| |
| |||||||
Log-Analyse und Auswertung: Malware DefenseWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
20.01.2010, 02:19
| #2 |
 |  Malware Defense info.txt logfile of random's system information tool 1.06 2010-01-20 02:11:37
__________________======Uninstall list====== -->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M886903\M886903Uninstall.msp" -->MsiExec /X{A7E07C2B-2220-4415-87E3-784D5814BC93} Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Any Video Converter 3.0.1-->"C:\Programme\AnvSoft\Any Video Converter\unins000.exe" AVG Free 8.5-->C:\Programme\AVG\AVG8\setup.exe /UNINSTALL Betfair Poker-->MsiExec.exe /I{A1A2073C-33FC-4890-86E2-FE7D2B8AFE0F} CCleaner (remove only)-->"C:\Programme\CCleaner\uninst.exe" C-Media High Definition Audio Driver-->C:\WINDOWS\system32\cmirmdrv.exe Compatibility Pack für 2007 Office System-->MsiExec.exe /X{90120000-0020-0407-0000-0000000FF1CE} Dev-C++ 5 beta 9 release (4.9.9.2)-->"C:\Programme\Dev-Cpp\uninstall.exe" DFX 8 for Winamp-->"C:\Programme\Winamp\uninstall_dfx.exe" DH Driver Cleaner Professional Edition-->C:\Programme\Driver Cleaner Pro\Uninstall.exe DivX Codec-->C:\Programme\DivX\DivXCodecUninstall.exe /CODEC DivX Web Player-->C:\Programme\DivX\DivXWebPlayerUninstall.exe /PLUGIN Expekt Poker-->"C:\Poker\Expekt Poker\_SetupCasino_f008ed.exe" /uninstall Expekt-->C:\Microgaming\Casino\Expekt\install.exe -uninstall ffdshow [rev 2073] [2008-08-11]-->"C:\Programme\K-Lite Codec Pack\ffdshow\unins000.exe" Foxit Reader-->C:\Programme\Foxit Software\Foxit Reader\Uninstall.exe FrostWire 4.18.4-->C:\Programme\FrostWire\Uninstall.exe Full Tilt Poker-->"C:\Programme\InstallShield Installation Information\{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}\setup.exe" -runfromtemp -l0x0007 -removeonly Girder 3.2-->C:\Programme\girder32\unins000.exe HijackThis 2.0.2-->"C:\Programme\trend micro\HijackThis.exe" /uninstall IrfanView (remove only)-->C:\Programme\IrfanView\iv_uninstall.exe Java(TM) 6 Update 14-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF} K-Lite Mega Codec Pack 1.60-->"C:\Programme\K-Lite Codec Pack\unins000.exe" LevelOne 11g Wireless LAN Card-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{39350A99-75A4-4FD5-8E68-37D4C92F73D2}\setup.exe" -l0x9 -removeonly Logitech MouseWare 9.79.1 -->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{5809E7CF-4DCF-11D4-9875-00105ACE7734}\Setup.exe" -l0x7 -l0007 UNINSTALL Malwarebytes' Anti-Malware-->"C:\Programme\Malwarebytes' Anti-Malware\unins000.exe" Microsoft .NET Framework 1.1 + SP1 + 14 Hotfixes-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1 + SP1 + 14 Hotfixes-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1 German Language Pack-->MsiExec.exe /X{E78BFA60-5393-4C38-82AB-E8019E464EB4} Microsoft .NET Framework 2.0 Language Pack - DEU-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - DEU\install.exe Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe" Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe" Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe" Microsoft Office PowerPoint Viewer 2003-->MsiExec.exe /X{90AF0407-6000-11D3-8CFE-0150048383C9} Microsoft Office PowerPoint Viewer 2007 (German)-->MsiExec.exe /X{95120000-00AF-0407-0000-0000000FF1CE} Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110407-6000-11D3-8CFE-0150048383C9} Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Miranda IM 0.6.8-->C:\Programme\Miranda\uninstall.exe mIRC-->"C:\Programme\mIRC\mirc.exe" -uninstall Mozilla Firefox (3.5.7)-->C:\Programme\Mozilla Firefox\uninstall\helper.exe Mp3tag v2.39-->C:\Programme\Mp3tag\Mp3tagUninstall.EXE MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27} MSXML 6.0 Parser-->MsiExec.exe /I{A43BF6A5-D5F0-4AAA-BF41-65995063EC44} neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B} Network Stumbler 0.4.0 (remove only)-->"C:\Programme\Network Stumbler\uninst.exe" NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI NVIDIA PhysX v8.09.04-->MsiExec.exe /X{A7E07C2B-2220-4415-87E3-784D5814BC93} Opera 9.64-->MsiExec.exe /X{E1BBBAC5-2857-4155-82A6-54492CE88620} ParadisePoker-->C:\PROGRA~1\PARADI~1\UNWISE.EXE C:\PROGRA~1\PARADI~1\INSTALL.LOG PartyPoker-->"C:\Programme\PartyPoker\PartyPoker\Uninstall.exe" "C:\Programme\PartyPoker\PartyPoker\install.log" PC Connectivity Solution-->MsiExec.exe /I{D848D140-41C3-4A53-86D8-E866A100B4CD} SecureW2 Client 3.1.2-->C:\Programme\Alfa & Ariss\SecureW2 Client 3.1.2\Uninstall.exe SecureW2 TTLS Client 3.3.3 for Windows-->C:\Programme\SecureW2\SecureW2 TTLS Client\Uninstall.exe Sereby's Updatepack Version 1.5.10-->msiexec.exe Sicherheitsupdate für Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe" Spybot - Search & Destroy-->"C:\Programme\Spybot - Search & Destroy\unins000.exe" System Requirements Lab-->C:\Programme\SystemRequirementsLab\Uninstall.exe Uninstall 1.0.0.1-->"C:\Programme\Gemeinsame Dateien\DVDVideoSoft\unins000.exe" VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027} VLC media player 1.0.0-->C:\Programme\VideoLAN\VLC\uninstall.exe VPN Client-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{5624C000-B109-11D4-9DB4-00E0290FCAC5}\setup.exe" -l0x9 VpnUninstall Winamp (remove only)-->"C:\Programme\Winamp\UninstWA.exe" Windows Installer Clean Up-->MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52} Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe" Windows Media Format 11 runtime-->"C:\Programme\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows Media Player 11-->"C:\Programme\Windows Media Player\Setup_wm.exe" /Uninstall Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe" Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294\pccsmcfd.inf WinRAR archiver-->C:\Programme\WinRAR\uninstall.exe X10 Hardware(TM)-->C:\WINDOWS\UNWISE.EXE C:\PROGRA~1\X10HAR~1\Install.log Securitycenter WMI appears to be broken ======System event log====== Computer Name: FUNKYASIA Event Code: 6009 Message: Microsoft (R) Windows (R) 5.01. 2600 Service Pack 2 Uniprocessor Free. Record Number: 90077 Source Name: EventLog Time Written: 20091215062229.000000+060 Event Type: Informationen User: Computer Name: FUNKYASIA Event Code: 6006 Message: Der Ereignisprotokolldienst wurde beendet. Record Number: 90076 Source Name: EventLog Time Written: 20091214205019.000000+060 Event Type: Informationen User: Computer Name: FUNKYASIA Event Code: 1003 Message: Der Computer konnte die Netzwerkadresse, die durch den DHCP-Server für die Netzwerkkarte mit der Netzwerkadresse 00116B348E05 zugeteilt wurde, nicht erneuern. Der folgende Fehler ist aufgetreten: Das Zeitlimit für die Semaphore wurde erreicht. . Es wird weiterhin im Hintergrund versucht, eine Adresse vom Netzwerkadressserver (DHCP) zu erhalten. Record Number: 90075 Source Name: Dhcp Time Written: 20091214202632.000000+060 Event Type: Warnung User: Computer Name: FUNKYASIA Event Code: 4201 Message: Netzwerkadapter "\DEVICE\TCPIP_{45601919-3EA5-4349-B062-3C17C53B4C0A}" wurde mit dem Netzwerk verbunden, und das System wurde über das Netzwerk im normalen Zustand gestartet. Record Number: 90074 Source Name: Tcpip Time Written: 20091214202401.000000+060 Event Type: Informationen User: Computer Name: FUNKYASIA Event Code: 1003 Message: Der Computer konnte die Netzwerkadresse, die durch den DHCP-Server für die Netzwerkkarte mit der Netzwerkadresse 00116B348E05 zugeteilt wurde, nicht erneuern. Der folgende Fehler ist aufgetreten: Der Vorgang wurde durch den Benutzer abgebrochen. . Es wird weiterhin im Hintergrund versucht, eine Adresse vom Netzwerkadressserver (DHCP) zu erhalten. Record Number: 90073 Source Name: Dhcp Time Written: 20091214202356.000000+060 Event Type: Warnung User: =====Application event log===== Computer Name: FUNKYASIA Event Code: 1 Message: Record Number: 14250 Source Name: AVGEMS Time Written: 20080723003349.000000+120 Event Type: Informationen User: Computer Name: FUNKYASIA Event Code: 1 Message: Record Number: 14249 Source Name: Avg7UpdSvc Time Written: 20080723003347.000000+120 Event Type: Informationen User: Computer Name: FUNKYASIA Event Code: 0 Message: Record Number: 14248 Source Name: CLSched Time Written: 20080722234117.000000+120 Event Type: Informationen User: Computer Name: FUNKYASIA Event Code: 2 Message: Record Number: 14247 Source Name: Diskeeper Time Written: 20080722234117.000000+120 Event Type: Informationen User: Computer Name: FUNKYASIA Event Code: 0 Message: Record Number: 14246 Source Name: CLCapSvc Time Written: 20080722234116.000000+120 Event Type: Informationen User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=C:\Programme\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Programme\Gemeinsame Dateien\GTK\2.0\bin;C:\PROGRA~1\DISKEE~1\DISKEE~1\ "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=15 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 1, GenuineIntel "PROCESSOR_REVISION"=0401 "NUMBER_OF_PROCESSORS"=1 "TEMP"=%USERPROFILE%\Lokale Einstellungen\Temp "TMP"=%USERPROFILE%\Lokale Einstellungen\Temp "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "LANG"=de -----------------EOF----------------- Logfile of random's system information tool 1.06 (written by random/random) Run by at 2010-01-20 02:11:21 Microsoft Windows XP Professional Service Pack 2 System drive C: has 3 GB (17%) free of 20 GB Total RAM: 511 MB (30% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 02:11:36, on 20.1.2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Programme\RWTH Aachen\Cisco VPN Client\cvpnd.exe C:\WINDOWS\Explorer.EXE C:\Programme\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Programme\AVG\AVG8\avgcsrvx.exe C:\WINDOWS\system32\RunDll32.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Programme\Java\jre6\bin\jusched.exe C:\Programme\Logitech\MouseWare\system\em_exec.exe C:\Programme\LevelOne\Common\RaUI.exe C:\Programme\girder32\Girder.exe C:\Programme\Outlook Express\msimn.exe C:\Profile\*\Desktop\RSIT.exe C:\Programme\trend micro\*.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programme\AVG\AVG8\Toolbar\IEToolbar.dll R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG8\avgssie.dll O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programme\AVG\AVG8\Toolbar\IEToolbar.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Programme\AVG\AVG8\Toolbar\IEToolbar.dll O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [nwiz] REM nwiz.exe /install O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKCU\..\Run: [cliconfg64.exe] C:\Profile\*\LOKALE~1\Temp\cliconfg64.exe O4 - Startup: Girder3.lnk = C:\Programme\girder32\Girder.exe O4 - Global Startup: Levelone Wireless Utility.lnk = C:\Programme\LevelOne\Common\RaUI.exe O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: GamebookersPoker.com - {25D3746C-E212-4755-9D2D-87671CB6C150} - C:\Programme\Gamebookers\GamebookersPoker\RunApp.exe (file missing) O9 - Extra 'Tools' menuitem: GamebookersPoker.com - {25D3746C-E212-4755-9D2D-87671CB6C150} - C:\Programme\Gamebookers\GamebookersPoker\RunApp.exe (file missing) O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyPoker\PartyPoker\RunApp.exe O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyPoker\PartyPoker\RunApp.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Expekt - FE41B5E0-046D-4804-AB78-61ED3F6CB493 - C:\Microgaming\Casino\Expekt\Casinogame.exe (HKCU) O9 - Extra button: Absolute Poker - {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} - C:\Profile\*\Startmenü\Programme\Absolute Poker\Absolute Poker.lnk (HKCU) O9 - Extra 'Tools' menuitem: Absolute Poker - {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} - C:\Profile\*\Startmenü\Programme\Absolute Poker\Absolute Poker.lnk (HKCU) O17 - HKLM\System\CCS\Services\Tcpip\..\{0344A465-5F73-4119-853C-24176C018F7A}: NameServer = 134.130.4.1 134.130.5.1 O17 - HKLM\System\CS3\Services\Tcpip\..\{0344A465-5F73-4119-853C-24176C018F7A}: NameServer = 134.130.4.1 134.130.5.1 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programme\RWTH Aachen\Cisco VPN Client\cvpnd.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: ServiceLayer - Nokia. - C:\Programme\PC Connectivity Solution\ServiceLayer.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- End of file - 6130 bytes ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}] AVG Safe Search - C:\Programme\AVG\AVG8\avgssie.dll [2009-12-12 1111320] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}] AVG Security Toolbar BHO - C:\Programme\AVG\AVG8\Toolbar\IEToolbar.dll [2009-06-26 1008896] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Programme\Java\jre6\bin\jp2ssv.dll [2009-05-21 41368] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-05-21 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Programme\AVG\AVG8\Toolbar\IEToolbar.dll [2009-06-26 1008896] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd [] "nwiz"=REM nwiz.exe /install [] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-10-07 13574144] "AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-12-12 2043160] "SunJavaUpdateSched"=C:\Programme\Java\jre6\bin\jusched.exe [2009-05-21 148888] "Logitech Utility"=C:\WINDOWS\Logi_MwX.Exe [2003-12-17 19968] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "cliconfg64.exe"=C:\Profile\*\LOKALE~1\Temp\cliconfg64.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] C:\Programme\DAEMON Tools\daemon.exe [2006-09-14 157592] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] C:\WINDOWS\system32\NvCpl.dll [2008-10-07 13574144] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] C:\WINDOWS\system32\NvMcTray.dll [2008-10-07 86016] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Programme\Java\jre6\bin\jusched.exe [2009-05-21 148888] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Profile^All Users^Startmenü^Programme^Autostart^RWTH Aachen Cisco VPN Client.lnk] C:\PROGRA~1\RWTHAA~1\CISCOV~1\vpngui.exe [2006-11-10 1528880] C:\Profile\All Users\Startmenü\Programme\Autostart Levelone Wireless Utility.lnk - C:\Programme\LevelOne\Common\RaUI.exe C:\Profile\*\Startmenü\Programme\Autostart Girder3.lnk - C:\Programme\girder32\Girder.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter] C:\WINDOWS\system32\avgrsstx.dll [2009-08-29 11952] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2007-12-28 702768] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 "NoResolveTrack"=0 "NoResolveSearch"=0 "NoInstrumentation"=0 "NoStartMenuMFUprogramsList"=0 "NoSMMyPictures"=0 "NoSMConfigurePrograms"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Programme\Miranda\miranda32.exe"="C:\Programme\Miranda\miranda32.exe:*:Enabled:Miranda IM" "C:\Programme\Hamachi\hamachi.exe"="C:\Programme\Hamachi\hamachi.exe:*:Enabled:Hamachi Client" "C:\Programme\Home Cinema\PowerCinema\PowerCinema.exe"="C:\Programme\Home Cinema\PowerCinema\PowerCinema.exe:*:Enabled:PowerCinema" "D:\Steam\SteamApps\*b\counter-strike source\hl2.exe"="D:\Steam\SteamApps\*b\counter-strike source\hl2.exe:*:Enabled:hl2" "C:\Programme\mIRC\mirc.exe"="C:\Programme\mIRC\mirc.exe:*:Enabled:mIRC" "C:\Programme\Nokia\Nokia Software Updater\nsu_ui_client.exe"="C:\Programme\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater" "C:\Programme\Gemeinsame Dateien\Nokia\Service Layer\A\nsl_host_process.exe"="C:\Programme\Gemeinsame Dateien\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process " "D:\Steam\Steam.exe"="D:\Steam\Steam.exe:*:Enabled:Steam" "C:\Programme\SopCast\SopCast.exe"="C:\Programme\SopCast\SopCast.exe:*:Enabled:SopCast Main Application" "C:\Programme\SopCast\adv\SopAdver.exe"="C:\Programme\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver" "C:\Programme\SopCast\sopvod.exe"="C:\Programme\SopCast\sopvod.exe:*:Enabled:sopvod" "C:\Programme\Internet Explorer\iexplore.exe"="C:\Programme\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer" "C:\Programme\Winamp Remote\bin\Orb.exe"="C:\Programme\Winamp Remote\bin\Orb.exe:*:Enabled:Orb" "C:\Programme\Winamp Remote\bin\OrbTray.exe"="C:\Programme\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray" "C:\Programme\Winamp Remote\bin\OrbStreamerClient.exe"="C:\Programme\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client" "C:\Programme\LimeWire\LimeWire.exe"="C:\Programme\LimeWire\LimeWire.exe:*:Enabled:LimeWire" "C:\Programme\Veoh Networks\Veoh\VeohClient.exe"="C:\Programme\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client" "C:\Program Files\Batak4\Batak.exe"="C:\Program Files\Batak4\Batak.exe:*:Enabled:Ihaleli BATAK oyunu V4.0 Alfa" "C:\Programme\Girder\Girder\girder.exe"="C:\Programme\Girder\Girder\girder.exe:*:Enabled:Girder" "C:\Programme\Joost\xulrunner\tvprunner.exe"="C:\Programme\Joost\xulrunner\tvprunner.exe:*:Enabled:tvprunner" "C:\Programme\TVUPlayer\TVUPlayer.exe"="C:\Programme\TVUPlayer\TVUPlayer.exe:*:Enabled:TVUPlayer Component" "C:\Programme\VideoLAN\VLC\vlc.exe"="C:\Programme\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player" "C:\Programme\AVG\AVG8\avgemc.exe"="C:\Programme\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe" "C:\Programme\AVG\AVG8\avgupd.exe"="C:\Programme\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe" "C:\Programme\AVG\AVG8\avgnsx.exe"="C:\Programme\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe" "C:\Programme\Mozilla Firefox\firefox.exe"="C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox" "C:\Profile\*\Eigene Dateien\Downloads\u97.exe"="C:\Profile\*\Eigene Dateien\Downloads\u97.exe:*:Enabled:u97" "C:\Programme\Java\jre6\bin\java.exe"="C:\Programme\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary" "C:\Programme\FrostWire\FrostWire.exe"="C:\Programme\FrostWire\FrostWire.exe:*:Enabled:FrostWire" "C:\Profile\*\Eigene Dateien\Downloads\programme\u97.exe"="C:\Profile\*\Eigene Dateien\Downloads\programme\u97.exe:*:Enabled:u97" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" ======List of files/folders created in the last 1 months====== 2010-01-20 02:11:24 ----D---- C:\Programme\trend micro 2010-01-20 02:11:21 ----D---- C:\rsit 2010-01-20 00:45:43 ----D---- C:\Profile\*\Anwendungsdaten\Malwarebytes 2010-01-20 00:45:37 ----D---- C:\Profile\All Users\Anwendungsdaten\Malwarebytes 2010-01-20 00:45:36 ----D---- C:\Programme\Malwarebytes' Anti-Malware 2010-01-19 23:34:10 ----A---- C:\Profile\All Users\Anwendungsdaten\sysReserve.ini 2010-01-13 14:22:54 ----D---- C:\Programme\Winamp 2010-01-13 11:09:59 ----D---- C:\Profile\*\Anwendungsdaten\AnvSoft 2010-01-13 11:09:56 ----D---- C:\Programme\AnvSoft ======List of files/folders modified in the last 1 months====== 2010-01-20 02:11:24 ----RD---- C:\Programme 2010-01-20 01:45:10 ----D---- C:\Programme\Mozilla Firefox 2010-01-20 01:39:06 ----D---- C:\WINDOWS 2010-01-20 01:38:15 ----D---- C:\WINDOWS\system32\drivers 2010-01-20 01:37:48 ----A---- C:\WINDOWS\SchedLgU.Txt 2010-01-20 00:45:43 ----D---- C:\WINDOWS\Prefetch 2010-01-20 00:44:36 ----HD---- C:\$AVG8.VAULT$ 2010-01-20 00:06:47 ----SD---- C:\Profile\*\Anwendungsdaten\Microsoft 2010-01-20 00:06:47 ----D---- C:\WINDOWS\system32 2010-01-20 00:06:37 ----D---- C:\Profile\All Users\Anwendungsdaten\avg8 2010-01-19 23:33:04 ----D---- C:\Profile\*\Anwendungsdaten\vlc 2010-01-19 23:16:09 ----A---- C:\WINDOWS\winamp.ini 2010-01-19 20:35:23 ----SD---- C:\Profile\All Users\Anwendungsdaten\Microsoft 2010-01-19 20:35:14 ----D---- C:\WINDOWS\system32\CatRoot2 2010-01-17 18:41:12 ----D---- C:\Profile\All Users\Anwendungsdaten\X10 Settings 2010-01-13 19:11:53 ----D---- C:\Programme\mIRC 2010-01-04 21:56:14 ----D---- C:\Profile\*\Anwendungsdaten\FrostWire ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [2006-11-07 25244] R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-08-29 335240] R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-08-29 27784] R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-07-01 108552] R1 cdrbsdrv;cdrbsdrv; C:\WINDOWS\system32\drivers\cdrbsdrv.sys [2007-09-13 33408] R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2006-11-07 40192] R1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848] R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.3.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2007-10-10 20747] R2 CVPNDRVA;RWTH Aachen IPsec Driver; \??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys [] R2 TVICHW32;TVICHW32; \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS [] R3 Arp1394;1394-ARP-Clientprotokoll; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2006-11-18 60800] R3 cmudax;C-Media High Definition Audio Interface; C:\WINDOWS\system32\drivers\cmudax.sys [2005-05-12 1287296] R3 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\system32\DRIVERS\dne2000.sys [2006-09-21 126864] R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2006-11-07 138752] R3 LCcfltr;Logitech USB Filter Driver; C:\WINDOWS\System32\Drivers\LCcFltr.Sys [2003-12-17 14095] R3 LHidFlt2;Logitech HID/USB Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFlt2.Sys [2003-12-17 25505] R3 LHidUsb;Logitech USB Receiver device driver; C:\WINDOWS\System32\Drivers\LHidUsb.Sys [2003-12-17 37887] R3 LMouFlt2;Logitech Mouse Class Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFlt2.Sys [2003-12-17 70801] R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-11-07 12288] R3 NIC1394;1394-Netzwerktreiber; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2006-11-07 61824] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-10-07 6133856] R3 RT2500;LevelOne WNC-0301 11g Wireless PCI Adapter Driver; C:\WINDOWS\system32\DRIVERS\RT2500.sys [2005-09-07 243200] R3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2006-11-07 31744] R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2006-11-07 30208] R3 usbhub;USB2-aktivierter Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2006-11-07 59264] R3 usbstor;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2006-11-07 26368] R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2006-11-07 20608] R3 XUIF;X10 USB Wireless Transceiver; C:\WINDOWS\System32\Drivers\x10ufx2.sys [2005-05-19 17792] S3 3xHybrid;Philips SAA713x PCI Card; C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2006-11-18 882688] S3 aebofojx;aebofojx; C:\WINDOWS\system32\drivers\aebofojx.sys [] S3 CCDECODE;Untertiteldecoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2006-11-07 17024] S3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS\system32\DRIVERS\CVirtA.sys [2005-05-17 5315] S3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5b.sys [2006-11-18 42496] S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2006-11-28 15440] S3 hidusb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-18 9600] S3 MPE;BDA MPE-Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2006-11-07 15360] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS\system32\drivers\MSTEE.sys [2006-11-07 5504] S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2006-11-07 85376] S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2006-11-07 10880] S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\NSNDIS5.SYS [] S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136] S3 streamip;BDA-IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360] S3 usbscan;USB-Scannertreiber; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2006-11-07 15104] S3 vsdatant;vsdatant; \??\C:\WINDOWS\system32\vsdatant.sys [] S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000] S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528] S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2006-11-07 19328] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 tvtool;tvtool; \??\C:\Programme\TVTool 7.2\tvtool.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-08-29 908056] R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-08-29 297752] R2 CVPND;Cisco Systems, Inc. VPN Service; C:\Programme\RWTH Aachen\Cisco VPN Client\cvpnd.exe [2006-11-10 1504304] R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2009-05-21 152984] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-10-07 163908] R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336] R2 x10nets;X10 Device Network Service; C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe [2001-11-12 20480] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240] S3 ose;Office Source Engine; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S3 ServiceLayer;ServiceLayer; C:\Programme\PC Connectivity Solution\ServiceLayer.exe [2008-11-11 620544] S3 WMPNetworkSvc;Windows Media Player-Netzwerkfreigabedienst; C:\Programme\Windows Media Player\WMPNetwk.exe [2006-10-24 920576] -----------------EOF----------------- |
| Themen zu Malware Defense |
| .dll, anti-malware, brauche, ccleaner, dateien, desktop, eingefangen, einstellungen, explorer, gen, h8srt, install, install.exe, logfile, malware, malware.packer, microsoft, nc.exe, programme, pup.keylogger, registrierungsschlüssel, rogue.installer, router, service, services, software, system, temp, trojan.downloader, trojan.fakealert, trojan.tdss, uninstall.exe, version |
Baum-Darstellung