| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: virus?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
15.09.2009, 14:19
| #1 |
| |  virus? hallo bin neu hier und ein wenig beunruhigt wegen einen "virus  " welchen ich heute auf meinem pc gefunden habund hab gehört hier kann geholfen, würde sich bitte jemand die logs anschauen Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:57:32, on 15.09.2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Alwil Software\Avast4\aswUpdSv.exe C:\Programme\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programme\avmwlanstick\wlangui.exe C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\RTHDCPL.EXE C:\Programme\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\avmwlanstick\WlanNetService.exe C:\Programme\ICQ6Toolbar\ICQ Service.exe C:\Programme\Java\jre6\bin\jqs.exe C:\Programme\Alwil Software\Avast4\ashMaiSv.exe C:\Programme\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Programme\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://start.icq.com/ R3 - URLSearchHook: (no name) - - (no file) R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Programme\Canon\Easy-WebPrint\EWPBrowseLoader.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll O4 - HKLM\..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKLM\..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\wlangui.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [ Malwarebytes Anti-Malware (reboot)] "C:\Programme\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Easy-WebPrint - Drucken - res://C:\Programme\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - res://C:\Programme\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint - Vorschau - res://C:\Programme\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - res://C:\Programme\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - h**p://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Programme\SUPERAntiSpyware\SASWINLO.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programme\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashWebSv.exe O23 - Service: AVM WLAN Connection Service - AVM Berlin - C:\Programme\avmwlanstick\WlanNetService.exe O23 - Service: ICQ Service - Unknown owner - C:\Programme\ICQ6Toolbar\ICQ Service.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe -- End of file - 5563 bytes |
|
15.09.2009, 15:29
| #2 |
| | virus? hier der GMER log:
__________________Code:
ATTFilter GMER 1.0.15.15086 - h**p://www.gmer.net
Rootkit scan 2009-09-15 16:24:07
Windows 5.1.2600 Service Pack 2
Running: cppnk76s.exe; Driver: C:\DOKUME~1\***\LOKALE~1\Temp\aujasnkj.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xAF0516B8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xAF051574]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xAF051A52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xAF05114C]
SSDT spdg.sys ZwEnumerateKey [0xBA6C5CA4]
SSDT spdg.sys ZwEnumerateValueKey [0xBA6C6032]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xAF05164E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xAF05108C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xAF0510F0]
SSDT spdg.sys ZwQueryKey [0xBA6C610A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xAF05176E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xAF05172E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xAF0518AE]
SSDT \??\C:\Programme\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xAF12F0B0]
INT 0x62 ? 89B0ABF8
INT 0x73 ? 898AABF8
INT 0x73 ? 898AABF8
INT 0x82 ? 89B0ABF8
INT 0x83 ? 89B0ABF8
INT 0xA4 ? 898AABF8
INT 0xB4 ? 898AABF8
---- Kernel code sections - GMER 1.0.15 ----
? spdg.sys Das System kann die angegebene Datei nicht finden. !
.text USBPORT.SYS!DllUnload B7AFC62C 5 Bytes JMP 898AA1D8
.text akw6f31z.SYS B7A33386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text akw6f31z.SYS B7A333AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text akw6f31z.SYS B7A333C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}
.text akw6f31z.SYS B7A333C9 1 Byte [30]
.text akw6f31z.SYS B7A333C9 11 Bytes [30, 00, 00, 00, 5C, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESP; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
.text ...
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [BA6A8042] spdg.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [BA6A813E] spdg.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [BA6A80C0] spdg.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [BA6A8800] spdg.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [BA6A86D6] spdg.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [BA6B7E9C] spdg.sys
IAT \SystemRoot\System32\Drivers\akw6f31z.SYS[HAL.dll!KfAcquireSpinLock] 0C8D1C46
IAT \SystemRoot\System32\Drivers\akw6f31z.SYS[HAL.dll!READ_PORT_UCHAR] B08B8932
IAT \SystemRoot\System32\Drivers\akw6f31z.SYS[HAL.dll!KeGetCurrentIrql] 89000001
IAT \SystemRoot\System32\Drivers\akw6f31z.SYS[HAL.dll!KfRaiseIrql] 0001BC83
IAT \SystemRoot\System32\Drivers\akw6f31z.SYS[HAL.dll!KfLowerIrql] 24468B00
IAT \SystemRoot\System32\Drivers\akw6f31z.SYS[HAL.dll!HalGetInterruptVector] 89820C8D
IAT \SystemRoot\System32\Drivers\akw6f31z.SYS[HAL.dll!HalTranslateBusAddress] D18BF84D
IAT \SystemRoot\System32\Drivers\akw6f31z.SYS[HAL.dll!KeStallExecutionProcessor] 860F1639
IAT \SystemRoot\System32\Drivers\akw6f31z.SYS[HAL.dll!KfReleaseSpinLock] 000000BD
IAT \SystemRoot\System32\Drivers\akw6f31z.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 0208B389
IAT \SystemRoot\System32\Drivers\akw6f31z.SYS[HAL.dll!READ_PORT_USHORT] 83660000
IAT \SystemRoot\System32\Drivers\akw6f31z.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 7400067E
IAT \SystemRoot\System32\Drivers\akw6f31z.SYS[HAL.dll!WRITE_PORT_UCHAR] 89D60320
IAT \SystemRoot\System32\Drivers\akw6f31z.SYS[WMILIB.SYS!WmiSystemControl] 8D168B00
IAT \SystemRoot\System32\Drivers\akw6f31z.SYS[WMILIB.SYS!WmiCompleteRequest] F0003284
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\WINDOWS\system32\services.exe[772] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00370002
IAT C:\WINDOWS\system32\services.exe[772] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00370000
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 89B091F8
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
Device \Driver\NetBT \Device\NetBT_Tcpip_{F9EF0DE5-913A-49F2-951F-0BA8B8D381C6} 8981F500
Device \Driver\PCI_PNP7786 \Device\00000044 spdg.sys
Device \Driver\usbohci \Device\USBPDO-0 898A81F8
Device \Driver\usbohci \Device\USBPDO-1 898A81F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 89B771F8
Device \Driver\dmio \Device\DmControl\DmConfig 89B771F8
Device \Driver\dmio \Device\DmControl\DmPnP 89B771F8
Device \Driver\dmio \Device\DmControl\DmInfo 89B771F8
Device \Driver\usbohci \Device\USBPDO-2 898A81F8
Device \Driver\usbohci \Device\USBPDO-3 898A81F8
Device \Driver\usbohci \Device\USBPDO-4 898A81F8
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
Device \Driver\usbehci \Device\USBPDO-5 898701F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 89B0B1F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 89B0B1F8
Device \Driver\Cdrom \Device\CdRom0 898621F8
Device \Driver\Cdrom \Device\CdRom1 898621F8
Device \Driver\atapi \Device\Ide\IdePort0 89B0A1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 89B0A1F8
Device \Driver\atapi \Device\Ide\IdePort1 89B0A1F8
Device \Driver\atapi \Device\Ide\IdePort2 89B0A1F8
Device \Driver\atapi \Device\Ide\IdePort3 89B0A1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-12 89B0A1F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 8981F500
Device \Driver\NetBT \Device\NetbiosSmb 8981F500
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
Device \Driver\sptd \Device\1523521536 spdg.sys
Device \Driver\usbohci \Device\USBFDO-0 898A81F8
Device \Driver\usbohci \Device\USBFDO-1 898A81F8
Device \Driver\usbohci \Device\USBFDO-2 898A81F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 89629500
Device \Driver\usbohci \Device\USBFDO-3 898A81F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 89629500
Device \Driver\Ftdisk \Device\FtControl 89B0B1F8
Device \Driver\usbohci \Device\USBFDO-4 898A81F8
Device \Driver\usbehci \Device\USBFDO-5 898701F8
Device \Driver\akw6f31z \Device\Scsi\akw6f31z1 897961F8
Device \Driver\akw6f31z \Device\Scsi\akw6f31z1Port4Path0Target0Lun0 897961F8
Device \FileSystem\Cdfs \Cdfs 89769500
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x85 0xA2 0x3C 0x4B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x82 0x8D 0xB0 0x45 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x39 0x15 0x19 0x07 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x85 0xA2 0x3C 0x4B ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x82 0x8D 0xB0 0x45 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x39 0x15 0x19 0x07 ...
---- EOF - GMER 1.0.15 ----
|
|
15.09.2009, 15:33
| #3 |
| | virus?Code:
ATTFilter Logfile of random's system information tool 1.06 (written by random/random) Run by Torvitas at 2009-09-15 14:58:16 Microsoft Windows XP Professional Service Pack 2 System drive C: has 41 GB (80%) free of 51 GB Total RAM: 1919 MB (74% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:58:17, on 15.09.2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Alwil Software\Avast4\aswUpdSv.exe C:\Programme\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programme\avmwlanstick\wlangui.exe C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\RTHDCPL.EXE C:\Programme\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\avmwlanstick\WlanNetService.exe C:\Programme\ICQ6Toolbar\ICQ Service.exe C:\Programme\Java\jre6\bin\jqs.exe C:\Programme\Alwil Software\Avast4\ashMaiSv.exe C:\Programme\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\PC-Sicherheit\RSIT.exe C:\Programme\Trend Micro\HijackThis\Torvitas.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://start.icq.com/ R3 - URLSearchHook: (no name) - - (no file) R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Programme\Canon\Easy-WebPrint\EWPBrowseLoader.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll O4 - HKLM\..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKLM\..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\wlangui.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [ Malwarebytes Anti-Malware (reboot)] "C:\Programme\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Easy-WebPrint - Drucken - res://C:\Programme\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - res://C:\Programme\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint - Vorschau - res://C:\Programme\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - res://C:\Programme\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - h**p://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Programme\SUPERAntiSpyware\SASWINLO.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programme\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashWebSv.exe O23 - Service: AVM WLAN Connection Service - AVM Berlin - C:\Programme\avmwlanstick\WlanNetService.exe O23 - Service: ICQ Service - Unknown owner - C:\Programme\ICQ6Toolbar\ICQ Service.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe -- End of file - 5588 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\1-Klick-Wartung.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{68F9551E-0411-48E4-9AAF-4BC42A6A46BE}] EWPBrowseObject Class - C:\Programme\Canon\Easy-WebPrint\EWPBrowseLoader.dll [2006-06-09 34304] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Programme\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-25 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Programme\ICQ6Toolbar\ICQToolBar.dll [2008-12-09 958200] {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Programme\Canon\Easy-WebPrint\Toolband.dll [2006-06-09 552960] {32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll [2009-04-23 937416] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "StartCCC"=C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112] "AVMWlanClient"=C:\Programme\avmwlanstick\wlangui.exe [2006-12-28 1454080] "avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-08-17 81000] "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2009-06-12 17887232] "Adobe Reader Speed Launcher"=C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696] "SunJavaUpdateSched"=C:\Programme\Java\jre6\bin\jusched.exe [2009-07-25 149280] " Malwarebytes Anti-Malware (reboot)"=C:\Programme\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2007-11-08 15360] "SUPERAntiSpyware"=C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-09-04 1994480] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD] C:\Programme\SlySoft\AnyDVD\AnyDVDtray.exe [2009-07-25 2968512] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] C:\Programme\DAEMON Tools Lite\daemon.exe [2009-04-23 691656] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck] C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4] C:\Programme\ScanSoft\OmniPageSE4.0\OpwareSE4.exe [2006-10-11 75304] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] C:\Programme\Skype\Phone\Skype.exe [2009-07-16 25604904] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate] C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-09-28 185896] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] C:\Programme\Winamp\winampa.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^***^Startmenü^Programme^Autostart^Secunia PSI.lnk] C:\PROGRA~1\Secunia\PSI\psi.exe [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon] C:\Programme\SUPERAntiSpyware\SASWINLO.dll [2009-09-03 548352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] C:\WINDOWS\system32\Ati2evxx.dll [2007-07-22 118784] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Programme\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=91000000 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "D:\Spiele\World of Warcraft\Launcher.exe"="D:\Spiele\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher" "D:\Spiele\World of Warcraft\BackgroundDownloader.exe"="D:\Spiele\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader" "C:\Programme\ICQ6.5\ICQ.exe"="C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6" "C:\Programme\Java\jre6\bin\java.exe"="C:\Programme\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary" "D:\Spiele\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-deDE-downloader.exe"="D:\Spiele\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-deDE-downloader.exe:*:Enabled:Blizzard Downloader" "D:\Spiele\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-deDE-downloader.exe"="D:\Spiele\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-deDE-downloader.exe:*:Enabled:Blizzard Downloader" "C:\Programme\Skype\Phone\Skype.exe"="C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype" "D:\Videos\Cruel_Cruel_Moon_enGB.avi-downloader.exe"="D:\Videos\Cruel_Cruel_Moon_enGB.avi-downloader.exe:*:Enabled:Blizzard Downloader" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" |
|
15.09.2009, 15:34
| #4 |
| | virus?Code:
ATTFilter ======List of files/folders created in the last 1 months======
2009-09-15 12:53:37 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com
2009-09-15 12:53:24 ----D---- C:\Programme\SUPERAntiSpyware
2009-09-15 12:53:23 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\SUPERAntiSpyware.com
2009-09-15 12:31:53 ----D---- C:\rsit
2009-09-15 12:19:09 ----D---- C:\Programme\Trend Micro
2009-09-13 16:55:40 ----D---- C:\Programme\Universal Interactive
2009-09-13 13:40:33 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Malwarebytes
2009-09-13 13:40:28 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2009-09-13 13:40:27 ----D---- C:\Programme\Malwarebytes' Anti-Malware
2009-09-10 16:19:41 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite
2009-09-10 16:19:22 ----D---- C:\Programme\DAEMON Tools Toolbar
2009-09-10 16:19:18 ----D---- C:\Programme\DAEMON Tools Lite
2009-09-10 16:17:04 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\DAEMON Tools Lite
2009-09-10 16:02:45 ----D---- C:\Programme\Lionhead Studios
2009-09-07 21:13:32 ----D---- C:\Programme\OpenAL
2009-09-07 21:13:31 ----A---- C:\WINDOWS\system32\wrap_oal.dll
2009-09-07 21:13:31 ----A---- C:\WINDOWS\system32\OpenAL32.dll
2009-09-07 21:13:17 ----A---- C:\WINDOWS\system32\XAudio2_2.dll
2009-09-07 21:13:17 ----A---- C:\WINDOWS\system32\XAPOFX1_1.dll
2009-09-07 21:13:17 ----A---- C:\WINDOWS\system32\xactengine3_2.dll
2009-09-07 21:13:16 ----A---- C:\WINDOWS\system32\D3DX9_39.dll
2009-09-07 21:13:16 ----A---- C:\WINDOWS\system32\d3dx10_39.dll
2009-09-07 21:13:16 ----A---- C:\WINDOWS\system32\D3DCompiler_39.dll
2009-09-07 21:13:15 ----A---- C:\WINDOWS\system32\XAudio2_1.dll
2009-09-07 21:13:15 ----A---- C:\WINDOWS\system32\XAPOFX1_0.dll
2009-09-07 21:13:15 ----A---- C:\WINDOWS\system32\xactengine3_1.dll
2009-09-07 21:13:15 ----A---- C:\WINDOWS\system32\X3DAudio1_4.dll
2009-09-07 21:13:14 ----A---- C:\WINDOWS\system32\D3DX9_38.dll
2009-09-07 21:13:14 ----A---- C:\WINDOWS\system32\d3dx10_38.dll
2009-09-07 21:13:14 ----A---- C:\WINDOWS\system32\D3DCompiler_38.dll
2009-09-07 21:13:13 ----A---- C:\WINDOWS\system32\XAudio2_0.dll
2009-09-07 21:13:13 ----A---- C:\WINDOWS\system32\xactengine3_0.dll
2009-09-07 21:13:12 ----A---- C:\WINDOWS\system32\X3DAudio1_3.dll
2009-09-07 21:13:12 ----A---- C:\WINDOWS\system32\d3dx10_37.dll
2009-09-07 21:13:12 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll
2009-09-07 21:13:11 ----A---- C:\WINDOWS\system32\D3DX9_37.dll
2009-09-07 21:13:10 ----A---- C:\WINDOWS\system32\xactengine2_10.dll
2009-09-07 21:13:10 ----A---- C:\WINDOWS\system32\d3dx10_36.dll
2009-09-07 21:13:09 ----A---- C:\WINDOWS\system32\d3dx9_36.dll
2009-09-07 21:13:09 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll
2009-09-07 21:13:08 ----A---- C:\WINDOWS\system32\xactengine2_9.dll
2009-09-07 21:13:08 ----A---- C:\WINDOWS\system32\d3dx10_35.dll
2009-09-07 21:13:08 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll
2009-09-07 21:13:07 ----A---- C:\WINDOWS\system32\d3dx9_35.dll
2009-09-07 21:13:06 ----A---- C:\WINDOWS\system32\xactengine2_8.dll
2009-09-07 21:13:06 ----A---- C:\WINDOWS\system32\X3DAudio1_2.dll
2009-09-07 21:13:06 ----A---- C:\WINDOWS\system32\d3dx10_34.dll
2009-09-07 21:13:06 ----A---- C:\WINDOWS\system32\D3DCompiler_34.dll
2009-09-07 21:13:05 ----A---- C:\WINDOWS\system32\d3dx9_34.dll
2009-09-07 21:13:04 ----A---- C:\WINDOWS\system32\xinput1_3.dll
2009-09-07 21:13:00 ----A---- C:\WINDOWS\system32\xactengine2_7.dll
2009-09-07 21:12:51 ----A---- C:\WINDOWS\system32\d3dx10_33.dll
2009-09-07 21:12:51 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll
2009-09-07 21:12:48 ----A---- C:\WINDOWS\system32\d3dx9_33.dll
2009-09-07 21:12:47 ----A---- C:\WINDOWS\system32\xactengine2_6.dll
2009-09-07 21:12:46 ----A---- C:\WINDOWS\system32\xactengine2_5.dll
2009-09-07 21:12:46 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
2009-09-07 21:12:45 ----A---- C:\WINDOWS\system32\xactengine2_4.dll
2009-09-07 21:12:45 ----A---- C:\WINDOWS\system32\x3daudio1_1.dll
2009-09-07 21:12:44 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
2009-09-07 21:12:43 ----A---- C:\WINDOWS\system32\xactengine2_3.dll
2009-09-07 21:12:42 ----A---- C:\WINDOWS\system32\xinput1_2.dll
2009-09-07 21:12:41 ----A---- C:\WINDOWS\system32\xinput1_1.dll
2009-09-07 21:12:41 ----A---- C:\WINDOWS\system32\xactengine2_2.dll
2009-09-07 21:12:40 ----A---- C:\WINDOWS\system32\xactengine2_1.dll
2009-09-07 21:12:30 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2009-09-07 21:12:29 ----A---- C:\WINDOWS\system32\xactengine2_0.dll
2009-09-07 21:12:29 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll
2009-09-07 21:12:29 ----A---- C:\WINDOWS\system32\d3dx9_29.dll
2009-09-07 21:12:28 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll
2009-09-07 21:12:28 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
2009-09-07 21:12:28 ----A---- C:\WINDOWS\system32\d3dx9_27.dll
2009-09-07 21:12:27 ----A---- C:\WINDOWS\system32\d3dx9_26.dll
2009-09-07 21:12:27 ----A---- C:\WINDOWS\system32\d3dx9_25.dll
2009-09-07 21:12:25 ----A---- C:\WINDOWS\system32\d3dx9_24.dll
2009-09-07 21:12:10 ----D---- C:\WINDOWS\Logs
2009-09-07 14:02:21 ----A---- C:\WINDOWS\system32\javaws.exe
2009-09-07 14:02:21 ----A---- C:\WINDOWS\system32\javaw.exe
2009-09-07 14:02:21 ----A---- C:\WINDOWS\system32\java.exe
2009-09-03 15:08:25 ----A---- C:\WINDOWS\system32\kbdkor.dll
2009-09-03 15:08:25 ----A---- C:\WINDOWS\system32\kbdjpn.dll
2009-09-03 15:08:25 ----A---- C:\WINDOWS\system32\kbd106.dll
2009-09-03 15:08:25 ----A---- C:\WINDOWS\system32\kbd103.dll
2009-09-03 15:08:25 ----A---- C:\WINDOWS\system32\kbd101c.dll
2009-09-03 15:08:25 ----A---- C:\WINDOWS\system32\kbd101b.dll
2009-09-03 15:04:40 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\GetRightToGo
2009-08-30 16:29:13 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\TuxPaint
2009-08-30 16:29:00 ----D---- C:\Programme\TuxPaint
2009-08-20 10:54:06 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Blizzard Entertainment
2009-08-20 10:44:40 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Ahead
2009-08-20 10:33:32 ----RA---- C:\WINDOWS\system32\picn20.dll
2009-08-20 10:33:30 ----RA---- C:\WINDOWS\system32\ImagXpr5.dll
2009-08-20 10:33:30 ----RA---- C:\WINDOWS\system32\imagx5.dll
2009-08-20 10:33:30 ----RA---- C:\WINDOWS\system32\imagr5.dll
2009-08-20 10:33:27 ----RA---- C:\WINDOWS\system32\NeroCheck.exe
2009-08-20 10:33:27 ----D---- C:\Programme\Gemeinsame Dateien\Ahead
2009-08-20 10:33:22 ----D---- C:\Programme\Ahead
2009-08-19 11:26:27 ----D---- C:\CrashReport
======List of files/folders modified in the last 1 months======
2009-09-15 14:41:52 ----D---- C:\Programme\Mozilla Firefox
2009-09-15 14:18:05 ----D---- C:\WINDOWS\Prefetch
2009-09-15 14:13:42 ----D---- C:\WINDOWS\system32\CatRoot2
2009-09-15 14:10:41 ----AD---- C:\WINDOWS
2009-09-15 14:10:35 ----D---- C:\WINDOWS\Temp
2009-09-15 14:09:30 ----D---- C:\Programme
2009-09-15 14:08:48 ----N---- C:\WINDOWS\SchedLgU.Txt
2009-09-15 14:07:15 ----D---- C:\WINDOWS\system32\drivers
2009-09-15 13:21:28 ----HD---- C:\WINDOWS\inf
2009-09-15 13:20:51 ----SHD---- C:\WINDOWS\Installer
2009-09-15 13:20:50 ----D---- C:\WINDOWS\WinSxS
2009-09-15 13:20:09 ----RD---- C:\PC-Sicherheit
2009-09-15 12:52:59 ----D---- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2009-09-13 17:04:29 ----HD---- C:\Programme\InstallShield Installation Information
2009-09-13 13:46:43 ----AD---- C:\WINDOWS\system32
2009-09-13 13:46:20 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Uniblue
2009-09-13 13:46:20 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DriverScanner
2009-09-13 13:38:54 ----RD---- C:\Programme\Skype
2009-09-13 09:36:08 ----D---- C:\Programme\TuneUp Utilities 2008
2009-09-10 16:15:56 ----RD---- C:\PC-Tools
2009-09-10 16:02:43 ----RSD---- C:\WINDOWS\assembly
2009-09-10 16:02:43 ----D---- C:\WINDOWS\system32\DirectX
2009-09-09 20:20:37 ----D---- C:\Programme\Teamspeak2_RC2
2009-09-09 20:20:37 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\teamspeak2
2009-09-07 21:13:30 ----D---- C:\Programme\Gemeinsame Dateien\Microsoft Shared
2009-09-07 21:12:32 ----D---- C:\WINDOWS\Microsoft.NET
2009-09-07 14:02:18 ----D---- C:\Programme\Java
2009-09-03 15:08:31 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-08-30 13:58:55 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Skype
2009-08-29 19:28:19 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\gtk-2.0
2009-08-29 17:23:40 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\skypePM
2009-08-29 08:47:36 ----D---- C:\Programme\Winamp
2009-08-28 12:35:11 ----SD---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Microsoft
2009-08-20 21:31:57 ----D---- C:\Programme\thriXXX
2009-08-20 10:33:27 ----D---- C:\Programme\Gemeinsame Dateien
2009-08-19 13:39:04 ----D---- C:\WINDOWS\system32\config
2009-08-19 08:55:40 ----SD---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft
2009-08-18 22:47:18 ----SHD---- C:\System Volume Information
2009-08-18 22:47:18 ----D---- C:\WINDOWS\system32\Restore
2009-08-17 18:10:20 ----A---- C:\WINDOWS\system32\aswBoot.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-08-17 26944]
R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-08-17 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-08-17 51376]
R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2009-02-17 24232]
R1 SASDIFSV;SASDIFSV; \??\C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Programme\SUPERAntiSpyware\SASKUTIL.sys []
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-08-17 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-08-17 94160]
R3 AnyDVD;AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [2009-07-24 104512]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-08-17 23152]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-07-22 2363904]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 hidusb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2007-11-08 9600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-06-16 5095936]
R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2007-11-08 12288]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2007-05-31 96896]
R3 SASENUM;SASENUM; \??\C:\Programme\SUPERAntiSpyware\SASENUM.SYS []
R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2007-11-08 26624]
R3 usbhub;USB2-aktivierter Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2007-11-08 57600]
R3 usbohci;Miniporttreiber für Microsoft USB Open Host-Controller; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2007-11-08 17024]
S3 akw6f31z;akw6f31z; C:\WINDOWS\system32\drivers\akw6f31z.sys []
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2008-08-05 1684736]
S3 FWLANUSB;AVM FRITZ!WLAN; C:\WINDOWS\system32\DRIVERS\fwlanusb.sys [2006-12-28 265088]
S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS []
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2006-01-04 1389056]
S3 MSICPL;MSICPL; \??\E:\install4\MSICPL.sys []
S3 NTACCESS;NTACCESS; \??\E:\NTACCESS.sys []
S3 SetupNTGLM7X;SetupNTGLM7X; \??\E:\NTGLM7X.sys []
S3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Programme\Alwil Software\Avast4\aswUpdSv.exe [2009-08-17 18752]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-07-22 483328]
R2 avast! Antivirus;avast! Antivirus; C:\Programme\Alwil Software\Avast4\ashServ.exe [2009-08-17 138680]
R2 AVM WLAN Connection Service;AVM WLAN Connection Service; C:\Programme\avmwlanstick\WlanNetService.exe [2006-12-28 356352]
R2 ICQ Service;ICQ Service; C:\Programme\ICQ6Toolbar\ICQ Service.exe [2008-10-19 222456]
R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2009-07-25 153376]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R2 UxTuneUp;TuneUp Designerweiterung; C:\WINDOWS\System32\svchost.exe [2007-11-08 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Programme\Alwil Software\Avast4\ashMaiSv.exe [2009-08-17 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Programme\Alwil Software\Avast4\ashWebSv.exe [2009-08-17 352920]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 TuneUp.Defrag;TuneUp Drive Defrag-Dienst; C:\WINDOWS\System32\TuneUpDefragService.exe [2009-07-05 361728]
-----------------EOF-----------------
|
|
| Themen zu virus? |
| adobe, antivirus, avast, avast!, bho, canon, dateien, explorer, hijack, hijackthis, hkus\s-1-5-18, hotkey, icq, internet, internet explorer, logfile, malwarebytes, malwarebytes anti-malware, malwarebytes' anti-malware, microsoft, neu, plug-in, programme, software, stick, superantispyware, system, tuneup.defrag, virus, virus?, windows, windows xp |
