Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: virus?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 15.09.2009, 14:19   #1
torvitas
 
virus? - Standard

virus?



hallo bin neu hier und ein wenig beunruhigt wegen einen "virus " welchen ich heute auf meinem pc gefunden hab
und hab gehört hier kann geholfen, würde sich bitte jemand die logs anschauen

Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:57:32, on 15.09.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
C:\Programme\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\avmwlanstick\wlangui.exe
C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programme\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\avmwlanstick\WlanNetService.exe
C:\Programme\ICQ6Toolbar\ICQ Service.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\Alwil Software\Avast4\ashMaiSv.exe
C:\Programme\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://start.icq.com/
R3 - URLSearchHook: (no name) -  - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Programme\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\wlangui.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ Malwarebytes Anti-Malware  (reboot)] "C:\Programme\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Easy-WebPrint - Drucken - res://C:\Programme\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - res://C:\Programme\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint - Vorschau - res://C:\Programme\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - res://C:\Programme\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - h**p://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programme\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVM WLAN Connection Service - AVM Berlin - C:\Programme\avmwlanstick\WlanNetService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Programme\ICQ6Toolbar\ICQ Service.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 5563 bytes
         

Alt 15.09.2009, 15:29   #2
torvitas
 
virus? - Standard

virus?



hier der GMER log:

Code:
ATTFilter
GMER 1.0.15.15086 - h**p://www.gmer.net
Rootkit scan 2009-09-15 16:24:07
Windows 5.1.2600 Service Pack 2
Running: cppnk76s.exe; Driver: C:\DOKUME~1\***\LOKALE~1\Temp\aujasnkj.sys


---- System - GMER 1.0.15 ----

SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                               ZwClose [0xAF0516B8]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                               ZwCreateKey [0xAF051574]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                               ZwDeleteValueKey [0xAF051A52]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                               ZwDuplicateObject [0xAF05114C]
SSDT            spdg.sys                                                                                                            ZwEnumerateKey [0xBA6C5CA4]
SSDT            spdg.sys                                                                                                            ZwEnumerateValueKey [0xBA6C6032]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                               ZwOpenKey [0xAF05164E]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                               ZwOpenProcess [0xAF05108C]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                               ZwOpenThread [0xAF0510F0]
SSDT            spdg.sys                                                                                                            ZwQueryKey [0xBA6C610A]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                               ZwQueryValueKey [0xAF05176E]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                               ZwRestoreKey [0xAF05172E]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                               ZwSetValueKey [0xAF0518AE]
SSDT            \??\C:\Programme\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com)           ZwTerminateProcess [0xAF12F0B0]

INT 0x62        ?                                                                                                                   89B0ABF8
INT 0x73        ?                                                                                                                   898AABF8
INT 0x73        ?                                                                                                                   898AABF8
INT 0x82        ?                                                                                                                   89B0ABF8
INT 0x83        ?                                                                                                                   89B0ABF8
INT 0xA4        ?                                                                                                                   898AABF8
INT 0xB4        ?                                                                                                                   898AABF8

---- Kernel code sections - GMER 1.0.15 ----

?               spdg.sys                                                                                                            Das System kann die angegebene Datei nicht finden. !
.text           USBPORT.SYS!DllUnload                                                                                               B7AFC62C 5 Bytes  JMP 898AA1D8 
.text           akw6f31z.SYS                                                                                                        B7A33386 35 Bytes  [00, 00, 00, 00, 00, 00, 20, ...]
.text           akw6f31z.SYS                                                                                                        B7A333AA 24 Bytes  [00, 00, 00, 00, 00, 00, 00, ...]
.text           akw6f31z.SYS                                                                                                        B7A333C4 3 Bytes  [00, 70, 02] {ADD [EAX+0x2], DH}
.text           akw6f31z.SYS                                                                                                        B7A333C9 1 Byte  [30]
.text           akw6f31z.SYS                                                                                                        B7A333C9 11 Bytes  [30, 00, 00, 00, 5C, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESP; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
.text           ...                                                                                                                 

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT             atapi.sys[HAL.dll!READ_PORT_UCHAR]                                                                                  [BA6A8042] spdg.sys
IAT             atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT]                                                                          [BA6A813E] spdg.sys
IAT             atapi.sys[HAL.dll!READ_PORT_USHORT]                                                                                 [BA6A80C0] spdg.sys
IAT             atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT]                                                                         [BA6A8800] spdg.sys
IAT             atapi.sys[HAL.dll!WRITE_PORT_UCHAR]                                                                                 [BA6A86D6] spdg.sys
IAT             \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR]                                                  [BA6B7E9C] spdg.sys
IAT             \SystemRoot\System32\Drivers\akw6f31z.SYS[HAL.dll!KfAcquireSpinLock]                                                0C8D1C46
IAT             \SystemRoot\System32\Drivers\akw6f31z.SYS[HAL.dll!READ_PORT_UCHAR]                                                  B08B8932
IAT             \SystemRoot\System32\Drivers\akw6f31z.SYS[HAL.dll!KeGetCurrentIrql]                                                 89000001
IAT             \SystemRoot\System32\Drivers\akw6f31z.SYS[HAL.dll!KfRaiseIrql]                                                      0001BC83
IAT             \SystemRoot\System32\Drivers\akw6f31z.SYS[HAL.dll!KfLowerIrql]                                                      24468B00
IAT             \SystemRoot\System32\Drivers\akw6f31z.SYS[HAL.dll!HalGetInterruptVector]                                            89820C8D
IAT             \SystemRoot\System32\Drivers\akw6f31z.SYS[HAL.dll!HalTranslateBusAddress]                                           D18BF84D
IAT             \SystemRoot\System32\Drivers\akw6f31z.SYS[HAL.dll!KeStallExecutionProcessor]                                        860F1639
IAT             \SystemRoot\System32\Drivers\akw6f31z.SYS[HAL.dll!KfReleaseSpinLock]                                                000000BD
IAT             \SystemRoot\System32\Drivers\akw6f31z.SYS[HAL.dll!READ_PORT_BUFFER_USHORT]                                          0208B389
IAT             \SystemRoot\System32\Drivers\akw6f31z.SYS[HAL.dll!READ_PORT_USHORT]                                                 83660000
IAT             \SystemRoot\System32\Drivers\akw6f31z.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT]                                         7400067E
IAT             \SystemRoot\System32\Drivers\akw6f31z.SYS[HAL.dll!WRITE_PORT_UCHAR]                                                 89D60320
IAT             \SystemRoot\System32\Drivers\akw6f31z.SYS[WMILIB.SYS!WmiSystemControl]                                              8D168B00
IAT             \SystemRoot\System32\Drivers\akw6f31z.SYS[WMILIB.SYS!WmiCompleteRequest]                                            F0003284

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\WINDOWS\system32\services.exe[772] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW]        00370002
IAT             C:\WINDOWS\system32\services.exe[772] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW]              00370000

---- Devices - GMER 1.0.15 ----

Device          \FileSystem\Ntfs \Ntfs                                                                                              89B091F8

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                                              aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice  \Driver\Tcpip \Device\Ip                                                                                            aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device          \Driver\NetBT \Device\NetBT_Tcpip_{F9EF0DE5-913A-49F2-951F-0BA8B8D381C6}                                            8981F500
Device          \Driver\PCI_PNP7786 \Device\00000044                                                                                spdg.sys
Device          \Driver\usbohci \Device\USBPDO-0                                                                                    898A81F8
Device          \Driver\usbohci \Device\USBPDO-1                                                                                    898A81F8
Device          \Driver\dmio \Device\DmControl\DmIoDaemon                                                                           89B771F8
Device          \Driver\dmio \Device\DmControl\DmConfig                                                                             89B771F8
Device          \Driver\dmio \Device\DmControl\DmPnP                                                                                89B771F8
Device          \Driver\dmio \Device\DmControl\DmInfo                                                                               89B771F8
Device          \Driver\usbohci \Device\USBPDO-2                                                                                    898A81F8
Device          \Driver\usbohci \Device\USBPDO-3                                                                                    898A81F8
Device          \Driver\usbohci \Device\USBPDO-4                                                                                    898A81F8

AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                                           aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device          \Driver\usbehci \Device\USBPDO-5                                                                                    898701F8
Device          \Driver\Ftdisk \Device\HarddiskVolume1                                                                              89B0B1F8
Device          \Driver\Ftdisk \Device\HarddiskVolume2                                                                              89B0B1F8
Device          \Driver\Cdrom \Device\CdRom0                                                                                        898621F8
Device          \Driver\Cdrom \Device\CdRom1                                                                                        898621F8
Device          \Driver\atapi \Device\Ide\IdePort0                                                                                  89B0A1F8
Device          \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3                                                                         89B0A1F8
Device          \Driver\atapi \Device\Ide\IdePort1                                                                                  89B0A1F8
Device          \Driver\atapi \Device\Ide\IdePort2                                                                                  89B0A1F8
Device          \Driver\atapi \Device\Ide\IdePort3                                                                                  89B0A1F8
Device          \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-12                                                                        89B0A1F8
Device          \Driver\NetBT \Device\NetBt_Wins_Export                                                                             8981F500
Device          \Driver\NetBT \Device\NetbiosSmb                                                                                    8981F500

AttachedDevice  \Driver\Tcpip \Device\Udp                                                                                           aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice  \Driver\Tcpip \Device\RawIp                                                                                         aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device          \Driver\sptd \Device\1523521536                                                                                     spdg.sys
Device          \Driver\usbohci \Device\USBFDO-0                                                                                    898A81F8
Device          \Driver\usbohci \Device\USBFDO-1                                                                                    898A81F8
Device          \Driver\usbohci \Device\USBFDO-2                                                                                    898A81F8
Device          \FileSystem\MRxSmb \Device\LanmanDatagramReceiver                                                                   89629500
Device          \Driver\usbohci \Device\USBFDO-3                                                                                    898A81F8
Device          \FileSystem\MRxSmb \Device\LanmanRedirector                                                                         89629500
Device          \Driver\Ftdisk \Device\FtControl                                                                                    89B0B1F8
Device          \Driver\usbohci \Device\USBFDO-4                                                                                    898A81F8
Device          \Driver\usbehci \Device\USBFDO-5                                                                                    898701F8
Device          \Driver\akw6f31z \Device\Scsi\akw6f31z1                                                                             897961F8
Device          \Driver\akw6f31z \Device\Scsi\akw6f31z1Port4Path0Target0Lun0                                                        897961F8
Device          \FileSystem\Cdfs \Cdfs                                                                                              89769500

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1                                                                  771343423
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2                                                                  285507792
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0                                                                  1
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                    
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                 C:\Programme\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                 0
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                              0x85 0xA2 0x3C 0x4B ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                           
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                        0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                     0x82 0x8D 0xB0 0x45 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                      
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                0x39 0x15 0x19 0x07 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                     C:\Programme\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                     0
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0x85 0xA2 0x3C 0x4B ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)       
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                         0x82 0x8D 0xB0 0x45 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0x39 0x15 0x19 0x07 ...

---- EOF - GMER 1.0.15 ----
         
__________________


Alt 15.09.2009, 15:33   #3
torvitas
 
virus? - Standard

virus?



Code:
ATTFilter
Logfile of random's system information tool 1.06 (written by random/random)
Run by Torvitas at 2009-09-15 14:58:16
Microsoft Windows XP Professional Service Pack 2
System drive C: has 41 GB (80%) free of 51 GB
Total RAM: 1919 MB (74% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:58:17, on 15.09.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
C:\Programme\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\avmwlanstick\wlangui.exe
C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programme\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\avmwlanstick\WlanNetService.exe
C:\Programme\ICQ6Toolbar\ICQ Service.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\Alwil Software\Avast4\ashMaiSv.exe
C:\Programme\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\PC-Sicherheit\RSIT.exe
C:\Programme\Trend Micro\HijackThis\Torvitas.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://start.icq.com/
R3 - URLSearchHook: (no name) -  - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Programme\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\wlangui.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ Malwarebytes Anti-Malware  (reboot)] "C:\Programme\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Easy-WebPrint - Drucken - res://C:\Programme\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - res://C:\Programme\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint - Vorschau - res://C:\Programme\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - res://C:\Programme\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - h**p://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programme\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVM WLAN Connection Service - AVM Berlin - C:\Programme\avmwlanstick\WlanNetService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Programme\ICQ6Toolbar\ICQ Service.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 5588 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Klick-Wartung.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{68F9551E-0411-48E4-9AAF-4BC42A6A46BE}]
EWPBrowseObject Class - C:\Programme\Canon\Easy-WebPrint\EWPBrowseLoader.dll [2006-06-09 34304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Programme\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-25 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Programme\ICQ6Toolbar\ICQToolBar.dll [2008-12-09 958200]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Programme\Canon\Easy-WebPrint\Toolband.dll [2006-06-09 552960]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll [2009-04-23 937416]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
"AVMWlanClient"=C:\Programme\avmwlanstick\wlangui.exe [2006-12-28 1454080]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-08-17 81000]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2009-06-12 17887232]
"Adobe Reader Speed Launcher"=C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"SunJavaUpdateSched"=C:\Programme\Java\jre6\bin\jusched.exe [2009-07-25 149280]
" Malwarebytes Anti-Malware  (reboot)"=C:\Programme\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2007-11-08 15360]
"SUPERAntiSpyware"=C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-09-04 1994480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
C:\Programme\SlySoft\AnyDVD\AnyDVDtray.exe [2009-07-25 2968512]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Programme\DAEMON Tools Lite\daemon.exe [2009-04-23 691656]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
C:\Programme\ScanSoft\OmniPageSE4.0\OpwareSE4.exe [2006-10-11 75304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Programme\Skype\Phone\Skype.exe [2009-07-16 25604904]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-09-28 185896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Programme\Winamp\winampa.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^***^Startmenü^Programme^Autostart^Secunia PSI.lnk]
C:\PROGRA~1\Secunia\PSI\psi.exe []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Programme\SUPERAntiSpyware\SASWINLO.dll [2009-09-03 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-07-22 118784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Programme\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=91000000

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\Spiele\World of Warcraft\Launcher.exe"="D:\Spiele\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher"
"D:\Spiele\World of Warcraft\BackgroundDownloader.exe"="D:\Spiele\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader"
"C:\Programme\ICQ6.5\ICQ.exe"="C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Programme\Java\jre6\bin\java.exe"="C:\Programme\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"D:\Spiele\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-deDE-downloader.exe"="D:\Spiele\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-deDE-downloader.exe:*:Enabled:Blizzard Downloader"
"D:\Spiele\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-deDE-downloader.exe"="D:\Spiele\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-deDE-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Programme\Skype\Phone\Skype.exe"="C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype"
"D:\Videos\Cruel_Cruel_Moon_enGB.avi-downloader.exe"="D:\Videos\Cruel_Cruel_Moon_enGB.avi-downloader.exe:*:Enabled:Blizzard Downloader"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
         
__________________

Alt 15.09.2009, 15:34   #4
torvitas
 
virus? - Standard

virus?



Code:
ATTFilter
======List of files/folders created in the last 1 months======

2009-09-15 12:53:37 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com
2009-09-15 12:53:24 ----D---- C:\Programme\SUPERAntiSpyware
2009-09-15 12:53:23 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\SUPERAntiSpyware.com
2009-09-15 12:31:53 ----D---- C:\rsit
2009-09-15 12:19:09 ----D---- C:\Programme\Trend Micro
2009-09-13 16:55:40 ----D---- C:\Programme\Universal Interactive
2009-09-13 13:40:33 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Malwarebytes
2009-09-13 13:40:28 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2009-09-13 13:40:27 ----D---- C:\Programme\Malwarebytes' Anti-Malware
2009-09-10 16:19:41 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite
2009-09-10 16:19:22 ----D---- C:\Programme\DAEMON Tools Toolbar
2009-09-10 16:19:18 ----D---- C:\Programme\DAEMON Tools Lite
2009-09-10 16:17:04 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\DAEMON Tools Lite
2009-09-10 16:02:45 ----D---- C:\Programme\Lionhead Studios
2009-09-07 21:13:32 ----D---- C:\Programme\OpenAL
2009-09-07 21:13:31 ----A---- C:\WINDOWS\system32\wrap_oal.dll
2009-09-07 21:13:31 ----A---- C:\WINDOWS\system32\OpenAL32.dll
2009-09-07 21:13:17 ----A---- C:\WINDOWS\system32\XAudio2_2.dll
2009-09-07 21:13:17 ----A---- C:\WINDOWS\system32\XAPOFX1_1.dll
2009-09-07 21:13:17 ----A---- C:\WINDOWS\system32\xactengine3_2.dll
2009-09-07 21:13:16 ----A---- C:\WINDOWS\system32\D3DX9_39.dll
2009-09-07 21:13:16 ----A---- C:\WINDOWS\system32\d3dx10_39.dll
2009-09-07 21:13:16 ----A---- C:\WINDOWS\system32\D3DCompiler_39.dll
2009-09-07 21:13:15 ----A---- C:\WINDOWS\system32\XAudio2_1.dll
2009-09-07 21:13:15 ----A---- C:\WINDOWS\system32\XAPOFX1_0.dll
2009-09-07 21:13:15 ----A---- C:\WINDOWS\system32\xactengine3_1.dll
2009-09-07 21:13:15 ----A---- C:\WINDOWS\system32\X3DAudio1_4.dll
2009-09-07 21:13:14 ----A---- C:\WINDOWS\system32\D3DX9_38.dll
2009-09-07 21:13:14 ----A---- C:\WINDOWS\system32\d3dx10_38.dll
2009-09-07 21:13:14 ----A---- C:\WINDOWS\system32\D3DCompiler_38.dll
2009-09-07 21:13:13 ----A---- C:\WINDOWS\system32\XAudio2_0.dll
2009-09-07 21:13:13 ----A---- C:\WINDOWS\system32\xactengine3_0.dll
2009-09-07 21:13:12 ----A---- C:\WINDOWS\system32\X3DAudio1_3.dll
2009-09-07 21:13:12 ----A---- C:\WINDOWS\system32\d3dx10_37.dll
2009-09-07 21:13:12 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll
2009-09-07 21:13:11 ----A---- C:\WINDOWS\system32\D3DX9_37.dll
2009-09-07 21:13:10 ----A---- C:\WINDOWS\system32\xactengine2_10.dll
2009-09-07 21:13:10 ----A---- C:\WINDOWS\system32\d3dx10_36.dll
2009-09-07 21:13:09 ----A---- C:\WINDOWS\system32\d3dx9_36.dll
2009-09-07 21:13:09 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll
2009-09-07 21:13:08 ----A---- C:\WINDOWS\system32\xactengine2_9.dll
2009-09-07 21:13:08 ----A---- C:\WINDOWS\system32\d3dx10_35.dll
2009-09-07 21:13:08 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll
2009-09-07 21:13:07 ----A---- C:\WINDOWS\system32\d3dx9_35.dll
2009-09-07 21:13:06 ----A---- C:\WINDOWS\system32\xactengine2_8.dll
2009-09-07 21:13:06 ----A---- C:\WINDOWS\system32\X3DAudio1_2.dll
2009-09-07 21:13:06 ----A---- C:\WINDOWS\system32\d3dx10_34.dll
2009-09-07 21:13:06 ----A---- C:\WINDOWS\system32\D3DCompiler_34.dll
2009-09-07 21:13:05 ----A---- C:\WINDOWS\system32\d3dx9_34.dll
2009-09-07 21:13:04 ----A---- C:\WINDOWS\system32\xinput1_3.dll
2009-09-07 21:13:00 ----A---- C:\WINDOWS\system32\xactengine2_7.dll
2009-09-07 21:12:51 ----A---- C:\WINDOWS\system32\d3dx10_33.dll
2009-09-07 21:12:51 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll
2009-09-07 21:12:48 ----A---- C:\WINDOWS\system32\d3dx9_33.dll
2009-09-07 21:12:47 ----A---- C:\WINDOWS\system32\xactengine2_6.dll
2009-09-07 21:12:46 ----A---- C:\WINDOWS\system32\xactengine2_5.dll
2009-09-07 21:12:46 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
2009-09-07 21:12:45 ----A---- C:\WINDOWS\system32\xactengine2_4.dll
2009-09-07 21:12:45 ----A---- C:\WINDOWS\system32\x3daudio1_1.dll
2009-09-07 21:12:44 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
2009-09-07 21:12:43 ----A---- C:\WINDOWS\system32\xactengine2_3.dll
2009-09-07 21:12:42 ----A---- C:\WINDOWS\system32\xinput1_2.dll
2009-09-07 21:12:41 ----A---- C:\WINDOWS\system32\xinput1_1.dll
2009-09-07 21:12:41 ----A---- C:\WINDOWS\system32\xactengine2_2.dll
2009-09-07 21:12:40 ----A---- C:\WINDOWS\system32\xactengine2_1.dll
2009-09-07 21:12:30 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2009-09-07 21:12:29 ----A---- C:\WINDOWS\system32\xactengine2_0.dll
2009-09-07 21:12:29 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll
2009-09-07 21:12:29 ----A---- C:\WINDOWS\system32\d3dx9_29.dll
2009-09-07 21:12:28 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll
2009-09-07 21:12:28 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
2009-09-07 21:12:28 ----A---- C:\WINDOWS\system32\d3dx9_27.dll
2009-09-07 21:12:27 ----A---- C:\WINDOWS\system32\d3dx9_26.dll
2009-09-07 21:12:27 ----A---- C:\WINDOWS\system32\d3dx9_25.dll
2009-09-07 21:12:25 ----A---- C:\WINDOWS\system32\d3dx9_24.dll
2009-09-07 21:12:10 ----D---- C:\WINDOWS\Logs
2009-09-07 14:02:21 ----A---- C:\WINDOWS\system32\javaws.exe
2009-09-07 14:02:21 ----A---- C:\WINDOWS\system32\javaw.exe
2009-09-07 14:02:21 ----A---- C:\WINDOWS\system32\java.exe
2009-09-03 15:08:25 ----A---- C:\WINDOWS\system32\kbdkor.dll
2009-09-03 15:08:25 ----A---- C:\WINDOWS\system32\kbdjpn.dll
2009-09-03 15:08:25 ----A---- C:\WINDOWS\system32\kbd106.dll
2009-09-03 15:08:25 ----A---- C:\WINDOWS\system32\kbd103.dll
2009-09-03 15:08:25 ----A---- C:\WINDOWS\system32\kbd101c.dll
2009-09-03 15:08:25 ----A---- C:\WINDOWS\system32\kbd101b.dll
2009-09-03 15:04:40 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\GetRightToGo
2009-08-30 16:29:13 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\TuxPaint
2009-08-30 16:29:00 ----D---- C:\Programme\TuxPaint
2009-08-20 10:54:06 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Blizzard Entertainment
2009-08-20 10:44:40 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Ahead
2009-08-20 10:33:32 ----RA---- C:\WINDOWS\system32\picn20.dll
2009-08-20 10:33:30 ----RA---- C:\WINDOWS\system32\ImagXpr5.dll
2009-08-20 10:33:30 ----RA---- C:\WINDOWS\system32\imagx5.dll
2009-08-20 10:33:30 ----RA---- C:\WINDOWS\system32\imagr5.dll
2009-08-20 10:33:27 ----RA---- C:\WINDOWS\system32\NeroCheck.exe
2009-08-20 10:33:27 ----D---- C:\Programme\Gemeinsame Dateien\Ahead
2009-08-20 10:33:22 ----D---- C:\Programme\Ahead
2009-08-19 11:26:27 ----D---- C:\CrashReport

======List of files/folders modified in the last 1 months======

2009-09-15 14:41:52 ----D---- C:\Programme\Mozilla Firefox
2009-09-15 14:18:05 ----D---- C:\WINDOWS\Prefetch
2009-09-15 14:13:42 ----D---- C:\WINDOWS\system32\CatRoot2
2009-09-15 14:10:41 ----AD---- C:\WINDOWS
2009-09-15 14:10:35 ----D---- C:\WINDOWS\Temp
2009-09-15 14:09:30 ----D---- C:\Programme
2009-09-15 14:08:48 ----N---- C:\WINDOWS\SchedLgU.Txt
2009-09-15 14:07:15 ----D---- C:\WINDOWS\system32\drivers
2009-09-15 13:21:28 ----HD---- C:\WINDOWS\inf
2009-09-15 13:20:51 ----SHD---- C:\WINDOWS\Installer
2009-09-15 13:20:50 ----D---- C:\WINDOWS\WinSxS
2009-09-15 13:20:09 ----RD---- C:\PC-Sicherheit
2009-09-15 12:52:59 ----D---- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2009-09-13 17:04:29 ----HD---- C:\Programme\InstallShield Installation Information
2009-09-13 13:46:43 ----AD---- C:\WINDOWS\system32
2009-09-13 13:46:20 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Uniblue
2009-09-13 13:46:20 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DriverScanner
2009-09-13 13:38:54 ----RD---- C:\Programme\Skype
2009-09-13 09:36:08 ----D---- C:\Programme\TuneUp Utilities 2008
2009-09-10 16:15:56 ----RD---- C:\PC-Tools
2009-09-10 16:02:43 ----RSD---- C:\WINDOWS\assembly
2009-09-10 16:02:43 ----D---- C:\WINDOWS\system32\DirectX
2009-09-09 20:20:37 ----D---- C:\Programme\Teamspeak2_RC2
2009-09-09 20:20:37 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\teamspeak2
2009-09-07 21:13:30 ----D---- C:\Programme\Gemeinsame Dateien\Microsoft Shared
2009-09-07 21:12:32 ----D---- C:\WINDOWS\Microsoft.NET
2009-09-07 14:02:18 ----D---- C:\Programme\Java
2009-09-03 15:08:31 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-08-30 13:58:55 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Skype
2009-08-29 19:28:19 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\gtk-2.0
2009-08-29 17:23:40 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\skypePM
2009-08-29 08:47:36 ----D---- C:\Programme\Winamp
2009-08-28 12:35:11 ----SD---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Microsoft
2009-08-20 21:31:57 ----D---- C:\Programme\thriXXX
2009-08-20 10:33:27 ----D---- C:\Programme\Gemeinsame Dateien
2009-08-19 13:39:04 ----D---- C:\WINDOWS\system32\config
2009-08-19 08:55:40 ----SD---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft
2009-08-18 22:47:18 ----SHD---- C:\System Volume Information
2009-08-18 22:47:18 ----D---- C:\WINDOWS\system32\Restore
2009-08-17 18:10:20 ----A---- C:\WINDOWS\system32\aswBoot.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-08-17 26944]
R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-08-17 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-08-17 51376]
R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2009-02-17 24232]
R1 SASDIFSV;SASDIFSV; \??\C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Programme\SUPERAntiSpyware\SASKUTIL.sys []
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-08-17 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-08-17 94160]
R3 AnyDVD;AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [2009-07-24 104512]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-08-17 23152]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-07-22 2363904]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 hidusb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2007-11-08 9600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-06-16 5095936]
R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2007-11-08 12288]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2007-05-31 96896]
R3 SASENUM;SASENUM; \??\C:\Programme\SUPERAntiSpyware\SASENUM.SYS []
R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2007-11-08 26624]
R3 usbhub;USB2-aktivierter Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2007-11-08 57600]
R3 usbohci;Miniporttreiber für Microsoft USB Open Host-Controller; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2007-11-08 17024]
S3 akw6f31z;akw6f31z; C:\WINDOWS\system32\drivers\akw6f31z.sys []
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2008-08-05 1684736]
S3 FWLANUSB;AVM FRITZ!WLAN; C:\WINDOWS\system32\DRIVERS\fwlanusb.sys [2006-12-28 265088]
S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS []
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2006-01-04 1389056]
S3 MSICPL;MSICPL; \??\E:\install4\MSICPL.sys []
S3 NTACCESS;NTACCESS; \??\E:\NTACCESS.sys []
S3 SetupNTGLM7X;SetupNTGLM7X; \??\E:\NTGLM7X.sys []
S3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Programme\Alwil Software\Avast4\aswUpdSv.exe [2009-08-17 18752]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-07-22 483328]
R2 avast! Antivirus;avast! Antivirus; C:\Programme\Alwil Software\Avast4\ashServ.exe [2009-08-17 138680]
R2 AVM WLAN Connection Service;AVM WLAN Connection Service; C:\Programme\avmwlanstick\WlanNetService.exe [2006-12-28 356352]
R2 ICQ Service;ICQ Service; C:\Programme\ICQ6Toolbar\ICQ Service.exe [2008-10-19 222456]
R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2009-07-25 153376]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R2 UxTuneUp;TuneUp Designerweiterung; C:\WINDOWS\System32\svchost.exe [2007-11-08 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Programme\Alwil Software\Avast4\ashMaiSv.exe [2009-08-17 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Programme\Alwil Software\Avast4\ashWebSv.exe [2009-08-17 352920]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 TuneUp.Defrag;TuneUp Drive Defrag-Dienst; C:\WINDOWS\System32\TuneUpDefragService.exe [2009-07-05 361728]

-----------------EOF-----------------
         

Antwort

Themen zu virus?
adobe, antivirus, avast, avast!, bho, dateien, explorer, hijack, hijackthis, hkus\s-1-5-18, hotkey, icq, internet, internet explorer, logfile, malwarebytes, malwarebytes anti-malware, malwarebytes' anti-malware, microsoft, neu, programme, software, stick, superantispyware, system, tuneup.defrag, virus, virus?, windows, windows xp




Zum Thema virus? - hallo bin neu hier und ein wenig beunruhigt wegen einen "virus " welchen ich heute auf meinem pc gefunden hab und hab gehört hier kann geholfen, würde sich bitte jemand - virus?...
Archiv
Du betrachtest: virus? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.