Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   logs nach trojanerbefall (https://www.trojaner-board.de/85406-logs-trojanerbefall.html)

ahirte 28.04.2010 08:05
logs nach trojanerbefall
 
hatte/habe den internet security 2010 trojaner. hab alles durchgeführt wie im forum beschrieben und nun hier wie empfohlen meine logs:

malware:

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Datenbank Version: 4044

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

28.04.2010 08:38:07
mbam-log-2010-04-28 (08-38-07).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|F:\|)
Durchsuchte Objekte: 140401
Laufzeit: 12 Minute(n), 4 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 5
Infizierte Registrierungswerte: 5
Infizierte Dateiobjekte der Registrierung: 6
Infizierte Verzeichnisse: 0
Infizierte Dateien: 16

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\CLSID\{0140df95-9128-4053-ae72-f43f0cfca062} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0140df95-9128-4053-ae72-f43f0cfca062} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cdrom (Trojan.Patched) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\SiKernel.PolyMimeFilter (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Schmidt-Pro (Trojan.Agent) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\syncman (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\syncman (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windowsxp (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\regedit32 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vgt (Trojan.Dialer) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Anwendungsdaten\ave.exe" /START "C:\Programme\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Anwendungsdaten\ave.exe" /START "C:\Programme\Internet) Good: (iexplore.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Anwendungsdaten\ave.exe" /START "C:\Programme\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\WINDOWS\system32\wuaucldt.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SiKernel.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Programme\ClearProg\eBay\eBayShortcuts.exe (Adware.ADON) -> Quarantined and deleted successfully.
C:\Programme\Outlook Express\k02-ccc.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Programme\Outlook Express\k10-dd.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cmdow.exe (Malware.Tool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\~TM17C.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\user\wuaucldt.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\wuaucldt.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dllcache\cdrom.sys (Trojan.Patched) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\cdrom.sys (Trojan.Patched) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\user\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\user\Anwendungsdaten\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\win1.bat (Trojan.BAT.DriveBy) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mfc22.dll (Trojan.Agent) -> Quarantined and deleted successfully.


RSIT:


info:



info.txt logfile of random's system information tool 1.06 2010-04-28 08:54:12

======Uninstall list======

-->C:\Programme\Gemeinsame Dateien\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Programme\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->MsiExec /X{3FDF4C9C-BFA0-43AE-B7D4-54BC33B1B0DA}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A81200000003}
AGFEO AIS Konfigurator-->MsiExec.exe /I{32D5A69D-2599-4351-AE2E-25AEAB09F780}
AntiVirenKit InternetSecurity-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{044EB318-D3B0-498D-86F4-1EC1C93BCE88}\setup.exe" -l0x7 -removeonly
AnyDVD-->"C:\Programme\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Programme\SlySoft\AnyDVD"
CCleaner-->"C:\Programme\CCleaner\uninst.exe"
ClearProg 1.5.1 Beta 6-->C:\Programme\ClearProg\Uninstall.exe
CloneCD-->"C:\Programme\SlySoft\CloneCD\ccd-uninst.exe" /D="C:\Programme\SlySoft\CloneCD"
CloneDVD2-->"C:\Programme\Elaborate Bytes\CloneDVD2\CloneDVD2-uninst.exe" /D="C:\Programme\Elaborate Bytes\CloneDVD2"
Compatibility Pack für 2007 Office System-->MsiExec.exe /X{90120000-0020-0407-0000-0000000FF1CE}
Cool Resizer 2009 (remove only)-->"C:\Programme\Cool Resizer\uninst.exe"
ElsterFormular-->C:\Programme\ElsterFormular\uninstall.exe
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Programme\trend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix für Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Malwarebytes' Anti-Malware-->"C:\Programme\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU-->MsiExec.exe /I{C314CE45-3392-3B73-B4E1-139CD41CA933}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU-->MsiExec.exe /I{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU-->c:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - deu\setup.exe
Microsoft .NET Framework 3.5 Language Pack SP1 - deu-->MsiExec.exe /I{052FDD78-A6EA-3187-8386-C82F4CA3A929}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Office XP Professional mit FrontPage-->MsiExec.exe /I{90280407-6000-11D3-8CFE-0050048383C9}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729-->MsiExec.exe /X{6AFCA4E1-9B78-3640-8F72-A7BF33448200}
Mozilla Firefox (3.6.3)-->C:\Programme\Mozilla Firefox\uninstall\helper.exe
Nero 7 Demo-->MsiExec.exe /I{D3492D9E-7FBB-1DF6-F759-2A37FA231031}
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA PhysX v8.07.18-->MsiExec.exe /X{3FDF4C9C-BFA0-43AE-B7D4-54BC33B1B0DA}
PowerDVD-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
RealPlayer-->C:\Programme\Gemeinsame Dateien\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
REALTEK GbE & FE Ethernet PCI NIC Driver-->C:\Programme\InstallShield Installation Information\{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}\SETUP.EXE -runfromtemp -l0x0007 -removeonly
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
Sicherheitsupdate für Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Sicherheitsupdate für Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Update für Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update für Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update für Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update für Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Programme\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10-->"C:\Programme\Windows Media Player\Setup_wm.exe" /Uninstall
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Windows-Treiberpaket - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /d /u C:\WINDOWS\system32\DRVSTORE\amdk8_87B606860B720724BEB5DCEB69E8628A61DE0A7E\amdk8.inf
WinZip-->"C:\Programme\WinZip\WINZIP32.EXE" /uninstall
XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"

======Hosts File======

127.0.0.1 mpa.one.microsoft.com
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com

======Security center information======

AV: G DATA AntiVirenKit 2005 (disabled) (outdated)
FW: Kaspersky Anti-Hacker

======System event log======

Computer Name: HOMEPC
Event Code: 2
Message: Device identified.

Record Number: 10045
Source Name: nvata
Time Written: 20100315173817.000000+060
Event Type: Informationen
User:

Computer Name: HOMEPC
Event Code: 6005
Message: Der Ereignisprotokolldienst wurde gestartet.

Record Number: 10044
Source Name: EventLog
Time Written: 20100315173803.000000+060
Event Type: Informationen
User:

Computer Name: HOMEPC
Event Code: 6009
Message: Microsoft (R) Windows (R) 5.01. 2600 Service Pack 3 Multiprocessor Free.

Record Number: 10043
Source Name: EventLog
Time Written: 20100315173803.000000+060
Event Type: Informationen
User:

Computer Name: HOMEPC
Event Code: 6006
Message: Der Ereignisprotokolldienst wurde beendet.

Record Number: 10042
Source Name: EventLog
Time Written: 20100315172812.000000+060
Event Type: Informationen
User:

Computer Name: HOMEPC
Event Code: 8021
Message: Der Suchdienst konnte keine Serverliste vom Hauptsuchdienst "\\KATHARINA" auf dem Netzwerk "\Device\NetBT_Tcpip_{D17C50E1-A215-4D5E-A543-B6C1FBDA54B1}" erhalten.
Daten: Fehlercode.

Record Number: 10041
Source Name: BROWSER
Time Written: 20100315172756.000000+060
Event Type: Warnung
User:

=====Application event log=====

Computer Name: HOMEPC
Event Code: 11707
Message: Product: CCC Help English -- Installation operation completed successfully.

Record Number: 74
Source Name: MsiInstaller
Time Written: 20081016102041.000000+120
Event Type: Informationen
User: HOMEPC\user

Computer Name: HOMEPC
Event Code: 11707
Message: Product: CCC Help Greek -- Installation operation completed successfully.

Record Number: 73
Source Name: MsiInstaller
Time Written: 20081016102040.000000+120
Event Type: Informationen
User: HOMEPC\user

Computer Name: HOMEPC
Event Code: 11707
Message: Product: CCC Help German -- Installation operation completed successfully.

Record Number: 72
Source Name: MsiInstaller
Time Written: 20081016102038.000000+120
Event Type: Informationen
User: HOMEPC\user

Computer Name: HOMEPC
Event Code: 11707
Message: Product: CCC Help Danish -- Installation operation completed successfully.

Record Number: 71
Source Name: MsiInstaller
Time Written: 20081016102037.000000+120
Event Type: Informationen
User: HOMEPC\user

Computer Name: HOMEPC
Event Code: 11707
Message: Product: CCC Help Czech -- Installation operation completed successfully.

Record Number: 70
Source Name: MsiInstaller
Time Written: 20081016102036.000000+120
Event Type: Informationen
User: HOMEPC\user

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Programme\ATI Technologies\ATI.ACE\Core-Static
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 107 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=6b02
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------






log:


Logfile of random's system information tool 1.06 (written by random/random)
Run by user at 2010-04-28 08:53:54
Microsoft Windows XP Professional Service Pack 3
System drive C: has 82 GB (80%) free of 102 GB
Total RAM: 2047 MB (82% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:54:11, on 28.04.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programme\Gemeinsame Dateien\G DATA\AVKMail\AVKPOP.EXE
C:\Programme\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\AntiVirenKit InternetSecurity\AVK\AVKService.exe
C:\Programme\AntiVirenKit InternetSecurity\AVK\AVKWCtl.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Dokumente und Einstellungen\user\Desktop\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Programme\trend micro\user.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = hxxp://windowsupdate.microsoft.com/
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SIPAKBHO Class - {40FB69E1-9B7B-453F-B238-37D8E9528929} - C:\Programme\AntiVirenKit InternetSecurity\Webfilter\PAKIEPlugins.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Offliner AdFilter Helper - {DC9377A2-2E8D-44A1-99DB-F8A821DF254D} - C:\WINDOWS\system32\SiPlugins.dll
O3 - Toolbar: WebFilter-Leiste - {75CD0BC5-E317-449C-9FF6-4986B3D48F64} - C:\PROGRA~1\ANTIVI~1\WEBFIL~1\PAKIEGUI.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVK Mail Checker] "C:\Programme\Gemeinsame Dateien\G DATA\AVKMail\AVKPOP.EXE"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [browserpcGlade] rundll32.exe "C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Anwendungsdaten\browserpcGlade\browserpcGlade.dll", DllInit
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [iasmapDraw] rundll32.exe "C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\iasmapDraw\iasmapDraw.dll", DllInit (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: srvaju32.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Planer (AntiVirScheduler) - Unknown owner - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe (file missing)
O23 - Service: AVK Service (AVKService) - Unknown owner - C:\Programme\AntiVirenKit InternetSecurity\AVK\AVKService.exe
O23 - Service: AVK Wächter (AVKWCtl) - Unknown owner - C:\Programme\AntiVirenKit InternetSecurity\AVK\AVKWCtl.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 5003 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{40FB69E1-9B7B-453F-B238-37D8E9528929}]
SIPAKBHO Class - C:\Programme\AntiVirenKit InternetSecurity\Webfilter\PAKIEPlugins.dll [2004-04-01 86016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DC9377A2-2E8D-44A1-99DB-F8A821DF254D}]
Offliner AdFilter Helper - C:\WINDOWS\system32\SiPlugins.dll [2004-04-07 236032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{75CD0BC5-E317-449C-9FF6-4986B3D48F64} - WebFilter-Leiste - C:\PROGRA~1\ANTIVI~1\WEBFIL~1\PAKIEGUI.dll [2004-09-14 311808]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-05-10 16342528]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2007-05-07 1826816]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-07-26 13570048]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-07-26 86016]
"Adobe Reader Speed Launcher"=C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"AVK Mail Checker"=C:\Programme\Gemeinsame Dateien\G DATA\AVKMail\AVKPOP.EXE [2004-10-07 364544]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Programme\Messenger\msmsgs.exe [2008-04-14 1695232]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"UpData"= []
"BD"= []
"browserpcGlade"=C:\WINDOWS\system32\config\system [2010-04-28 5505024]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Programme\CyberLink\PowerDVD\PDVDServ.exe [2004-11-02 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
C:\WINDOWS\RTHDCPL.EXE [2007-05-10 16342528]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe [2008-10-17 180269]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader - Schnellstart.lnk]
C:\PROGRA~1\Adobe\READER~1.0\Reader\READER~1.EXE [2008-01-11 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader Synchronizer.lnk]
C:\PROGRA~1\Adobe\READER~1.0\Reader\ADOBEC~1.EXE [2007-05-11 738968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^WinZip Quick Pick.lnk]
C:\PROGRA~1\WinZip\WZQKPICK.EXE [2002-10-28 106561]

C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
Microsoft Office.lnk - C:\Programme\Microsoft Office\Office10\OSA.EXE

C:\Dokumente und Einstellungen\user\Startmenü\Programme\Autostart
srvaju32.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a484f458-c5e4-11dd-a100-806d6172696f}]
shell\AutoRun\command - R:\Setup.exe


======List of files/folders created in the last 1 months======

2010-04-28 08:53:54 ----D---- C:\rsit
2010-04-28 08:53:54 ----D---- C:\Programme\trend micro
2010-04-28 08:47:09 ----D---- C:\Programme\CCleaner
2010-04-28 07:20:50 ----D---- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Malwarebytes
2010-04-28 07:20:38 ----D---- C:\Programme\Malwarebytes' Anti-Malware
2010-04-28 07:20:38 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2010-04-28 06:51:06 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\G DATA
2010-04-28 06:50:42 ----D---- C:\Programme\Gemeinsame Dateien\Kaspersky Lab
2010-04-28 06:50:41 ----A---- C:\WINDOWS\system32\SiPlugins.dll
2010-04-28 06:50:41 ----A---- C:\WINDOWS\system32\SI_APP.dll
2010-04-28 06:50:40 ----D---- C:\Dokumente und Einstellungen\user\Anwendungsdaten\AdsCleaner
2010-04-28 06:50:38 ----A---- C:\WINDOWS\system32\SiRPCSrv2.dll
2010-04-28 06:50:38 ----A---- C:\WINDOWS\system32\SiRPCPrx.dll
2010-04-28 06:50:36 ----A---- C:\WINDOWS\system32\WNASPI32.DLL
2010-04-28 06:50:35 ----D---- C:\Programme\CDRecordKit
2010-04-28 06:50:29 ----D---- C:\Programme\Gemeinsame Dateien\G DATA
2010-04-28 06:50:26 ----D---- C:\Programme\AntiVirenKit InternetSecurity
2010-04-27 14:45:03 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\avG
2010-04-27 13:36:14 ----A---- C:\WINDOWS\system32\fjhdyfhsn.bat
2010-04-12 09:41:49 ----D---- C:\Programme\Mozilla Sunbird

======List of files/folders modified in the last 1 months======

2010-04-28 08:53:54 ----RD---- C:\Programme
2010-04-28 08:48:20 ----D---- C:\WINDOWS\Debug
2010-04-28 08:48:20 ----D---- C:\WINDOWS
2010-04-28 08:48:20 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2010-04-28 08:40:19 ----D---- C:\WINDOWS\Temp
2010-04-28 08:39:50 ----D---- C:\WINDOWS\system32\drivers
2010-04-28 08:39:19 ----N---- C:\WINDOWS\SchedLgU.Txt
2010-04-28 08:38:18 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-04-28 08:38:08 ----D---- C:\WINDOWS\system32\CatRoot2
2010-04-28 08:38:07 ----D---- C:\WINDOWS\system32
2010-04-28 08:38:07 ----D---- C:\Programme\Outlook Express
2010-04-28 08:37:36 ----D---- C:\WINDOWS\Prefetch
2010-04-28 06:50:42 ----D---- C:\Programme\Gemeinsame Dateien
2010-04-28 06:50:24 ----HD---- C:\Programme\InstallShield Installation Information
2010-04-27 17:32:35 ----D---- C:\WINDOWS\WinSxS
2010-04-27 17:32:34 ----SHD---- C:\WINDOWS\Installer
2010-04-27 17:32:34 ----D---- C:\Programme\Gemeinsame Dateien\Microsoft Shared
2010-04-27 17:24:01 ----D---- C:\Programme\Mozilla Firefox
2010-04-12 09:41:52 ----D---- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla
2010-03-29 19:36:24 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-06-18 43520]
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-05-27 75096]
R1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
R1 Klif;Klif; \??\C:\WINDOWS\system32\Drivers\klif.sys []
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-11-08 21248]
R2 Aspi32;Aspi32; C:\WINDOWS\System32\drivers\aspi32.sys [2010-04-28 16512]
R2 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2005-04-21 10624]
R3 GDInterceptor;GDInterceptor; \??\C:\WINDOWS\system32\interceptor.sys []
R3 HDAudBus;Microsoft UAA-Bustreiber für High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HookCentre;HookCentre; \??\C:\WINDOWS\system32\drivers\HookCentre.sys []
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-05-10 4419584]
R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-18 12288]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-07-26 6097536]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-11-27 58368]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-11-27 19968]
R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2-aktivierter Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Miniporttreiber für Microsoft USB Open Host-Controller; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S1 avgio;avgio; \??\C:\Programme\Avira\AntiVir PersonalEdition Classic\avgio.sys []
S1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys []
S1 InCDRm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys []
S3 AnyDVD;AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [2005-12-11 19200]
S3 avgntflt;avgntflt; \??\C:\Programme\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
S3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2005-05-03 27392]
S3 ElbyDelay;ElbyDelay; C:\WINDOWS\System32\Drivers\ElbyDelay.sys [2005-04-12 4608]
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2006-12-14 85120]
S3 usbscan;USB-Scannertreiber; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S4 InCDFs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AVKService;AVK Service; C:\Programme\AntiVirenKit InternetSecurity\AVK\AVKService.exe [2004-09-28 299008]
R2 AVKWCtl;AVK Wächter; C:\Programme\AntiVirenKit InternetSecurity\AVK\AVKWCtl.exe [2004-11-30 561152]
R2 MDM;Machine Debug Manager; C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-07-26 159812]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
S2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Planer; C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S4 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe []
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 WinDefend;Speicher Reserve; C:\Programme\Reserve Speicher\MMsMpEng.exe []

-----------------EOF-----------------






ich hoffe ich habe alles richtig gemacht.



danke

cosinus 29.04.2010 12:24
Hallo und :hallo:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.


Alle Zeitangaben in WEZ +1. Es ist jetzt 06:58 Uhr.

Copyright ©2000-2026, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19