Home » Viren, Trojaner & Malware Forum » Ich bitte um Überprüfung meines Systems!! » Themenansicht

Ich bitte um Überprüfung meines Systems!!
#0
19.03.2007, 17:58
master_man
Member

Beiträge: 131
#1 Hallo..
ich habe vor ein paar Monaten Windows neu aufgesetzt und möchte jetzt mal wieder fragen ob mein System sauber von Viren und dem ganzen Zeug ist...

nur leider weis ich gra nicht mehr, wie ich jetzt eigentlich vorgehen soll...
also wie könnt ihr mir helfen???

vielen dank schon mal...

mfg master_man
Seitenanfang Seitenende
19.03.2007, 19:41
Terementor
Member

Beiträge: 130
#2 Wie wärs mit den Standard logs ;)

http://board.protecus.de/t23188.htm
Seitenanfang Seitenende
19.03.2007, 20:47
master_man
Member

Themenstarter

Beiträge: 131
#3 okay stimmt....also hier mal mein hijackthis logfile:

Logfile of HijackThis v1.99.1
Scan saved at 20:45:19, on 19.03.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\VIA\RAID\raid_tool.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Programme\Analog Devices\SoundMAX\Smax4.exe
C:\Programme\Microsoft IntelliType Pro\type32.exe
C:\Programme\Microsoft IntelliPoint\point32.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\D-Link\AirPlus G\AirGCFG.exe
C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Programme\GigaByte\VGA Utility Manager\G-VGA.exe
C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\Java\jre1.5.0_11\bin\jusched.exe
C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\MSN Messenger\MsnMsgr.Exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Programme\MSN Messenger\usnsvc.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Dokumente und Einstellungen\Manuel\Desktop\Privat\exe\hijackthis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
O4 - HKLM\..\Run: [RaidTool] C:\Programme\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Programme\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [type32] "C:\Programme\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Programme\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Programme\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [VGAUtil] C:\Programme\GigaByte\VGA Utility Manager\G-VGA.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Programme\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Programme\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [updateMgr] C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_11\bin\ssv.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/DE-AT/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab55762.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab55579.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - Unknown owner - C:\Programme\Spyware Doctor\sdhelp.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe



nacher kommen gleich die anderen logs nach

mfg master_man
Seitenanfang Seitenende
20.03.2007, 14:06
master_man
Member

Themenstarter

Beiträge: 131
#4 also combofix läuft bei mir nicht...wenn ich doppelklicke, kommt ein fenster wo steht, you have selected an invalid URL....

ich poste jetzt noch die logs von datfindbat


mfg master_man
Seitenanfang Seitenende
20.03.2007, 14:15
master_man
Member

Themenstarter

Beiträge: 131
#5 hier das datfindbat log(s):

system32.txt:

Datentr„ger in Laufwerk C: ist Manu's Festplatte
Volumeseriennummer: 344D-EB48

Verzeichnis von C:\WINDOWS\system32

07-03-20 13:56 13,646 wpa.dbl
07-03-20 13:55 54,112 vsconfig.xml
07-03-20 13:55 4 GVTunner.ref
07-03-17 00:18 4,096 crash
07-03-14 15:05 4,212 zllictbl.dat
07-03-07 21:36 12,619,736 MRT.exe
07-03-06 16:29 9,857 jupdate-1.5.0_11-b03.log
07-03-03 17:36 53,248 unrar.dll
07-03-03 13:11 401,064 perfh009.dat
07-03-03 13:11 62,344 perfc009.dat
07-03-03 13:11 415,470 perfh007.dat
07-03-03 13:11 74,996 perfc007.dat
07-03-03 13:11 940,174 PerfStringBackup.INI
07-02-25 19:22 16,832 amcompat.tlb
07-02-25 19:22 23,392 nscompat.tlb
07-02-25 13:55 9,965 ikhcore.log
07-02-24 14:55 0 asfiles.txt
07-02-24 14:49 2,550 Uninstall.ico
07-02-24 14:49 1,406 Help.ico
07-02-21 19:52 189,000 FNTCACHE.DAT
07-02-18 19:54 122,142 TZLog.log
07-02-18 18:45 13,646 wpa.bak
07-02-17 14:42 261 $winnt$.inf
07-02-17 14:39 2,951 CONFIG.NT
07-02-17 14:38 488 logonui.exe.manifest
07-02-17 14:38 488 WindowsLogon.manifest
07-02-17 14:38 749 ncpa.cpl.manifest
07-02-17 14:38 749 wuaucpl.cpl.manifest
07-02-17 14:38 749 nwc.cpl.manifest
07-02-17 14:38 749 cdplayer.exe.manifest
07-02-17 14:38 749 sapi.cpl.manifest
07-02-17 14:36 21,740 emptyregdb.dat
07-02-17 14:33 0 h323log.txt
07-02-15 18:01 337,280 WgaTray.exe
07-02-15 18:01 1,476,992 LegitCheckControl.dll
07-02-15 18:00 236,928 WgaLogon.dll
07-02-02 21:17 307,200 atiiiexx.dll
07-02-02 21:04 307,200 ATIDEMGX.dll
07-02-02 21:03 264,704 ati2dvag.dll
07-02-02 20:57 118,784 atipdlxx.dll
07-02-02 20:56 110,592 Oemdspif.dll
07-02-02 20:56 26,112 Ati2mdxx.exe
07-02-02 20:56 42,496 ati2edxx.dll
07-02-02 20:56 110,592 ati2evxx.dll
07-02-02 20:55 446,464 ati2evxx.exe
07-02-02 20:54 53,248 ATIDDC.DLL
07-02-02 20:46 2,827,968 ati3duag.dll
07-02-02 20:40 1,272,960 ativvaxx.dll
07-02-02 20:27 241,664 atikvmag.dll
07-02-02 20:25 17,408 atitvo32.dll
07-02-02 20:20 348,160 ati2cqag.dll
07-02-02 20:19 5,312,512 atioglxx.dll
07-02-02 18:34 520,192 ati2sgag.exe
07-01-30 17:21 128,813 atiicdxx.dat
07-01-29 09:58 60,416 tzchange.exe
07-01-25 13:52 617,472 urlmon.dll
07-01-23 20:30 546,304 hhctrl.ocx
07-01-19 12:53 51,056 sirenacm.dll
07-01-04 14:41 664,576 wininet.dll
07-01-04 14:41 474,624 shlwapi.dll
07-01-04 14:41 1,494,528 shdocvw.dll
07-01-04 14:41 532,480 mstime.dll
07-01-04 14:41 39,424 pngfilt.dll
07-01-04 14:40 146,432 msrating.dll
07-01-04 14:40 448,512 mshtmled.dll
07-01-04 14:40 3,077,632 mshtml.dll
07-01-04 14:40 16,384 jsproxy.dll
07-01-04 14:40 96,768 inseng.dll
07-01-04 14:40 251,392 iepeers.dll
07-01-04 14:40 357,888 dxtmsft.dll
07-01-04 14:40 1,056,256 danim.dll
07-01-04 14:40 205,312 dxtrans.dll
07-01-04 14:40 55,808 extmgr.dll
07-01-04 14:40 152,064 cdfview.dll
07-01-04 14:40 1,023,488 browseui.dll
07-01-04 12:52 123,392 xpsp3res.dll



systemtemp.txt:

Datentr„ger in Laufwerk C: ist Manu's Festplatte
Volumeseriennummer: 344D-EB48

Verzeichnis von C:\DOKUME~1\Manuel\LOKALE~1\Temp

07-03-20 14:00 4,110 jusched.log
07-03-20 13:55 16,384 ~DF42A7.tmp
07-03-19 21:51 0 4wr58.tmp
07-03-19 17:50 16,384 ~DFBED6.tmp
07-03-19 17:29 16,384 ~DFECA9.tmp
07-03-18 19:17 16,384 ~DF9CB6.tmp
07-03-18 14:05 25,124 AAX47.tmp
07-03-18 13:42 0 dfj31.tmp
07-03-18 13:38 0 w762F.tmp
07-03-18 13:37 0 0j62D.tmp
07-03-18 13:36 0 4hb2B.tmp
07-03-18 11:24 16,384 ~DF703F.tmp
07-03-17 18:07 0 kj018.tmp
07-03-17 17:40 792 java_install_reg.log
07-03-17 17:01 16,384 ~DFDE73.tmp
07-03-17 00:19 16,384 ~DF6A6F.tmp
07-03-16 16:14 37,568 AAX41.tmp
07-03-15 21:33 32,768 ~DF7359.tmp
07-03-15 21:22 16,384 ~DF74F1.tmp
07-03-15 18:34 16,384 ~DFA5B5.tmp
07-03-14 20:07 16,384 ~DF571E.tmp
07-03-14 15:05 16,384 ~DF13B7.tmp
07-03-13 16:23 1,416 wmplog02.sqm
07-03-13 16:22 1,416 wmplog01.sqm
07-03-13 16:18 1,472 wmplog00.sqm
07-03-12 20:47 16,384 ~DFCAE0.tmp
07-03-12 20:23 16,384 ~DFBE55.tmp
07-03-12 15:48 0 kbu38.tmp
07-03-12 15:47 0 a3d37.tmp
07-03-12 15:46 0 wnq36.tmp
07-03-11 20:24 16,384 ~DF8949.tmp
07-03-11 17:23 65,536 ~DF10D.tmp
07-03-10 21:28 16,384 ~DF72CE.tmp
07-03-10 18:16 0 j53100.tmp
07-03-10 13:24 72,192 ~e5.0001
07-03-09 18:46 0 9k4E.tmp
07-03-09 18:46 0 mwpD.tmp
07-03-09 18:45 0 l5uC.tmp
07-03-09 18:45 0 vxeB.tmp
07-03-07 20:44 196,608 ~DF86B4.tmp
07-03-07 20:44 512 ~DF86CF.tmp
07-03-07 20:44 196,608 ~DF7E23.tmp
07-03-07 20:44 512 ~DF7E3B.tmp
07-03-07 16:58 65,536 ~DFBA42.tmp
07-03-07 16:08 65,536 ~DFDFB.tmp
07-03-07 15:48 16,384 ~DF4818.tmp
07-03-06 18:40 0 d5w79.tmp
07-03-06 18:38 0 vsr78.tmp
07-03-06 18:37 0 o2377.tmp
07-03-06 18:36 0 nyi76.tmp
07-03-06 18:35 0 jxr75.tmp
07-03-06 18:34 0 xyh74.tmp
07-03-06 16:38 81,920 ~DFAB0E.tmp
07-03-06 16:29 0 java_install.log
07-03-06 16:28 1,156 jinstall.cfg
07-03-06 16:27 0 temp0.tmp
07-03-06 15:41 16,384 ~DFED08.tmp
07-03-06 15:38 787 QTInstallCode.log
07-03-06 15:38 4,209 qtplugin.log
07-03-06 15:38 450,048 289f0d.mst
07-03-06 15:37 396,288 27dab3.mst
07-03-06 15:36 783,360 d64b.mst
07-03-06 15:36 783,360 2397c2.mst
07-03-06 14:54 16,384 ~DFC6C8.tmp
07-03-06 14:51 12,865,536 gamejack6.msi
07-03-06 14:31 16,384 ~DF7C03.tmp
07-03-05 21:05 16,384 ~DF86B.tmp
07-03-05 19:31 0 nji3D.tmp
07-03-05 19:30 0 wcq3C.tmp
07-03-05 19:28 0 adq3B.tmp
07-03-05 19:27 0 29e3A.tmp
07-03-05 19:26 0 rrt39.tmp
07-03-04 14:13 16,384 ~DF9618.tmp
07-03-03 20:09 5,877,019 arch.rar
07-03-03 19:21 12,674 dd_netfxLP20UI7A32.txt
07-03-03 19:21 807,108 dd_netfxLP20MSI7A32.txt
07-03-03 19:20 1,167 langpackSetup.log
07-03-03 18:51 14,525 netfxupdate.log
07-03-03 18:50 21,956 netfxsl.log
07-03-03 18:25 16,384 ~DF7495.tmp
07-03-03 18:20 16,384 ~DFE777.tmp
07-03-03 17:53 16,384 ~DFCA1.tmp
07-03-03 14:46 0 hx066.tmp
07-03-03 14:29 0 c6g54.tmp
07-03-03 14:29 0 ysd51.tmp
07-03-03 14:22 0 2h130.tmp
07-03-03 13:11 5,755 ASPNETSetup.log
07-03-03 12:21 49,152 ~DF76EB.tmp
07-03-03 11:38 16,384 ~DFBBBB.tmp
07-03-01 20:54 16,384 ~DF3D1F.tmp
07-02-28 21:54 409 WGANotify.settings
07-02-28 21:54 16,384 ~DF8E5C.tmp
07-02-28 14:39 16,384 ~DFB43D.tmp
07-02-27 16:53 16,384 ~DF7EED.tmp
07-02-26 17:11 16,384 ~DFC0D1.tmp


windows.txt

Datentr„ger in Laufwerk C: ist Manu's Festplatte
Volumeseriennummer: 344D-EB48

Verzeichnis von C:\

07-03-20 14:10 0 sys.txt
07-03-20 14:10 611 down.txt
07-03-20 14:10 2,025 temp.txt
07-03-20 14:10 2,025 tmp.txt
07-03-20 14:10 8,474 system.txt
07-03-20 14:08 5,061 systemtemp.txt
07-03-20 14:08 93,812 system32.txt
07-03-20 13:55 536,072,192 hiberfil.sys
07-03-20 13:55 805,306,368 pagefile.sys
07-03-06 14:52 311 boot.ini
07-02-19 14:30 268 sqmdata02.sqm
07-02-19 14:30 244 sqmnoopt02.sqm
07-02-18 19:13 268 sqmdata01.sqm
07-02-18 19:13 244 sqmnoopt01.sqm
07-02-18 18:28 244 sqmnoopt00.sqm
07-02-18 18:28 268 sqmdata00.sqm
07-02-17 14:39 0 CONFIG.SYS
07-02-17 14:39 0 MSDOS.SYS
07-02-17 14:39 0 IO.SYS
07-02-17 14:39 0 AUTOEXEC.BAT


temp.txt

Volumeseriennummer: 344D-EB48

Verzeichnis von C:\WINDOWS\Temp

07-03-20 13:56 409 WGANotify.settings
07-03-20 13:55 255 WGAErrLog.txt
07-03-20 13:55 256 ZLT0311d.TMP
07-03-20 13:55 256 ZLT0311a.TMP
07-03-19 17:29 256 ZLT00691.TMP
07-03-19 17:29 256 ZLT0068d.TMP
07-03-18 11:23 256 ZLT02115.TMP
07-03-18 11:23 256 ZLT020db.TMP
07-03-17 00:19 256 ZLT055f5.TMP
07-03-17 00:18 256 ZLT055ee.TMP
07-03-15 18:34 256 ZLT022e6.TMP
07-03-15 18:34 256 ZLT00010.TMP
07-03-12 20:23 256 ZLT068f9.TMP
07-03-12 20:23 256 ZLT068f6.TMP
07-03-07 15:48 256 ZLT00fb8.TMP
07-03-07 15:48 256 ZLT00fb1.TMP
07-03-06 15:40 256 ZLT03c06.TMP
07-03-06 15:40 256 ZLT03c03.TMP
07-03-06 14:53 256 ZLT0180a.TMP
07-03-06 14:53 256 ZLT01806.TMP
07-03-06 14:31 256 ZLT006ba.TMP
07-03-06 14:31 256 ZLT006b7.TMP
07-03-03 18:24 256 ZLT04eb9.TMP
07-03-03 18:24 256 ZLT04eb6.TMP
07-03-03 18:22 16,384 Perflib_Perfdata_ac.dat
07-03-03 17:53 256 ZLT036df.TMP
07-03-03 17:53 256 ZLT036db.TMP
07-03-03 11:37 256 ZLT019d0.TMP
07-03-03 11:37 256 ZLT017b4.TMP
07-03-01 20:53 256 ZLT024db.TMP
07-03-01 20:53 256 ZLT024d8.TMP
07-02-28 14:39 256 ZLT05b7a.TMP
07-02-28 14:39 256 ZLT03838.TMP
07-02-27 16:52 256 ZLT04fdb.TMP
07-02-27 16:52 256 ZLT04fd7.TMP
07-02-26 17:10 256 ZLT00fea.TMP
07-02-26 17:10 256 ZLT00f96.TMP
37 Datei(en) 25,752 Bytes
0 Verzeichnis(se), 29,817,417,728 Bytes frei



down.txt

Datentr„ger in Laufwerk C: ist Manu's Festplatte
Volumeseriennummer: 344D-EB48

Verzeichnis von C:\WINDOWS\Downloaded Program Files

07-02-17 14:38 65 desktop.ini
07-01-29 09:46 234,536 MessengerStatsPAClient.dll
07-01-24 17:39 149,544 ZIntro.ocx


c.txt

Datentr„ger in Laufwerk C: ist Manu's Festplatte
Volumeseriennummer: 344D-EB48

Verzeichnis von C:\

07-03-20 14:10 0 sys.txt
07-03-20 14:10 611 down.txt
07-03-20 14:10 2,025 temp.txt
07-03-20 14:10 2,025 tmp.txt
07-03-20 14:10 8,474 system.txt
07-03-20 14:08 5,061 systemtemp.txt
07-03-20 14:08 93,812 system32.txt
07-03-20 13:55 536,072,192 hiberfil.sys
07-03-20 13:55 805,306,368 pagefile.sys
07-03-06 14:52 311 boot.ini
07-02-19 14:30 268 sqmdata02.sqm
07-02-19 14:30 244 sqmnoopt02.sqm
07-02-18 19:13 268 sqmdata01.sqm
07-02-18 19:13 244 sqmnoopt01.sqm
07-02-18 18:28 244 sqmnoopt00.sqm
07-02-18 18:28 268 sqmdata00.sqm
07-02-17 14:39 0 CONFIG.SYS
07-02-17 14:39 0 MSDOS.SYS
07-02-17 14:39 0 IO.SYS
07-02-17 14:39 0 AUTOEXEC.BAT





ich hoffe ihr könnt mir helfen...
wie oben schon geschildert....combofix funktioniert nicht...

mfg master_man
Seitenanfang Seitenende
20.03.2007, 19:27
master_man
Member

Themenstarter

Beiträge: 131
#6 und ich hoffe, dass vor allem sabina so nett ist, und mir helfen würde meine logfiles auszuwerten...


vielen dank schon im vorraus...

MfG master_man
Seitenanfang Seitenende
21.03.2007, 10:55
master_man
Member

Themenstarter

Beiträge: 131
#7 bitteeee....kann mir jetzt mal wer helfeeennn????

danke schon mal

mfg master_man
Seitenanfang Seitenende
22.03.2007, 17:03
master_man
Member

Themenstarter

Beiträge: 131
#8 bitte bitte bitte...


ich flehe euch an....

ich will doch nur schauen, ob mein PC suber ist....

mfg master_man
Seitenanfang Seitenende
24.03.2007, 23:32
master_man
Member

Themenstarter

Beiträge: 131
#9 biiiiiiiiiiiiiiiiiiiiiiiiiitttteeeeeeeeeeeeee

ich brauche hiiiiiiiiiiiiiiillllffffeeeeeeeeeeee.....endlich mal bittteschön...

von irgendwem....

mfg master_man
Seitenanfang Seitenende
25.03.2007, 12:21
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#10 Combofix funktioniert wieder ;)
http://virus-protect.org/artikel/tools/combofix.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
25.03.2007, 18:15
master_man
Member

Themenstarter

Beiträge: 131
#11 Danke....hier jetz noch das Logfile von Combofix:

"Manuel" - 07-03-25 18:09:31 Service Pack 2
ComboFix 07-03-23 - Running from: "C:\Dokumente und Einstellungen\Manuel\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2007-02-25 to 2007-03-25 ))))))))))))))))))))))))))))))))))


2007-03-24 22:50 <DIR> d-------- C:\Programme\Codemasters
2007-03-24 19:16 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2007-03-24 19:16 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2007-03-24 19:16 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2007-03-24 19:16 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
2007-03-24 19:16 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
2007-03-24 19:16 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys
2007-03-24 19:16 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2007-03-24 19:15 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2007-03-24 19:15 54,272 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2007-03-24 19:11 <DIR> d-------- C:\Programme\Microsoft LifeCam
2007-03-23 19:42 1,087,216 --a------ C:\WINDOWS\system32\zpeng24.dll
2007-03-20 19:40 68,888 --a------ C:\WINDOWS\system32\xinput1_3.dll
2007-03-20 19:40 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2007-03-20 19:40 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2007-03-20 19:40 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll
2007-03-20 19:40 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll
2007-03-20 19:40 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll
2007-03-20 19:40 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2007-03-20 19:40 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2007-03-20 19:40 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll
2007-03-20 19:30 <DIR> d-------- C:\Programme\iTunes
2007-03-20 19:25 <DIR> d-------- C:\Programme\Apple Software Update
2007-03-18 20:48 <DIR> d-------- C:\DOKUME~1\Manuel\ANWEND~1\Screenshot Sender
2007-03-17 18:40 <DIR> d-------- C:\WINDOWS\Sun
2007-03-17 18:40 <DIR> d-------- C:\DOKUME~1\Manuel\ANWEND~1\Sun
2007-03-14 16:18 <DIR> d-------- C:\3FS
2007-03-14 16:15 <DIR> d-------- C:\Programme\DVD Shrink
2007-03-14 16:15 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\DVD Shrink
2007-03-13 16:52 <DIR> d-------- C:\DOKUME~1\Manuel\ANWEND~1\dvdcss
2007-03-12 21:43 <DIR> d-------- C:\Programme\Makayama.com
2007-03-11 00:10 <DIR> d-------- C:\DOKUME~1\Manuel\ANWEND~1\CyberLink
2007-03-10 13:42 <DIR> d-------- C:\Programme\Electronic Arts
2007-03-10 13:34 <DIR> d-------- C:\DOKUME~1\Manuel\ANWEND~1\My Battle for Middle-earth(tm) II Files
2007-03-09 20:35 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\TrackMania United
2007-03-08 21:22 <DIR> d-------- C:\Programme\TrackMania United
2007-03-07 19:21 <DIR> d-------- C:\Programme\Lavalys
2007-03-07 15:40 <DIR> C:\DOKUME~1\Manuel\ANWEND~1\Meine Die Schlacht um MittelerdeT II-Dateien
2007-03-06 17:37 <DIR> d-------- C:\Programme\iDump
2007-03-06 17:29 <DIR> d-------- C:\Programme\Java
2007-03-06 17:28 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Java
2007-03-06 16:38 <DIR> d-------- C:\DOKUME~1\Manuel\ANWEND~1\Apple Computer
2007-03-06 16:37 <DIR> d-------- C:\Programme\QuickTime
2007-03-06 16:36 38,229 --------- C:\WINDOWS\system32\drivers\StMp3Rec.sys
2007-03-06 16:36 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2007-03-06 16:36 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\Apple Computer
2007-03-06 16:35 <DIR> d-------- C:\Programme\iPod
2007-03-06 15:58 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Adobe
2007-03-06 15:58 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\Adobe
2007-03-06 15:55 <DIR> d-------- C:\DOKUME~1\Manuel\ANWEND~1\Engelmann Media
2007-03-03 20:23 21,504 --a------ C:\WINDOWS\system32\drivers\hidserv.dll
2007-03-03 19:38 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\Messenger Plus!
2007-03-03 19:20 <DIR> d-------- C:\DOKUME~1\Manuel\ANWEND~1\Help
2007-03-03 18:47 <DIR> d-------- C:\Programme\Cossacks
2007-03-03 18:36 53,248 --a------ C:\WINDOWS\system32\unrar.dll
2007-03-03 18:36 4,354,048 -ra------ C:\WINDOWS\csetup.exe
2007-03-03 15:51 <DIR> d-------- C:\DOKUME~1\Manuel\ANWEND~1\AdobeUM
2007-03-03 14:12 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2007-03-03 13:49 21,504 --a------ C:\WINDOWS\jestertb.dll
2007-02-25 20:22 <DIR> d-------- C:\Programme\Windows Media Connect 2
2007-02-25 20:20 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-02-25 20:20 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-02-25 19:38 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\Windows Genuine Advantage
2007-02-25 19:36 <DIR> d---s---- C:\DOKUME~1\Manuel\UserData


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-03-25 14:50 74996 --a------ C:\WINDOWS\system32\perfc007.dat
2007-03-25 14:50 415470 --a------ C:\WINDOWS\system32\perfh007.dat
2007-03-25 14:49 23524 --a------ C:\WINDOWS\system32\drivers\GVTDrv.sys
2007-03-23 19:42 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-03-21 14:33 -------- d-------- C:\Programme\asus
2007-03-18 20:48 -------- d-------- C:\Programme\msn messenger
2007-03-18 20:48 -------- d-------- C:\Programme\messenger plus! live
2007-03-09 01:02 54936 --a------ C:\WINDOWS\system32\vsutil_loc0407.dll
2007-03-06 17:32 1398 --a------ C:\WINDOWS\mozver.dat
2007-03-06 16:39 -------- d--h----- C:\Programme\installshield installation information
2007-03-03 19:10 -------- d-------- C:\Programme\ati technologies
2007-02-24 17:23 -------- d-------- C:\DOKUME~1\Manuel\ANWEND~1\pc tools
2007-02-24 16:11 -------- d-------- C:\Programme\microsoft intellitype pro
2007-02-24 16:11 -------- d-------- C:\Programme\microsoft intellipoint
2007-02-24 16:11 -------- d-------- C:\Programme\messenger
2007-02-21 16:57 -------- d-------- C:\Programme\guitar pro 5
2007-02-19 19:19 -------- d-------- C:\DOKUME~1\Manuel\ANWEND~1\anvil-soft
2007-02-18 19:24 0 --a------ C:\WINDOWS\nsreg.dat
2007-02-18 19:23 -------- d-------- C:\Programme\videolan
2007-02-18 19:23 -------- d-------- C:\DOKUME~1\Manuel\ANWEND~1\vlc
2007-02-18 18:58 -------- d-------- C:\Programme\cyberlink
2007-02-18 18:54 -------- d-------- C:\Programme\gigabyte
2007-02-18 18:50 -------- d-------- C:\DOKUME~1\Manuel\ANWEND~1\ati
2007-02-17 16:16 -------- d-------- C:\Programme\d-link
2007-02-17 16:16 -------- d-------- C:\Programme\ani
2007-02-17 15:56 -------- d-------- C:\Programme\Gemeinsame Dateien\installshield
2007-02-17 15:51 -------- d-------- C:\Programme\analog devices
2007-02-17 15:48 -------- d-------- C:\Programme\via
2007-02-17 15:40 -------- d-------- C:\Programme\microsoft frontpage
2007-02-17 15:39 0 -rahs---- C:\MSDOS.SYS
2007-02-17 15:39 0 -rahs---- C:\IO.SYS
2007-02-17 15:39 0 --a------ C:\CONFIG.SYS
2007-02-17 15:39 0 --a------ C:\AUTOEXEC.BAT
2007-02-17 15:38 -------- d--h----- C:\Programme\windowsupdate
2007-02-17 15:38 -------- d-------- C:\Programme\online-dienste
2007-02-17 15:37 -------- d-------- C:\Programme\movie maker
2007-02-17 15:37 -------- d-------- C:\Programme\Gemeinsame Dateien\mssoap
2007-02-17 15:37 -------- d-------- C:\Programme\Gemeinsame Dateien\dienste
2007-02-17 15:36 21740 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-02-17 15:36 -------- d-------- C:\Programme\online services
2007-02-17 15:36 -------- d-------- C:\Programme\msn gaming zone
2007-02-17 15:35 -------- d-------- C:\Programme\windows nt
2007-02-17 15:26 -------- d-------- C:\Programme\Gemeinsame Dateien\speechengines
2007-02-17 15:26 -------- d-------- C:\Programme\Gemeinsame Dateien\odbc
2007-02-17 15:25 62 --ahs---- C:\DOKUME~1\Manuel\ANWEND~1\desktop.ini
2007-02-02 22:17 307200 --a------ C:\WINDOWS\system32\atiiiexx.dll
2007-02-02 22:04 307200 --a------ C:\WINDOWS\system32\atidemgx.dll
2007-02-02 22:03 264704 --a------ C:\WINDOWS\system32\ati2dvag.dll
2007-02-02 22:03 1975296 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-02-02 21:57 118784 --a------ C:\WINDOWS\system32\atipdlxx.dll
2007-02-02 21:56 42496 --a------ C:\WINDOWS\system32\ati2edxx.dll
2007-02-02 21:56 26112 --a------ C:\WINDOWS\system32\ati2mdxx.exe
2007-02-02 21:56 110592 --a------ C:\WINDOWS\system32\oemdspif.dll
2007-02-02 21:56 110592 --a------ C:\WINDOWS\system32\ati2evxx.dll
2007-02-02 21:55 446464 --a------ C:\WINDOWS\system32\ati2evxx.exe
2007-02-02 21:54 53248 --a------ C:\WINDOWS\system32\atiddc.dll
2007-02-02 21:46 2827968 --a------ C:\WINDOWS\system32\ati3duag.dll
2007-02-02 21:40 1272960 --a------ C:\WINDOWS\system32\ativvaxx.dll
2007-02-02 21:27 241664 --a------ C:\WINDOWS\system32\atikvmag.dll
2007-02-02 21:25 17408 --a------ C:\WINDOWS\system32\atitvo32.dll
2007-02-02 21:20 348160 --a------ C:\WINDOWS\system32\ati2cqag.dll
2007-02-02 21:19 5312512 --a------ C:\WINDOWS\system32\atioglxx.dll
2007-02-02 19:34 520192 --------- C:\WINDOWS\system32\ati2sgag.exe
2007-01-30 18:21 128813 --a------ C:\WINDOWS\system32\atiicdxx.dat
2007-01-19 13:53 51056 --a------ C:\WINDOWS\system32\sirenacm.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MsnMsgr"="\"C:\\Programme\\MSN Messenger\\MsnMsgr.Exe\" /background"
"MSMSGS"="\"C:\\Programme\\Messenger\\msmsgs.exe\" /background"
"Spyware Doctor"="\"C:\\Programme\\Spyware Doctor\\swdoctor.exe\" /Q"
@=""
"StartCCC"="C:\\Programme\\ATI Technologies\\ATI.ACE\\Core-Static\\CLIStart.exe"
"updateMgr"="C:\\Programme\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe AcRdB7_0_9"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"RaidTool"="C:\\Programme\\VIA\\RAID\\raid_tool.exe"
"SoundMAXPnP"="C:\\Programme\\Analog Devices\\SoundMAX\\SMax4PNP.exe"
"SoundMAX"="\"C:\\Programme\\Analog Devices\\SoundMAX\\Smax4.exe\" /tray"
"type32"="\"C:\\Programme\\Microsoft IntelliType Pro\\type32.exe\""
"IntelliPoint"="\"C:\\Programme\\Microsoft IntelliPoint\\point32.exe\""
"D-Link AirPlus G"="C:\\Programme\\D-Link\\AirPlus G\\AirGCFG.exe"
"ANIWZCS2Service"="C:\\Programme\\ANI\\ANIWZCS2 Service\\WZCSLDR2.exe"
"ATIPTA"="C:\\Programme\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"VGAUtil"="C:\\Programme\\GigaByte\\VGA Utility Manager\\G-VGA.exe"
"RemoteControl"="C:\\Programme\\CyberLink\\PowerDVD\\PDVDServ.exe"
"avgnt"="\"C:\\Programme\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"
"SunJavaUpdateSched"="\"C:\\Programme\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
"UnlockerAssistant"="\"C:\\Programme\\Unlocker\\UnlockerAssistant.exe\""
"QuickTime Task"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Programme\\iTunes\\iTunesHelper.exe\""
"ZoneAlarm Client"="\"C:\\Programme\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"LifeCam"="\"C:\\Programme\\Microsoft LifeCam\\LifeExp.exe\""
"VX3000"="C:\\WINDOWS\\vVX3000.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Spyware Doctor"="\"C:\\Programme\\Spyware Doctor\\swdoctor.exe\" /Q"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job


********************************************************************

catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
RaidTool = C:\Programme\VIA\RAID\raid_tool.exe???A?

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 07-03-25 18:12:52




ich hoffe ihr könnt mir jetzt helfen...

mfg master_man
Seitenanfang Seitenende
25.03.2007, 18:51
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#12 ich sehe nichts, was da nicht hingehoert ;)
macht der rechner probleme ?
was meint dein virenscanner ?
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
25.03.2007, 18:58
master_man
Member

Themenstarter

Beiträge: 131
#13 nein nur vor kurzem wurde er auf einmal langsamer....aber jetzt ist eigentlich alles wieder in ordnung...

mfg master_man
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:
Seite(n): 1