Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Malware Defense

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 20.01.2010, 01:09   #1
Adem
 
Malware Defense - Standard

Malware Defense



Hallo,

ich hatte lange Ruhe und hab mir nun wieder was eingefangen und brauche eure Hilfe.

Hab CCleaner durchlaufen lassen und danach MaM. Hier das Logfile:



Malwarebytes' Anti-Malware 1.44
Datenbank Version: 3600
Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.13

20.1.2010 01:36:37
mbam-log-2010-01-20 (01-36-37).txt

Scan-Methode: Vollständiger Scan (C:\|D:\|E:\|I:\|J:\|K:\|L:\|M:\|)
Durchsuchte Objekte: 196077
Laufzeit: 34 minute(s), 36 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 3
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 2
Infizierte Dateien: 17

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\malware defense (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\H8SRT (Rootkit.TDSS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\h8srtd.sys (Rootkit.TDSS) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
C:\Programme\malware Defense (Rogue.MalwareDefense) -> Quarantined and deleted successfully.
C:\Profile\*\Startmenü\Programme\malware Defense (Rogue.MalwareDefense) -> Quarantined and deleted successfully.

Infizierte Dateien:
C:\Profile\*\Lokale Einstellungen\Temp\cliconfg64.exe (Rogue.Installer) -> Delete on reboot.
C:\Profile\*\Eigene Dateien\Downloads\programme\CryptLoad_1.1.8\ocr\netload.in\asmCaptcha\test.exe (Malware.Packer) -> Quarantined and deleted successfully.
C:\Profile\Adem!\Eigene Dateien\Downloads\programme\CryptLoad_1.1.8\router\FRITZ!Box\nc.exe (PUP.KeyLogger) -> Quarantined and deleted successfully.
C:\Profile\*\Lokale Einstellungen\Temp\dhdhtrdhdrtr5y (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Profile\*\Lokale Einstellungen\Temp\H8SRTcac4.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Programme\Malware Defense\mdext.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Programme\Malware Defense\uninstall.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Programme\malware Defense\help.ico (Rogue.MalwareDefense) -> Quarantined and deleted successfully.
C:\Programme\malware Defense\md.db (Rogue.MalwareDefense) -> Quarantined and deleted successfully.
C:\Profile\*\Startmenü\Programme\malware Defense\Uninstall Malware Defense.lnk (Rogue.MalwareDefense) -> Quarantined and deleted successfully.
C:\Profile\*\Lokale Einstellungen\Temp\winhlp64.exe (Trojan.Downloader) -> Delete on reboot.
C:\Profile\All Users\Desktop\nudetube.com.lnk (Rogue.Link) -> Quarantined and deleted successfully.
C:\Profile\All Users\Desktop\pornotube.com.lnk (Rogue.Link) -> Quarantined and deleted successfully.
C:\Profile\All Users\Desktop\youporn.com.lnk (Rogue.Link) -> Quarantined and deleted successfully.
C:\Profile\*\Lokale Einstellungen\Temp\H8SRT4d56.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Profile\*\Lokale Einstellungen\Temp\H8SRT4d66.tmp (Rootkit.TDSS) -> Delete on reboot.
C:\Profile\Adem!\Lokale Einstellungen\Temp\H8SRT8d2e.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.

RSIt folgt...

Alt 20.01.2010, 01:19   #2
Adem
 
Malware Defense - Standard

Malware Defense



info.txt logfile of random's system information tool 1.06 2010-01-20 02:11:37

======Uninstall list======

-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M886903\M886903Uninstall.msp"
-->MsiExec /X{A7E07C2B-2220-4415-87E3-784D5814BC93}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Any Video Converter 3.0.1-->"C:\Programme\AnvSoft\Any Video Converter\unins000.exe"
AVG Free 8.5-->C:\Programme\AVG\AVG8\setup.exe /UNINSTALL
Betfair Poker-->MsiExec.exe /I{A1A2073C-33FC-4890-86E2-FE7D2B8AFE0F}
CCleaner (remove only)-->"C:\Programme\CCleaner\uninst.exe"
C-Media High Definition Audio Driver-->C:\WINDOWS\system32\cmirmdrv.exe
Compatibility Pack für 2007 Office System-->MsiExec.exe /X{90120000-0020-0407-0000-0000000FF1CE}
Dev-C++ 5 beta 9 release (4.9.9.2)-->"C:\Programme\Dev-Cpp\uninstall.exe"
DFX 8 for Winamp-->"C:\Programme\Winamp\uninstall_dfx.exe"
DH Driver Cleaner Professional Edition-->C:\Programme\Driver Cleaner Pro\Uninstall.exe
DivX Codec-->C:\Programme\DivX\DivXCodecUninstall.exe /CODEC
DivX Web Player-->C:\Programme\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Expekt Poker-->"C:\Poker\Expekt Poker\_SetupCasino_f008ed.exe" /uninstall
Expekt-->C:\Microgaming\Casino\Expekt\install.exe -uninstall
ffdshow [rev 2073] [2008-08-11]-->"C:\Programme\K-Lite Codec Pack\ffdshow\unins000.exe"
Foxit Reader-->C:\Programme\Foxit Software\Foxit Reader\Uninstall.exe
FrostWire 4.18.4-->C:\Programme\FrostWire\Uninstall.exe
Full Tilt Poker-->"C:\Programme\InstallShield Installation Information\{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}\setup.exe" -runfromtemp -l0x0007 -removeonly
Girder 3.2-->C:\Programme\girder32\unins000.exe
HijackThis 2.0.2-->"C:\Programme\trend micro\HijackThis.exe" /uninstall
IrfanView (remove only)-->C:\Programme\IrfanView\iv_uninstall.exe
Java(TM) 6 Update 14-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
K-Lite Mega Codec Pack 1.60-->"C:\Programme\K-Lite Codec Pack\unins000.exe"
LevelOne 11g Wireless LAN Card-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{39350A99-75A4-4FD5-8E68-37D4C92F73D2}\setup.exe" -l0x9 -removeonly
Logitech MouseWare 9.79.1 -->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{5809E7CF-4DCF-11D4-9875-00105ACE7734}\Setup.exe" -l0x7 -l0007 UNINSTALL
Malwarebytes' Anti-Malware-->"C:\Programme\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 + SP1 + 14 Hotfixes-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1 + SP1 + 14 Hotfixes-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1 German Language Pack-->MsiExec.exe /X{E78BFA60-5393-4C38-82AB-E8019E464EB4}
Microsoft .NET Framework 2.0 Language Pack - DEU-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - DEU\install.exe
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office PowerPoint Viewer 2003-->MsiExec.exe /X{90AF0407-6000-11D3-8CFE-0150048383C9}
Microsoft Office PowerPoint Viewer 2007 (German)-->MsiExec.exe /X{95120000-00AF-0407-0000-0000000FF1CE}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110407-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Miranda IM 0.6.8-->C:\Programme\Miranda\uninstall.exe
mIRC-->"C:\Programme\mIRC\mirc.exe" -uninstall
Mozilla Firefox (3.5.7)-->C:\Programme\Mozilla Firefox\uninstall\helper.exe
Mp3tag v2.39-->C:\Programme\Mp3tag\Mp3tagUninstall.EXE
MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
MSXML 6.0 Parser-->MsiExec.exe /I{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Network Stumbler 0.4.0 (remove only)-->"C:\Programme\Network Stumbler\uninst.exe"
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA PhysX v8.09.04-->MsiExec.exe /X{A7E07C2B-2220-4415-87E3-784D5814BC93}
Opera 9.64-->MsiExec.exe /X{E1BBBAC5-2857-4155-82A6-54492CE88620}
ParadisePoker-->C:\PROGRA~1\PARADI~1\UNWISE.EXE C:\PROGRA~1\PARADI~1\INSTALL.LOG
PartyPoker-->"C:\Programme\PartyPoker\PartyPoker\Uninstall.exe" "C:\Programme\PartyPoker\PartyPoker\install.log"
PC Connectivity Solution-->MsiExec.exe /I{D848D140-41C3-4A53-86D8-E866A100B4CD}
SecureW2 Client 3.1.2-->C:\Programme\Alfa & Ariss\SecureW2 Client 3.1.2\Uninstall.exe
SecureW2 TTLS Client 3.3.3 for Windows-->C:\Programme\SecureW2\SecureW2 TTLS Client\Uninstall.exe
Sereby's Updatepack Version 1.5.10-->msiexec.exe
Sicherheitsupdate für Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Spybot - Search & Destroy-->"C:\Programme\Spybot - Search & Destroy\unins000.exe"
System Requirements Lab-->C:\Programme\SystemRequirementsLab\Uninstall.exe
Uninstall 1.0.0.1-->"C:\Programme\Gemeinsame Dateien\DVDVideoSoft\unins000.exe"
VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
VLC media player 1.0.0-->C:\Programme\VideoLAN\VLC\uninstall.exe
VPN Client-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{5624C000-B109-11D4-9DB4-00E0290FCAC5}\setup.exe" -l0x9 VpnUninstall
Winamp (remove only)-->"C:\Programme\Winamp\UninstWA.exe"
Windows Installer Clean Up-->MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52}
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Programme\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Programme\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294\pccsmcfd.inf
WinRAR archiver-->C:\Programme\WinRAR\uninstall.exe
X10 Hardware(TM)-->C:\WINDOWS\UNWISE.EXE C:\PROGRA~1\X10HAR~1\Install.log

Securitycenter WMI appears to be broken

======System event log======

Computer Name: FUNKYASIA
Event Code: 6009
Message: Microsoft (R) Windows (R) 5.01. 2600 Service Pack 2 Uniprocessor Free.

Record Number: 90077
Source Name: EventLog
Time Written: 20091215062229.000000+060
Event Type: Informationen
User:

Computer Name: FUNKYASIA
Event Code: 6006
Message: Der Ereignisprotokolldienst wurde beendet.

Record Number: 90076
Source Name: EventLog
Time Written: 20091214205019.000000+060
Event Type: Informationen
User:

Computer Name: FUNKYASIA
Event Code: 1003
Message: Der Computer konnte die Netzwerkadresse, die durch den DHCP-Server für die
Netzwerkkarte mit der Netzwerkadresse 00116B348E05 zugeteilt wurde, nicht erneuern. Der
folgende Fehler ist aufgetreten:
Das Zeitlimit für die Semaphore wurde erreicht.
.
Es wird weiterhin im Hintergrund versucht, eine Adresse vom
Netzwerkadressserver (DHCP) zu erhalten.

Record Number: 90075
Source Name: Dhcp
Time Written: 20091214202632.000000+060
Event Type: Warnung
User:

Computer Name: FUNKYASIA
Event Code: 4201
Message: Netzwerkadapter "\DEVICE\TCPIP_{45601919-3EA5-4349-B062-3C17C53B4C0A}" wurde mit dem Netzwerk verbunden, und das
System wurde über das Netzwerk im normalen Zustand gestartet.

Record Number: 90074
Source Name: Tcpip
Time Written: 20091214202401.000000+060
Event Type: Informationen
User:

Computer Name: FUNKYASIA
Event Code: 1003
Message: Der Computer konnte die Netzwerkadresse, die durch den DHCP-Server für die
Netzwerkkarte mit der Netzwerkadresse 00116B348E05 zugeteilt wurde, nicht erneuern. Der
folgende Fehler ist aufgetreten:
Der Vorgang wurde durch den Benutzer abgebrochen.
.
Es wird weiterhin im Hintergrund versucht, eine Adresse vom
Netzwerkadressserver (DHCP) zu erhalten.

Record Number: 90073
Source Name: Dhcp
Time Written: 20091214202356.000000+060
Event Type: Warnung
User:

=====Application event log=====

Computer Name: FUNKYASIA
Event Code: 1
Message:
Record Number: 14250
Source Name: AVGEMS
Time Written: 20080723003349.000000+120
Event Type: Informationen
User:

Computer Name: FUNKYASIA
Event Code: 1
Message:
Record Number: 14249
Source Name: Avg7UpdSvc
Time Written: 20080723003347.000000+120
Event Type: Informationen
User:

Computer Name: FUNKYASIA
Event Code: 0
Message:
Record Number: 14248
Source Name: CLSched
Time Written: 20080722234117.000000+120
Event Type: Informationen
User:

Computer Name: FUNKYASIA
Event Code: 2
Message:
Record Number: 14247
Source Name: Diskeeper
Time Written: 20080722234117.000000+120
Event Type: Informationen
User:

Computer Name: FUNKYASIA
Event Code: 0
Message:
Record Number: 14246
Source Name: CLCapSvc
Time Written: 20080722234116.000000+120
Event Type: Informationen
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\Programme\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Programme\Gemeinsame Dateien\GTK\2.0\bin;C:\PROGRA~1\DISKEE~1\DISKEE~1\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 1, GenuineIntel
"PROCESSOR_REVISION"=0401
"NUMBER_OF_PROCESSORS"=1
"TEMP"=%USERPROFILE%\Lokale Einstellungen\Temp
"TMP"=%USERPROFILE%\Lokale Einstellungen\Temp
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"LANG"=de

-----------------EOF-----------------

Logfile of random's system information tool 1.06 (written by random/random)
Run by at 2010-01-20 02:11:21
Microsoft Windows XP Professional Service Pack 2
System drive C: has 3 GB (17%) free of 20 GB
Total RAM: 511 MB (30% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:11:36, on 20.1.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Programme\RWTH Aachen\Cisco VPN Client\cvpnd.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Programme\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Programme\Java\jre6\bin\jusched.exe
C:\Programme\Logitech\MouseWare\system\em_exec.exe
C:\Programme\LevelOne\Common\RaUI.exe
C:\Programme\girder32\Girder.exe
C:\Programme\Outlook Express\msimn.exe
C:\Profile\*\Desktop\RSIT.exe
C:\Programme\trend micro\*.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programme\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programme\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Programme\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [nwiz] REM nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKCU\..\Run: [cliconfg64.exe] C:\Profile\*\LOKALE~1\Temp\cliconfg64.exe
O4 - Startup: Girder3.lnk = C:\Programme\girder32\Girder.exe
O4 - Global Startup: Levelone Wireless Utility.lnk = C:\Programme\LevelOne\Common\RaUI.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: GamebookersPoker.com - {25D3746C-E212-4755-9D2D-87671CB6C150} - C:\Programme\Gamebookers\GamebookersPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: GamebookersPoker.com - {25D3746C-E212-4755-9D2D-87671CB6C150} - C:\Programme\Gamebookers\GamebookersPoker\RunApp.exe (file missing)
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyPoker\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyPoker\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Expekt - FE41B5E0-046D-4804-AB78-61ED3F6CB493 - C:\Microgaming\Casino\Expekt\Casinogame.exe (HKCU)
O9 - Extra button: Absolute Poker - {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} - C:\Profile\*\Startmenü\Programme\Absolute Poker\Absolute Poker.lnk (HKCU)
O9 - Extra 'Tools' menuitem: Absolute Poker - {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} - C:\Profile\*\Startmenü\Programme\Absolute Poker\Absolute Poker.lnk (HKCU)
O17 - HKLM\System\CCS\Services\Tcpip\..\{0344A465-5F73-4119-853C-24176C018F7A}: NameServer = 134.130.4.1 134.130.5.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{0344A465-5F73-4119-853C-24176C018F7A}: NameServer = 134.130.4.1 134.130.5.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programme\RWTH Aachen\Cisco VPN Client\cvpnd.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programme\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 6130 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Programme\AVG\AVG8\avgssie.dll [2009-12-12 1111320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Programme\AVG\AVG8\Toolbar\IEToolbar.dll [2009-06-26 1008896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Programme\Java\jre6\bin\jp2ssv.dll [2009-05-21 41368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-05-21 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Programme\AVG\AVG8\Toolbar\IEToolbar.dll [2009-06-26 1008896]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd []
"nwiz"=REM nwiz.exe /install []
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-10-07 13574144]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-12-12 2043160]
"SunJavaUpdateSched"=C:\Programme\Java\jre6\bin\jusched.exe [2009-05-21 148888]
"Logitech Utility"=C:\WINDOWS\Logi_MwX.Exe [2003-12-17 19968]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"cliconfg64.exe"=C:\Profile\*\LOKALE~1\Temp\cliconfg64.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
C:\Programme\DAEMON Tools\daemon.exe [2006-09-14 157592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\system32\NvCpl.dll [2008-10-07 13574144]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\WINDOWS\system32\NvMcTray.dll [2008-10-07 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Programme\Java\jre6\bin\jusched.exe [2009-05-21 148888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Profile^All Users^Startmenü^Programme^Autostart^RWTH Aachen Cisco VPN Client.lnk]
C:\PROGRA~1\RWTHAA~1\CISCOV~1\vpngui.exe [2006-11-10 1528880]

C:\Profile\All Users\Startmenü\Programme\Autostart
Levelone Wireless Utility.lnk - C:\Programme\LevelOne\Common\RaUI.exe

C:\Profile\*\Startmenü\Programme\Autostart
Girder3.lnk - C:\Programme\girder32\Girder.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-08-29 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-12-28 702768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoResolveTrack"=0
"NoResolveSearch"=0
"NoInstrumentation"=0
"NoStartMenuMFUprogramsList"=0
"NoSMMyPictures"=0
"NoSMConfigurePrograms"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programme\Miranda\miranda32.exe"="C:\Programme\Miranda\miranda32.exe:*:Enabled:Miranda IM"
"C:\Programme\Hamachi\hamachi.exe"="C:\Programme\Hamachi\hamachi.exe:*:Enabled:Hamachi Client"
"C:\Programme\Home Cinema\PowerCinema\PowerCinema.exe"="C:\Programme\Home Cinema\PowerCinema\PowerCinema.exe:*:Enabled:PowerCinema"
"D:\Steam\SteamApps\*b\counter-strike source\hl2.exe"="D:\Steam\SteamApps\*b\counter-strike source\hl2.exe:*:Enabled:hl2"
"C:\Programme\mIRC\mirc.exe"="C:\Programme\mIRC\mirc.exe:*:Enabled:mIRC"
"C:\Programme\Nokia\Nokia Software Updater\nsu_ui_client.exe"="C:\Programme\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater"
"C:\Programme\Gemeinsame Dateien\Nokia\Service Layer\A\nsl_host_process.exe"="C:\Programme\Gemeinsame Dateien\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "
"D:\Steam\Steam.exe"="D:\Steam\Steam.exe:*:Enabled:Steam"
"C:\Programme\SopCast\SopCast.exe"="C:\Programme\SopCast\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\Programme\SopCast\adv\SopAdver.exe"="C:\Programme\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\Programme\SopCast\sopvod.exe"="C:\Programme\SopCast\sopvod.exe:*:Enabled:sopvod"
"C:\Programme\Internet Explorer\iexplore.exe"="C:\Programme\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Programme\Winamp Remote\bin\Orb.exe"="C:\Programme\Winamp Remote\bin\Orb.exe:*:Enabled:Orb"
"C:\Programme\Winamp Remote\bin\OrbTray.exe"="C:\Programme\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray"
"C:\Programme\Winamp Remote\bin\OrbStreamerClient.exe"="C:\Programme\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\Programme\LimeWire\LimeWire.exe"="C:\Programme\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Programme\Veoh Networks\Veoh\VeohClient.exe"="C:\Programme\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client"
"C:\Program Files\Batak4\Batak.exe"="C:\Program Files\Batak4\Batak.exe:*:Enabled:Ihaleli BATAK oyunu V4.0 Alfa"
"C:\Programme\Girder\Girder\girder.exe"="C:\Programme\Girder\Girder\girder.exe:*:Enabled:Girder"
"C:\Programme\Joost\xulrunner\tvprunner.exe"="C:\Programme\Joost\xulrunner\tvprunner.exe:*:Enabled:tvprunner"
"C:\Programme\TVUPlayer\TVUPlayer.exe"="C:\Programme\TVUPlayer\TVUPlayer.exe:*:Enabled:TVUPlayer Component"
"C:\Programme\VideoLAN\VLC\vlc.exe"="C:\Programme\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\Programme\AVG\AVG8\avgemc.exe"="C:\Programme\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Programme\AVG\AVG8\avgupd.exe"="C:\Programme\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Programme\AVG\AVG8\avgnsx.exe"="C:\Programme\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Programme\Mozilla Firefox\firefox.exe"="C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Profile\*\Eigene Dateien\Downloads\u97.exe"="C:\Profile\*\Eigene Dateien\Downloads\u97.exe:*:Enabled:u97"
"C:\Programme\Java\jre6\bin\java.exe"="C:\Programme\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Programme\FrostWire\FrostWire.exe"="C:\Programme\FrostWire\FrostWire.exe:*:Enabled:FrostWire"
"C:\Profile\*\Eigene Dateien\Downloads\programme\u97.exe"="C:\Profile\*\Eigene Dateien\Downloads\programme\u97.exe:*:Enabled:u97"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-01-20 02:11:24 ----D---- C:\Programme\trend micro
2010-01-20 02:11:21 ----D---- C:\rsit
2010-01-20 00:45:43 ----D---- C:\Profile\*\Anwendungsdaten\Malwarebytes
2010-01-20 00:45:37 ----D---- C:\Profile\All Users\Anwendungsdaten\Malwarebytes
2010-01-20 00:45:36 ----D---- C:\Programme\Malwarebytes' Anti-Malware
2010-01-19 23:34:10 ----A---- C:\Profile\All Users\Anwendungsdaten\sysReserve.ini
2010-01-13 14:22:54 ----D---- C:\Programme\Winamp
2010-01-13 11:09:59 ----D---- C:\Profile\*\Anwendungsdaten\AnvSoft
2010-01-13 11:09:56 ----D---- C:\Programme\AnvSoft

======List of files/folders modified in the last 1 months======

2010-01-20 02:11:24 ----RD---- C:\Programme
2010-01-20 01:45:10 ----D---- C:\Programme\Mozilla Firefox
2010-01-20 01:39:06 ----D---- C:\WINDOWS
2010-01-20 01:38:15 ----D---- C:\WINDOWS\system32\drivers
2010-01-20 01:37:48 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-20 00:45:43 ----D---- C:\WINDOWS\Prefetch
2010-01-20 00:44:36 ----HD---- C:\$AVG8.VAULT$
2010-01-20 00:06:47 ----SD---- C:\Profile\*\Anwendungsdaten\Microsoft
2010-01-20 00:06:47 ----D---- C:\WINDOWS\system32
2010-01-20 00:06:37 ----D---- C:\Profile\All Users\Anwendungsdaten\avg8
2010-01-19 23:33:04 ----D---- C:\Profile\*\Anwendungsdaten\vlc
2010-01-19 23:16:09 ----A---- C:\WINDOWS\winamp.ini
2010-01-19 20:35:23 ----SD---- C:\Profile\All Users\Anwendungsdaten\Microsoft
2010-01-19 20:35:14 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-17 18:41:12 ----D---- C:\Profile\All Users\Anwendungsdaten\X10 Settings
2010-01-13 19:11:53 ----D---- C:\Programme\mIRC
2010-01-04 21:56:14 ----D---- C:\Profile\*\Anwendungsdaten\FrostWire

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [2006-11-07 25244]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-08-29 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-08-29 27784]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-07-01 108552]
R1 cdrbsdrv;cdrbsdrv; C:\WINDOWS\system32\drivers\cdrbsdrv.sys [2007-09-13 33408]
R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2006-11-07 40192]
R1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.3.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2007-10-10 20747]
R2 CVPNDRVA;RWTH Aachen IPsec Driver; \??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys []
R2 TVICHW32;TVICHW32; \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS []
R3 Arp1394;1394-ARP-Clientprotokoll; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2006-11-18 60800]
R3 cmudax;C-Media High Definition Audio Interface; C:\WINDOWS\system32\drivers\cmudax.sys [2005-05-12 1287296]
R3 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\system32\DRIVERS\dne2000.sys [2006-09-21 126864]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2006-11-07 138752]
R3 LCcfltr;Logitech USB Filter Driver; C:\WINDOWS\System32\Drivers\LCcFltr.Sys [2003-12-17 14095]
R3 LHidFlt2;Logitech HID/USB Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFlt2.Sys [2003-12-17 25505]
R3 LHidUsb;Logitech USB Receiver device driver; C:\WINDOWS\System32\Drivers\LHidUsb.Sys [2003-12-17 37887]
R3 LMouFlt2;Logitech Mouse Class Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFlt2.Sys [2003-12-17 70801]
R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-11-07 12288]
R3 NIC1394;1394-Netzwerktreiber; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2006-11-07 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-10-07 6133856]
R3 RT2500;LevelOne WNC-0301 11g Wireless PCI Adapter Driver; C:\WINDOWS\system32\DRIVERS\RT2500.sys [2005-09-07 243200]
R3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2006-11-07 31744]
R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2006-11-07 30208]
R3 usbhub;USB2-aktivierter Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2006-11-07 59264]
R3 usbstor;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2006-11-07 26368]
R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2006-11-07 20608]
R3 XUIF;X10 USB Wireless Transceiver; C:\WINDOWS\System32\Drivers\x10ufx2.sys [2005-05-19 17792]
S3 3xHybrid;Philips SAA713x PCI Card; C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2006-11-18 882688]
S3 aebofojx;aebofojx; C:\WINDOWS\system32\drivers\aebofojx.sys []
S3 CCDECODE;Untertiteldecoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2006-11-07 17024]
S3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS\system32\DRIVERS\CVirtA.sys [2005-05-17 5315]
S3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5b.sys [2006-11-18 42496]
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2006-11-28 15440]
S3 hidusb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-18 9600]
S3 MPE;BDA MPE-Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2006-11-07 15360]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS\system32\drivers\MSTEE.sys [2006-11-07 5504]
S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2006-11-07 85376]
S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2006-11-07 10880]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\NSNDIS5.SYS []
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA-IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usbscan;USB-Scannertreiber; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2006-11-07 15104]
S3 vsdatant;vsdatant; \??\C:\WINDOWS\system32\vsdatant.sys []
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2006-11-07 19328]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 tvtool;tvtool; \??\C:\Programme\TVTool 7.2\tvtool.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-08-29 908056]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-08-29 297752]
R2 CVPND;Cisco Systems, Inc. VPN Service; C:\Programme\RWTH Aachen\Cisco VPN Client\cvpnd.exe [2006-11-10 1504304]
R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2009-05-21 152984]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-10-07 163908]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R2 x10nets;X10 Device Network Service; C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe [2001-11-12 20480]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 ose;Office Source Engine; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 ServiceLayer;ServiceLayer; C:\Programme\PC Connectivity Solution\ServiceLayer.exe [2008-11-11 620544]
S3 WMPNetworkSvc;Windows Media Player-Netzwerkfreigabedienst; C:\Programme\Windows Media Player\WMPNetwk.exe [2006-10-24 920576]

-----------------EOF-----------------
__________________


Alt 20.01.2010, 02:15   #3
Adem
 
Malware Defense - Standard

Malware Defense



und noch ein Log von Gmer:

GMER 1.0.15.15281 - GMER - Rootkit Detector and Remover
Rootkit scan 2010-01-20 03:09:18
Windows 5.1.2600 Service Pack 2
Running: 3fp8b1bw.exe; Driver: C:\Profile\\LOKALE~1\Temp\fwrirpoc.sys


---- System - GMER 1.0.15 ----

SSDT sptd.sys ZwCreateKey [0xF849C0B0]
SSDT sptd.sys ZwEnumerateKey [0xF84A0D1C]
SSDT sptd.sys ZwEnumerateValueKey [0xF84A10BC]
SSDT sptd.sys ZwOpenKey [0xF849C090]
SSDT sptd.sys ZwQueryKey [0xF84A1194]
SSDT sptd.sys ZwQueryValueKey [0xF84A1014]
SSDT sptd.sys ZwSetValueKey [0xF84A1226]

---- Kernel code sections - GMER 1.0.15 ----

? fakdu.sys Das System kann die angegebene Datei nicht finden. !
? C:\WINDOWS\system32\drivers\sptd.sys Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF7C6C360, 0x32E00D, 0xE8000020]
.text USBPORT.SYS!DllUnload F7C2780C 5 Bytes JMP 82BC01B8
? System32\Drivers\aebofojx.SYS Das System kann den angegebenen Pfad nicht finden. !

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F849CAB6] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F849CBEE] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F849CB76] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F849D71C] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F849D5F2] sptd.sys

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 82D701D8
Device \FileSystem\Fastfat \FatCdrom 8233D990

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\usbuhci \Device\USBPDO-0 82BBF1D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 82DD71D8
Device \Driver\dmio \Device\DmControl\DmConfig 82DD71D8
Device \Driver\dmio \Device\DmControl\DmPnP 82DD71D8
Device \Driver\dmio \Device\DmControl\DmInfo 82DD71D8
Device \Driver\usbuhci \Device\USBPDO-1 82BBF1D8
Device \Driver\usbuhci \Device\USBPDO-2 82BBF1D8
Device \Driver\usbuhci \Device\USBPDO-3 82BBF1D8
Device \Driver\usbehci \Device\USBPDO-4 82B921D8

AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\00000038 \Device\00000057 sptd.sys
Device \Driver\Ftdisk \Device\HarddiskVolume1 82D721D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 82D721D8
Device \Driver\Cdrom \Device\CdRom0 82B817D0
Device \Driver\Ftdisk \Device\HarddiskVolume3 82D721D8
Device \Driver\Cdrom \Device\CdRom1 82B817D0
Device \Driver\atapi \Device\Ide\IdePort0 [F83EFAA0] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 [F83EFAA0] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [F83EFAA0] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort2 [F83EFAA0] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c [F83EFAA0] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 [F83EFAA0] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\Cdrom \Device\CdRom2 82B817D0
Device \Driver\usbstor \Device\00000082 824061D8
Device \Driver\NetBT \Device\NetBt_Wins_Export 82A875F0
Device \Driver\usbstor \Device\00000083 824061D8
Device \Driver\usbstor \Device\00000084 824061D8
Device \Driver\NetBT \Device\NetbiosSmb 82A875F0
Device \Driver\usbstor \Device\00000085 824061D8

AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\usbuhci \Device\USBFDO-0 82BBF1D8
Device \Driver\usbuhci \Device\USBFDO-1 82BBF1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 82A901D8
Device \Driver\usbuhci \Device\USBFDO-2 82BBF1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 82A901D8
Device \Driver\usbuhci \Device\USBFDO-3 82BBF1D8
Device \Driver\Ftdisk \Device\FtControl 82D721D8
Device \Driver\usbehci \Device\USBFDO-4 82B921D8
Device \Driver\aebofojx \Device\Scsi\aebofojx1 82B451D8
Device \Driver\aebofojx \Device\Scsi\aebofojx1Port3Path0Target0Lun0 82B451D8
Device \FileSystem\Fastfat \Fat 8233D990

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs 82B2C1D8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xE5 0xC1 0x3C 0x5B ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xAD 0xBD 0xEA 0x34 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x83 0xD0 0xD1 0x03 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xE5 0xC1 0x3C 0x5B ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xAD 0xBD 0xEA 0x34 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x38 0xB1 0x45 0x13 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 102428473
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 -222504245
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xE5 0xC1 0x3C 0x5B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xAD 0xBD 0xEA 0x34 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x38 0xB1 0x45 0x13 ...

---- EOF - GMER 1.0.15 ----
__________________

Alt 20.01.2010, 07:21   #4
Chris4You
 
Malware Defense - Standard

Malware Defense



Hi,

das sieht recht ordentlich aus fixe folgende Einträge noch mit HJ:

öffne das HijackThis -- Button "scan" -- vor den nachfolgenden Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten
Beim fixen müssen alle Programme geschlossen sein!
Code:
ATTFilter
O4 - HKCU\..\Run: [cliconfg64.exe] C:\Profile\*\LOKALE~1\Temp\cliconfg64.exe
O9 - Extra button: GamebookersPoker.com - {25D3746C-E212-4755-9D2D-87671CB6C150} - C:\Programme\Gamebookers\GamebookersPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: GamebookersPoker.com - {25D3746C-E212-4755-9D2D-87671CB6C150} - C:\Programme\Gamebookers\GamebookersPoker\RunApp.exe (file missing)
         
Mit Daemon-Tools ist es immer schwierig die atapi.sys zu kontrollieren lasse die bei Virustotal.com prüfen:
C:\WINDOWS\system32\drivers\atapi.sys

Noch abschließend Dr. Web:
http://www.trojaner-board.de/59299-anleitung-drweb-cureit.html

Poste noch ein neues RSIT-Log...

chris
__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Alt 20.01.2010, 12:10   #5
Adem
 
Malware Defense - Standard

Malware Defense



thx erstmal.....

Dr. Web hat sich kurz vorm Ende aufgehangen und das kam bei raus:

Brian McKnight - All night long - best track ever.mp3;C:\Profile\Adem!\Eigene Dateien\FrostWire\Saved;Trojan.WMALoader;Desinfiziert.;
mirc.exe;C:\Programme\mIRC;Program.mIRC.621;;


und hier das neue LOG:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Adem! at 2010-01-20 13:06:44
Microsoft Windows XP Professional Service Pack 2
System drive C: has 3 GB (16%) free of 20 GB
Total RAM: 511 MB (26% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:06:58, on 20.1.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Programme\RWTH Aachen\Cisco VPN Client\cvpnd.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Programme\Java\jre6\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Programme\Logitech\MouseWare\system\em_exec.exe
C:\Programme\LevelOne\Common\RaUI.exe
C:\Programme\girder32\Girder.exe
C:\Programme\AVG\AVG8\avgcsrvx.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Profile\Adem!\Desktop\RSIT.exe
C:\Programme\trend micro\Adem!.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programme\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programme\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Programme\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [nwiz] REM nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - Startup: Girder3.lnk = C:\Programme\girder32\Girder.exe
O4 - Global Startup: Levelone Wireless Utility.lnk = C:\Programme\LevelOne\Common\RaUI.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyPoker\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyPoker\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Expekt - FE41B5E0-046D-4804-AB78-61ED3F6CB493 - C:\Microgaming\Casino\Expekt\Casinogame.exe (HKCU)
O9 - Extra button: Absolute Poker - {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} - C:\Profile\Adem!\Startmenü\Programme\Absolute Poker\Absolute Poker.lnk (HKCU)
O9 - Extra 'Tools' menuitem: Absolute Poker - {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} - C:\Profile\Adem!\Startmenü\Programme\Absolute Poker\Absolute Poker.lnk (HKCU)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programme\RWTH Aachen\Cisco VPN Client\cvpnd.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programme\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 5500 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Programme\AVG\AVG8\avgssie.dll [2009-12-12 1111320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Programme\AVG\AVG8\Toolbar\IEToolbar.dll [2009-06-26 1008896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Programme\Java\jre6\bin\jp2ssv.dll [2009-05-21 41368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-05-21 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Programme\AVG\AVG8\Toolbar\IEToolbar.dll [2009-06-26 1008896]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd []
"nwiz"=REM nwiz.exe /install []
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-10-07 13574144]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-12-12 2043160]
"SunJavaUpdateSched"=C:\Programme\Java\jre6\bin\jusched.exe [2009-05-21 148888]
"Logitech Utility"=C:\WINDOWS\Logi_MwX.Exe [2003-12-17 19968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
C:\Programme\DAEMON Tools\daemon.exe [2006-09-14 157592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\system32\NvCpl.dll [2008-10-07 13574144]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\WINDOWS\system32\NvMcTray.dll [2008-10-07 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Programme\Java\jre6\bin\jusched.exe [2009-05-21 148888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Profile^All Users^Startmenü^Programme^Autostart^RWTH Aachen Cisco VPN Client.lnk]
C:\PROGRA~1\RWTHAA~1\CISCOV~1\vpngui.exe [2006-11-10 1528880]

C:\Profile\All Users\Startmenü\Programme\Autostart
Levelone Wireless Utility.lnk - C:\Programme\LevelOne\Common\RaUI.exe

C:\Profile\Adem!\Startmenü\Programme\Autostart
Girder3.lnk - C:\Programme\girder32\Girder.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-08-29 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-12-28 702768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoResolveTrack"=0
"NoResolveSearch"=0
"NoInstrumentation"=0
"NoStartMenuMFUprogramsList"=0
"NoSMMyPictures"=0
"NoSMConfigurePrograms"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programme\Miranda\miranda32.exe"="C:\Programme\Miranda\miranda32.exe:*:Enabled:Miranda IM"
"C:\Programme\Hamachi\hamachi.exe"="C:\Programme\Hamachi\hamachi.exe:*:Enabled:Hamachi Client"
"C:\Programme\Home Cinema\PowerCinema\PowerCinema.exe"="C:\Programme\Home Cinema\PowerCinema\PowerCinema.exe:*:Enabled:PowerCinema"
"D:\Steam\SteamApps\ademb\counter-strike source\hl2.exe"="D:\Steam\SteamApps\ademb\counter-strike source\hl2.exe:*:Enabled:hl2"
"C:\Programme\mIRC\mirc.exe"="C:\Programme\mIRC\mirc.exe:*:Enabled:mIRC"
"C:\Programme\Nokia\Nokia Software Updater\nsu_ui_client.exe"="C:\Programme\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater"
"C:\Programme\Gemeinsame Dateien\Nokia\Service Layer\A\nsl_host_process.exe"="C:\Programme\Gemeinsame Dateien\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "
"D:\Steam\Steam.exe"="D:\Steam\Steam.exe:*:Enabled:Steam"
"C:\Programme\SopCast\SopCast.exe"="C:\Programme\SopCast\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\Programme\SopCast\adv\SopAdver.exe"="C:\Programme\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\Programme\SopCast\sopvod.exe"="C:\Programme\SopCast\sopvod.exe:*:Enabled:sopvod"
"C:\Programme\Internet Explorer\iexplore.exe"="C:\Programme\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Programme\Winamp Remote\bin\Orb.exe"="C:\Programme\Winamp Remote\bin\Orb.exe:*:Enabled:Orb"
"C:\Programme\Winamp Remote\bin\OrbTray.exe"="C:\Programme\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray"
"C:\Programme\Winamp Remote\bin\OrbStreamerClient.exe"="C:\Programme\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\Programme\LimeWire\LimeWire.exe"="C:\Programme\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Programme\Veoh Networks\Veoh\VeohClient.exe"="C:\Programme\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client"
"C:\Program Files\Batak4\Batak.exe"="C:\Program Files\Batak4\Batak.exe:*:Enabled:Ihaleli BATAK oyunu V4.0 Alfa"
"C:\Programme\Girder\Girder\girder.exe"="C:\Programme\Girder\Girder\girder.exe:*:Enabled:Girder"
"C:\Programme\Joost\xulrunner\tvprunner.exe"="C:\Programme\Joost\xulrunner\tvprunner.exe:*:Enabled:tvprunner"
"C:\Programme\TVUPlayer\TVUPlayer.exe"="C:\Programme\TVUPlayer\TVUPlayer.exe:*:Enabled:TVUPlayer Component"
"C:\Programme\VideoLAN\VLC\vlc.exe"="C:\Programme\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\Programme\AVG\AVG8\avgemc.exe"="C:\Programme\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Programme\AVG\AVG8\avgupd.exe"="C:\Programme\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Programme\AVG\AVG8\avgnsx.exe"="C:\Programme\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Programme\Mozilla Firefox\firefox.exe"="C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Profile\Adem!\Eigene Dateien\Downloads\u97.exe"="C:\Profile\Adem!\Eigene Dateien\Downloads\u97.exe:*:Enabled:u97"
"C:\Programme\Java\jre6\bin\java.exe"="C:\Programme\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Programme\FrostWire\FrostWire.exe"="C:\Programme\FrostWire\FrostWire.exe:*:Enabled:FrostWire"
"C:\Profile\Adem!\Eigene Dateien\Downloads\programme\u97.exe"="C:\Profile\Adem!\Eigene Dateien\Downloads\programme\u97.exe:*:Enabled:u97"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-01-20 09:01:26 ----A---- C:\WINDOWS\ntbtlog.txt
2010-01-20 02:11:24 ----D---- C:\Programme\trend micro
2010-01-20 02:11:21 ----D---- C:\rsit
2010-01-20 00:45:43 ----D---- C:\Profile\Adem!\Anwendungsdaten\Malwarebytes
2010-01-20 00:45:37 ----D---- C:\Profile\All Users\Anwendungsdaten\Malwarebytes
2010-01-20 00:45:36 ----D---- C:\Programme\Malwarebytes' Anti-Malware
2010-01-19 23:34:10 ----A---- C:\Profile\All Users\Anwendungsdaten\sysReserve.ini
2010-01-13 14:22:54 ----D---- C:\Programme\Winamp
2010-01-13 11:09:59 ----D---- C:\Profile\Adem!\Anwendungsdaten\AnvSoft
2010-01-13 11:09:56 ----D---- C:\Programme\AnvSoft

======List of files/folders modified in the last 1 months======

2010-01-20 12:59:32 ----D---- C:\Programme\Mozilla Firefox
2010-01-20 09:01:26 ----D---- C:\WINDOWS
2010-01-20 09:00:12 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-20 08:27:12 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-20 03:10:56 ----D---- C:\WINDOWS\Prefetch
2010-01-20 02:11:24 ----RD---- C:\Programme
2010-01-20 01:38:15 ----D---- C:\WINDOWS\system32\drivers
2010-01-20 01:38:15 ----D---- C:\WINDOWS\Cursors
2010-01-20 01:01:53 ----HD---- C:\$AVG8.VAULT$
2010-01-20 00:06:47 ----SD---- C:\Profile\Adem!\Anwendungsdaten\Microsoft
2010-01-20 00:06:47 ----D---- C:\WINDOWS\system32
2010-01-20 00:06:37 ----D---- C:\Profile\All Users\Anwendungsdaten\avg8
2010-01-19 23:33:04 ----D---- C:\Profile\Adem!\Anwendungsdaten\vlc
2010-01-19 23:20:47 ----D---- C:\Profile\Adem!\Anwendungsdaten\dvdcss
2010-01-19 23:16:09 ----A---- C:\WINDOWS\winamp.ini
2010-01-19 20:35:23 ----SD---- C:\Profile\All Users\Anwendungsdaten\Microsoft
2010-01-17 18:41:12 ----D---- C:\Profile\All Users\Anwendungsdaten\X10 Settings
2010-01-13 19:12:53 ----D---- C:\Programme\mIRC
2010-01-04 21:56:14 ----D---- C:\Profile\Adem!\Anwendungsdaten\FrostWire

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [2006-11-07 25244]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-08-29 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-08-29 27784]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-07-01 108552]
R1 cdrbsdrv;cdrbsdrv; C:\WINDOWS\system32\drivers\cdrbsdrv.sys [2007-09-13 33408]
R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2006-11-07 40192]
R1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.3.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2007-10-10 20747]
R2 CVPNDRVA;RWTH Aachen IPsec Driver; \??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys []
R2 TVICHW32;TVICHW32; \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS []
R3 Arp1394;1394-ARP-Clientprotokoll; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2006-11-18 60800]
R3 cmudax;C-Media High Definition Audio Interface; C:\WINDOWS\system32\drivers\cmudax.sys [2005-05-12 1287296]
R3 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\system32\DRIVERS\dne2000.sys [2006-09-21 126864]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2006-11-07 138752]
R3 LCcfltr;Logitech USB Filter Driver; C:\WINDOWS\System32\Drivers\LCcFltr.Sys [2003-12-17 14095]
R3 LHidFlt2;Logitech HID/USB Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFlt2.Sys [2003-12-17 25505]
R3 LHidUsb;Logitech USB Receiver device driver; C:\WINDOWS\System32\Drivers\LHidUsb.Sys [2003-12-17 37887]
R3 LMouFlt2;Logitech Mouse Class Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFlt2.Sys [2003-12-17 70801]
R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-11-07 12288]
R3 NIC1394;1394-Netzwerktreiber; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2006-11-07 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-10-07 6133856]
R3 RT2500;LevelOne WNC-0301 11g Wireless PCI Adapter Driver; C:\WINDOWS\system32\DRIVERS\RT2500.sys [2005-09-07 243200]
R3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2006-11-07 31744]
R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2006-11-07 30208]
R3 usbhub;USB2-aktivierter Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2006-11-07 59264]
R3 usbstor;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2006-11-07 26368]
R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2006-11-07 20608]
R3 XUIF;X10 USB Wireless Transceiver; C:\WINDOWS\System32\Drivers\x10ufx2.sys [2005-05-19 17792]
S3 3xHybrid;Philips SAA713x PCI Card; C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2006-11-18 882688]
S3 a09kll1v;a09kll1v; C:\WINDOWS\system32\drivers\a09kll1v.sys []
S3 CCDECODE;Untertiteldecoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2006-11-07 17024]
S3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS\system32\DRIVERS\CVirtA.sys [2005-05-17 5315]
S3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5b.sys [2006-11-18 42496]
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2006-11-28 15440]
S3 hidusb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-18 9600]
S3 MPE;BDA MPE-Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2006-11-07 15360]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS\system32\drivers\MSTEE.sys [2006-11-07 5504]
S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2006-11-07 85376]
S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2006-11-07 10880]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\NSNDIS5.SYS []
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA-IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usbscan;USB-Scannertreiber; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2006-11-07 15104]
S3 vsdatant;vsdatant; \??\C:\WINDOWS\system32\vsdatant.sys []
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2006-11-07 19328]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 tvtool;tvtool; \??\C:\Programme\TVTool 7.2\tvtool.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-08-29 908056]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-08-29 297752]
R2 CVPND;Cisco Systems, Inc. VPN Service; C:\Programme\RWTH Aachen\Cisco VPN Client\cvpnd.exe [2006-11-10 1504304]
R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2009-05-21 152984]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-10-07 163908]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R2 x10nets;X10 Device Network Service; C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe [2001-11-12 20480]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 ose;Office Source Engine; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 ServiceLayer;ServiceLayer; C:\Programme\PC Connectivity Solution\ServiceLayer.exe [2008-11-11 620544]
S3 WMPNetworkSvc;Windows Media Player-Netzwerkfreigabedienst; C:\Programme\Windows Media Player\WMPNetwk.exe [2006-10-24 920576]

-----------------EOF-----------------


Alt 20.01.2010, 13:40   #6
Chris4You
 
Malware Defense - Standard

Malware Defense



Hi,

das sieht soweit gut aus, hast Du die atapi.sys bei virustotal prüfen lassen?

chris
__________________
--> Malware Defense

Alt 20.01.2010, 14:12   #7
Adem
 
Malware Defense - Standard

Malware Defense



Achja die atapi.sys war in Ordnung.

Nur noch den Trojan.WMaLoader von Hand löschen und das wars????

Alt 20.01.2010, 15:31   #8
Chris4You
 
Malware Defense - Standard

Malware Defense



Hi,

ja, sieht so aus...
Lösche die Datei und leere danach den Papierkorb...

Wir können noch Avira in einer aggressiven Einstellung über die Platte jagen...
(Meist taucht dann noch was in der Systemwiederherstellung auf):

Stelle Avira wie folgt ein: http://www.trojaner-board.de/54192-anleitung-avira-antivir-agressive-einstellungen.html
Führe einen Systemscan durch und poste das Ergebnis!

chris
__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Alt 20.01.2010, 17:25   #9
Adem
 
Malware Defense - Standard

Malware Defense



Habe Avira "Agressivscan" durchgeführt und dieser hat mir nur die microgaming Software von expekt angezeigt. Also denk ich mal dass nichts mehr drauf ist ;-)

Sollte ich eigentlich meine Passwörter wechseln???

Alt 20.01.2010, 17:48   #10
Chris4You
 
Malware Defense - Standard

Malware Defense



Hi,

sollte man grundsätzlich eh immer zyklisch machen und nach einem Befall sofort...

chris
__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Antwort

Themen zu Malware Defense
.dll, anti-malware, brauche, ccleaner, dateien, desktop, eingefangen, einstellungen, explorer, gen, h8srt, install, install.exe, logfile, malware, malware.packer, microsoft, nc.exe, programme, pup.keylogger, registrierungsschlüssel, rogue.installer, router, service, services, software, system, temp, trojan.downloader, trojan.fakealert, trojan.tdss, uninstall.exe, version



Ähnliche Themen: Malware Defense


  1. Malware Defense
    Antiviren-, Firewall- und andere Schutzprogramme - 02.02.2010 (42)
  2. Malware Defense
    Plagegeister aller Art und deren Bekämpfung - 24.01.2010 (10)
  3. Malware Defense
    Plagegeister aller Art und deren Bekämpfung - 23.01.2010 (13)
  4. Malware Defense Befall
    Plagegeister aller Art und deren Bekämpfung - 23.01.2010 (10)
  5. Malware Defense wirklich entfernt ?
    Plagegeister aller Art und deren Bekämpfung - 23.01.2010 (3)
  6. malware defense befall
    Plagegeister aller Art und deren Bekämpfung - 21.01.2010 (9)
  7. malware defense und spyhunter
    Plagegeister aller Art und deren Bekämpfung - 15.01.2010 (58)
  8. Malware Defense
    Plagegeister aller Art und deren Bekämpfung - 14.01.2010 (16)
  9. malware defense
    Plagegeister aller Art und deren Bekämpfung - 12.01.2010 (16)
  10. Malware Defense und H8SRT
    Plagegeister aller Art und deren Bekämpfung - 10.01.2010 (14)
  11. Malware Defense und noch mehr...?
    Plagegeister aller Art und deren Bekämpfung - 08.01.2010 (7)
  12. Malware Defense entfernen
    Anleitungen, FAQs & Links - 04.01.2010 (2)
  13. Malware Defense
    Plagegeister aller Art und deren Bekämpfung - 04.01.2010 (24)
  14. Bin ich Malware Defense erfolgreich losgeworden?
    Log-Analyse und Auswertung - 02.01.2010 (11)
  15. malware defense gekriegt HJT log
    Log-Analyse und Auswertung - 02.01.2010 (2)
  16. Bin ich Malware Defense los?
    Log-Analyse und Auswertung - 30.12.2009 (1)
  17. Fraud.Malware Defense
    Plagegeister aller Art und deren Bekämpfung - 28.12.2009 (1)

Zum Thema Malware Defense - Hallo, ich hatte lange Ruhe und hab mir nun wieder was eingefangen und brauche eure Hilfe. Hab CCleaner durchlaufen lassen und danach MaM. Hier das Logfile: Malwarebytes' Anti-Malware 1.44 Datenbank - Malware Defense...
Archiv
Du betrachtest: Malware Defense auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.