Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Antivir zeigt 29 funde an ! (https://www.trojaner-board.de/82344-antivir-zeigt-29-funde.html)

MARIA78 29.01.2010 19:49
Antivir zeigt 29 funde an !
 
Malwarebytes' Anti-Malware 1.44
Datenbank Version: 3658
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

29.01.2010 19:48:35
mbam-log-2010-01-29 (19-48-35).txt

Scan-Methode: Vollständiger Scan (C:\|D:\|)
Durchsuchte Objekte: 155823
Laufzeit: 46 minute(s), 13 second(s)

Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 4
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 9
Infizierte Dateien: 22

Infizierte Speicherprozesse:
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Zwunzi\zwunzi139.exe (Adware.Zwunzi) -> Unloaded process successfully.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PersonalSec (Rogue.PersonalSecurity) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Zwunzi (Adware.Zwunzi) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\zwunzi service (Adware.Zwunzi) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servises (Malware.Trace) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Zwunzi (Adware.Zwunzi) -> Quarantined and deleted successfully.
C:\Programme\Zwunzi (Adware.Zwunzi) -> Quarantined and deleted successfully.
C:\Programme\PersonalSec (Rogue.PersonalSecurity) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\All Users\Startmenü\PersonalSec (Rogue.PersonalSecurity) -> Quarantined and deleted successfully.
C:\Programme\Gemeinsame Dateien\PersonalSecUninstall (Rogue.PersonalSecurity) -> Quarantined and deleted successfully.
C:\Programme\Mozilla Firefox\extensions\{F270F1AF-34D6-41CB-A9F5-8200EF7DB41F} (Adware.Zwunzi) -> Delete on reboot.
C:\Programme\Mozilla Firefox\extensions\{F270F1AF-34D6-41CB-A9F5-8200EF7DB41F}\chrome (Adware.Zwunzi) -> Delete on reboot.
C:\Programme\Mozilla Firefox\extensions\{F270F1AF-34D6-41CB-A9F5-8200EF7DB41F}\defaults (Adware.Zwunzi) -> Quarantined and deleted successfully.
C:\Programme\Mozilla Firefox\extensions\{F270F1AF-34D6-41CB-A9F5-8200EF7DB41F}\defaults\preferences (Adware.Zwunzi) -> Quarantined and deleted successfully.

Infizierte Dateien:
C:\Dokumente und Einstellungen\Veli Yildiz\Lokale Einstellungen\Temp\~nsu.tmp\Au_.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1D285728-EA49-4314-ABE5-38734FF4B0F1}\RP197\A0128603.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1D285728-EA49-4314-ABE5-38734FF4B0F1}\RP201\A0128779.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1D285728-EA49-4314-ABE5-38734FF4B0F1}\RP201\A0128780.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1D285728-EA49-4314-ABE5-38734FF4B0F1}\RP201\A0128784.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1D285728-EA49-4314-ABE5-38734FF4B0F1}\RP205\A0130065.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1D285728-EA49-4314-ABE5-38734FF4B0F1}\RP205\A0130067.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1D285728-EA49-4314-ABE5-38734FF4B0F1}\RP205\A0130068.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Zwunzi\zwunzi139.exe (Adware.Zwunzi) -> Quarantined and deleted successfully.
C:\Programme\Zwunzi\zwunzi.exe (Adware.Zwunzi) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\All Users\Startmenü\PersonalSec\Computer Scan.lnk (Rogue.PersonalSecurity) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\All Users\Startmenü\PersonalSec\Help.lnk (Rogue.PersonalSecurity) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\All Users\Startmenü\PersonalSec\Personal Security.lnk (Rogue.PersonalSecurity) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\All Users\Startmenü\PersonalSec\Registration.lnk (Rogue.PersonalSecurity) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\All Users\Startmenü\PersonalSec\Security Center.lnk (Rogue.PersonalSecurity) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\All Users\Startmenü\PersonalSec\Settings.lnk (Rogue.PersonalSecurity) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\All Users\Startmenü\PersonalSec\Update.lnk (Rogue.PersonalSecurity) -> Quarantined and deleted successfully.
C:\Programme\Gemeinsame Dateien\PersonalSecUninstall\Uninstall.lnk (Rogue.PersonalSecurity) -> Quarantined and deleted successfully.
C:\Programme\Mozilla Firefox\extensions\{F270F1AF-34D6-41CB-A9F5-8200EF7DB41F}\chrome.manifest (Adware.Zwunzi) -> Quarantined and deleted successfully.
C:\Programme\Mozilla Firefox\extensions\{F270F1AF-34D6-41CB-A9F5-8200EF7DB41F}\install.rdf (Adware.Zwunzi) -> Quarantined and deleted successfully.
C:\Programme\Mozilla Firefox\extensions\{F270F1AF-34D6-41CB-A9F5-8200EF7DB41F}\chrome\zwunzi.jar (Adware.Zwunzi) -> Delete on reboot.
C:\Programme\Mozilla Firefox\extensions\{F270F1AF-34D6-41CB-A9F5-8200EF7DB41F}\defaults\preferences\prefs.js (Adware.Zwunzi) -> Quarantined and deleted successfully.
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:09:28, on 29.01.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programme\Java\jre6\bin\jusched.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Windows Live\Messenger\msnmsgr.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\ManyCam 2.4\ManyCam.exe
C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
C:\DOKUME~1\VELIYI~1\LOKALE~1\Temp\RtkBtMnt.exe
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Zwunzi\zwunzi139.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programme\Windows Live\Contacts\wlcomm.exe
C:\Programme\Windows Live\Messenger\msnmsgr.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Malwarebytes' Anti-Malware\mbam.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [AzMixerSel] C:\Programme\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\WINDOWS\PLFSet.dll,PLFDefSetting
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ManyCam] "C:\Programme\ManyCam 2.4\ManyCam.exe"
O4 - HKCU\..\RunOnce: [WiseStubReboot] MSIEXEC /quiet SKIP_PPU_DRIVER_INSTALL=1 /I "C:\Programme\Gemeinsame Dateien\Wise Installation Wizard\WISDD1865F0AD7340FBB23E1822E02396FF_9_09_0203.MSI" TRANSFORMS="C:\Programme\Gemeinsame Dateien\Wise Installation Wizard\WISDD1865F0AD7340FBB23E1822E02396FF_9_09_0203.MST" WISE_SETUP_EXE_PATH="c:\nvidia\winxp\185.85\is\display\PhysX_9.09.0203_SystemSoftware.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: Save YouTube Video as MP3 - res://C:\Programme\Gemeinsame Dateien\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm
O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{D2F6CF34-A47F-4484-AFF4-22A4763C0E59}: NameServer = 213.191.74.11 213.191.92.82
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: Zwunzi Service - Unknown owner - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Zwunzi\zwunzi139.exe

--
End of file - 6654 bytes

cosinus 30.01.2010 15:21
Hallo,

bitte Logfiles von RSIT nachreichen.

MARIA78 30.01.2010 16:46
Logfile of random's system information tool 1.06 (written by random/random)
Run by Veli Yildiz at 2010-01-30 16:44:59
Microsoft Windows XP Professional Service Pack 3
System drive C: has 130 GB (85%) free of 153 GB
Total RAM: 3070 MB (85% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:45:03, on 30.01.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programme\Java\jre6\bin\jusched.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Windows Live\Messenger\msnmsgr.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\ManyCam 2.4\ManyCam.exe
C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
C:\DOKUME~1\VELIYI~1\LOKALE~1\Temp\RtkBtMnt.exe
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Programme\Windows Live\Contacts\wlcomm.exe
C:\Programme\Windows Live\Messenger\msnmsgr.exe
C:\Dokumente und Einstellungen\Veli Yildiz\Desktop\Virus und Co\RSIT.exe
C:\Programme\Trend Micro\HijackThis\Veli Yildiz.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [AzMixerSel] C:\Programme\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\WINDOWS\PLFSet.dll,PLFDefSetting
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ManyCam] "C:\Programme\ManyCam 2.4\ManyCam.exe"
O4 - HKCU\..\RunOnce: [WiseStubReboot] MSIEXEC /quiet SKIP_PPU_DRIVER_INSTALL=1 /I "C:\Programme\Gemeinsame Dateien\Wise Installation Wizard\WISDD1865F0AD7340FBB23E1822E02396FF_9_09_0203.MSI" TRANSFORMS="C:\Programme\Gemeinsame Dateien\Wise Installation Wizard\WISDD1865F0AD7340FBB23E1822E02396FF_9_09_0203.MST" WISE_SETUP_EXE_PATH="c:\nvidia\winxp\185.85\is\display\PhysX_9.09.0203_SystemSoftware.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: Save YouTube Video as MP3 - res://C:\Programme\Gemeinsame Dateien\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm
O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{D2F6CF34-A47F-4484-AFF4-22A4763C0E59}: NameServer = 213.191.74.11 213.191.92.82
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe

--
End of file - 6310 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-11-26 329312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Anmelde-Hilfsprogramm - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Programme\Java\jre6\bin\jp2ssv.dll [2009-10-21 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-21 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avgnt"=C:\Programme\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"AzMixerSel"=C:\Programme\Realtek\InstallShield\AzMixerSel.exe [2006-07-17 53248]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-05-28 16132608]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"PLFSet"=C:\WINDOWS\PLFSet.dll [2007-04-25 45056]
"SunJavaUpdateSched"=C:\Programme\Java\jre6\bin\jusched.exe [2009-10-21 149280]
"TkBellExe"=C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe [2009-11-26 198160]
"Adobe Reader Speed Launcher"=C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]
"Adobe ARM"=C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"msnmsgr"=C:\Programme\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883840]
"MSMSGS"=C:\Programme\Messenger\msmsgs.exe [2008-04-14 1695232]
"ManyCam"=C:\Programme\ManyCam 2.4\ManyCam.exe [2009-12-19 1824040]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WiseStubReboot"=MSIEXEC /quiet SKIP_PPU_DRIVER_INSTALL=1 /I C:\Programme\Gemeinsame Dateien\Wise Installation Wizard\WISDD1865F0AD7340FBB23E1822E02396FF_9_09_0203.MSI TRANSFORMS=C:\Programme\Gemeinsame Dateien\Wise Installation Wizard\WISDD1865F0AD7340FBB23E1822E02396FF_9_09_0203.MST WISE_SETUP_EXE_PATH=c:\nvidia\winxp\185.85\is\display\PhysX_9.09.0203_SystemSoftware.exe []

C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
BTTray.lnk - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Eine DLL-Datei als Anwendung ausführen"
"C:\Programme\TeamViewer\Version4\TeamViewer.exe"="C:\Programme\TeamViewer\Version4\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\BonCukFm Script\Mirc.exe"="C:\BonCukFm Script\Mirc.exe:*:Enabled:Cehre mIRC"
"C:\Programme\SopCast\adv\SopAdver.exe"="C:\Programme\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\Programme\SopCast\SopCast.exe"="C:\Programme\SopCast\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\Programme\KONAMI\Pro Evolution Soccer 2008\PES2008.exe"="C:\Programme\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:*:Enabled:Pro Evolution Soccer 2008"
"C:\Programme\TVUPlayer\TVUPlayer.exe"="C:\Programme\TVUPlayer\TVUPlayer.exe:*:Enabled:TVUPlayer Component"
"C:\Programme\Internet Explorer\iexplore.exe"="C:\Programme\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Programme\Mozilla Firefox\firefox.exe"="C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Programme\Windows Live\Messenger\wlcsdk.exe"="C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Programme\Windows Live\Messenger\msnmsgr.exe"="C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Programme\TVAnts\Tvants.exe"="C:\Programme\TVAnts\Tvants.exe:*:Enabled:TVAnts"
"C:\Programme\PPMate\ppmate.exe"="C:\Programme\PPMate\ppmate.exe:*:Enabled:PPMate"
"C:\Programme\PPMate\ppamnet.exe"="C:\Programme\PPMate\ppamnet.exe:*:Enabled:PPMate"
"C:\Dokumente und Einstellungen\Veli Yildiz\Desktop\MSNShell\Bin\engie.exe"="C:\Dokumente und Einstellungen\Veli Yildiz\Desktop\MSNShell\Bin\engie.exe:*:Enabled:MSNShell"
"C:\Programme\VideoLAN\VLC\vlc.exe"="C:\Programme\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\totalcmd\TOTALCMD.EXE"="C:\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit"
"C:\Dokumente und Einstellungen\Veli Yildiz\Desktop\PES2008.exe"="C:\Dokumente und Einstellungen\Veli Yildiz\Desktop\PES2008.exe:*:Enabled:Pro Evolution Soccer 2008"
"C:\Programme\Java\jre6\bin\java.exe"="C:\Programme\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Programme\trademanager\AliIM.exe"="C:\Programme\trademanager\AliIM.exe:*:Enabled:AliIM"
"C:\Programme\Metin2\metin2.bin"="C:\Programme\Metin2\metin2.bin:*:Enabled:metin2"
"C:\Programme\Skype\Plugin Manager\skypePM.exe"="C:\Programme\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Dokumente und Einstellungen\Veli Yildiz\Lokale Einstellungen\Temp\Rar$EX00.375\P. TVUPlayer - Portable Brasil (www.portablebrasil.net).exe"="C:\Dokumente und Einstellungen\Veli Yildiz\Lokale Einstellungen\Temp\Rar$EX00.375\P. TVUPlayer - Portable Brasil (www.portablebrasil.net).exe:*:Enabled:TVUPlayer Component"
"C:\Dokumente und Einstellungen\Veli Yildiz\Lokale Einstellungen\Temp\Rar$EX06.078\P. TVUPlayer - Portable Brasil (www.portablebrasil.net).exe"="C:\Dokumente und Einstellungen\Veli Yildiz\Lokale Einstellungen\Temp\Rar$EX06.078\P. TVUPlayer - Portable Brasil (www.portablebrasil.net).exe:*:Enabled:TVUPlayer Component"
"C:\Programme\StreamTorrent 1.0\StreamTorrent.exe"="C:\Programme\StreamTorrent 1.0\StreamTorrent.exe:*:Enabled:StreamTorrent P2P Media Player"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Programme\Windows Live\Messenger\wlcsdk.exe"="C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Programme\Windows Live\Messenger\msnmsgr.exe"="C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7885b697-b80a-11de-a06a-001e682e4752}]
shell\AutoRun\command - E:\vlvtdflx.exe
shell\open\command - E:\vlvtdflx.exe


======List of files/folders created in the last 1 months======

2010-01-29 17:40:47 ----D---- C:\Programme\Adobe
2010-01-29 17:40:23 ----SHD---- C:\Config.Msi
2010-01-18 19:48:26 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TVU Networks
2010-01-18 19:35:45 ----A---- C:\WINDOWS\system32\devil.dll
2010-01-18 19:35:45 ----A---- C:\WINDOWS\system32\avisynth.dll*
2010-01-18 19:35:45 ----A---- C:\WINDOWS\system32\avisynth.dll
2010-01-18 19:35:44 ----D---- C:\Programme\AviSynth 2.5
2010-01-18 19:35:44 ----A---- C:\WINDOWS\system32\yv12vfw.dll
2010-01-18 19:35:44 ----A---- C:\WINDOWS\system32\i420vfw.dll
2010-01-18 19:35:44 ----A---- C:\WINDOWS\system32\AVSredirect.dll
2010-01-18 19:35:10 ----D---- C:\Programme\eRightSoft
2010-01-18 18:12:31 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Messenger Plus!
2010-01-18 18:12:21 ----D---- C:\Programme\Messenger Plus! Live
2010-01-16 18:24:37 ----D---- C:\temp
2010-01-16 18:24:25 ----D---- C:\Dokumente und Einstellungen\Veli Yildiz\Anwendungsdaten\Audio Record Edit Toolbox
2010-01-16 18:23:55 ----A---- C:\WINDOWS\system32\NCTWMAFile2.dll
2010-01-16 18:23:55 ----A---- C:\WINDOWS\system32\NCTTextToAudio2.dll
2010-01-16 18:23:55 ----A---- C:\WINDOWS\system32\NCTAudioVisualization2.dll
2010-01-16 18:23:55 ----A---- C:\WINDOWS\system32\NCTAudioTransform2.dll
2010-01-16 18:23:55 ----A---- C:\WINDOWS\system32\NCTAudioRecord2.dll
2010-01-16 18:23:55 ----A---- C:\WINDOWS\system32\NCTAudioPlayer2.dll
2010-01-16 18:23:54 ----A---- C:\WINDOWS\system32\NCTAudioInformation2.dll
2010-01-16 18:23:54 ----A---- C:\WINDOWS\system32\NCTAudioFile2.dll
2010-01-16 18:23:54 ----A---- C:\WINDOWS\system32\NCTAudioEditor2.dll
2010-01-16 18:23:54 ----A---- C:\WINDOWS\system32\NCTAudioCDGrabber2.dll
2010-01-16 18:23:53 ----D---- C:\Programme\Audio Recorder for FREE
2010-01-14 02:09:45 ----D---- C:\Dokumente und Einstellungen\Veli Yildiz\Anwendungsdaten\Nero
2010-01-13 18:48:18 ----D---- C:\Programme\Ahead
2010-01-12 12:36:28 ----D---- C:\rsit
2010-01-12 11:52:29 ----D---- C:\Dokumente und Einstellungen\Veli Yildiz\Anwendungsdaten\Malwarebytes
2010-01-12 11:52:23 ----D---- C:\Programme\Malwarebytes' Anti-Malware
2010-01-12 11:52:23 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2010-01-12 11:39:08 ----D---- C:\Programme\Trend Micro
2010-01-04 20:25:54 ----D---- C:\Programme\AVS4YOU

======List of files/folders modified in the last 1 months======

2010-01-30 16:44:29 ----D---- C:\WINDOWS\Prefetch
2010-01-30 16:38:23 ----D---- C:\Programme\Mozilla Firefox
2010-01-30 16:29:40 ----D---- C:\WINDOWS\Temp
2010-01-30 16:29:24 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-30 16:29:18 ----D---- C:\WINDOWS
2010-01-30 16:28:45 ----D---- C:\WINDOWS\system32\drivers
2010-01-30 08:50:07 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-29 20:58:13 ----D---- C:\Dokumente und Einstellungen\Veli Yildiz\Anwendungsdaten\vlc
2010-01-29 19:48:55 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2010-01-29 19:48:34 ----D---- C:\Programme\Gemeinsame Dateien
2010-01-29 19:48:34 ----D---- C:\Programme
2010-01-29 18:25:09 ----D---- C:\WINDOWS\system32
2010-01-29 17:41:32 ----SHD---- C:\WINDOWS\Installer
2010-01-29 17:41:21 ----D---- C:\Programme\Gemeinsame Dateien\Adobe
2010-01-29 17:41:19 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Adobe
2010-01-29 13:02:17 ----HD---- C:\WINDOWS\inf
2010-01-29 13:02:17 ----D---- C:\Programme\Windows Live Safety Center
2010-01-25 14:40:46 ----D---- C:\Programme\Metin2
2010-01-24 08:39:41 ----D---- C:\Programme\ManyCam 2.4
2010-01-24 08:39:34 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-01-18 19:35:33 ----RSD---- C:\WINDOWS\Fonts
2010-01-16 18:26:06 ----D---- C:\WINDOWS\system32\CatRoot
2010-01-16 12:11:51 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype
2010-01-13 22:51:10 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SpeakyChat
2010-01-13 17:40:04 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-01-12 23:32:07 ----D---- C:\WINDOWS\Minidump
2010-01-12 13:54:17 ----D---- C:\WINDOWS\WinSxS
2010-01-12 13:27:39 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2010-01-12 12:29:39 ----D---- C:\Dokumente und Einstellungen\Veli Yildiz\Anwendungsdaten\Desktopicon
2010-01-10 06:16:00 ----D---- C:\Programme\Athan
2010-01-04 20:26:01 ----D---- C:\Programme\Gemeinsame Dateien\AVSMedia
2010-01-04 16:31:40 ----D---- C:\WINDOWS\Debug
2010-01-03 00:21:56 ----D---- C:\WINDOWS\system32\de-DE
2010-01-03 00:21:24 ----D---- C:\Dokumente und Einstellungen\Veli Yildiz\Anwendungsdaten\skypePM

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40448]
R1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R1 WmiAcpi;Microsoft Windows-Verwaltungsschnittstelle für ACPI; C:\WINDOWS\System32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2010-01-04 56816]
R2 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936]
R2 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2007-01-23 42496]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2007-03-21 37376]
R3 Arp1394;1394-ARP-Clientprotokoll; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2007-02-16 160256]
R3 btaudio;Bluetooth-Audiogerät; C:\WINDOWS\system32\drivers\btaudio.sys [2007-03-23 539072]
R3 BTDriver;Virtueller Bluetooth-Kommunikationstreiber; C:\WINDOWS\system32\DRIVERS\btport.sys [2007-03-23 37424]
R3 BTKRNL;Bluetooth-Bus-Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2007-03-31 876384]
R3 CmBatt;Microsoft-Netzteiltreiber; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 HDAudBus;Microsoft UAA-Bustreiber für High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidshim;Service for HID-KMDF Shim layer; C:\WINDOWS\system32\DRIVERS\hidshim.sys [2007-05-30 5632]
R3 HidUsb;Microsoft HID Class-Treiber; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-05-30 4424192]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver; C:\WINDOWS\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-18 12288]
R3 NIC1394;1394-Netzwerktreiber; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-04-30 8055584]
R3 sdbus;sdbus; C:\WINDOWS\System32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\WINDOWS\system32\DRIVERS\snp2uvc.sys [2007-06-12 1729152]
R3 SPLITCAM;Splitcam, WDM Camera Stream Splitter; C:\WINDOWS\system32\DRIVERS\splitcam.sys [2009-09-13 13824]
R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2-aktivierter Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
R3 winbondhidcir;Winbond HID CIR Receiver; C:\WINDOWS\system32\DRIVERS\winbondhidcir.sys [2007-05-30 21504]
S2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys []
S3 BTWDNDIS;Bluetooth-LAN-Zugangsserver; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2007-03-23 149123]
S3 btwhid;btwhid; C:\WINDOWS\system32\DRIVERS\btwhid.sys [2007-03-31 55352]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2007-03-23 67960]
S3 CCDECODE;Untertiteldecoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys []
S3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NETw4x32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw4x32.sys [2007-04-27 2203520]
S3 sffdisk;SFF-Speicherklassentreiber; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-13 11904]
S3 sffp_sd;SFF-Speicherprotokolltreiber für SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-13 11008]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA-IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS [2006-06-09 6909]
S3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 usbvideo;USB-Videogerät (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys []
S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Programme\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Programme\Avira\AntiVir Desktop\avguard.exe [2009-08-05 185089]
R2 btwdins;Bluetooth Service; C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2007-04-01 273256]
R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2009-10-21 153376]
S2 gupdate;Google Update Service (gupdate); C:\Programme\Google\Update\GoogleUpdate.exe [2009-10-06 133104]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

cosinus 01.02.2010 11:17
Mach bitte ein Log mit CF:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
http://saved.im/mtm0nzyzmzd5/cofi.jpg
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.


Alle Zeitangaben in WEZ +1. Es ist jetzt 08:39 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131