Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Vundo.Gen (https://www.trojaner-board.de/53038-vundo-gen.html)

ohhdien 26.05.2008 13:48
Vundo.Gen
 
Habe Probleme mit Vundo.Gen

HiJ:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:46:15, on 26.05.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe
F:\Backup\Video\gapa\gapa.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\msiexec.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: QXK Olive - {4EE62603-9BB7-462B-8A8D-E9F4BF11BE49} - C:\WINDOWS\boqnrwdmvdr.dll
O2 - BHO: (no name) - {4F910AA8-ECF1-4FDC-B9D4-116B62DE17F9} - C:\WINDOWS\system32\ddcArQjg.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {BCBEB0EB-744A-4F05-99A5-636B721C318E} - C:\WINDOWS\system32\efcyWQkj.dll (file missing)
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - Startup: Verknüpfung mit gapa.lnk = F:\Backup\Video\gapa\gapa.exe
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O20 - Winlogon Notify: efcyWQkj - efcyWQkj.dll (file missing)
O20 - Winlogon Notify: WinCtrl32 - C:\WINDOWS\SYSTEM32\WinCtrl32.dll
O21 - SSODL: vltdfabw - {ECD0FD6B-ED11-4E95-A8C3-CF8B0653FE66} - C:\WINDOWS\vltdfabw.dll
O21 - SSODL: vregfwlx - {1C946382-363C-4A05-BCC8-4F5BA84CB2F6} - C:\WINDOWS\vregfwlx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programme\Gemeinsame Dateien\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUpUtilities2006\WinStylerThemeSvc.exe

--
End of file - 4036 bytes

Bitte um Hilfe!

ohhdien 26.05.2008 14:29
main.txt:

Deckard's System Scanner v20071014.68
Run by *** on 2008-05-26 14:59:42
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
8: 2008-05-26 13:01:14 UTC - RP45 - Deckard's System Scanner Restore Point
7: 2008-05-26 12:42:25 UTC - RP44 - Java(TM) 6 Update 5 wird entfernt
6: 2008-05-26 12:41:54 UTC - RP43 - Removed SUPERAntiSpyware Free Edition
5: 2008-05-26 12:05:17 UTC - RP42 - Installed SUPERAntiSpyware Free Edition
4: 2008-05-26 11:16:37 UTC - RP41 - Last known good configuration


-- First Restore Point --
1: 2008-05-26 11:16:28 UTC - RP38 - Systemprüfpunkt


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as odin.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:04: VIRUS ALERT!, on 26.05.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe
F:\Backup\Video\gapa\gapa.exe
C:\Programme\Malwarebytes' Anti-Malware\mbam.exe
D:\QIP\qip.exe
F:\Downloads\dss.exe
C:\PROGRA~1\Trend Micro\HijackThis\odin.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = ***
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: QXK Olive - {4EE62603-9BB7-462B-8A8D-E9F4BF11BE49} - C:\WINDOWS\boqnrwdmvdr.dll
O2 - BHO: (no name) - {4F910AA8-ECF1-4FDC-B9D4-116B62DE17F9} - C:\WINDOWS\system32\ddcArQjg.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {BCBEB0EB-744A-4F05-99A5-636B721C318E} - C:\WINDOWS\system32\efcyWQkj.dll (file missing)
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - Startup: Verknüpfung mit gapa.lnk = F:\Backup\Video\gapa\gapa.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O20 - Winlogon Notify: efcyWQkj - efcyWQkj.dll (file missing)
O20 - Winlogon Notify: WinCtrl32 - C:\WINDOWS\SYSTEM32\WinCtrl32.dll
O21 - SSODL: vltdfabw - {ECD0FD6B-ED11-4E95-A8C3-CF8B0653FE66} - C:\WINDOWS\vltdfabw.dll
O21 - SSODL: vregfwlx - {1C946382-363C-4A05-BCC8-4F5BA84CB2F6} - C:\WINDOWS\vregfwlx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programme\Gemeinsame Dateien\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUpUtilities2006\WinStylerThemeSvc.exe

--
End of file - 4300 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 mqU14 - c:\windows\system32\drivers\mqu14.sys
R1 ssmdrv - c:\windows\system32\drivers\ssmdrv.sys <Not Verified; AVIRA GmbH; >
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.5.3.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.5.3.0>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 AntiVirScheduler (Avira AntiVir Personal – Free Antivirus Planer) - "c:\programme\avira\antivir personaledition classic\sched.exe" <Not Verified; Avira GmbH; AntiVir Workstation>

S3 TUWinStylerThemeSvc (TuneUp WinStyler Theme Service) - c:\programme\tuneuputilities2006\winstylerthemesvc.exe <Not Verified; TuneUp Software GmbH; TuneUp Utilities>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: USB (Universal Serial Bus)-Controller
Device ID: PCI\VEN_1106&DEV_3104&SUBSYS_31041106&REV_86\3&267A616A&0&84
Manufacturer:
Name: USB (Universal Serial Bus)-Controller
PNP Device ID: PCI\VEN_1106&DEV_3104&SUBSYS_31041106&REV_86\3&267A616A&0&84
Service:

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: VIA PCI 10/100Mb Fast Ethernetadapter
Device ID: PCI\VEN_1106&DEV_3065&SUBSYS_01021106&REV_78\3&267A616A&0&90
Manufacturer: VIA Technologies, Inc.
Name: VIA PCI 10/100Mb Fast Ethernetadapter
PNP Device ID: PCI\VEN_1106&DEV_3065&SUBSYS_01021106&REV_78\3&267A616A&0&90
Service: FETNDIS


-- Scheduled Tasks -------------------------------------------------------------

2008-05-23 17:18:45 390 --a------ C:\WINDOWS\Tasks\1-Klick-Wartung.job


-- Files created between 2008-04-26 and 2008-05-26 -----------------------------

2008-05-26 14:50:28 0 d-------- C:\Programme\Malwarebytes' Anti-Malware
2008-05-26 14:38:51 0 d-------- C:\VundoFix Backups
2008-05-26 14:17:30 0 d-------- C:\Programme\Trend Micro
2008-05-26 14:05:20 0 d-------- C:\Programme\SUPERAntiSpyware
2008-05-26 13:16:17 344 --ahs---- C:\WINDOWS\system32\gjQrAcdd.ini2
2008-05-26 13:15:05 0 d-------- C:\Programme\Avira
2008-05-26 13:10:51 29056 --a------ C:\WINDOWS\system32\drivers\mqU14.sys
2008-05-26 13:10:50 14336 --a------ C:\WINDOWS\system32\WinCtrl32.dll
2008-05-26 13:10:40 29824 --a------ C:\WINDOWS\system32\efcyWQkj.VIR
2008-05-26 13:10:35 327680 -----n--- C:\WINDOWS\vregfwlx.dll
2008-05-26 13:10:35 368640 -----n--- C:\WINDOWS\vltdfabw.dll
2008-05-26 13:10:35 159744 --a------ C:\WINDOWS\etkq.exe
2008-05-26 13:10:35 274432 --a------ C:\WINDOWS\boqnrwdmvdr.dll
2008-05-26 13:10:29 160256 --a------ C:\WINDOWS\system32\blackster.scr <Not Verified; Peter's Productions; Bugs!>
2008-05-26 13:02:08 0 d-------- C:\Programme\DriveCrypt
2008-05-21 13:24:17 0 d-------- C:\Temp
2008-05-20 16:47:32 0 d-------- C:\Programme\PokerStars
2008-05-20 16:44:03 0 d-------- C:\Programme\ICQLite
2008-05-16 19:10:13 0 d-------- C:\WINDOWS\Sun
2008-05-13 23:39:45 0 d-------- C:\WINDOWS\system32\appmgmt
2008-05-13 23:33:17 0 d-------- C:\Programme\IRdeo
2008-05-12 22:58:20 0 d-------- C:\Programme\TVgenial
2008-05-12 22:58:02 0 d-------- C:\Programme\TuneUpUtilities2006
2008-05-12 22:57:29 0 d-------- C:\Programme\CyberLink
2008-05-12 22:56:50 0 d-------- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared
2008-05-12 22:55:57 0 d-------- C:\Programme\Gemeinsame Dateien\Adobe
2008-05-12 22:53:48 0 d-------- C:\Programme\Nero
2008-05-12 22:53:48 0 d-------- C:\Programme\Gemeinsame Dateien\Ahead
2008-05-12 22:52:42 0 d-------- C:\Programme\Audiograbber
2008-05-12 18:30:01 0 d-------- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2008-05-12 18:06:05 4096 --a------ C:\WINDOWS\system32\crash
2008-05-12 17:21:56 0 d-------- C:\WINDOWS\Cache
2008-05-12 16:50:53 0 d-------- C:\WINDOWS\RegisteredPackages
2008-05-12 16:30:18 0 d-------- C:\Programme\VIA
2008-05-12 16:16:09 0 d--h----- C:\WINDOWS\system32\GroupPolicy
2008-05-12 15:58:47 1169 --a------ C:\WINDOWS\mozver.dat
2008-05-12 15:14:07 0 --a------ C:\WINDOWS\nsreg.dat
2008-05-12 15:11:36 0 d-------- C:\Programme\Logitech
2008-05-12 15:11:36 0 d-------- C:\Programme\Gemeinsame Dateien\LogiShrd
2008-05-12 15:09:26 217088 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-05-12 15:09:26 856064 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-05-12 15:09:26 579090 --a------ C:\WINDOWS\system32\x264vfw.dll
2008-05-12 15:09:26 1415680 --a------ C:\WINDOWS\system32\WMV9VCM.dll <Not Verified; Microsoft Corporation; Windows Media Video 9 VCM>
2008-05-12 15:09:25 5120 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-05-12 15:07:56 0 d-------- C:\Programme\Winamp
2008-05-11 19:29:55 0 d-------- C:\WINDOWS
2008-05-11 19:29:55 0 d-------- C:\WINDOWS\WinSxS
2008-05-11 19:29:55 0 dr------- C:\WINDOWS\Web
2008-05-11 19:29:55 0 d-------- C:\WINDOWS\twain_32
2008-05-11 19:29:55 0 d-------- C:\WINDOWS\system32
2008-05-11 19:29:55 0 d-------- C:\WINDOWS\system32\wins
2008-05-11 19:29:55 0 d-------- C:\WINDOWS\system32\wbem
2008-05-11 19:29:55 0 d-------- C:\WINDOWS\system32\usmt
2008-05-11 19:29:55 0 d-------- C:\WINDOWS\system32\spool
2008-05-11 19:29:55 0 d-------- C:\WINDOWS\system32\ShellExt
2008-05-11 19:29:55 0 d-------- C:\WINDOWS\system32\Setup
2008-05-11 19:29:55 0 d-------- C:\WINDOWS\system32\ras
2008-05-11 19:29:55 0 d-------- C:\WINDOWS\system32\oobe
2008-05-11 19:29:55 0 d-------- C:\WINDOWS\system32\npp
2008-05-11 19:29:55 0 d-------- C:\WINDOWS\system32\mui
2008-05-11 19:29:55 0 d-------- C:\WINDOWS\system32\inetsrv
2008-05-11 19:29:55 0 d-------- C:\WINDOWS\system32\IME
2008-05-11 19:29:55 0 d-------- C:\WINDOWS\system32\icsxml
2008-05-11 19:29:55 0 d-------- C:\WINDOWS\system32\ias
2008-05-11 19:29:55 0 d-------- C:\WINDOWS\system32\export
2008-05-11 19:29:55 0 d-------- C:\WINDOWS\system32\drivers
2008-05-11 19:29:55 0 d-------- C:\WINDOWS\system32\drivers\etc
2008-05-11 19:29:55 0 d-------- C:\WINDOWS\system32\drivers\disdn
2008-05-11 19:29:55 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2008-05-11 19:29:55 0 d-------- C:\WINDOWS\system32\dhcp
2008-05-11 19:29:55 0 d-------- C:\WINDOWS\system32\config
2008-05-11 19:29:55 0 d-------- C:\WINDOWS\system32\3com_dmi
2008-05-11 19:29:55 0 d-------- C:\WINDOWS\system32\3076
2008-05-11 19:29:55 0 d-------- C:\WINDOWS\system32\2052
2008-05-11 19:29:55 0 d-------- C:\WINDOWS\system32\1054
2008-05-11 19:29:55 0 d-------- C:\WINDOWS\system32\1042
2008-05-11 19:29:55 0 d-------- C:\WINDOWS\system32\1041
2008-05-11 19:29:55 0 d-------- C:\WINDOWS\system32\1037
2008-05-11 19:29:55 0 d-------- C:\WINDOWS\system32\1033
2008-05-11 19:29:55 0 d-------- C:\WINDOWS\system32\1031
2008-05-11 19:29:55 0 d-------- C:\WINDOWS\system32\1028
2008-05-11 19:29:55 0 d-------- C:\WINDOWS\system32\1025
2008-05-11 19:29:55 0 d-------- C:\WINDOWS\system
2008-05-11 19:29:55 0 d-------- C:\WINDOWS\security
2008-05-11 19:29:55 0 d-------- C:\WINDOWS\Resources
2008-05-11 19:29:55 0 d-------- C:\WINDOWS\repair
2008-05-11 19:29:55 0 d-------- C:\WINDOWS\mui
2008-05-11 19:29:55 0 d-------- C:\WINDOWS\msapps
2008-05-11 19:29:55 0 d-------- C:\WINDOWS\msagent
2008-05-11 19:29:55 0 d-------- C:\WINDOWS\Media
2008-05-11 19:29:55 0 d-------- C:\WINDOWS\java
2008-05-11 19:29:55 0 d--h----- C:\WINDOWS\inf
2008-05-11 19:29:55 0 d-------- C:\WINDOWS\ime
2008-05-11 19:29:55 0 d-------- C:\WINDOWS\Help
2008-05-11 19:29:55 0 dr--s---- C:\WINDOWS\Fonts
2008-05-11 19:29:55 0 d-------- C:\WINDOWS\Driver Cache
2008-05-11 19:29:55 0 d-------- C:\WINDOWS\Debug
2008-05-11 19:29:55 0 d-------- C:\WINDOWS\Cursors
2008-05-11 19:29:55 0 d-------- C:\WINDOWS\Connection Wizard
2008-05-11 19:29:55 0 d-------- C:\WINDOWS\Config
2008-05-11 19:29:55 0 d-------- C:\WINDOWS\AppPatch
2008-05-11 19:29:55 0 d-------- C:\WINDOWS\addins
2008-05-11 19:05:46 520192 -----n--- C:\WINDOWS\system32\ati2sgag.exe <Not Verified; ; ATI Smart>
2008-05-11 19:02:01 306688 --a------ C:\WINDOWS\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
2008-05-11 18:48:47 0 d-------- C:\WINDOWS\SxsCaPendDel
2008-05-11 18:35:07 0 d-------- C:\Programme\Gemeinsame Dateien\ODBC
2008-05-11 18:35:04 0 d-------- C:\Programme\Gemeinsame Dateien\SpeechEngines
2008-05-11 18:35:03 0 dr------- C:\Programme
2008-05-11 18:35:03 0 d-------- C:\Programme\Gemeinsame Dateien
2008-05-11 18:34:23 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-05-11 18:34:23 0 d-------- C:\WINDOWS\system32\CatRoot
2008-05-11 18:34:01 0 d-------- C:\Dokumente und Einstellungen
2008-05-11 18:30:35 0 d-------- C:\Programme\ATI Technologies
2008-05-11 18:30:15 0 d-------- C:\Programme\Gemeinsame Dateien\InstallShield
2008-05-11 18:29:57 0 d-------- C:\ATI
2008-05-11 18:28:36 0 d-------- C:\WINDOWS\system32\URTTemp
2008-05-11 18:28:01 0 d-------- C:\WINDOWS\pss
2008-05-11 18:22:55 21419 --a------ C:\WINDOWS\system32\drivers\AegisP.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.5.3.0>
2008-05-11 18:22:50 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-05-11 18:22:47 0 d-------- C:\Programme\RALINK
2008-05-11 18:22:47 0 d--h----- C:\Programme\InstallShield Installation Information
2008-05-11 18:20:15 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-05-11 18:20:11 0 d-------- C:\WINDOWS\Prefetch
2008-05-11 18:20:10 0 d---s---- C:\WINDOWS\system32\Microsoft
2008-05-11 18:13:33 0 d-------- C:\WINDOWS\peernet
2008-05-11 18:13:32 0 d-------- C:\WINDOWS\provisioning
2008-05-11 18:11:28 0 d-------- C:\WINDOWS\ServicePackFiles
2008-05-11 18:08:05 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2008-05-11 18:06:01 0 d-------- C:\WINDOWS\EHome
2008-05-11 17:57:47 0 d--hs---- C:\WINDOWS\Installer
2008-05-11 17:56:51 0 d--hs---- C:\System Volume Information
2008-05-11 17:52:41 0 d-------- C:\WINDOWS\system32\xircom
2008-05-11 17:52:41 0 d-------- C:\Programme\microsoft frontpage
2008-05-11 17:52:22 0 -rahs---- C:\MSDOS.SYS
2008-05-11 17:52:22 0 -rahs---- C:\IO.SYS
2008-05-11 17:52:22 0 --a------ C:\CONFIG.SYS
2008-05-11 17:52:22 0 --a------ C:\AUTOEXEC.BAT
2008-05-11 17:51:18 0 dr------- C:\WINDOWS\Offline Web Pages
2008-05-11 17:51:18 0 d---s---- C:\WINDOWS\Downloaded Program Files
2008-05-11 17:51:05 0 d-------- C:\Programme\Online-Dienste
2008-05-11 17:50:50 0 d-------- C:\WINDOWS\srchasst
2008-05-11 17:50:34 0 d-------- C:\WINDOWS\system32\Macromed
2008-05-11 17:50:34 0 d-------- C:\WINDOWS\system32\DirectX
2008-05-11 17:50:16 0 d-------- C:\Programme\Movie Maker
2008-05-11 17:49:43 0 d-------- C:\WINDOWS\system32\Restore
2008-05-11 17:49:36 0 d-------- C:\WINDOWS\PCHEALTH
2008-05-11 17:49:32 0 d-------- C:\Programme\Gemeinsame Dateien\Dienste
2008-05-11 17:49:13 0 d---s---- C:\WINDOWS\Tasks
2008-05-11 17:48:53 0 d-------- C:\Programme\Gemeinsame Dateien\MSSoap
2008-05-11 17:48:05 21740 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-05-11 17:47:47 0 d-------- C:\WINDOWS\Registration
2008-05-11 17:47:39 0 d--h----- C:\Programme\WindowsUpdate
2008-05-11 17:47:39 0 d-------- C:\Programme\Online Services
2008-05-11 17:47:33 0 d-------- C:\Programme\Messenger
2008-05-11 17:47:23 0 d-------- C:\Programme\MSN Gaming Zone
2008-05-11 17:47:11 0 d-------- C:\Programme\Windows NT
2008-05-11 17:46:56 0 d-------- C:\WINDOWS\system32\MsDtc
2008-05-11 17:46:53 0 d-------- C:\WINDOWS\system32\Com


-- Find3M Report ---------------------------------------------------------------

2008-05-26 14:51:00 0 d-------- C:\Dokumente und Einstellungen\***\Anwendungsdaten\TmpRecentIcons
2008-05-26 14:50:38 0 d-------- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Malwarebytes
2008-05-26 14:42:05 0 d-------- C:\Dokumente und Einstellungen\***\Anwendungsdaten\SUPERAntiSpyware.com
2008-05-26 14:26:48 0 d-------- C:\Dokumente und Einstellungen\***\Anwendungsdaten\HLSW
2008-05-20 16:44:44 0 d-------- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ICQLite
2008-05-18 17:07:57 0 d-------- C:\Dokumente und Einstellungen\***\Anwendungsdaten\teamspeak2
2008-05-16 19:10:12 0 d-------- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun
2008-05-16 18:45:25 0 d-------- C:\Dokumente und Einstellungen\***Anwendungsdaten\Adobe
2008-05-16 01:34:39 0 d-------- C:\Dokumente und Einstellungen\*\Anwendungsdaten\Ahead
2008-05-14 17:43:35 0 d-------- C:\Dokumente und Einstellungen\*\Anwendungsdaten\AdobeUM
2008-05-13 21:42:07 0 d-------- C:\Dokumente und Einstellungen\*\Anwendungsdaten\Ventrilo
2008-05-12 22:58:02 0 d-------- C:\Dokumente und Einstellungen\*\Anwendungsdaten\TuneUp Software
2008-05-12 15:59:55 0 d-------- C:\Dokumente und Einstellungen\*\Anwendungsdaten\WinRAR
2008-05-12 15:58:53 0 d-------- C:\Dokumente und Einstellungen\*\Anwendungsdaten\Macromedia
2008-05-12 15:14:04 0 d-------- C:\Dokumente und Einstellungen\*\Anwendungsdaten\Mozilla
2008-05-11 19:08:30 0 d-------- C:\Dokumente und Einstellungen\*\Anwendungsdaten\ATI
2008-05-11 18:54:52 415800 --a------ C:\WINDOWS\system32\perfh007.dat
2008-05-11 18:54:52 75194 --a------ C:\WINDOWS\system32\perfc007.dat
2008-05-11 18:34:36 62 --ahs---- C:\Dokumente und Einstellungen\*\Anwendungsdaten\desktop.ini
2008-05-11 18:22:35 0 d-------- C:\Dokumente und Einstellungen\*\Anwendungsdaten\InstallShield
2008-05-11 17:57:45 0 d-------- C:\Dokumente und Einstellungen\*\Anwendungsdaten\Identities


-- Registry Dump ---------------------------------------------------------------


Die Eingabeaufforderung ist vom Administrator deaktiviert worden.

Drcken Sie eine beliebige Taste . . .


-- End of Deckard's System Scanner: finished at 2008-05-26 15:17:21 ------------

ohhdien 26.05.2008 14:31
extra.txt:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: German

CPU 0: Mobile AMD Athlon(tm) 64 Processor 3200+
Percentage of Memory in Use: 50%
Physical Memory (total/avail): 511.3 MiB / 254.66 MiB
Pagefile Memory (total/avail): 1248.32 MiB / 954.93 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1942.73 MiB

C: is Fixed (NTFS) - 9.77 GiB total, 5.37 GiB free.
D: is Fixed (NTFS) - 9.31 GiB total, 9.1 GiB free.
F: is Fixed (NTFS) - 55.89 GiB total, 20.34 GiB free.
G: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - Maxtor 52049U4 - 19.08 GiB - 2 partitions
\PARTITION0 (bootable) - Installierbares Dateisystem - 9.77 GiB - C:
\PARTITION1 - Erweitert mit Int 13 (erweitert) - 9.31 GiB - D:

\\.\PHYSICALDRIVE1 - ST360020A - 55.9 GiB - 1 partition
\PARTITION0 - Installierbares Dateisystem - 55.89 GiB - F:



-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is disabled.

AntiVirusDisableNotify is set.
FirewallDisableNotify is set.
UpdatesDisableNotify is set.

AV: Avira AntiVir PersonalEdition v8.0.1.15 (Avira GmbH)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\\HLSW\\hlsw.exe"="D:\\HLSW\\hlsw.exe:*:Enabled:HLSW Application"
"D:\\QIP\\qip.exe"="D:\\QIP\\qip.exe:*:Enabled:Quiet Internet Pager"
"C:\\Programme\\ICQLite\\ICQLite.exe"="C:\\Programme\\ICQLite\\ICQLite.exe:*:Enabled:ICQ Lite"


-- Environment Variables -------------------------------------------------------


Die Eingabeaufforderung ist vom Administrator deaktiviert worden.

Drcken Sie eine beliebige Taste . . .


-- User Profiles ---------------------------------------------------------------

odin (admin)


-- Add/Remove Programs ---------------------------------------------------------


Die Eingabeaufforderung ist vom Administrator deaktiviert worden.

Drcken Sie eine beliebige Taste . . .


-- Application Event Log -------------------------------------------------------

Event Record #/Type636 / Warning
Event Submitted/Written: 05/26/2008 03:12:53 PM
Event ID/Source: 4113 / Avira AntiVir
Event Description:
TR/Crypt.XPACK.GenC:\System Volume Information\_restore{B7890E31-34F8-4C78-BF3A-D3E3C224B0CD}\RP44\A0011381.sys

Event Record #/Type635 / Warning
Event Submitted/Written: 05/26/2008 03:12:49 PM
Event ID/Source: 4113 / Avira AntiVir
Event Description:
TR/Crypt.XPACK.GenC:\System Volume Information\_restore{B7890E31-34F8-4C78-BF3A-D3E3C224B0CD}\RP44\A0011377.dll

Event Record #/Type634 / Warning
Event Submitted/Written: 05/26/2008 03:12:47 PM
Event ID/Source: 4113 / Avira AntiVir
Event Description:
TR/Crypt.XPACK.GenC:\WINDOWS\system32\WinCtrl32.dll

Event Record #/Type633 / Warning
Event Submitted/Written: 05/26/2008 03:12:41 PM
Event ID/Source: 4113 / Avira AntiVir
Event Description:
TR/Crypt.XPACK.GenC:\WINDOWS\system32\WinCtrl32.dll

Event Record #/Type632 / Warning
Event Submitted/Written: 05/26/2008 03:12:29 PM
Event ID/Source: 4113 / Avira AntiVir
Event Description:
TR/Crypt.XPACK.GenC:\System Volume Information\_restore{B7890E31-34F8-4C78-BF3A-D3E3C224B0CD}\RP41\A0010378.sys



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type5622 / Error
Event Submitted/Written: 05/26/2008 02:53:01 PM / 05/26/2008 02:53:31 PM
Event ID/Source: 12294 / ati2mtag
Event Description:
CRT invalid display type

Event Record #/Type5619 / Error
Event Submitted/Written: 05/26/2008 02:26:38 PM
Event ID/Source: 59 / SideBySide
Event Description:
Generate Activation Context ist für D:\HLSW\Plugins\messenger_plugin.dll fehlgeschlagen.
Referenzfehlermeldung: Der Vorgang wurde erfolgreich beendet.
.

Event Record #/Type5618 / Error
Event Submitted/Written: 05/26/2008 02:26:38 PM
Event ID/Source: 59 / SideBySide
Event Description:
Resolve Partial Assembly ist für Microsoft.VC80.CRT fehlgeschlagen.
Referenzfehlermeldung: Die referenzierte Assemblierung ist nicht auf dem Computer installiert.
.

Event Record #/Type5617 / Error
Event Submitted/Written: 05/26/2008 02:26:38 PM
Event ID/Source: 32 / SideBySide
Event Description:
Abhängige Assemblierung "Microsoft.VC80.CRT" konnte nicht gefunden werden. "Last Error": Die referenzierte Assemblierung ist nicht auf dem Computer installiert.

Event Record #/Type5616 / Error
Event Submitted/Written: 05/26/2008 02:26:34 PM
Event ID/Source: 59 / SideBySide
Event Description:
Generate Activation Context ist für D:\HLSW\MFC80U.DLL fehlgeschlagen.
Referenzfehlermeldung: Der Vorgang wurde erfolgreich beendet.
.



-- End of Deckard's System Scanner: finished at 2008-05-26 15:17:21 ------------


Alle Zeitangaben in WEZ +1. Es ist jetzt 22:41 Uhr.

Copyright ©2000-2026, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19