|
Vundo.Gen Habe Probleme mit Vundo.Gen HiJ: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:46:15, on 26.05.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe F:\Backup\Video\gapa\gapa.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\msiexec.exe C:\Programme\Trend Micro\HijackThis\HijackThis.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: QXK Olive - {4EE62603-9BB7-462B-8A8D-E9F4BF11BE49} - C:\WINDOWS\boqnrwdmvdr.dll O2 - BHO: (no name) - {4F910AA8-ECF1-4FDC-B9D4-116B62DE17F9} - C:\WINDOWS\system32\ddcArQjg.dll (file missing) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: (no name) - {BCBEB0EB-744A-4F05-99A5-636B721C318E} - C:\WINDOWS\system32\efcyWQkj.dll (file missing) O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - Startup: Verknüpfung mit gapa.lnk = F:\Backup\Video\gapa\gapa.exe O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O20 - Winlogon Notify: efcyWQkj - efcyWQkj.dll (file missing) O20 - Winlogon Notify: WinCtrl32 - C:\WINDOWS\SYSTEM32\WinCtrl32.dll O21 - SSODL: vltdfabw - {ECD0FD6B-ED11-4E95-A8C3-CF8B0653FE66} - C:\WINDOWS\vltdfabw.dll O21 - SSODL: vregfwlx - {1C946382-363C-4A05-BCC8-4F5BA84CB2F6} - C:\WINDOWS\vregfwlx.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programme\Gemeinsame Dateien\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUpUtilities2006\WinStylerThemeSvc.exe -- End of file - 4036 bytes Bitte um Hilfe! |
main.txt: Deckard's System Scanner v20071014.68 Run by *** on 2008-05-26 14:59:42 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 8: 2008-05-26 13:01:14 UTC - RP45 - Deckard's System Scanner Restore Point 7: 2008-05-26 12:42:25 UTC - RP44 - Java(TM) 6 Update 5 wird entfernt 6: 2008-05-26 12:41:54 UTC - RP43 - Removed SUPERAntiSpyware Free Edition 5: 2008-05-26 12:05:17 UTC - RP42 - Installed SUPERAntiSpyware Free Edition 4: 2008-05-26 11:16:37 UTC - RP41 - Last known good configuration -- First Restore Point -- 1: 2008-05-26 11:16:28 UTC - RP38 - Systemprüfpunkt Backed up registry hives. Performed disk cleanup. -- HijackThis (run as odin.exe) ------------------------------------------------ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:04: VIRUS ALERT!, on 26.05.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\Explorer.EXE C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe F:\Backup\Video\gapa\gapa.exe C:\Programme\Malwarebytes' Anti-Malware\mbam.exe D:\QIP\qip.exe F:\Downloads\dss.exe C:\PROGRA~1\Trend Micro\HijackThis\odin.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = *** O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: QXK Olive - {4EE62603-9BB7-462B-8A8D-E9F4BF11BE49} - C:\WINDOWS\boqnrwdmvdr.dll O2 - BHO: (no name) - {4F910AA8-ECF1-4FDC-B9D4-116B62DE17F9} - C:\WINDOWS\system32\ddcArQjg.dll (file missing) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: (no name) - {BCBEB0EB-744A-4F05-99A5-636B721C318E} - C:\WINDOWS\system32\efcyWQkj.dll (file missing) O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - Startup: Verknüpfung mit gapa.lnk = F:\Backup\Video\gapa\gapa.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O20 - Winlogon Notify: efcyWQkj - efcyWQkj.dll (file missing) O20 - Winlogon Notify: WinCtrl32 - C:\WINDOWS\SYSTEM32\WinCtrl32.dll O21 - SSODL: vltdfabw - {ECD0FD6B-ED11-4E95-A8C3-CF8B0653FE66} - C:\WINDOWS\vltdfabw.dll O21 - SSODL: vregfwlx - {1C946382-363C-4A05-BCC8-4F5BA84CB2F6} - C:\WINDOWS\vregfwlx.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programme\Gemeinsame Dateien\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUpUtilities2006\WinStylerThemeSvc.exe -- End of file - 4300 bytes -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R0 mqU14 - c:\windows\system32\drivers\mqu14.sys R1 ssmdrv - c:\windows\system32\drivers\ssmdrv.sys <Not Verified; AVIRA GmbH; > R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.5.3.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.5.3.0> -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 AntiVirScheduler (Avira AntiVir Personal – Free Antivirus Planer) - "c:\programme\avira\antivir personaledition classic\sched.exe" <Not Verified; Avira GmbH; AntiVir Workstation> S3 TUWinStylerThemeSvc (TuneUp WinStyler Theme Service) - c:\programme\tuneuputilities2006\winstylerthemesvc.exe <Not Verified; TuneUp Software GmbH; TuneUp Utilities> -- Device Manager: Disabled ---------------------------------------------------- Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318} Description: USB (Universal Serial Bus)-Controller Device ID: PCI\VEN_1106&DEV_3104&SUBSYS_31041106&REV_86\3&267A616A&0&84 Manufacturer: Name: USB (Universal Serial Bus)-Controller PNP Device ID: PCI\VEN_1106&DEV_3104&SUBSYS_31041106&REV_86\3&267A616A&0&84 Service: Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: VIA PCI 10/100Mb Fast Ethernetadapter Device ID: PCI\VEN_1106&DEV_3065&SUBSYS_01021106&REV_78\3&267A616A&0&90 Manufacturer: VIA Technologies, Inc. Name: VIA PCI 10/100Mb Fast Ethernetadapter PNP Device ID: PCI\VEN_1106&DEV_3065&SUBSYS_01021106&REV_78\3&267A616A&0&90 Service: FETNDIS -- Scheduled Tasks ------------------------------------------------------------- 2008-05-23 17:18:45 390 --a------ C:\WINDOWS\Tasks\1-Klick-Wartung.job -- Files created between 2008-04-26 and 2008-05-26 ----------------------------- 2008-05-26 14:50:28 0 d-------- C:\Programme\Malwarebytes' Anti-Malware 2008-05-26 14:38:51 0 d-------- C:\VundoFix Backups 2008-05-26 14:17:30 0 d-------- C:\Programme\Trend Micro 2008-05-26 14:05:20 0 d-------- C:\Programme\SUPERAntiSpyware 2008-05-26 13:16:17 344 --ahs---- C:\WINDOWS\system32\gjQrAcdd.ini2 2008-05-26 13:15:05 0 d-------- C:\Programme\Avira 2008-05-26 13:10:51 29056 --a------ C:\WINDOWS\system32\drivers\mqU14.sys 2008-05-26 13:10:50 14336 --a------ C:\WINDOWS\system32\WinCtrl32.dll 2008-05-26 13:10:40 29824 --a------ C:\WINDOWS\system32\efcyWQkj.VIR 2008-05-26 13:10:35 327680 -----n--- C:\WINDOWS\vregfwlx.dll 2008-05-26 13:10:35 368640 -----n--- C:\WINDOWS\vltdfabw.dll 2008-05-26 13:10:35 159744 --a------ C:\WINDOWS\etkq.exe 2008-05-26 13:10:35 274432 --a------ C:\WINDOWS\boqnrwdmvdr.dll 2008-05-26 13:10:29 160256 --a------ C:\WINDOWS\system32\blackster.scr <Not Verified; Peter's Productions; Bugs!> 2008-05-26 13:02:08 0 d-------- C:\Programme\DriveCrypt 2008-05-21 13:24:17 0 d-------- C:\Temp 2008-05-20 16:47:32 0 d-------- C:\Programme\PokerStars 2008-05-20 16:44:03 0 d-------- C:\Programme\ICQLite 2008-05-16 19:10:13 0 d-------- C:\WINDOWS\Sun 2008-05-13 23:39:45 0 d-------- C:\WINDOWS\system32\appmgmt 2008-05-13 23:33:17 0 d-------- C:\Programme\IRdeo 2008-05-12 22:58:20 0 d-------- C:\Programme\TVgenial 2008-05-12 22:58:02 0 d-------- C:\Programme\TuneUpUtilities2006 2008-05-12 22:57:29 0 d-------- C:\Programme\CyberLink 2008-05-12 22:56:50 0 d-------- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared 2008-05-12 22:55:57 0 d-------- C:\Programme\Gemeinsame Dateien\Adobe 2008-05-12 22:53:48 0 d-------- C:\Programme\Nero 2008-05-12 22:53:48 0 d-------- C:\Programme\Gemeinsame Dateien\Ahead 2008-05-12 22:52:42 0 d-------- C:\Programme\Audiograbber 2008-05-12 18:30:01 0 d-------- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard 2008-05-12 18:06:05 4096 --a------ C:\WINDOWS\system32\crash 2008-05-12 17:21:56 0 d-------- C:\WINDOWS\Cache 2008-05-12 16:50:53 0 d-------- C:\WINDOWS\RegisteredPackages 2008-05-12 16:30:18 0 d-------- C:\Programme\VIA 2008-05-12 16:16:09 0 d--h----- C:\WINDOWS\system32\GroupPolicy 2008-05-12 15:58:47 1169 --a------ C:\WINDOWS\mozver.dat 2008-05-12 15:14:07 0 --a------ C:\WINDOWS\nsreg.dat 2008-05-12 15:11:36 0 d-------- C:\Programme\Logitech 2008-05-12 15:11:36 0 d-------- C:\Programme\Gemeinsame Dateien\LogiShrd 2008-05-12 15:09:26 217088 --a------ C:\WINDOWS\system32\xvidvfw.dll 2008-05-12 15:09:26 856064 --a------ C:\WINDOWS\system32\xvidcore.dll 2008-05-12 15:09:26 579090 --a------ C:\WINDOWS\system32\x264vfw.dll 2008-05-12 15:09:26 1415680 --a------ C:\WINDOWS\system32\WMV9VCM.dll <Not Verified; Microsoft Corporation; Windows Media Video 9 VCM> 2008-05-12 15:09:25 5120 --a------ C:\WINDOWS\system32\ff_vfw.dll 2008-05-12 15:07:56 0 d-------- C:\Programme\Winamp 2008-05-11 19:29:55 0 d-------- C:\WINDOWS 2008-05-11 19:29:55 0 d-------- C:\WINDOWS\WinSxS 2008-05-11 19:29:55 0 dr------- C:\WINDOWS\Web 2008-05-11 19:29:55 0 d-------- C:\WINDOWS\twain_32 2008-05-11 19:29:55 0 d-------- C:\WINDOWS\system32 2008-05-11 19:29:55 0 d-------- C:\WINDOWS\system32\wins 2008-05-11 19:29:55 0 d-------- C:\WINDOWS\system32\wbem 2008-05-11 19:29:55 0 d-------- C:\WINDOWS\system32\usmt 2008-05-11 19:29:55 0 d-------- C:\WINDOWS\system32\spool 2008-05-11 19:29:55 0 d-------- C:\WINDOWS\system32\ShellExt 2008-05-11 19:29:55 0 d-------- C:\WINDOWS\system32\Setup 2008-05-11 19:29:55 0 d-------- C:\WINDOWS\system32\ras 2008-05-11 19:29:55 0 d-------- C:\WINDOWS\system32\oobe 2008-05-11 19:29:55 0 d-------- C:\WINDOWS\system32\npp 2008-05-11 19:29:55 0 d-------- C:\WINDOWS\system32\mui 2008-05-11 19:29:55 0 d-------- C:\WINDOWS\system32\inetsrv 2008-05-11 19:29:55 0 d-------- C:\WINDOWS\system32\IME 2008-05-11 19:29:55 0 d-------- C:\WINDOWS\system32\icsxml 2008-05-11 19:29:55 0 d-------- C:\WINDOWS\system32\ias 2008-05-11 19:29:55 0 d-------- C:\WINDOWS\system32\export 2008-05-11 19:29:55 0 d-------- C:\WINDOWS\system32\drivers 2008-05-11 19:29:55 0 d-------- C:\WINDOWS\system32\drivers\etc 2008-05-11 19:29:55 0 d-------- C:\WINDOWS\system32\drivers\disdn 2008-05-11 19:29:55 0 dr-hs--c- C:\WINDOWS\system32\dllcache 2008-05-11 19:29:55 0 d-------- C:\WINDOWS\system32\dhcp 2008-05-11 19:29:55 0 d-------- C:\WINDOWS\system32\config 2008-05-11 19:29:55 0 d-------- C:\WINDOWS\system32\3com_dmi 2008-05-11 19:29:55 0 d-------- C:\WINDOWS\system32\3076 2008-05-11 19:29:55 0 d-------- C:\WINDOWS\system32\2052 2008-05-11 19:29:55 0 d-------- C:\WINDOWS\system32\1054 2008-05-11 19:29:55 0 d-------- C:\WINDOWS\system32\1042 2008-05-11 19:29:55 0 d-------- C:\WINDOWS\system32\1041 2008-05-11 19:29:55 0 d-------- C:\WINDOWS\system32\1037 2008-05-11 19:29:55 0 d-------- C:\WINDOWS\system32\1033 2008-05-11 19:29:55 0 d-------- C:\WINDOWS\system32\1031 2008-05-11 19:29:55 0 d-------- C:\WINDOWS\system32\1028 2008-05-11 19:29:55 0 d-------- C:\WINDOWS\system32\1025 2008-05-11 19:29:55 0 d-------- C:\WINDOWS\system 2008-05-11 19:29:55 0 d-------- C:\WINDOWS\security 2008-05-11 19:29:55 0 d-------- C:\WINDOWS\Resources 2008-05-11 19:29:55 0 d-------- C:\WINDOWS\repair 2008-05-11 19:29:55 0 d-------- C:\WINDOWS\mui 2008-05-11 19:29:55 0 d-------- C:\WINDOWS\msapps 2008-05-11 19:29:55 0 d-------- C:\WINDOWS\msagent 2008-05-11 19:29:55 0 d-------- C:\WINDOWS\Media 2008-05-11 19:29:55 0 d-------- C:\WINDOWS\java 2008-05-11 19:29:55 0 d--h----- C:\WINDOWS\inf 2008-05-11 19:29:55 0 d-------- C:\WINDOWS\ime 2008-05-11 19:29:55 0 d-------- C:\WINDOWS\Help 2008-05-11 19:29:55 0 dr--s---- C:\WINDOWS\Fonts 2008-05-11 19:29:55 0 d-------- C:\WINDOWS\Driver Cache 2008-05-11 19:29:55 0 d-------- C:\WINDOWS\Debug 2008-05-11 19:29:55 0 d-------- C:\WINDOWS\Cursors 2008-05-11 19:29:55 0 d-------- C:\WINDOWS\Connection Wizard 2008-05-11 19:29:55 0 d-------- C:\WINDOWS\Config 2008-05-11 19:29:55 0 d-------- C:\WINDOWS\AppPatch 2008-05-11 19:29:55 0 d-------- C:\WINDOWS\addins 2008-05-11 19:05:46 520192 -----n--- C:\WINDOWS\system32\ati2sgag.exe <Not Verified; ; ATI Smart> 2008-05-11 19:02:01 306688 --a------ C:\WINDOWS\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller> 2008-05-11 18:48:47 0 d-------- C:\WINDOWS\SxsCaPendDel 2008-05-11 18:35:07 0 d-------- C:\Programme\Gemeinsame Dateien\ODBC 2008-05-11 18:35:04 0 d-------- C:\Programme\Gemeinsame Dateien\SpeechEngines 2008-05-11 18:35:03 0 dr------- C:\Programme 2008-05-11 18:35:03 0 d-------- C:\Programme\Gemeinsame Dateien 2008-05-11 18:34:23 0 d-------- C:\WINDOWS\system32\CatRoot2 2008-05-11 18:34:23 0 d-------- C:\WINDOWS\system32\CatRoot 2008-05-11 18:34:01 0 d-------- C:\Dokumente und Einstellungen 2008-05-11 18:30:35 0 d-------- C:\Programme\ATI Technologies 2008-05-11 18:30:15 0 d-------- C:\Programme\Gemeinsame Dateien\InstallShield 2008-05-11 18:29:57 0 d-------- C:\ATI 2008-05-11 18:28:36 0 d-------- C:\WINDOWS\system32\URTTemp 2008-05-11 18:28:01 0 d-------- C:\WINDOWS\pss 2008-05-11 18:22:55 21419 --a------ C:\WINDOWS\system32\drivers\AegisP.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.5.3.0> 2008-05-11 18:22:50 0 d------c- C:\WINDOWS\system32\DRVSTORE 2008-05-11 18:22:47 0 d-------- C:\Programme\RALINK 2008-05-11 18:22:47 0 d--h----- C:\Programme\InstallShield Installation Information 2008-05-11 18:20:15 0 d-------- C:\WINDOWS\SoftwareDistribution 2008-05-11 18:20:11 0 d-------- C:\WINDOWS\Prefetch 2008-05-11 18:20:10 0 d---s---- C:\WINDOWS\system32\Microsoft 2008-05-11 18:13:33 0 d-------- C:\WINDOWS\peernet 2008-05-11 18:13:32 0 d-------- C:\WINDOWS\provisioning 2008-05-11 18:11:28 0 d-------- C:\WINDOWS\ServicePackFiles 2008-05-11 18:08:05 0 d-------- C:\WINDOWS\system32\ReinstallBackups 2008-05-11 18:06:01 0 d-------- C:\WINDOWS\EHome 2008-05-11 17:57:47 0 d--hs---- C:\WINDOWS\Installer 2008-05-11 17:56:51 0 d--hs---- C:\System Volume Information 2008-05-11 17:52:41 0 d-------- C:\WINDOWS\system32\xircom 2008-05-11 17:52:41 0 d-------- C:\Programme\microsoft frontpage 2008-05-11 17:52:22 0 -rahs---- C:\MSDOS.SYS 2008-05-11 17:52:22 0 -rahs---- C:\IO.SYS 2008-05-11 17:52:22 0 --a------ C:\CONFIG.SYS 2008-05-11 17:52:22 0 --a------ C:\AUTOEXEC.BAT 2008-05-11 17:51:18 0 dr------- C:\WINDOWS\Offline Web Pages 2008-05-11 17:51:18 0 d---s---- C:\WINDOWS\Downloaded Program Files 2008-05-11 17:51:05 0 d-------- C:\Programme\Online-Dienste 2008-05-11 17:50:50 0 d-------- C:\WINDOWS\srchasst 2008-05-11 17:50:34 0 d-------- C:\WINDOWS\system32\Macromed 2008-05-11 17:50:34 0 d-------- C:\WINDOWS\system32\DirectX 2008-05-11 17:50:16 0 d-------- C:\Programme\Movie Maker 2008-05-11 17:49:43 0 d-------- C:\WINDOWS\system32\Restore 2008-05-11 17:49:36 0 d-------- C:\WINDOWS\PCHEALTH 2008-05-11 17:49:32 0 d-------- C:\Programme\Gemeinsame Dateien\Dienste 2008-05-11 17:49:13 0 d---s---- C:\WINDOWS\Tasks 2008-05-11 17:48:53 0 d-------- C:\Programme\Gemeinsame Dateien\MSSoap 2008-05-11 17:48:05 21740 --a------ C:\WINDOWS\system32\emptyregdb.dat 2008-05-11 17:47:47 0 d-------- C:\WINDOWS\Registration 2008-05-11 17:47:39 0 d--h----- C:\Programme\WindowsUpdate 2008-05-11 17:47:39 0 d-------- C:\Programme\Online Services 2008-05-11 17:47:33 0 d-------- C:\Programme\Messenger 2008-05-11 17:47:23 0 d-------- C:\Programme\MSN Gaming Zone 2008-05-11 17:47:11 0 d-------- C:\Programme\Windows NT 2008-05-11 17:46:56 0 d-------- C:\WINDOWS\system32\MsDtc 2008-05-11 17:46:53 0 d-------- C:\WINDOWS\system32\Com -- Find3M Report --------------------------------------------------------------- 2008-05-26 14:51:00 0 d-------- C:\Dokumente und Einstellungen\***\Anwendungsdaten\TmpRecentIcons 2008-05-26 14:50:38 0 d-------- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Malwarebytes 2008-05-26 14:42:05 0 d-------- C:\Dokumente und Einstellungen\***\Anwendungsdaten\SUPERAntiSpyware.com 2008-05-26 14:26:48 0 d-------- C:\Dokumente und Einstellungen\***\Anwendungsdaten\HLSW 2008-05-20 16:44:44 0 d-------- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ICQLite 2008-05-18 17:07:57 0 d-------- C:\Dokumente und Einstellungen\***\Anwendungsdaten\teamspeak2 2008-05-16 19:10:12 0 d-------- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun 2008-05-16 18:45:25 0 d-------- C:\Dokumente und Einstellungen\***Anwendungsdaten\Adobe 2008-05-16 01:34:39 0 d-------- C:\Dokumente und Einstellungen\*\Anwendungsdaten\Ahead 2008-05-14 17:43:35 0 d-------- C:\Dokumente und Einstellungen\*\Anwendungsdaten\AdobeUM 2008-05-13 21:42:07 0 d-------- C:\Dokumente und Einstellungen\*\Anwendungsdaten\Ventrilo 2008-05-12 22:58:02 0 d-------- C:\Dokumente und Einstellungen\*\Anwendungsdaten\TuneUp Software 2008-05-12 15:59:55 0 d-------- C:\Dokumente und Einstellungen\*\Anwendungsdaten\WinRAR 2008-05-12 15:58:53 0 d-------- C:\Dokumente und Einstellungen\*\Anwendungsdaten\Macromedia 2008-05-12 15:14:04 0 d-------- C:\Dokumente und Einstellungen\*\Anwendungsdaten\Mozilla 2008-05-11 19:08:30 0 d-------- C:\Dokumente und Einstellungen\*\Anwendungsdaten\ATI 2008-05-11 18:54:52 415800 --a------ C:\WINDOWS\system32\perfh007.dat 2008-05-11 18:54:52 75194 --a------ C:\WINDOWS\system32\perfc007.dat 2008-05-11 18:34:36 62 --ahs---- C:\Dokumente und Einstellungen\*\Anwendungsdaten\desktop.ini 2008-05-11 18:22:35 0 d-------- C:\Dokumente und Einstellungen\*\Anwendungsdaten\InstallShield 2008-05-11 17:57:45 0 d-------- C:\Dokumente und Einstellungen\*\Anwendungsdaten\Identities -- Registry Dump --------------------------------------------------------------- Die Eingabeaufforderung ist vom Administrator deaktiviert worden. Drcken Sie eine beliebige Taste . . . -- End of Deckard's System Scanner: finished at 2008-05-26 15:17:21 ------------ |
extra.txt: Deckard's System Scanner v20071014.68 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft Windows XP Professional (build 2600) SP 2.0 Architecture: X86; Language: German CPU 0: Mobile AMD Athlon(tm) 64 Processor 3200+ Percentage of Memory in Use: 50% Physical Memory (total/avail): 511.3 MiB / 254.66 MiB Pagefile Memory (total/avail): 1248.32 MiB / 954.93 MiB Virtual Memory (total/avail): 2047.88 MiB / 1942.73 MiB C: is Fixed (NTFS) - 9.77 GiB total, 5.37 GiB free. D: is Fixed (NTFS) - 9.31 GiB total, 9.1 GiB free. F: is Fixed (NTFS) - 55.89 GiB total, 20.34 GiB free. G: is CDROM (No Media) \\.\PHYSICALDRIVE0 - Maxtor 52049U4 - 19.08 GiB - 2 partitions \PARTITION0 (bootable) - Installierbares Dateisystem - 9.77 GiB - C: \PARTITION1 - Erweitert mit Int 13 (erweitert) - 9.31 GiB - D: \\.\PHYSICALDRIVE1 - ST360020A - 55.9 GiB - 1 partition \PARTITION0 - Installierbares Dateisystem - 55.89 GiB - F: -- Security Center ------------------------------------------------------------- AUOptions is disabled. Windows Internal Firewall is disabled. AntiVirusDisableNotify is set. FirewallDisableNotify is set. UpdatesDisableNotify is set. AV: Avira AntiVir PersonalEdition v8.0.1.15 (Avira GmbH) [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "D:\\HLSW\\hlsw.exe"="D:\\HLSW\\hlsw.exe:*:Enabled:HLSW Application" "D:\\QIP\\qip.exe"="D:\\QIP\\qip.exe:*:Enabled:Quiet Internet Pager" "C:\\Programme\\ICQLite\\ICQLite.exe"="C:\\Programme\\ICQLite\\ICQLite.exe:*:Enabled:ICQ Lite" -- Environment Variables ------------------------------------------------------- Die Eingabeaufforderung ist vom Administrator deaktiviert worden. Drcken Sie eine beliebige Taste . . . -- User Profiles --------------------------------------------------------------- odin (admin) -- Add/Remove Programs --------------------------------------------------------- Die Eingabeaufforderung ist vom Administrator deaktiviert worden. Drcken Sie eine beliebige Taste . . . -- Application Event Log ------------------------------------------------------- Event Record #/Type636 / Warning Event Submitted/Written: 05/26/2008 03:12:53 PM Event ID/Source: 4113 / Avira AntiVir Event Description: TR/Crypt.XPACK.GenC:\System Volume Information\_restore{B7890E31-34F8-4C78-BF3A-D3E3C224B0CD}\RP44\A0011381.sys Event Record #/Type635 / Warning Event Submitted/Written: 05/26/2008 03:12:49 PM Event ID/Source: 4113 / Avira AntiVir Event Description: TR/Crypt.XPACK.GenC:\System Volume Information\_restore{B7890E31-34F8-4C78-BF3A-D3E3C224B0CD}\RP44\A0011377.dll Event Record #/Type634 / Warning Event Submitted/Written: 05/26/2008 03:12:47 PM Event ID/Source: 4113 / Avira AntiVir Event Description: TR/Crypt.XPACK.GenC:\WINDOWS\system32\WinCtrl32.dll Event Record #/Type633 / Warning Event Submitted/Written: 05/26/2008 03:12:41 PM Event ID/Source: 4113 / Avira AntiVir Event Description: TR/Crypt.XPACK.GenC:\WINDOWS\system32\WinCtrl32.dll Event Record #/Type632 / Warning Event Submitted/Written: 05/26/2008 03:12:29 PM Event ID/Source: 4113 / Avira AntiVir Event Description: TR/Crypt.XPACK.GenC:\System Volume Information\_restore{B7890E31-34F8-4C78-BF3A-D3E3C224B0CD}\RP41\A0010378.sys -- Security Event Log ---------------------------------------------------------- No Errors/Warnings found. -- System Event Log ------------------------------------------------------------ Event Record #/Type5622 / Error Event Submitted/Written: 05/26/2008 02:53:01 PM / 05/26/2008 02:53:31 PM Event ID/Source: 12294 / ati2mtag Event Description: CRT invalid display type Event Record #/Type5619 / Error Event Submitted/Written: 05/26/2008 02:26:38 PM Event ID/Source: 59 / SideBySide Event Description: Generate Activation Context ist für D:\HLSW\Plugins\messenger_plugin.dll fehlgeschlagen. Referenzfehlermeldung: Der Vorgang wurde erfolgreich beendet. . Event Record #/Type5618 / Error Event Submitted/Written: 05/26/2008 02:26:38 PM Event ID/Source: 59 / SideBySide Event Description: Resolve Partial Assembly ist für Microsoft.VC80.CRT fehlgeschlagen. Referenzfehlermeldung: Die referenzierte Assemblierung ist nicht auf dem Computer installiert. . Event Record #/Type5617 / Error Event Submitted/Written: 05/26/2008 02:26:38 PM Event ID/Source: 32 / SideBySide Event Description: Abhängige Assemblierung "Microsoft.VC80.CRT" konnte nicht gefunden werden. "Last Error": Die referenzierte Assemblierung ist nicht auf dem Computer installiert. Event Record #/Type5616 / Error Event Submitted/Written: 05/26/2008 02:26:34 PM Event ID/Source: 59 / SideBySide Event Description: Generate Activation Context ist für D:\HLSW\MFC80U.DLL fehlgeschlagen. Referenzfehlermeldung: Der Vorgang wurde erfolgreich beendet. . -- End of Deckard's System Scanner: finished at 2008-05-26 15:17:21 ------------ |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 07:16 Uhr. |
Copyright ©2000-2025, Trojaner-Board