| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Maleware DefenseWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
01.01.2010, 22:55
| #1 |
 |  Maleware Defense Hallo und frohes neues Jahr erst mal ! Bei mir fängt das neue Jahr schon gut an. Mein Sohn hat mir auf meinem Rechner das Maleware Defense Programm eingefangen. Die Viren und Würmer liefert das Programm scheinbar gleich mit. Ich kann mich vor Sicherheitsmeldungen und System-Alarmen im Minutentakt jedenfalls nicht mehr retten und ständig wird mir das Programm zum Kauf angeboten. Mein Antivir wurde von dem Programm scheinbar deinstalliert. Eine Neuinstallation von Antivir ist fehlgeschlagen. Könnt Ihr mir helfen? Den CC-cleaner hab ich bereits duchlaufen lassen. Betriebssystemname Microsoft Windows XP Professional Version 5.1.2600 Service Pack 2 Build 2600 Betriebssystemhersteller Microsoft Corporation Systemname ********* Systemhersteller To Be Filled By O.E.M. Systemmodell To Be Filled By O.E.M. Systemtyp X86-basierter PC Prozessor x86 Family 15 Model 44 Stepping 2 AuthenticAMD ~1808 Mhz BIOS-Version/-Datum American Megatrends Inc. P1.20, 26.09.2006 SMBIOS-Version 2.4 Windows-Verzeichnis C:\WINDOWS Systemverzeichnis C:\WINDOWS\system32 Startgerät \Device\HarddiskVolume1 Gebietsschema Deutschland Hardwareabstraktionsebene Version = "5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" Benutzername ****\****l Zeitzone Westeuropäische Normalzeit Gesamter realer Speicher 512,00 MB Verfügbarer realer Speicher 108,11 MB Gesamter virtueller Speicher 2,00 GB Verfügbarer virtueller Speicher 1,96 GB Größe der Auslagerungsdatei 1,03 GB Auslagerungsdatei C:\pagefile.sys Ich benutze einen DSL-Anschluss der Telekom. Malewarebytes lässt der Rechner mich nicht installieren. Hier die beiden RSIT-Infos: Code:
ATTFilter Logfile of random's system information tool 1.06 (written by random/random) Run by Michael at 2010-01-01 22:56:18 Microsoft Windows XP Professional Service Pack 2 System drive C: has 78 GB (60%) free of 131 GB Total RAM: 447 MB (34% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:56:25, on 01.01.2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\RTHDCPL.EXE C:\Programme\QuickTime\qttask.exe C:\Programme\SweetIM\Messenger\SweetIM.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\Programme\Gemeinsame Dateien\AAV\aavus.exe C:\Programme\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\DOKUME~1\Michael\LOKALE~1\Temp\settdebugx.exe C:\Programme\ICQ6Toolbar\ICQ Service.exe C:\Programme\Java\jre6\bin\jqs.exe C:\Programme\Microsoft Office\Office\1031\OLFSNT40.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wbem\wmiapsrv.exe C:\DOKUME~1\Michael\LOKALE~1\Temp\wscsvc32.exe C:\Programme\Malware Defense\mdefense.exe C:\Dokumente und Einstellungen\Michael\Desktop\RSIT.exe C:\Programme\trend micro\Michael.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://de.ask.com?o=15015&l=dis R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://home.sweetim.com R3 - URLSearchHook: (no name) - - (no file) R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgHelper.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programme\real\realplayer\rpbrowserrecordplugin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SweetIM] C:\Programme\SweetIM\Messenger\SweetIM.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [swg] "C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Programme\Alcohol Soft\Alcohol 120\axcmd.exe" /automount O4 - HKCU\..\Run: [settdebugx.exe] C:\DOKUME~1\Michael\LOKALE~1\Temp\settdebugx.exe O4 - HKCU\..\Run: [Malware Defense] "C:\Programme\Malware Defense\mdefense.exe" -noscan O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Programme\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Symantec Fax Starter Edition-Anschluss.lnk = C:\Programme\Microsoft Office\Office\1031\OLFSNT40.EXE O8 - Extra context menu item: Google Sidewiki... - res://C:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - h**p://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab O23 - Service: AAV UpdateService - Unknown owner - C:\Programme\Gemeinsame Dateien\AAV\aavus.exe O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: ICQ Service - Unknown owner - C:\Programme\ICQ6Toolbar\ICQ Service.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- End of file - 7174 bytes ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Adobe PDF Reader Link Helper - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 63128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}] RealPlayer Download and Record Plugin for Internet Explorer - c:\programme\real\realplayer\rpbrowserrecordplugin.dll [2009-09-14 329312] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll [2009-12-27 263280] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Programme\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-11-17 764912] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Programme\Java\jre6\bin\jp2ssv.dll [2009-12-15 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-12-15 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}] SweetIM Toolbar Helper - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2008-10-08 1172792] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Programme\ICQ6Toolbar\ICQToolBar.dll [2008-12-09 958200] {EEE6C35B-6118-11DC-9C72-001320C79847} - SweetIM Toolbar for Internet Explorer - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2008-10-08 1172792] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll [2009-12-27 263280] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-07-12 7626752] "nwiz"=nwiz.exe /install [] "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-07-12 86016] "SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488] "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-08-01 16049664] "NeroFilterCheck"=C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe [2006-01-12 155648] "QuickTime Task"=C:\Programme\QuickTime\qttask.exe [2007-02-03 77824] "SweetIM"=C:\Programme\SweetIM\Messenger\SweetIM.exe [2009-03-05 111928] "TkBellExe"=C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe [2009-09-14 198160] "SunJavaUpdateSched"=C:\Programme\Java\jre6\bin\jusched.exe [2009-10-11 149280] "avgnt"=C:\Programme\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe [2006-03-01 90112] "swg"=C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-03-14 68856] "AlcoholAutomount"=C:\Programme\Alcohol Soft\Alcohol 120\axcmd.exe [2009-02-23 203928] "settdebugx.exe"=C:\DOKUME~1\Michael\LOKALE~1\Temp\settdebugx.exe [2009-12-31 716800] "Malware Defense"=C:\Programme\Malware Defense\mdefense.exe [2010-01-01 1756088] C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart Adobe Reader - Schnellstart.lnk - C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe Microsoft Office.lnk - C:\Programme\Microsoft Office\Office\OSA9.EXE Symantec Fax Starter Edition-Anschluss.lnk - C:\Programme\Microsoft Office\Office\1031\OLFSNT40.EXE [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"= "NoDrives"= "NoDriveAutoRun"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Programme\Microsoft ActiveSync\wcescomm.exe"="C:\Programme\Microsoft ActiveSync\wcescomm.exe:*:Enabled:ActiveSync Connection Manager" "C:\Programme\Microsoft ActiveSync\WCESMgr.exe"="C:\Programme\Microsoft ActiveSync\WCESMgr.exe:*:Enabled:ActiveSync Application" "C:\Programme\LimeWire\LimeWire.exe"="C:\Programme\LimeWire\LimeWire.exe:*:Enabled:LimeWire" "C:\Programme\ICQ6.5\ICQ.exe"="C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6" "C:\WINDOWS\system32\Socks.exe"="C:\WINDOWS\system32\Socks.exe:*:Disabled:Socks" "C:\Programme\World of Warcraft Trial\WoW-3.1.2.9926-to-3.2.0.10194-deDE-Trial-downloader.exe"="C:\Programme\World of Warcraft Trial\WoW-3.1.2.9926-to-3.2.0.10194-deDE-Trial-downloader.exe:*:Enabled:Blizzard Downloader" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a856e8b0-4de4-11de-874b-00138ff516bc}] shell\AutoRun\command - H:\Toshiba\more4you.exe ======List of files/folders created in the last 1 months====== 2010-01-01 22:56:20 ----D---- C:\Programme\trend micro 2010-01-01 22:56:18 ----D---- C:\rsit 2009-12-31 19:11:06 ----A---- C:\WINDOWS\system32\MFC71.dll 2009-12-31 19:09:19 ----D---- C:\Programme\Malware Defense 2009-12-31 19:05:22 ----D---- C:\Programme\Avira 2009-12-31 19:05:22 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira 2009-12-31 11:58:45 ----A---- C:\WINDOWS\system32\krl32mainweq.dll 2009-12-31 11:56:38 ----A---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\sysReserve.ini 2009-12-30 16:51:11 ----D---- C:\Programme\Gemeinsame Dateien\DivX Shared 2009-12-27 09:25:48 ----D---- C:\Programme\Alcohol Soft 2009-12-23 16:18:36 ----D---- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\TubeBox 2009-12-23 16:17:34 ----D---- C:\Programme\Jens Lorek 2009-12-20 09:34:00 ----A---- C:\WINDOWS\system32\javaws.exe 2009-12-20 09:34:00 ----A---- C:\WINDOWS\system32\javaw.exe 2009-12-20 09:34:00 ----A---- C:\WINDOWS\system32\java.exe ======List of files/folders modified in the last 1 months====== 2010-01-01 22:56:20 ----RD---- C:\Programme 2010-01-01 22:54:26 ----D---- C:\WINDOWS 2010-01-01 22:54:25 ----D---- C:\WINDOWS\system32 2010-01-01 22:54:23 ----D---- C:\WINDOWS\system32\drivers 2010-01-01 22:00:35 ----D---- C:\Programme\Mozilla Firefox 2010-01-01 22:00:34 ----D---- C:\WINDOWS\temp 2010-01-01 21:47:37 ----D---- C:\WINDOWS\Prefetch 2009-12-31 22:15:13 ----N---- C:\WINDOWS\SchedLgU.Txt 2009-12-31 22:11:50 ----SHD---- C:\WINDOWS\Installer 2009-12-31 22:11:50 ----SD---- C:\WINDOWS\Tasks 2009-12-31 19:05:30 ----HD---- C:\WINDOWS\inf 2009-12-31 19:05:29 ----D---- C:\WINDOWS\system32\CatRoot2 2009-12-31 19:04:01 ----D---- C:\WINDOWS\WinSxS 2009-12-31 18:15:41 ----SD---- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Microsoft 2009-12-31 17:23:19 ----D---- C:\WINDOWS\Help 2009-12-31 17:23:19 ----D---- C:\Programme\Microsoft ActiveSync 2009-12-31 12:27:54 ----D---- C:\Programme\ICQ6.5 2009-12-31 12:21:03 ----A---- C:\WINDOWS\winamp.ini 2009-12-30 16:52:08 ----D---- C:\Programme\DivX 2009-12-30 16:51:11 ----D---- C:\Programme\Gemeinsame Dateien 2009-12-30 16:45:50 ----A---- C:\WINDOWS\NeroDigital.ini 2009-12-23 12:20:24 ----D---- C:\Programme\Pingus 2009-12-20 09:33:56 ----D---- C:\Programme\Java 2009-12-06 13:26:30 ----D---- C:\Programme\Gemeinsame Dateien\Teleca Shared 2009-12-06 13:25:41 ----DC---- C:\WINDOWS\system32\DRVSTORE 2009-12-06 13:19:37 ----D---- C:\Programme\PW2 2009-12-06 13:19:23 ----HD---- C:\Programme\InstallShield Installation Information 2009-12-06 13:18:51 ----D---- C:\ElDorado 2009-12-06 13:18:42 ----D---- C:\BMW M3 Challenge 2009-12-06 13:06:21 ----D---- C:\Terzio ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 AmdK8;AMD-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-06-18 43520] R1 avgio;avgio; \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520] R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-11-25 56816] R2 irda;IrDA-Protokoll; C:\WINDOWS\System32\DRIVERS\irda.sys [2004-08-03 87424] R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752] R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-08-01 4356608] R3 irsir;Microsoft serieller Infrarottreiber; C:\WINDOWS\System32\DRIVERS\irsir.sys [2001-08-17 18688] R3 ms_mpu401;Microsoft MPU-401 MIDI UART-Treiber; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-07-12 3934592] R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-07-11 57856] R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-07-11 20480] R3 Rasirda;WAN-Miniport (IrDA); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2001-08-17 19584] R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624] R3 usbhub;USB2-aktivierter Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600] R3 usbohci;Miniporttreiber für Microsoft USB Open Host-Controller; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2004-08-03 17024] S3 a9unlyf3;a9unlyf3; C:\WINDOWS\system32\drivers\a9unlyf3.sys [] S3 SE2Ebus;Sony Ericsson Device 046 Driver driver (WDM); C:\WINDOWS\system32\DRIVERS\SE2Ebus.sys [2006-11-10 61600] S3 SE2Emdfl;Sony Ericsson Device 046 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\SE2Emdfl.sys [2006-11-10 9360] S3 SE2Emdm;Sony Ericsson Device 046 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\SE2Emdm.sys [2006-11-10 97184] S3 SE2Emgmt;Sony Ericsson Device 046 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\SE2Emgmt.sys [2006-11-10 88688] S3 se2End5;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (NDIS); C:\WINDOWS\system32\DRIVERS\se2End5.sys [2006-11-10 18704] S3 SE2Eobex;Sony Ericsson Device 046 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\SE2Eobex.sys [2006-11-10 86560] S3 se2Eunic;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (WDM); C:\WINDOWS\system32\DRIVERS\se2Eunic.sys [2006-11-10 90800] S3 usbscan;USB-Scannertreiber; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104] S3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496] S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2003-12-22 104064] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AAV UpdateService;AAV UpdateService; C:\Programme\Gemeinsame Dateien\AAV\aavus.exe [2007-10-04 122880] R2 ICQ Service;ICQ Service; C:\Programme\ICQ6Toolbar\ICQ Service.exe [2008-10-19 222456] R2 Irmon;Infrarotüberwachung; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336] R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2009-10-11 153376] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-07-12 155715] R2 StarWindServiceAE;StarWind AE Service; C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968] S2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Programme\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289] S2 AntiVirService;Avira AntiVir Guard; C:\Programme\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240] S3 gusvc;Google Software Updater; C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-01 182768] S3 IDriverT;InstallDriver Table Manager; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632] -----------------EOF----------------- Code:
ATTFilter info.txt logfile of random's system information tool 1.06 2010-01-01 22:56:27
======Uninstall list======
-->C:\Programme\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\Programme\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.65-->"C:\Programme\7-Zip\Uninstall.exe"
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0.8 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A70800000002}
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Avira AntiVir Personal - Free Antivirus-->C:\Programme\Avira\AntiVir Desktop\setup.exe /REMOVE
CCleaner-->"C:\Programme\CCleaner\uninst.exe"
CDex extraction audio-->"C:\Programme\CDex_150\uninstall.exe"
DivX Codec-->C:\Programme\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Programme\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Programme\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Programme\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Plus Web Player-->C:\Programme\DivX\DivXWebPlayerUninstall.exe /PLUGIN
FLV Player-->"C:\WINDOWS\FLV Player\uninstall.exe" "/U:C:\Programme\FLV Player\Uninstall\uninstall.xml"
Free Audio CD Burner version 1.2-->"C:\Programme\DVDVideoSoft\Free Audio CD Burner\unins000.exe"
Free YouTube to MP3 Converter version 3.2-->"C:\Programme\DVDVideoSoft\Free YouTube to MP3 Converter\unins000.exe"
Google Toolbar for Internet Explorer-->"C:\Programme\Google\Google Toolbar\Component\GoogleToolbarManager_0E996B068B56FCA2.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
HijackThis 2.0.2-->"C:\Programme\HiJackThis\HijackThis.exe" /uninstall
ICQ Toolbar-->C:\Programme\ICQ6Toolbar\ICQUnToolbar.exe
ICQ6.5-->"C:\Programme\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly
Java(TM) 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) 6 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
LimeWire 4.18.8-->"C:\Programme\LimeWire\uninstall.exe"
Malware Defense-->C:\Programme\Malware Defense\Uninstall.exe
Microsoft .NET Framework 2.0 Language Pack - DEU-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - DEU\install.exe
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Office 2000 Premium-->MsiExec.exe /I{00000407-78E1-11D2-B60F-006097C998E7}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Mozilla Firefox (3.5.6)-->C:\Programme\Mozilla Firefox\uninstall\helper.exe
Nero 7 Demo-->MsiExec.exe /I{79F71DBA-38D0-D6C4-DF6C-335C37091031}
NVIDIA Drivers-->C:\WINDOWS\system32\nvuide.exe UninstallGUI
Picasa 2-->"C:\Programme\Picasa2\Uninstall.exe"
PowerVideoMaker Professional 4.3-->"C:\Programme\Presentersoft PowerVideoMaker\unins000.exe"
QuickTime-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
RealPlayer-->C:\Programme\Gemeinsame Dateien\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|12.0
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x7 -removeonly
Steuer-Spar-Erklärung 2007-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{B7088B71-86FC-4F5E-B295-68FAB7B6C85B}\setup.exe" -l0x7
Steuer-Spar-Erklärung 2008-->MsiExec.exe /I{BBE67B86-FCD7-4D3C-8B00-063DEAD8E30C}
SweetIM for Messenger 2.6-->MsiExec.exe /X{023EC958-023C-42D1-B2A4-E9E4BEF599FC}
SweetIM Toolbar for Internet Explorer 3.3-->MsiExec.exe /X{266C7330-C0F4-49E5-8F20-A56F9F822875}
TOGGO PC-Spielebox 3-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{33A0EF0C-A1A1-49C6-A5FF-E75507A41CF3}\Setup.exe" -l0x7
Uninstall 1.0.0.1-->"C:\Programme\Gemeinsame Dateien\DVDVideoSoft\unins000.exe"
Unity Web Player-->C:\Programme\Unity\WebPlayer\Uninstall.exe
VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421}
Viewpoint Media Player (Remove Only)-->C:\Programme\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
VLC media player 0.9.9-->C:\Programme\VideoLAN\VLC\uninstall.exe
Vorschule-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{E04B3C9C-9BCE-4BD1-A641-7E2BB0502290}\setup.exe"
Winamp (nur entfernen)-->"C:\Programme\Winamp\deinstwa.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows XP Service Pack 2-->C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe
Windows-Treiberpaket - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /d /u C:\WINDOWS\system32\DRVSTORE\amdk8_87B606860B720724BEB5DCEB69E8628A61DE0A7E\amdk8.inf
WinRAR-->C:\Programme\WinRAR\uninstall.exe
xp-AntiSpy 3.96-2-->C:\Programme\xp-AntiSpy\Uninstall.exe
======Security center information======
AV: Malware Defense (outdated)
AV: AntiVir Desktop (disabled) (outdated)
======System event log======
Computer Name: ***
Event Code: 7035
Message: Der Steuerbefehl "starten" wurde erfolgreich an den Dienst "WMI-Leistungsadapter" gesendet.
Record Number: 19779
Source Name: Service Control Manager
Time Written: 20091125203154.000000+060
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM
Computer Name: ***
Event Code: 7036
Message: Dienst "Gatewaydienst auf Anwendungsebene" befindet sich jetzt im Status "Ausgeführt".
Record Number: 19778
Source Name: Service Control Manager
Time Written: 20091125203153.000000+060
Event Type: Informationen
User:
Computer Name: ***
Event Code: 7035
Message: Der Steuerbefehl "starten" wurde erfolgreich an den Dienst "Gatewaydienst auf Anwendungsebene" gesendet.
Record Number: 19777
Source Name: Service Control Manager
Time Written: 20091125203153.000000+060
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM
Computer Name: ***
Event Code: 7036
Message: Dienst "RAS-Verbindungsverwaltung" befindet sich jetzt im Status "Ausgeführt".
Record Number: 19776
Source Name: Service Control Manager
Time Written: 20091125203153.000000+060
Event Type: Informationen
User:
Computer Name: ***
Event Code: 7036
Message: Dienst "SSDP-Suchdienst" befindet sich jetzt im Status "Ausgeführt".
Record Number: 19775
Source Name: Service Control Manager
Time Written: 20091125203153.000000+060
Event Type: Informationen
User:
=====Application event log=====
Computer Name: ***
Event Code: 103
Message: wuaueng.dll (2068) SUS20ClientDataStore: Das Datenbankmodul hat die Instanz (0) beendet.
Record Number: 6168
Source Name: ESENT
Time Written: 20090706215050.000000+120
Event Type: Informationen
User:
Computer Name: ***
Event Code: 102
Message: wuaueng.dll (2068) SUS20ClientDataStore: Das Datenbankmodul hat eine neue Instanz gestartet (0).
Record Number: 6167
Source Name: ESENT
Time Written: 20090706214547.000000+120
Event Type: Informationen
User:
Computer Name: ***
Event Code: 100
Message: wuauclt (2068) Das Datenbankmodul 5.01.2600.2180 ist gestartet.
Record Number: 6166
Source Name: ESENT
Time Written: 20090706214547.000000+120
Event Type: Informationen
User:
Computer Name: ***
Event Code: 1800
Message: Der Windows-Sicherheitscenterdienst wurde gestartet.
Record Number: 6165
Source Name: SecurityCenter
Time Written: 20090706214507.000000+120
Event Type: Informationen
User:
Computer Name: ***
Event Code: 4096
Message: Der AntiVir Dienst wurde erfolgreich gestartet!
Record Number: 6164
Source Name: Avira AntiVir
Time Written: 20090706214504.000000+120
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Programme\Gemeinsame Dateien\Teleca Shared;C:\Programme\Gemeinsame Dateien\DivX Shared\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 44 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=2c02
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
-----------------EOF-----------------
Vielen Dank für Eure Mühe und viele Grüße minilu Geändert von minilu (01.01.2010 um 23:10 Uhr) |
| Themen zu Maleware Defense |
| antivir, avgnt, avgnt.exe, avgntflt.sys, build, defense, device, frohes, fängt, hkus\s-1-5-18, install.exe, liefert, maleware, malware defense, minute, minuten, msiexec.exe, neues, neuinstallation, nicht mehr, nodrives, picasa, plug-in, programm, rechner, retten, rsit, schei, service, service pack 2, sp2, sweetim, toolbars, viren, virtueller, windows, windows xp, windows-sicherheitscenterdienst, wuauclt, würmer |
Baum-Darstellung