seagate\Sync\SeaSyncServices.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: WD Drive Manager Service (WDBtnMgrSvc.exe) - WDC - C:\Programme\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
O23 - Service: Automatische Updates (wuauserv) - Unknown owner - C:\WINDOWS\
O23 - Service: WZCBDL Service (WZCBDLService) - D-Link - C:\Programme\WZCBDL Service\WZCBDLS.exe

--
End of file - 9648 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2275205704-1375463252-582915583-1006.job
C:\WINDOWS\tasks\ISP-Anmeldungserinnerung 1.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}]
Octh Class - C:\Programme\Orbitdownloader\orbitcth.dll [2009-01-20 134344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1F364306-AA45-47B5-9F9D-39A8B94E7EF1}]
FG2CatchUrl - C:\Programme\FlashGet Network\FlashGet universal\ComDlls\bhoCATCH.dll [2008-08-19 104016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll [2008-02-22 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]
SearchSettings Class - C:\Programme\Search Settings\kb127\SearchSettings.dll [2008-06-12 1111904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{C55BBCD6-41AD-48AD-9953-3609C48EACC7} - Grab Pro - C:\Programme\Orbitdownloader\GrabPro.dll [2009-01-20 646264]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"D-Link Air USB Utility"=C:\Programme\D-Link\Air USB Utility\AirCFG.exe [2003-07-23 2695168]
"ATIPTA"=C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe [2004-05-15 339968]
"SpybotSnD"=C:\Programme\Spybot - Search & Destroy\SpybotSD.exe []
"AVMWlanClient"=C:\Programme\avmwlanstick\wlangui.exe [2007-12-20 1748992]
"WD Drive Manager"=C:\Programme\Western Digital\WD Drive Manager\WDBtnMgrUI.exe [2008-01-30 438272]
"WD Anywhere Backup"=C:\Programme\WD\WD Anywhere Backup\MemeoLauncher2.exe [2008-11-07 197856]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"wininet.dll"= []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"HDDHealth"=H:\HDD Health\hddhealth.exe -wl []
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
C:\Programme\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\diagent]
C:\Programme\Creative\SBLive\Diagnostics\diagent.exe [2002-04-03 135264]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail]
C:\Programme\IncrediMail\bin\IncMail.exe [2005-05-25 188459]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Programme\MSN Messenger\MsnMsgr.Exe [2006-07-29 5354792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Programme\QuickTime\qttask.exe -atboottime []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Programme\Real\RealPlayer\RealPlay.exe [2007-10-23 214296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SIDEBAR]
C:\Programme\Desktop Sidebar\dsidebar.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Programme\Java\jre1.6.0_05\bin\jusched.exe [2008-02-22 144784]

C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
Adobe Reader - Schnellstart.lnk.disabled - C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2004-05-15 86016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

Alt 02.06.2009, 10:15   #14
phaos
 
Hupigon13, Win32.Delf.uv - Antivir und Hijackthis gehen nicht - Standard

Hupigon13, Win32.Delf.uv - Antivir und Hijackthis gehen nicht



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=
:\WINDOWS\syste
scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0
"NoDispAppearancePage"=0
"NoColorChoice"=0
"NoSizeChoice"=0
"NoDispScrSavPage"=0
"NoDispCPL"=0
"NoVisualStyleChoice"=0
"NoDispSettingsPage"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableTaskMgr"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=91000000
"NoActiveDesktop"=0
"NoThemesTab"=0
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
""=
"NoDriveTypeAutoRun"=
"NoActiveDesktopChanges"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programme\Trillian\trillian.exe"="C:\Programme\Trillian\trillian.exe:*:Enabled:Trillian"
"C:\Programme\Real\RealPlayer\realplay.exe"="C:\Programme\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\Programme\Maple 7\BIN.WNT\mserver.exe"="C:\Programme\Maple 7\BIN.WNT\mserver.exe:*:Enabled:mserver"
"C:\Programme\IncrediMail\bin\IMApp.exe"="C:\Programme\IncrediMail\bin\IMApp.exe:*:Enabled:IncrediMail"
"C:\Programme\IncrediMail\bin\IncMail.exe"="C:\Programme\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail"
"C:\Programme\IncrediMail\bin\ImpCnt.exe"="C:\Programme\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail"
"C:\Programme\IncrediMail\bin\ImLc.exe"="C:\Programme\IncrediMail\bin\ImLc.exe:*:Enabled:IncrediMail"
"C:\Programme\Azureus\Azureus.exe"="C:\Programme\Azureus\Azureus.exe:*:Enabled:Azureus"
"C:\Programme\Windows Media Player\wmplayer.exe"="C:\Programme\Windows Media Player\wmplayer.exe:*:Enabled:Windows Media Player"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Programme\Opera\Opera.exe"="C:\Programme\Opera\Opera.exe:*:Enabled:Opera Internet Browser"
"C:\Programme\ICQ6\ICQ.exe"="C:\Programme\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"C:\Programme\Mozilla Firefox\firefox.exe"="C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"E:\fsetup.exe"="E:\fsetup.exe:*:Enabled:AVM FSetup Application"
"C:\Dokumente und Einstellungen\Michael Schultheis\Eigene Dateien\Downloads\MUTE\fileSharingMUTE.exe"="C:\Dokumente und Einstellungen\Michael Schultheis\Eigene Dateien\Downloads\MUTE\fileSharingMUTE.exe:*isabled:fileSharingMUTE"
"C:\Programme\Half-Life 2\hl2.exe"="C:\Programme\Half-Life 2\hl2.exe:*isabled:hl2"
"C:\Dokumente und Einstellungen\Michael Schultheis\Eigene Dateien\Downloads\HL 2\hl2.exe"="C:\Dokumente und Einstellungen\Michael Schultheis\Eigene Dateien\Downloads\HL 2\hl2.exe:*isabled:hl2"
"C:\Dokumente und Einstellungen\Michael Schultheis\Eigene Dateien\Downloads\Counter - Strike - Source [ PC ] ++ Crack\Counter-Strike Source\Counter-Strike Source\hl2.exe"="C:\Dokumente und Einstellungen\Michael Schultheis\Eigene Dateien\Downloads\Counter - Strike - Source [ PC ] ++ Crack\Counter-Strike Source\Counter-Strike Source\hl2.exe:*isabled:hl2"
"C:\Programme\Nero\Nero 7\Nero Home\NeroHome.exe"="C:\Programme\Nero\Nero 7\Nero Home\NeroHome.exe:*isabled:Nero Home"
"C:\Programme\Gemeinsame Dateien\Ahead\Nero Web\SetupX.exe"="C:\Programme\Gemeinsame Dateien\Ahead\Nero Web\SetupX.exe:*isabled:Nero ProductSetup"
"C:\Programme\Nero\Nero 7\Nero ShowTime\ShowTime.exe"="C:\Programme\Nero\Nero 7\Nero ShowTime\ShowTime.exe:*isabled:Nero ShowTime"
"C:\Programme\Orbitdownloader\orbitnet.exe"="C:\Programme\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit"
"C:\Programme\Orbitdownloader\orbitdm.exe"="C:\Programme\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit"
"C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe"="C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil"
"C:\Dokumente und Einstellungen\Michael Schultheis\Eigene Dateien\Downloads\ChemDraw.exe"="C:\Dokumente und Einstellungen\Michael Schultheis\Eigene Dateien\Downloads\ChemDraw.exe:*:Enabled:ChemDraw Ultra 10.0"
"C:\Programme\OO Software\Defrag Professional\oodcnt.exe"="C:\Programme\OO Software\Defrag Professional\oodcnt.exe:LocalSubNet:Enabledodcnt.exe"
"C:\Programme\OO Software\Defrag Professional\oodcmd.exe"="C:\Programme\OO Software\Defrag Professional\oodcmd.exe:*:Enabledodcmd.exe"
"C:\WINDOWS\SYSTEM32\DRIVERS\svchost.exe"="C:\WINDOWS\SYSTEM32\DRIVERS\svchost.exe:*isabled:svchost"
"C:\Programme\Internet Explorer\iexplore.exe"="C:\Programme\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\UT2004\System\UT2004.exe"="C:\UT2004\System\UT2004.exe:*:Enabled:UT2004"
"C:\WINDOWS\SYSTEM32\javaw.exe"="C:\WINDOWS\SYSTEM32\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Programme\WinHTTrack\WinHTTrack.exe"="C:\Programme\WinHTTrack\WinHTTrack.exe:*:Enabled:WinHTTrack Website Copier, Web Site mirroring for professional and private purposes"
"C:\Programme\FlashGet Network\FlashGet universal\flashget.exe"="C:\Programme\FlashGet Network\FlashGet universal\flashget.exe:*:Enabled:flashget"
"C:\Programme\ICQ6.5\ICQ.exe"="C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Programme\eMule.de\emule.exe"="C:\Programme\eMule.de\emule.exe:*:Enabled:eMule"
"C:\Dokumente und Einstellungen\Michael Schultheis\Lokale Einstellungen\Temp\ImInstaller\IncrediMail\incredimail_install.exe"="C:\Dokumente und Einstellungen\Michael Schultheis\Lokale Einstellungen\Temp\ImInstaller\IncrediMail\incredimail_install.exe:*isabled:IncrediMail Installer"
"C:\Programme\iTunes\iTunes.exe"="C:\Programme\iTunes\iTunes.exe:*isabled:iTunes"
"C:\Programme\Unreal Tournament 3\Binaries\UT3.exe"="C:\Programme\Unreal Tournament 3\Binaries\UT3.exe:*isabled:UT3"
"C:\Programme\MSN Messenger\msnmsgr.exe"="C:\Programme\MSN Messenger\msnmsgr.exe:*isabled:Windows Live Messenger 8.0"
"C:\Programme\MSN Messenger\msncall.exe"="C:\Programme\MSN Messenger\msncall.exe:*isabled:Windows Live Messenger 8.0 (Phone)"
"C:\WINDOWS\SYSTEM32\ati2evxx.exe"="C:\WINDOWS\SYSTEM32\ati2evxx.exe:*:Enabled:ENABLE"
"C:\Programme\D-Link\Air USB Utility\AirCFG.exe"="C:\Programme\D-Link\Air USB Utility\AirCFG.exe:*:Enabled:ENABLE"
"C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe"="C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe:*:Enabled:ENABLE"
"C:\Programme\avmwlanstick\WLanGUI.exe"="C:\Programme\avmwlanstick\WLanGUI.exe:*:Enabled:ENABLE"
"C:\Programme\Western Digital\WD Drive Manager\WDBtnMgrUI.exe"="C:\Programme\Western Digital\WD Drive Manager\WDBtnMgrUI.exe:*:Enabled:ENABLE"
"C:\Programme\Spybot - Search & Destroy\TeaTimer.exe"="C:\Programme\Spybot - Search & Destroy\TeaTimer.exe:*:Enabled:ENABLE"
"C:\Programme\WD\WD Anywhere Backup\MemeoBackup.exe"="C:\Programme\WD\WD Anywhere Backup\MemeoBackup.exe:*:Enabled:ENABLE"
"C:\Dokumente und Einstellungen\Michael Schultheis\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe"="C:\Dokumente und Einstellungen\Michael Schultheis\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe:*:Enabled:ENABLE"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Windows Explorer"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programme\MSN Messenger\msnmsgr.exe"="C:\Programme\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\Programme\MSN Messenger\msncall.exe"="C:\Programme\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b07f7157-36ad-11dc-81d4-000f3ddf1f20}]
shell\AutoRun\command - I:\setupSNK.exe


======File associations======

.js - open - "C:\Programme\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe" "%1"

======List of files/folders created in the last 1 months======

2009-06-02 09:57:41 ----D---- C:\ComboFix
2009-06-02 09:57:41 ----A---- C:\WINDOWS\system32\CF32321.exe
2009-06-01 17:23:00 ----A---- C:\WINDOWS\system32\CF1258.exe
2009-06-01 17:22:47 ----A---- C:\Bug.txt
2009-06-01 17:22:45 ----A---- C:\WINDOWS\system32\cmd.execf
2009-06-01 17:11:41 ----A---- C:\WINDOWS\system32\CF31822.exe
2009-06-01 17:01:57 ----A---- C:\WINDOWS\system32\CF29905.exe
2009-06-01 16:54:15 ----A---- C:\WINDOWS\system32\CF28377.exe
2009-06-01 16:40:10 ----A---- C:\WINDOWS\system32\CF25532.exe
2009-05-30 20:11:55 ----A---- C:\WINDOWS\system32\CF13424.exe
2009-05-30 16:05:36 ----D---- C:\WINDOWS\ERDNT
2009-05-30 16:05:34 ----A---- C:\WINDOWS\system32\CF11373.exe
2009-05-30 16:04:09 ----D---- C:\Qoobox
2009-05-30 10:02:18 ----D---- C:\Programme\RegCleaner
2009-05-30 09:58:10 ----D---- C:\rsit
2009-05-27 19:33:57 ----D---- C:\Dokumente und Einstellungen\Michael Schultheis\Anwendungsdaten\Malwarebytes
2009-05-27 19:33:49 ----D---- C:\Programme\Malwarebytes' Anti-Malware
2009-05-27 19:33:49 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2009-05-26 18:37:24 ----D---- C:\Programme\Alwil Software
2009-05-25 21:03:53 ----D---- C:\Programme\Trend Micro
2009-05-25 20:24:46 ----A---- C:\WINDOWS\ntbtlog.txt
2009-05-19 22:48:18 ----RSH---- C:\WINDOWS\system32\AgCPanelFrenchb.exe

======List of files/folders modified in the last 1 months======

2009-06-02 10:56:33 ----D---- C:\WINDOWS\Prefetch
2009-06-02 10:32:49 ----D---- C:\WINDOWS\system32\CatRoot2
2009-06-02 10:14:56 ----D---- C:\WINDOWS\temp
2009-06-02 10:11:49 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-06-02 10:11:31 ----D---- C:\WINDOWS
2009-06-02 10:11:24 ----D---- C:\Programme\Spybot - Search & Destroy
2009-06-02 10:11:21 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2009-06-02 09:57:41 ----D---- C:\WINDOWS\SYSTEM32
2009-05-30 16:09:30 ----RD---- C:\Programme
2009-05-30 16:07:03 ----D---- C:\WINDOWS\system32\DRIVERS
2009-05-30 15:38:40 ----D---- C:\WINDOWS\Minidump
2009-05-30 15:37:11 ----D---- C:\Dokumente und Einstellungen\Michael Schultheis\Anwendungsdaten\Azureus
2009-05-30 13:50:35 ----D---- C:\Programme\Orbitdownloader
2009-05-30 11:19:35 ----A---- C:\WINDOWS\PhotoSnapViewer.INI
2009-05-30 10:02:30 ----D---- C:\Dokumente und Einstellungen\Michael Schultheis\Anwendungsdaten\Orbit
2009-05-26 21:35:29 ----D---- C:\WINDOWS\system32\CONFIG
2009-05-26 18:32:30 ----D---- C:\WINDOWS\system32\oodag
2009-05-26 18:22:11 ----HD---- C:\WINDOWS\INF
2009-05-26 18:21:00 ----SHD---- C:\WINDOWS\Installer
2009-05-26 18:20:58 ----D---- C:\WINDOWS\WinSxS
2009-05-25 13:52:19 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Adobe
2009-05-25 13:51:36 ----RSHD---- C:\WINDOWS\system32\DLLCACHE
2009-05-24 17:49:16 ----A---- C:\WINDOWS\NeroDigital.ini
2009-05-14 21:25:42 ----D---- C:\Programme\DVD Decrypter
2009-05-14 21:21:33 ----A---- C:\WINDOWS\cdplayer.ini
2009-05-07 09:16:30 ----A---- C:\WINDOWS\system32\MRT.exe
2009-05-04 17:30:37 ----SD---- C:\WINDOWS\Tasks

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40448]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2007-04-09 31548]
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2009-03-28 5632]
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2005-04-05 267192]
R1 truecrypt;truecrypt; C:\WINDOWS\System32\drivers\truecrypt.sys [2008-09-24 235840]
R2 CVPNDRVA;Cisco Systems IPsec Driver; \??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys []
R2 NIOC;NIOC Service; \??\C:\WINDOWS\System32\NIOC.SYS []
R2 PfModNT;PfModNT; \??\C:\WINDOWS\System32\PfModNT.sys []
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2004-05-15 745984]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\System32\DRIVERS\ctsfm2k.sys [2003-09-22 130192]
R3 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\system32\DRIVERS\dne2000.sys [2003-07-24 139604]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\System32\DRIVERS\ctoss2k.sys [2003-09-22 178672]
R3 P16X;Creative SB Live! Series (WDM); C:\WINDOWS\system32\drivers\P16X.sys [2003-09-22 1330048]
R3 SbieDrv;SbieDrv; \??\C:\Programme\Sandboxie\SbieDrv.sys []
R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2-aktivierter Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 ASPI32;ASPI32; C:\WINDOWS\system32\drivers\ASPI32.sys []
S1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2007-05-02 2432]
S1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2007-05-02 2560]
S1 P3;Intel PentiumIII-Prozessortreiber; C:\WINDOWS\System32\DRIVERS\p3.sys [2008-04-14 46848]
S3 aq3kruqc;aq3kruqc; C:\WINDOWS\system32\drivers\aq3kruqc.sys []
S3 avmeject;AVM Eject; C:\WINDOWS\system32\drivers\avmeject.sys [2007-12-20 4352]
S3 BlueletAudio;Bluetooth Audio Service; C:\WINDOWS\system32\DRIVERS\blueletaudio.sys [2005-05-31 20480]
S3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys [2005-04-30 10804]
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys [2005-05-31 23000]
S3 BTHidEnum;Bluetooth HID Enumerator; C:\WINDOWS\system32\DRIVERS\vbtenum.sys [2005-04-30 11860]
S3 CCDECODE;Untertiteldecoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS\system32\DRIVERS\CVirtA.sys [2003-05-01 5220]
S3 DynCal;Dynamic Calibration Service; C:\WINDOWS\System32\Drivers\DynCal.sys [2001-05-21 8051]
S3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2002-09-19 139776]
S3 EL90XBC;3Com EtherLink XL 90XB/C-Adaptertreiber; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
S3 ENTECH;ENTECH; \??\C:\WINDOWS\System32\DRIVERS\ENTECH.SYS []
S3 FWLANUSB;AVM FRITZ!WLAN; C:\WINDOWS\system32\DRIVERS\fwlanusb.sys [2007-12-20 265088]
S3 HidUsb;Microsoft HID Class-Treiber; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 i81x;i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [2004-08-03 161020]
S3 iAimFP0;iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [2004-08-03 12415]
S3 iAimFP1;iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [2004-08-03 12127]
S3 iAimFP2;iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [2004-08-03 11775]
S3 iAimFP3;iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [2004-08-03 12063]
S3 iAimFP4;iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [2004-08-03 19455]
S3 iAimTV0;iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [2004-08-03 29311]
S3 iAimTV1;iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [2004-08-03 19551]
S3 iAimTV2;iAimTV2; C:\WINDOWS\System32\DRIVERS\wATV03nt.sys []
S3 iAimTV3;iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [2004-08-03 33599]
S3 iAimTV4;iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [2004-08-03 23615]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM); C:\WINDOWS\system32\DRIVERS\k510bus.sys [2007-08-23 58288]
S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\k510mdfl.sys [2007-08-23 8336]
S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\k510mdm.sys [2007-08-23 94064]
S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\k510mgmt.sys [2007-08-23 85408]
S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\k510obex.sys [2007-08-23 83344]
S3 mouhid;Maus-HID-Treiber; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-18 12288]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nm;Netzwerkmonitortreiber; C:\WINDOWS\System32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 NMSCFG;NIC Management Service Configuration Driver; \??\C:\WINDOWS\System32\drivers\NMSCFG.SYS []
S3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 PRISM_USB;D-Link Air DWL-122 Wireless USB Adapter Driver; C:\WINDOWS\System32\DRIVERS\PRISMUSB.sys [2003-04-10 636416]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2002-08-29 5888]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 58320]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 8304]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 94000]
S3 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-02-13 28376]
S3 streamip;BDA-IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 SymEvent;SymEvent; \??\C:\Programme\Symantec\SYMEVENT.SYS []
S3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2005-04-05 17976]
S3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbscan;USB-Scannertreiber; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 utblfilt;utblfilt; C:\WINDOWS\System32\drivers\utblfilt.sys [2001-05-23 12084]
S3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys [2004-10-19 61312]
S3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys [2005-03-25 82148]
S3 vsdatant;vsdatant; \??\C:\WINDOWS\system32\vsdatant.sys []
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\System32\DRIVERS\wanatw4.sys []
S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agpCPQ;Compaq AGP-Bus-Filter; C:\WINDOWS\System32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP-Bus-Filter; C:\WINDOWS\System32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP-Bus-Filtertreiber; C:\WINDOWS\System32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\System32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\System32\DRIVERS\intelide.sys [2008-04-14 5504]
S4 sisagp;SIS AGP-Bus-Filter; C:\WINDOWS\System32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP-Bus-Filter; C:\WINDOWS\System32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\System32\Ati2evxx.exe [2004-05-15 376832]
R2 AVM WLAN Connection Service;AVM WLAN Connection Service; C:\Programme\avmwlanstick\WlanNetService.exe [2007-12-20 364544]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\System32\CTsvcCDA.exe [1999-12-13 44032]
R2 CVPND;Cisco Systems, Inc. VPN Service; C:\Programme\Cisco Systems\VPN Client\cvpnd.exe [2004-07-22 1433616]
R2 Iprip;RIP-Überwachung; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2003-10-21 303104]
R2 O&O Defrag;O&O Defrag; C:\WINDOWS\System32\oodag.exe [2004-05-17 184320]
R2 SbieSvc;Sandboxie Service; C:\Programme\Sandboxie\SbieSvc.exe [2008-09-02 48640]
R2 Seagate Sync Service;Seagate Sync Service; C:\Programme\Seagate\Sync\SeaSyncServices.exe [2007-01-18 24120]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service; C:\Programme\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [2008-01-30 106496]
R2 WZCBDLService;WZCBDL Service; C:\Programme\WZCBDL Service\WZCBDLS.exe [2002-03-19 36864]
S2 antivirupgradeservice;Avira Upgrade Service; C:\DOKUME~1\MICHAE~1\LOKALE~1\Temp\AVSETUP_4a1a9fb9\basic\avupgsvc.exe /TEMPSTART:C:\DOKUME~1\MICHAE~1\LOKALE~1\Temp\AVSETUP_4a1a9fb9\basic\setup.exe /NOTEMPCLEANUP /CROSSUPGRADE []
S2 ATI Smart;ATI Smart; C:\WINDOWS\SYSTEM32\ati2sgag.exe [2004-05-15 516096]
S2 ATIusnsvc;ATI Smart ATIusnsvc; C:\WINDOWS\system32\AgCPanelFrenchb.exe [2009-05-19 53248]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268800]
S2 MemeoBackgroundService;MemeoBackgroundService; C:\Programme\WD\WD Anywhere Backup\MemeoBackgroundService.exe [2008-11-07 25824]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 iPod Service;iPod-Dienst; C:\Programme\iPod\bin\iPodService.exe [2007-06-28 501048]
S3 Macromedia Licensing Service;Macromedia Licensing Service; C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe [2007-04-19 68096]
S3 NBService;NBService; C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-01-15 774144]
S3 NMIndexingService;NMIndexingService; C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe [2007-01-15 266240]
S3 NMSSvc;Intel(R) NMS; C:\WINDOWS\System32\NMSSvc.exe [2002-05-03 1118208]
S3 SNDSrvc;Symantec Network Drivers Service; C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe [2005-04-05 206552]
S3 usnsvc;Messenger Sharing USN Journal Reader-Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Programme\Windows Media Player\WMPNetwk.exe [2006-11-03 920576]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------

Ich wollte auch die beiden Dateien hochladen, die du angegebn hast, aber sie waren nicht da ("Alle Dateien anzeigen" war aktiviert).

>>Hast Du schon mal den upgrade probiert?<<

Sorry, wie meinst du das? Antivir hab ich ja deinstalliert, dann müsste ich ja erst wieder installieren oder?

Vg, Michael

Alt 02.06.2009, 12:31   #15
Chris4You
 
Hupigon13, Win32.Delf.uv - Antivir und Hijackthis gehen nicht - Standard

Hupigon13, Win32.Delf.uv - Antivir und Hijackthis gehen nicht



Hi,

hmm,...

Bitte folgende Files prüfen:

Dateien Online überprüfen lassen:
  • Suche die Seite Virtustotal auf, klicke auf den Button „Durchsuchen“ und suche folgende Datei/Dateien:
Code:
ATTFilter
C:\WINDOWS\system32\AgCPanelFrenchb.exe
C:\Programme\WD\WD Anywhere Backup\MemeoBackgroundService.exe
C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe
C:\WINDOWS\system32\CF11373.exe <- davon sind sehr viele da...
C:\WINDOWS\system32\drivers\aq3kruqc.sys
         
  • Lade nun nacheinander jede/alle Datei/Dateien hoch, und warte bis der Scan vorbei ist. (kann bis zu 2 Minuten dauern.)
  • Poste im Anschluss das Ergebnis der Auswertung, alles abkopieren und in einen Beitrag einfügen.
  • Wichtig: Auch die Größenangabe sowie den HASH mit kopieren!

Also:
Anleitung Avenger (by swandog46)

1.) Lade dir das Tool Avenger und speichere es auf dem Desktop:



2.) Das Programm so einstellen wie es auf dem Bild zu sehen ist.

Kopiere nun folgenden Text in das weiße Feld:
(bei -> "input script here")


Code:
ATTFilter
Files to delete:
C:\Programme\Search Settings\kb127\SearchSettings.dll

Folders to delete:
C:\Programme\Search Settings\kb127
C:\Programme\Search Settings
         
3.) Schliesse nun alle Programme (vorher notfalls abspeichern!) und Browser-Fenster, nach dem Ausführen des Avengers wird das System neu gestartet.

4.) Um den Avenger zu starten klicke auf -> Execute
Dann bestätigen mit "Yes" das der Rechner neu startet!

5.) Nachdem das System neu gestartet ist, findest du hier einen Report vom Avenger -> C:\avenger.txt
Öffne die Datei mit dem Editor und kopiere den gesamten Text in deinen Beitrag hier am Trojaner-Board.

Hijackthis, fixen:
öffne das HijackThis -- Button "scan" -- vor den nachfolgenden Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten
Beim fixen müssen alle Programme geschlossen sein!
Code:
ATTFilter
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\Search Settings\kb127\SearchSettings.dll
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\Search Settings\kb127\SearchSettings.dll
O23 - Service: Avira Upgrade Service (antivirupgradeservice) - Unknown owner - C:\DOKUME~1\MICHAE~1\LOKALE~1\Temp\AVSETUP_4a1a9fb 9\basic\avupgsvc.exe (file missing)
O23 - Service: Intelligenter Hintergrundübertragungsdienst (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Automatische Updates (wuauserv) - Unknown owner - C:\WINDOWS\
         
Danach bitte ein neues HJ und dann Combofix (ggf. neu runterladen, den alten dann über Start->Ausführen combofix.exe /u deinstallieren) laufen lassen...

chris
__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Antwort

Themen zu Hupigon13, Win32.Delf.uv - Antivir und Hijackthis gehen nicht
anfang, antivir, c:\windows, controlset002, einstellungen, firefox, folge, hijack, hijackthis, hupigon, hupigon13, image, log, nicht mehr, problem, rechner, scan, scan32.exe, services, software, spybot, starten, system, win, win32.delf.uv, windows, windows xp, zonealarm.exe



Ähnliche Themen: Hupigon13, Win32.Delf.uv - Antivir und Hijackthis gehen nicht


  1. Dnet24 GmbH - Rechnung geöffnet - Kaspersky erkannte "Win32.inject.efmi" - Word Dateien gehen nicht
    Log-Analyse und Auswertung - 19.06.2012 (1)
  2. Win32.Agent.tdd / Win32.Delf.uv Trojaner
    Log-Analyse und Auswertung - 15.06.2011 (3)
  3. Antivir und internet explorer gehen nicht.
    Log-Analyse und Auswertung - 08.02.2011 (25)
  4. Virus.Win32.Protector.f & Trojan-Dropper.Win32.delf.eu
    Log-Analyse und Auswertung - 19.05.2010 (13)
  5. Alle Shortcuts auf Desktop/Startleiste gehen nicht mehr (.LNK) HIJACKTHIS-log
    Log-Analyse und Auswertung - 11.03.2010 (1)
  6. Probleme mit Trojaner WIN32.delf -MGZ & Win32.zbot -MKK
    Plagegeister aller Art und deren Bekämpfung - 03.12.2009 (5)
  7. Antivir hat TR/Drop.Delf.dxc gefunden
    Log-Analyse und Auswertung - 24.11.2009 (27)
  8. Updates gehen nicht mehr, Hijackthis, Spybot etc gehen nicht
    Log-Analyse und Auswertung - 16.09.2009 (16)
  9. Hupigon13 und Win32.Delf.uv unter erschwerten Bedingungen
    Plagegeister aller Art und deren Bekämpfung - 12.07.2009 (1)
  10. spybot: Hupigon13 avast: Win32 agent ACII
    Log-Analyse und Auswertung - 16.04.2009 (3)
  11. Win32.Delf.uv, Hupigon13 die 2te!
    Plagegeister aller Art und deren Bekämpfung - 27.03.2009 (22)
  12. Win32.Delf.uv, Hupigon13 -> Hilfe!
    Plagegeister aller Art und deren Bekämpfung - 25.03.2009 (28)
  13. win32.delf.uc und antivir nicht ausführbar
    Plagegeister aller Art und deren Bekämpfung - 11.01.2009 (29)
  14. eventuell noch trojaner? Trojan-PSW.Win32.Delf.cqp, Backdoor.Win32.Poison.jmo
    Log-Analyse und Auswertung - 21.11.2008 (0)
  15. Problem: win32.delf.uc / Bitte um HiJackThis log Püfung
    Log-Analyse und Auswertung - 07.09.2007 (15)
  16. Virus.win32.delf.ak und IEHlpr - ich krieg's einfach nicht weg!
    Plagegeister aller Art und deren Bekämpfung - 26.07.2007 (2)
  17. Antivir hat TR/Spy.Delf.JQ.110 gefunden
    Plagegeister aller Art und deren Bekämpfung - 27.05.2007 (2)

Zum Thema Hupigon13, Win32.Delf.uv - Antivir und Hijackthis gehen nicht - Hallo zusammen, ich habe folgendes Problem: Spybot findet auf meinem Rechner einige Trojaner-Dateien (Hupigon13, Win32.Delf.uv etc) (Das Log von Spybot ist unten angehängt). Antivir lässt sich nicht mehr starten, ebenso - Hupigon13, Win32.Delf.uv - Antivir und Hijackthis gehen nicht...
Archiv
Du betrachtest: Hupigon13, Win32.Delf.uv - Antivir und Hijackthis gehen nicht auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.