| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: TR/Agent.ruo in C:\Windows\system32\ntnluj.dllWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
28.03.2010, 15:51
| #1 |
| |  TR/Agent.ruo in C:\Windows\system32\ntnluj.dll Hallo, ich bin neu hier und habe gesehen, dass mehrere Leute probleme mit dme selben Trojaner haben, aber in anderen dateien ... wie auch einige der Vorposter hoffe ich daher, dass es in Ordnung ist, dass ich meinen eigenen Thread eröffne... wie in diesem Thread beschrieben http://www.trojaner-board.de/69886-a...-beachten.html habe ich eine analyse meines systems ausgeführt und alles gelöscht: Malwarebytes' Anti-Malware 1.44 Datenbank Version: 3923 Windows 6.0.6000 Internet Explorer 7.0.6000.16890 28.03.2010 16:40:08 mbam-log-2010-03-28 (16-40-08).txt Scan-Methode: Quick-Scan Durchsuchte Objekte: 111370 Laufzeit: 6 minute(s), 50 second(s) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 3 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 1 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CURRENT_USER\SOFTWARE\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\PlayMP3 (Adware.PLayMP3z) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{8f67e146-fb6c-418f-9fe5-37aa2206d92e} (Trojan.Vundo) -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Windows\System32\h@tkeysh@@k.dll (Trojan.Agent) -> Quarantined and deleted successfully. Und dann noch ein Scan mit OSAM: Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 16:49:42 on 28.03.2010 OS: Windows Vista Home Premium Edition (Build 6000), 32-bit Default Browser: Opera Software Opera Internet Browser 10.51 Scanner Settings Rootkits detection (hidden registry) Rootkits detection (hidden files) Retrieve files information Check Microsoft signatures Filters Trusted entries Empty entries Hidden registry entries (rootkit activity) Exclusively opened files Not found files Files without detailed information Existing files Non-startable services Non-startable drivers Active entries Disabled entries Risk Name Publisher Full Path Status Common %SystemRoot%\Tasks |||| "GoogleUpdateTaskMachineCore.job" "Google Inc." C:\Program Files\Google\Update\GoogleUpdate.exe File exists |||| "GoogleUpdateTaskMachineUA.job" "Google Inc." C:\Program Files\Google\Update\GoogleUpdate.exe File exists |||| "Google Software Updater.job" "Google" C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe File exists Control Panel Objects %SystemRoot%\system32 |||||| "BDEADMIN.CPL" C:\Windows\system32\BDEADMIN.CPL File exists |||||| "PhysX.cpl" "NVIDIA Corporation" C:\Windows\system32\PhysX.cpl File exists HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls |||||| "Nero BurnRights" "Nero AG" C:\Program Files\Nero\Nero 7\Nero Toolkit\NeroBurnRights.cpl File exists |||||| "QuickTime" "Apple Inc." C:\Program Files\QuickTime\QTSystem\QuickTime.cpl File exists || "ToSysCnf" "Deutsche Telekom AG, Marmiko IT-Solutions GmbH" C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToSysCnf.cpl File exists Drivers HKLM\SYSTEM\CurrentControlSet\Services |||||| "atksgt" (atksgt) C:\Windows\System32\DRIVERS\atksgt.sys File found, but it contains no detailed information |||||| "avgio" (avgio) "Avira GmbH" C:\Program Files\Avira\AntiVir Desktop\avgio.sys File exists "avgntflt" (avgntflt) "Avira GmbH" C:\Windows\System32\DRIVERS\avgntflt.sys File exists "avipbb" (avipbb) "Avira GmbH" C:\Windows\System32\DRIVERS\avipbb.sys File exists "EagleNT" (EagleNT) C:\Windows\system32\drivers\EagleNT.sys File not found |||||| "Hamachi Network Interface" (hamachi) "LogMeIn, Inc." C:\Windows\System32\DRIVERS\hamachi.sys File exists |||||| "HH9Help.sys" (HH9Help.sys) "H+H Software GmbH" C:\Windows\system32\drivers\HH9Help.sys File exists "IP in IP Tunnel Driver" (IpInIp) C:\Windows\System32\DRIVERS\ipinip.sys File not found "IPX Traffic Filter Driver" (NwlnkFlt) C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found "IPX Traffic Forwarder Driver" (NwlnkFwd) C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found |||||| "ISO DVD/CD-ROM Device Driver" (ISODrive) "EZB Systems, Inc." C:\Program Files\UltraISO\drivers\ISODrive.sys File exists "kbdqgmj" (kbdqgmj) "Microsoft Corporation" C:\Windows\system32\drivers\kbdqgmj.sys File exists |||||| "lirsgt" (lirsgt) C:\Windows\System32\DRIVERS\lirsgt.sys File found, but it contains no detailed information |||||| "MBAMSwissArmy" (MBAMSwissArmy) "Malwarebytes Corporation" C:\Windows\system32\drivers\mbamswissarmy.sys File exists "mdxgthkn" (mdxgthkn) C:\Users\CHRIST~1\AppData\Local\Temp\mdxgthkn.sys File not found |||||| "MIINPazX NDIS Protocol Driver" (MIINPazX) "Deutsche Telekom AG, Marmiko IT-Solutions GmbH" C:\PROGRA~1\COMMON~1\MARMIK~1\MInfraIS\MIINPazX.SYS File exists |||||| "MTOnlPktAlyX NDIS Protocol Driver" (MTOnlPktAlyX) "Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH" C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis1\MTOnlPktAlyX.SYS File exists |||||| "REDLIGHT" (REDLIGHT) "BufferZone" C:\Windows\System32\drivers\REDLIGHT.SYS File exists |||||| "sptd" (sptd) "Duplex Secure Ltd." C:\Windows\System32\Drivers\sptd.sys File is exclusively opened, access blocked "ssmdrv" (ssmdrv) "Avira GmbH" C:\Windows\System32\DRIVERS\ssmdrv.sys File exists |||||| "StarForce Protection Environment Driver v6" (prodrv06) "Protection Technology" C:\Windows\System32\drivers\prodrv06.sys File exists |||||| "StarForce Protection Helper Driver" (sfhlp01) "Protection Technology" C:\Windows\System32\drivers\sfhlp01.sys File exists |||||| "StarForce Protection Helper Driver v2" (prohlp02) "Protection Technology" C:\Windows\System32\drivers\prohlp02.sys File exists |||||| "StarForce Protection Synchronization Driver v1" (prosync1) "Protection Technology" C:\Windows\System32\drivers\prosync1.sys File exists |||||| "StyleXPHelper" (StyleXPHelper) "Windows (R) 2000 DDK provider" C:\Program Files\TGTSoft\StyleXP\StyleXPHelper.exe File exists |||||| "vdrv9000" (vdrv9000) "H+H Software GmbH" C:\Windows\System32\DRIVERS\vdrv9000.sys Hidden registry entry, rootkit activity | File signed by Microsoft Explorer HKLM\Software\Classes\Folder\shellex\ColumnHandlers |||||| {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" "Adobe Systems, Inc." C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll File exists HKLM\Software\Classes\Protocols\Filter |||||| {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" "Microsoft Corporation" C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL File exists HKLM\Software\Classes\Protocols\Handler |||||| {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" "Microsoft Corporation" C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll File exists |||||| {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" "Skype Technologies" C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL File exists |||||| {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" "Microsoft Corporation" C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll File exists HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" File not found | COM-object registry key not found |||||| {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" "Igor Pavlov" C:\Program Files\7-Zip\7-zip.dll File exists {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" File not found | COM-object registry key not found {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" File not found | COM-object registry key not found |||||| {E2958773-ACDB-4553-A069-A1EEB4AFBA0F} "BufferZone context menu" C:\Windows\system32\RlShellExt.dll File exists {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" File not found | COM-object registry key not found |||||| {94586423-855F-4EB2-9F6A-D9DA5658DBE3} "Context menu" C:\PROGRA~1\FREEM4~1\m4a_menu.dll File found, but it contains no detailed information {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" File not found | COM-object registry key not found {00020d75-0000-0000-c000-000000000046} "lnkfile" File not found | COM-object registry key not found |||||| {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office12\msohevi.dll File exists |||||| {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" "Microsoft Corporation" C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll File exists |||||| {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" "Microsoft Corporation" C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL File exists |||||| {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" "Microsoft Corporation" C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll File exists {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" File not found | COM-object registry key not found {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" File not found | COM-object registry key not found {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" "Avira GmbH" C:\Program Files\Avira\AntiVir Desktop\shlext.dll File exists |||||| {5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll File exists |||||| {37ADBD0B-11EC-4A2C-9F93-5C3ACC7994DF} "SxBufferZoneOverlay" C:\Windows\system32\RlShellExt.dll File exists |||||| {F594B094-8768-4632-8143-12852EBBD688} "SxConfidentialOverlay" C:\Windows\system32\RlShellExt.dll File exists |||||| {F1A1DA12-E651-4AD0-A1A0-6214546B2F9D} "SxForbiddenOverlay" C:\Windows\system32\RlShellExt.dll File exists |||||| {E4FC4B31-8A4F-45E6-BDAC-28F612371FE3} "SxUnknownOverlay" C:\Windows\system32\RlShellExt.dll File exists |||||| {AD392E40-428C-459F-961E-9B147782D099} "UIContextMenu Class" "EZB Systems, Inc." C:\Program Files\UltraISO\isoshell.dll File exists {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" File not found | COM-object registry key not found |||||| {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" C:\Program Files\WinRAR\rarext.dll File found, but it contains no detailed information Internet Explorer HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser "ITBar7Layout" File not found | COM-object registry key not found "{855F3B16-6D32-4FE6-8A56-BBB695989046}" File not found | COM-object registry key not found HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units |||| {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} "Java Plug-in 1.6.0_05" hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab "Sun Microsystems, Inc." C:\Program Files\Java\jre6\bin\jp2iexp.dll File exists |||| {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} "Java Plug-in 1.6.0_07" hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab "Sun Microsystems, Inc." C:\Program Files\Java\jre6\bin\jp2iexp.dll File exists |||| {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_15" hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab "Sun Microsystems, Inc." C:\Program Files\Java\jre6\bin\jp2iexp.dll File exists |||| {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} "Java Plug-in 1.6.0_15" hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab "Sun Microsystems, Inc." C:\Program Files\Java\jre6\bin\jp2iexp.dll File exists |||| {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_15" hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab "Sun Microsystems, Inc." C:\Program Files\Java\jre6\bin\npjpi160_15.dll File exists HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions |||| {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" "Microsoft Corporation" C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll File exists |||| "ICQ6" "ICQ, LLC." C:\Program Files\ICQ6.5\ICQ.exe File exists |||| {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" "Microsoft Corporation" C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL File exists HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects |||||| {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" "Adobe Systems Incorporated" C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll File exists |||| {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" "Google Inc." C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll File exists |||| {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" "Sun Microsystems, Inc." C:\Program Files\Java\jre6\bin\jp2ssv.dll File exists Logon %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup |||| "OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE Shortcut exists | File exists |||||| "desktop.ini" C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini File exists %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup |||||| "desktop.ini" C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini File exists HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run || "T-Online_Software_6\WLAN-Access Finder" "Deutsche Telekom AG, Marmiko IT-Solutions GmbH" C:\Program Files\T-Online\WLAN-Access Finder\ToWLaAcF.exe /StartMinimized File exists HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd "StartupPrograms" rdpclip File not found HKLM\Software\Microsoft\Windows\CurrentVersion\Run |||| "Adobe Reader Speed Launcher" "Adobe Systems Incorporated" "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" File exists "avgnt" "Avira GmbH" "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min File exists || "FreePDF Assistant" "shbox.de" C:\Program Files\FreePDF_XP\fpassist.exe File exists |||| "NeroFilterCheck" "Nero AG" C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe File exists |||| "QuickTime Task" "Apple Inc." "C:\Program Files\QuickTime\QTTask.exe" -atboottime File exists |||| "StartCCC" c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe File found, but it contains no detailed information || "ToADiMon.exe" "Deutsche Telekom AG, Marmiko IT-Solutions GmbH" C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe -TOnlineAutodialStart File exists HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce |||||| "Malwarebytes' Anti-Malware" "Malwarebytes Corporation" D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent File exists Print Monitors HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors |||||| "PDFConverter" C:\Windows\system32\pdfmonnt.dll File found, but it contains no detailed information |||||| "PDFCreator" C:\Windows\system32\pdfcmnnt.dll File found, but it contains no detailed information |||||| "Redirected Port" C:\Windows\system32\redmonnt.dll File found, but it contains no detailed information |||||| "Send To Microsoft OneNote Monitor" "Microsoft Corporation" C:\Windows\system32\msonpmon.dll File exists Services HKLM\SYSTEM\CurrentControlSet\Services |||||| "Automatisches LiveUpdate - Scheduler" (Automatisches LiveUpdate - Scheduler) "Symantec Corporation" C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe File exists "Avira AntiVir Guard" (AntiVirService) "Avira GmbH" C:\Program Files\Avira\AntiVir Desktop\avguard.exe File exists "Avira AntiVir Planer" (AntiVirSchedulerService) "Avira GmbH" C:\Program Files\Avira\AntiVir Desktop\sched.exe File exists |||||| "Cyberlink RichVideo Service(CRVS)" (RichVideo) C:\Program Files\CyberLink\Shared Files\RichVideo.exe File exists |||||| "Firebird Server - MAGIX Instance" (FirebirdServerMAGIXInstance) "MAGIX®" D:\Program Files\MAGIX\Common\Database\bin\fbserver.exe File exists |||||| "Fujitsu Siemens Computers Diagnostic Testhandler" (TestHandler) "Fujitsu Siemens Computers" C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe File exists |||| "getPlus(R) Helper" (getPlus(R) Helper) "NOS Microsystems Ltd." C:\Program Files\NOS\bin\getPlus_HelperSvc.exe File exists |||| "Google Software Updater" (gusvc) "Google" C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe File exists |||| "Google Update Service (gupdate1c9907fa83fb576)" (gupdate1c9907fa83fb576) "Google Inc." C:\Program Files\Google\Update\GoogleUpdate.exe File exists |||| "InstallDriver Table Manager" (IDriverT) "Macrovision Corporation" C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe File exists |||||| "LiveUpdate" (LiveUpdate) "Symantec Corporation" C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE File exists || "LogMeIn Hamachi 2.0 Tunneling Engine" (Hamachi2Svc) "LogMeIn Inc." C:\Program Files\LogMeIn Hamachi\hamachi-2.exe File exists |||||| "Microsoft Office Diagnostics Service" (odserv) "Microsoft Corporation" C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE File exists |||||| "NMIndexingService" (NMIndexingService) "Nero AG" C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe File exists "nProtect GameGuard Service" (npggsvc) "INCA Internet Co., Ltd." C:\Windows\system32\GameMon.des File exists |||||| "Office Source Engine" (ose) "Microsoft Corporation" C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE File exists |||||| "PnkBstrA" (PnkBstrA) C:\Windows\system32\PnkBstrA.exe File found, but it contains no detailed information |||||| "StyleXPService" (StyleXPService) C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe File exists "Symantec Lic NetConnect service" (CLTNetCnService) "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon File not found |||||| "Virtual CD v9 Management Service" (VC9SecS) "H+H Software GmbH" C:\Program Files\Virtual CD v9\System\VC9SecS.exe File exists If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru |
|
29.03.2010, 13:36
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | TR/Agent.ruo in C:\Windows\system32\ntnluj.dll__________________
__________________ |
|
29.03.2010, 19:21
| #3 |
| | TR/Agent.ruo in C:\Windows\system32\ntnluj.dll Malwarebytes' Anti-Malware 1.44
__________________Datenbank Version: 3923 Windows 6.0.6000 Internet Explorer 7.0.6000.16890 29.03.2010 20:08:23 mbam-log-2010-03-29 (20-08-23).txt Scan-Methode: Vollständiger Scan (C:\|D:\|) Durchsuchte Objekte: 332926 Laufzeit: 1 hour(s), 33 minute(s), 50 second(s) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Logfile of random's system information tool 1.06 (written by random/random) Run by Christian at 2010-03-29 20:10:26 Microsoft® Windows Vista™ Home Premium System drive C: has 29 GB (20%) free of 146 GB Total RAM: 2046 MB (6% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:10:55, on 29.03.2010 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16890) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Program Files\FreePDF_XP\fpassist.exe C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\T-Online\WLAN-Access Finder\ToWLaAcF.exe C:\Windows\ehome\ehtray.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Common Files\Marmiko Shared\MWLaMaS.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe D:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe C:\Program Files\Opera\opera.exe C:\Windows\system32\NOTEPAD.EXE C:\Windows\system32\SearchFilterHost.exe C:\Users\Christian\Desktop\RSIT.exe C:\Program Files\trend micro\Christian.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [ToADiMon.exe] C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe -TOnlineAutodialStart O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [T-Online_Software_6\WLAN-Access Finder] C:\Program Files\T-Online\WLAN-Access Finder\ToWLaAcF.exe /StartMinimized O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [InfoCockpit] C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE /nosplash (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [T-Online_Software_6\WLAN-Access Finder] C:\Program Files\T-Online\WLAN-Access Finder\ToWLaAcF.exe /StartMinimized (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [T-Online_Software_6\WLAN-Access Finder] C:\Program Files\T-Online\WLAN-Access Finder\ToWLaAcF.exe /StartMinimized (User 'Default user') O4 - Startup: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = Microsoft Office\Office12\ONENOTEM.EXE O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe O13 - Gopher Prefix: O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: Automatisches LiveUpdate - Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - D:\Program Files\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe O23 - Service: Google Update Service (gupdate1c9907fa83fb576) (gupdate1c9907fa83fb576) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing) O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe O23 - Service: Virtual CD v9 Management Service (VC9SecS) - H+H Software GmbH - C:\Program Files\Virtual CD v9\System\VC9SecS.exe -- End of file - 8291 bytes ======Scheduled tasks folder====== C:\Windows\tasks\Google Software Updater.job C:\Windows\tasks\GoogleUpdateTaskMachineCore.job C:\Windows\tasks\GoogleUpdateTaskMachineUA.job C:\Windows\tasks\User_Feed_Synchronization-{63A92369-401C-4AB5-9774-BDD26B9FDE26}.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-03-27 668656] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2007-08-20 1006264] "StartCCC"=c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112] "RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-04-10 4431872] "SMSERIAL"=C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [2006-11-22 630784] "NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-02-26 153136] "FreePDF Assistant"=C:\Program Files\FreePDF_XP\fpassist.exe [2007-06-26 312320] "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-05-27 413696] "ToADiMon.exe"=C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe [2007-02-15 282624] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696] "avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2010-03-02 282792] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "T-Online_Software_6\WLAN-Access Finder"=C:\Program Files\T-Online\WLAN-Access Finder\ToWLaAcF.exe [2007-07-25 671796] "ehTray.exe"=C:\Windows\ehome\ehTray.exe [2006-11-02 125440] "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-03-16 1232896] "WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-11-02 201728] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-25 149280] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrayServer] D:\Program Files\MAGIX\Filme_fuer_unterwegs_3\TrayServer.exe [2008-01-17 90112] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [2000-08-24 110592] C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "EnableLUA"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=91000000 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{58de99aa-3433-11df-9e8c-00030d796ac9}] shell\AutoRun\command - J:\Autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{72a97bb0-03e8-11dd-a257-00030d796ac9}] shell\AutoRun\command - J:\Autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7703a64b-75c7-11de-936e-00030d796ac9}] shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL bUiqI.Exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b0569010-156c-11df-9aff-00030d796ac9}] shell\AutoRun\command - K:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ba6169ac-b585-11dd-bf49-00030d796ac9}] shell\AutoRun\command - F:\Menu.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de60ab26-0a5d-11df-b4fc-00030d796ac9}] shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL bUIqI.eXE ======List of files/folders created in the last 1 months====== 2010-03-29 20:10:30 ----D---- C:\Program Files\trend micro 2010-03-29 20:10:26 ----D---- C:\rsit 2010-03-28 16:39:28 ----D---- C:\Program Files\Common Files\Online Solutions Shared 2010-03-28 16:30:47 ----D---- C:\Users\Christian\AppData\Roaming\Malwarebytes 2010-03-28 16:30:40 ----D---- C:\ProgramData\Malwarebytes 2010-03-25 10:07:36 ----D---- C:\Users\Christian\AppData\Roaming\Avira 2010-03-18 00:18:29 ----D---- C:\Program Files\RealVNC 2010-03-02 22:02:11 ----D---- C:\Program Files\LogMeIn Hamachi ======List of files/folders modified in the last 1 months====== 2010-03-29 20:10:38 ----D---- C:\Windows\Temp 2010-03-29 20:10:35 ----D---- C:\Windows\Prefetch 2010-03-29 20:10:30 ----RD---- C:\Program Files 2010-03-29 20:09:31 ----D---- C:\Users\Christian\AppData\Roaming\Skype 2010-03-29 19:34:23 ----D---- C:\Users\Christian\AppData\Roaming\teamspeak2 2010-03-29 16:01:12 ----D---- C:\Users\Christian\AppData\Roaming\skypePM 2010-03-29 13:49:25 ----D---- C:\Windows\Tasks 2010-03-29 13:49:19 ----D---- C:\ProgramData\Google Updater 2010-03-29 10:47:46 ----D---- C:\Windows\System32 2010-03-29 10:47:09 ----D---- C:\Program Files\Mozilla Firefox 2010-03-29 10:45:59 ----D---- C:\Windows\inf 2010-03-29 10:45:59 ----A---- C:\Windows\system32\PerfStringBackup.INI 2010-03-29 02:00:18 ----SHD---- C:\System Volume Information 2010-03-28 16:52:53 ----D---- C:\Windows\793CFFC9A72F431D9C742E9361E67D04.TMP 2010-03-28 16:52:52 ----D---- C:\Windows\system32\drivers 2010-03-28 16:39:33 ----SHD---- C:\Windows\Installer 2010-03-28 16:39:28 ----D---- C:\Program Files\Common Files 2010-03-28 16:31:12 ----A---- C:\Windows\NeroDigital.ini 2010-03-28 16:30:40 ----RHD---- C:\ProgramData 2010-03-28 10:42:27 ----D---- C:\Windows\system32\catroot2 2010-03-28 02:26:54 ----D---- C:\Windows\Minidump 2010-03-28 02:26:54 ----D---- C:\Windows 2010-03-28 02:06:51 ----D---- C:\Program Files\Warcraft III 2010-03-28 01:31:38 ----D---- C:\ProgramData\FreePDF 2010-03-25 10:41:05 ----D---- C:\Program Files\Mozilla Thunderbird 2010-03-25 10:14:07 ----D---- C:\Program Files\Opera 2010-03-25 09:59:02 ----D---- C:\Windows\winsxs 2010-03-24 14:36:49 ----D---- C:\Users\Christian\AppData\Roaming\dvdcss 2010-03-24 00:56:00 ----D---- C:\Users\Christian\AppData\Roaming\uTorrent 2010-03-23 13:36:03 ----HD---- C:\Program Files\InstallShield Installation Information 2010-03-20 17:58:22 ----D---- C:\Program Files\TeamSpeak 3 Client 2010-03-19 16:05:24 ----D---- C:\Users\Christian\AppData\Roaming\FileZilla 2010-03-19 00:09:25 ----D---- C:\Users\Christian\AppData\Roaming\ICQ 2010-03-13 00:32:08 ----D---- C:\Users\Christian\AppData\Roaming\vlc ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [2009-02-13 11608] R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2010-03-01 124784] R1 ISODrive;ISO DVD/CD-ROM Device Driver; \??\C:\Program Files\UltraISO\drivers\ISODrive.sys [2008-05-24 73728] R1 prodrv06;StarForce Protection Environment Driver v6; C:\Windows\System32\drivers\prodrv06.sys [2004-08-09 53920] R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520] R1 StyleXPHelper;StyleXPHelper; \??\C:\Program Files\TGTSoft\StyleXP\StyleXPHelper.exe [2005-10-31 10880] R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2009-07-11 281760] R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2010-02-16 60936] R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2009-07-11 25888] R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2007-04-11 2589696] R3 CmBatt;Treiber für Microsoft-ACPI-Kontrollmethodenkompatible Batterie; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-03-16 14208] R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-09-23 26176] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-04-10 1764960] R3 itecir;ITECIR Infrared Receiver; C:\Windows\system32\DRIVERS\itecir.sys [2007-04-04 46592] R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys [2010-01-07 38224] R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw5v32.sys [2008-09-25 3666432] R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2009-09-02 176128] R3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2006-11-22 982272] R3 StillCam;Treiber für serielle Digitalkamera; C:\Windows\system32\DRIVERS\serscan.sys [2006-11-02 9216] R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-03-16 11264] S1 kbdqgmj;kbdqgmj; \??\C:\Windows\system32\drivers\kbdqgmj.sys [2006-11-02 497664] S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632] S3 EagleNT;EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys [] S3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520] S3 HH9Help.sys;HH9Help.sys; \??\C:\Windows\system32\drivers\HH9Help.sys [2006-09-20 11392] S3 mdxgthkn;mdxgthkn; \??\C:\Users\CHRIST~1\AppData\Local\Temp\mdxgthkn.sys [] S3 MIINPazX;MIINPazX NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\MARMIK~1\MInfraIS\MIINPazX.SYS [2006-10-09 17152] S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192] S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888] S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016] S3 MTOnlPktAlyX;MTOnlPktAlyX NDIS Protocol Driver; \??\C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis1\MTOnlPktAlyX.SYS [2006-10-09 17536] S3 NETw3v32;Intel(R) PRO/Wireless 3945ABG-Adaptertreiber für Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-02 1781760] S3 NETw4v32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-02-25 2216448] S3 usbscan;USB-Scannertreiber; C:\Windows\system32\DRIVERS\usbscan.sys [2006-11-02 35328] S3 usbvideo;USB-Videogerät (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2006-11-02 132352] S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2006-11-02 39936] S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560] S4 nvatabus;nvatabus; C:\Windows\system32\drivers\nvatabus.sys [2006-07-14 105088] S4 viamraid;viamraid; C:\Windows\system32\drivers\viamraid.sys [2006-03-31 100992] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336] R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2010-03-16 267432] R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2007-04-11 593920] R2 Automatisches LiveUpdate - Scheduler;Automatisches LiveUpdate - Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2007-09-26 554352] R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2009-10-29 1074568] R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2009-07-08 75064] R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2006-07-20 262247] R2 StyleXPService;StyleXPService; C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe [2006-05-24 372736] R2 TestHandler;Fujitsu Siemens Computers Diagnostic Testhandler; C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe [2006-12-08 204800] R2 VC9SecS;Virtual CD v9 Management Service; C:\Program Files\Virtual CD v9\System\VC9SecS.exe [2009-04-17 132424] S2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon [] S2 gupdate1c9907fa83fb576;Google Update Service (gupdate1c9907fa83fb576); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-16 133104] S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-27 183280] S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; D:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900] S3 getPlus(R) Helper;getPlus(R) Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-12-01 33752] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632] S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2007-09-26 2999664] S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-02-26 267824] S3 npggsvc;nProtect GameGuard Service; C:\Windows\system32\GameMon.des [2009-10-05 3375952] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 usprserv;User Privilege Service; C:\Windows\System32\svchost.exe [2006-11-02 22016] -----------------EOF----------------- info.txt logfile of random's system information tool 1.06 2010-03-29 20:11:02 ======Uninstall list====== -->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER -->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL -->C:\Windows\UNNeroMediaHome.exe /UNINSTALL -->C:\Windows\UNNeroShowTime.exe /UNINSTALL -->C:\Windows\UNNeroVision.exe /UNINSTALL -->C:\Windows\UNRecode.exe /UNINSTALL -->MsiExec /X{B83FC356-B7C0-441F-8A4D-D71E088E7974} -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2638924D-DC58-4C40-BB1C-48C2B24B7B1B}\Setup.exe" -L0x7 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{52739387-B81C-4C55-9593-EB7A1044A657}\Setup.exe" -L0x7 7-Zip 4.65-->"C:\Program Files\7-Zip\Uninstall.exe" Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe Adobe Flash Player 9 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete Adobe Photoshop 7.0-->C:\WINDOWS\ISUN0407.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll" Adobe Reader 9.1.1 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A91000000001} AFPL Ghostscript 8.54-->C:\Program Files\gs\uninstgs.exe "C:\Program Files\gs\gs8.54\uninstal.txt" AFPL Ghostscript Fonts-->C:\Program Files\gs\uninstgs.exe "C:\Program Files\gs\fonts\uninstal.txt" Airline Tycoon Evolution-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{16E43D5F-5296-4D53-B303-9D951AFE510F}\setup.exe" Airport Tycoon 3-->"C:\Program Files\Modern Games\Airport Tycoon 3\unins000.exe" ANNO 1404-->"C:\Program Files\InstallShield Installation Information\{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}\Setup.exe" -runfromtemp -l0x0007 -removeonly Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F} Applian FLV Player-->"C:\Windows\Applian FLV Player\uninstall.exe" "/U:C:\Program Files\FLV Player\Uninstall\uninstall.xml" ATI Uninstaller-->C:\Program Files\ATI\CIM\Bin\Atisetup.exe -uninstall all Auslogics Disk Defrag-->"C:\Program Files\Auslogics\AusLogics Disk Defrag\unins000.exe" AVI MPEG Converter 3-->D:\Program Files\Xilisoft\AVI MPEG Converter 3\Uninstall.exe Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe" BCL easyPDF Printer Driver 5.1-->MsiExec.exe /I{8D7574B1-49D7-41E6-9C2E-6B49A8619E64} BufferZone-->MsiExec.exe /X{793CFFC9-A72F-431D-9C74-2E9361E67D04} Building & Co-->K:\Games\Building&Co\uninstall.exe CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe" CIB pdf brewer 2.5.22-->C:\Program Files\InstallShield Installation Information\{F0312AC6-988B-11DA-9C49-000476F770CC}\setup.exe -runfromtemp -l0x0007 anything -removeonly CINEMA 4D Release 9 XL Bundle-->C:\Windows\unvise32.exe C:\Program Files\MAXON\CINEMA 4D R9\uninstal_C4D.log Command & Conquer™ Alarmstufe Rot 3-->MsiExec.exe /X{296D8550-CB06-48E4-9A8B-E5034FB64715} Company of Heroes - FAKEMSI-->MsiExec.exe /I{14574B7F-75D1-4718-B7F2-EBF6E2862A35} Company of Heroes - FAKEMSI-->MsiExec.exe /I{199E6632-EB28-4F73-AECB-3E192EB92D18} Company of Heroes - FAKEMSI-->MsiExec.exe /I{25724802-CC14-4B90-9F3B-3D6955EE27B1} Company of Heroes - FAKEMSI-->MsiExec.exe /I{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D} Company of Heroes - FAKEMSI-->MsiExec.exe /I{50193078-F553-4EBA-AA77-64C9FAA12F98} Company of Heroes - FAKEMSI-->MsiExec.exe /I{51D718D1-DA81-4FAD-919F-5C1CE3C33379} Company of Heroes - FAKEMSI-->MsiExec.exe /I{66F78C51-D108-4F0C-A93C-1CBE74CE338F} Company of Heroes - FAKEMSI-->MsiExec.exe /I{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3} Company of Heroes - FAKEMSI-->MsiExec.exe /I{80D03817-7943-4839-8E96-B9F924C5E67D} Company of Heroes - FAKEMSI-->MsiExec.exe /I{97E5205F-EA4F-438F-B211-F1846419F1C1} Company of Heroes - FAKEMSI-->MsiExec.exe /I{99A7722D-9ACB-43F3-A222-ABC7133F159E} Company of Heroes - FAKEMSI-->MsiExec.exe /I{BA801B94-C28D-46EE-B806-E1E021A3D519} Company of Heroes - FAKEMSI-->MsiExec.exe /I{D4D244D1-05E0-4D24-86A2-B2433C435671} Company of Heroes - FAKEMSI-->MsiExec.exe /I{EAF636A9-F664-4703-A659-85A894DA264F} Company of Heroes-->"C:\Program Files\THQ\Company of Heroes\Uninstall_German.exe" Counter-Strike 1.6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{13B792AA-C078-43A4-8A3A-8B12D629940D}\Setup.exe" -l0x19 Counter-Strike 1.6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9ABFB92D-93DA-49EE-8ABF-F8195DE45CA9}\Setup.exe" -l0x19 DEUTSCHLAND SPIELT GAME CENTER-->"C:\Program Files\OXXOGames\GPlayer\\MyInstall.exe" UInstAllGPAndDS DHTML Editing Component-->MsiExec.exe /I{2EA870FA-585F-4187-903D-CB9FFD21E2E0} Die Wiege Roms-->"C:\Program Files\OXXOGames\GPlayer\\MyInstall.exe" ScriptUInst "C:\Program Files\OXXOGames\GPlayer\Install\\Game_AwemDieWiegeRoms.log" Disketch CD Label Software-->C:\Program Files\NCH Software\Disketch\uninst.exe DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS DivX Plus Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN EA Download Manager-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{EF7E931D-DC84-471B-8DB6-A83358095474} /l1031 eMule-->"C:\Program Files\eMule\Uninstall.exe" EVEREST Home Edition v2.20-->"C:\Program Files\Lavalys\EVEREST Home Edition\unins000.exe" FFOLKES Unlocks123 mod v1.4.1-->C:\Program Files\EA GAMES\Battlefield 2\Uninstall_Unlocks123_mod.exe FileZilla Client 3.0.11-->C:\Program Files\FileZilla FTP Client\uninstall.exe Firebird SQL Server - MAGIX Edition-->D:\Program Files\MAGIX\Common\Database\unwise.exe FirstSteps Diagnostics-->MsiExec.exe /X{94D66D71-12F0-48A5-B46A-D4B835A0F1B7} FlorensiaEU 1.08.17-->K:\Netts\uninst.exe Free M4a to MP3 Converter 6.0-->"C:\Program Files\Free M4a to MP3 Converter\unins000.exe" Free PS Convert driver 8.15-->"C:\Program Files\psconvert\unins000.exe" FreePDF XP (Remove only)-->C:\Program Files\FreePDF_XP\fpsetup.exe /r Google Earth-->MsiExec.exe /X{2EAF7E61-068E-11DF-953C-005056806466} Google SketchUp Pro 7-->MsiExec.exe /I{E1C256F5-58C6-44E9-939A-E1189C8126E2} Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall Gothic III-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{02B244A2-7F6A-42E8-A36F-8C385D7A1625}\setup.exe" -l0x7 -removeonly GPGNet-->MsiExec.exe /I{C194D333-B84A-4BB7-B35E-060732D98DC4} HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT="" ICQ6.5-->"C:\Program Files\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly Indeo® software-->C:\Windows\IsUninst.exe -f"C:\Program Files\Intel\Indeo\Uninst.isu" IsoBuster 2.0-->"C:\Program Files\Smart Projects\IsoBuster\Uninst\unins000.exe" JAlbum 7.4-->C:\Program Files\JAlbumWin\Uninstall.exe Java(TM) 6 Update 15-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF} Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050} Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070} Kane and Lynch: Dead Men-->MsiExec.exe /X{A66C4716-7E10-4A53-8101-00C3C11D6A9C} Knights Of Honor-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7911C404-9AFA-4BB2-B9B7-E47423D87528}\setup.exe" -l0x7 Kreuzworträtsel Freeware-->C:\Windows\unin0407.exe -f"C:\Program Files\p.i.c.s.\Kreuzworträtsel Freeware\DeIsL1.isu" -c"C:\Program Files\p.i.c.s.\Kreuzworträtsel Freeware\_ISREG32.DLL" LanChat2 TBX 1.3-->"C:\Program Files\LanChat2 TBX\unins000.exe" LiveUpdate 3.2 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U LogMeIn Hamachi-->C:\Windows\system32\\msiexec.exe /i {067EC517-9731-43FD-B4D5-296EE0027BBB} REMOVE=ALL LogMeIn Hamachi-->MsiExec.exe /I{067EC517-9731-43FD-B4D5-296EE0027BBB} Macromedia Flash MX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}\Setup.exe" -l0x7 UNINSTALL MAGIX Filme für unterwegs 3 3.0.0.11 (D)-->D:\Program Files\MAGIX\Filme_fuer_unterwegs_3\unwise.exe MAGIX Online Druck Service 2.3.2.0 (D)-->D:\Program Files\MAGIX\Online_Druck_Service\unwise.exe MAGIX Screenshare 4.3.6.1987 (D)-->D:\Program Files\MAGIX\PCVisit\unwise.exe Malwarebytes' Anti-Malware-->"D:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" MAXON Language Set 9.0-->C:\Windows\unvise32.exe C:\Program Files\MAXON\CINEMA 4D R9\Language_90.log Microsoft .NET Framework 1.1 German Language Pack-->MsiExec.exe /X{E78BFA60-5393-4C38-82AB-E8019E464EB4} Microsoft .NET Framework 1.1 Hotfix (KB929729)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M929729\M929729Uninstall.msp" Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 3.5 Language Pack SP1 - DEU-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - deu\setup.exe Microsoft .NET Framework 3.5 Language Pack SP1 - deu-->MsiExec.exe /I{052FDD78-A6EA-3187-8386-C82F4CA3A929} Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{D1B01DC9-CBAF-45F9-A387-7D00C11B630E} Microsoft Office Excel MUI (German) 2007-->MsiExec.exe /X{90120000-0016-0407-0000-0000000FF1CE} Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE} Microsoft Office OneNote MUI (German) 2007-->MsiExec.exe /X{90120000-00A1-0407-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (German) 2007-->MsiExec.exe /X{90120000-0018-0407-0000-0000000FF1CE} Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE} Microsoft Office Proof (Italian) 2007-->MsiExec.exe /X{90120000-001F-0410-0000-0000000FF1CE} Microsoft Office Proofing (German) 2007-->MsiExec.exe /X{90120000-002C-0407-0000-0000000FF1CE} Microsoft Office Shared MUI (German) 2007-->MsiExec.exe /X{90120000-006E-0407-0000-0000000FF1CE} Microsoft Office Word MUI (German) 2007-->MsiExec.exe /X{90120000-001B-0407-0000-0000000FF1CE} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989} Microsoft Visual J# .NET Redistributable Package 1.1-->MsiExec.exe /X{1A655D51-1423-48A3-B748-8F5A0BE294C8} Microsoft Visual J# 2.0 Redistributable Package-->C:\Windows\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package\install.exe Microsoft Works-->MsiExec.exe /I{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3} Microsoft XNA Framework Redistributable 1.0 Refresh-->MsiExec.exe /I{311F799A-FCE9-4D9E-B5D2-CBB8859B40BB} mIRC-->"C:\Program Files\mIRC\mirc.exe" -uninstall Motorola SM56 Data Fax Modem-->rundll32.exe sm56co6a.dll,SM56UnInstaller Mozilla Firefox (3.5.8)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe Mozilla Thunderbird (2.0.0.24)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML4 Parser-->MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13} Nero 7 Essentials-->MsiExec.exe /X{81CD6232-10F5-4832-B3DA-1B88B1571031} NVIDIA PhysX-->MsiExec.exe /X{B83FC356-B7C0-441F-8A4D-D71E088E7974} OpenAL-->"C:\Program Files\OpenAL\oalinst.exe" /U Opera 10.51-->MsiExec.exe /X{05ADEEC8-BD58-43D9-A9E3-1F53B0DA117A} OSAM: Online Solutions Autorun Manager v5.0-->MsiExec.exe /I{EF63577B-0CF5-4865-9B61-28B3250D6A17} Paint.NET v3.22-->MsiExec.exe /X{96C267DA-0926-4C11-B4E7-4D3EF85130D0} PDFCreator-->C:\Program Files\PDFCreator\unins000.exe Pharao-->C:\Windows\IsUn0407.exe -fC:\SIERRA\Pharao\Uninst.isu PharaoAufbauPack_BestSeller-->C:\SIERRA\Pharao\UNWISE.EXE C:\SIERRA\Pharao\INSTALL.LOG PhotoNow! 1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D36DD326-7280-11D8-97C8-000129760CBE}\setup.exe" -uninstall PowerDV-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B804C424-B66D-447A-84BD-C6B88C392C3A}\setup.exe" -uninstall PowerProducer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\Setup.exe" -uninstall Prism Video Converter-->C:\Program Files\NCH Software\Prism\uninst.exe PunkBuster Services-->C:\Windows\system32\pbsvc.exe -u QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175} RagTime Privat-->C:\Windows\IsUn0407.exe -f"C:\Program Files\RagTime Privat\Uninst.isu" Realtek Ethernet Controller Driver For Windows Vista and Later-->C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -removeonly Realtek High Definition Audio Driver-->RtlUpd.exe -r -m RedMon - Redirection Port Monitor-->C:\Windows\system32\unredmon.exe Ricky`s Restaurant-->"C:\Program Files\OXXOGames\GPlayer\\MyInstall.exe" ScriptUInst "C:\Program Files\OXXOGames\GPlayer\Install\\Game_AlwRickysRestaurant.log" Rome - Total War-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E97F7E8-ABDE-4E0D-B0AD-B6B4BAD89E24}\setup.exe" -l0x7 -removeonly Secured eMule-->C:\PROGRA~1\SECURE~1\UNWISE.EXE C:\PROGRA~1\SECURE~1\INSTALL.LOG Siedler3-->C:\Windows\IsUn0407.exe -fd:\BlueByte\Siedler3\DeIsL1.isu -x -c"d:\BlueByte\Siedler3\Install\ITools.dll" Silent Hunter 4 Wolves of the Pacific-->C:\Program Files\InstallShield Installation Information\{0D005F09-A5F4-473B-A901-5735C6AF5628}\setup.exe -runfromtemp -l0x0007 -removeonly Skat 7.0-->MsiExec.exe /I{A669C87E-3F31-4709-BB90-129979F3A841} Skat 7.1.2-->MsiExec.exe /I{DD88E7D8-F606-4822-9983-F44A3E5019CC} Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82} SPORE™-->"C:\Program Files\InstallShield Installation Information\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}\setup.exe" -runfromtemp -l0x0007 -removeonly Star Wars Galactic Battlegrounds: Clone Campaigns-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0314ED3D-26A7-4F62-86A2-6B23353445E8}\Setup.exe" StyleXP (remove only)-->"C:\Program Files\TGTSoft\StyleXP\StyleXP-uninstall.exe" SUPER © Version 2009.bld.35 (Jan 5, 2009)-->C:\PROGRA~1\ERIGHT~1\SUPER\Setup.exe /remove /q0 Super Nautica (VOLLVERSION)-->"C:\Program Files\OXXOGames\GPlayer\\MyInstall.exe" ScriptUInst "C:\Program Files\OXXOGames\GPlayer\Install\\Game_OxxoGSCD.log" Superpower 2-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{CFB9F7A0-A7ED-43A9-9551-EC1F319F971A} Switch Sound File Converter-->C:\Program Files\NCH Swift Sound\Switch\uninst.exe TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak2_RC2\unins000.exe" TeamSpeak 3 Client-->"C:\Program Files\TeamSpeak 3 Client\uninstall.exe" Titan Quest Immortal Throne-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B5C5C17E-FEF6-4062-8151-A427AE8AF9D7}\setup.exe" -l0x7 -removeonly Titan Quest-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}\setup.exe" -l0x7 -removeonly T-Online 6.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B1275E23-717A-4D52-997A-1AD1E24BC7F3}\Setup.exe" CPAS T-Online WLAN-Access Finder-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{295C31E5-3F91-498E-9623-DA24D2FA2B6A}\Setup.exe" -L0x7 UltraISO Premium V9.3-->"C:\Program Files\UltraISO\unins000.exe" Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT="" VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421} Virtual CD v9-->C:\Program Files\InstallShield Installation Information\{98A64C75-BFD6-4212-8746-8BADC7ABA79E}\setup.exe -runfromtemp -l0x0007 -removeonly VLC media player 0.9.9-->C:\Program Files\VideoLAN\VLC\uninstall.exe VNC Free Edition 4.1.3-->"C:\Program Files\RealVNC\VNC4\unins000.exe" WinCorder-->C:\Windows\UnHyCam.bat Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4} WinRAR-->C:\Program Files\WinRAR\uninstall.exe WinZip 11.1-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5} Xvid 1.2.1 final uninstall-->"C:\Program Files\Xvid\unins000.exe" Zattoo 3.3.4 Beta-->C:\Program Files\Zattoo\uninst.exe ======Security center information====== AV: AntiVir Desktop AS: AntiVir Desktop AS: Windows-Defender ======System event log====== Computer Name: Christian-PC Event Code: 7036 Message: Dienst "Volumeschattenkopie" befindet sich jetzt im Status "Beendet". Record Number: 673649 Source Name: Service Control Manager Time Written: 20100329104353.000000-000 Event Type: Informationen User: Computer Name: Christian-PC Event Code: 7036 Message: Dienst "Microsoft-Softwareschattenkopie-Anbieter" befindet sich jetzt im Status "Beendet". Record Number: 673650 Source Name: Service Control Manager Time Written: 20100329104653.000000-000 Event Type: Informationen User: Computer Name: Christian-PC Event Code: 7036 Message: Dienst "Google Software Updater" befindet sich jetzt im Status "Ausgeführt". Record Number: 673651 Source Name: Service Control Manager Time Written: 20100329114902.000000-000 Event Type: Informationen User: Computer Name: Christian-PC Event Code: 7036 Message: Dienst "Google Software Updater" befindet sich jetzt im Status "Beendet". Record Number: 673652 Source Name: Service Control Manager Time Written: 20100329115016.000000-000 Event Type: Informationen User: Computer Name: Christian-PC Event Code: 8003 Message: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "MARTINLAPTOP-PC", der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{1860803F-4D7B-4272-828C-EA-Transport zu sein scheint. Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen. Record Number: 673653 Source Name: bowser Time Written: 20100329123027.720000-000 Event Type: Fehler User: =====Application event log===== Computer Name: Christian-PC Event Code: 1000 Message: Die Leistungsindikatoren für den Dienst WmiApRpl (WmiApRpl) wurden erfolgreich geladen. Die Eintragsdaten im Datenbereich enthalten die neuen Indexwerte, die diesem Dienst zugeordnet sind. Record Number: 177331443 Source Name: Microsoft-Windows-LoadPerf Time Written: 20100329084600.000000-000 Event Type: Informationen User: Computer Name: Christian-PC Event Code: 4113 Message: AntiVir erkannte in der Datei C:\Windows\System32\ntnluj.dll verdächtigen Code mit der Bezeichnung 'TR/Agent.ruo'! Record Number: 177331444 Source Name: Avira AntiVir Time Written: 20100329084708.000000-000 Event Type: Warnung User: NT-AUTORITÄT\SYSTEM Computer Name: Christian-PC Event Code: 8224 Message: Der VSS-Dienst wird aufgrund eines Leerlaufzeitlimits heruntergefahren. Record Number: 177331445 Source Name: VSS Time Written: 20100329104353.000000-000 Event Type: Informationen User: Computer Name: Christian-PC Event Code: 0 Message: Record Number: 177331446 Source Name: gusvc Time Written: 20100329114901.000000-000 Event Type: Informationen User: Computer Name: Christian-PC Event Code: 0 Message: Record Number: 177331447 Source Name: gusvc Time Written: 20100329115016.000000-000 Event Type: Informationen User: =====Security event log===== Computer Name: Christian-PC Event Code: 4624 Message: Ein Konto wurde erfolgreich angemeldet. Antragsteller: Sicherheits-ID: S-1-5-18 Kontoname: CHRISTIAN-PC$ Kontodomäne: WORKGROUP Anmelde-ID: 0x3e7 Anmeldetyp: 5 Neue Anmeldung: Sicherheits-ID: S-1-5-20 Kontoname: NETZWERKDIENST Kontodomäne: NT-AUTORITÄT Anmelde-ID: 0x3e4 Anmelde-GUID: {00000000-0000-0000-0000-000000000000} Prozessinformationen: Prozess-ID: 0x290 Prozessname: C:\Windows\System32\services.exe Netzwerkinformationen: Arbeitsstationsname: Quellnetzwerkadresse: - Quellport: - Detaillierte Authentifizierungsinformationen: Anmeldeprozess: Advapi Authentifizierungspaket: Negotiate Übertragene Dienste: - Paketname (nur NTLM): - Schlüssellänge: 0 Dieses Ereignis wird beim Erstellen einer Anmeldesitzung generiert. Es wird auf dem Computer generiert, auf den zugegriffen wurde. Die Antragstellerfelder geben das Konto auf dem lokalen System an, von dem die Anmeldung angefordert wurde. Dies ist meistens ein Dienst wie der Serverdienst oder ein lokaler Prozess wie "Winlogon.exe" oder "Services.exe". Das Anmeldetypfeld gibt den jeweiligen Anmeldetyp an. Die häufigsten Typen sind 2 (interaktiv) und 3 (Netzwerk). Die Felder für die neue Anmeldung geben das Konto an, für das die Anmeldung erstellt wurde, d. h. das angemeldete Konto. Die Netzwerkfelder geben die Quelle einer Remoteanmeldeanforderung an. der Arbeitsstationsname ist nicht immer verfügbar und kann in manchen Fällen leer bleiben. Die Felder für die Authentifizierungsinformationen enthalten detaillierte Informationen zu dieser speziellen Anmeldeanforderung. - Die Anmelde-GUID ist ein eindeutiger Bezeichner, der verwendet werden kann, um dieses Ereignis mit einem KDC-Ereignis zu korrelieren. - Die übertragenen Dienste geben an, welche Zwischendienste an der Anmeldeanforderung beteiligt waren. - Der Paketname gibt das in den NTLM-Protokollen verwendete Unterprotokoll an. - Die Schlüssellänge gibt die Länge des generierten Sitzungsschlüssels an. Wenn kein Sitzungsschlüssel angefordert wurde, ist dieser Wert 0. Record Number: 125521 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20100226112844.525695-000 Event Type: Überwachung erfolgreich User: Computer Name: Christian-PC Event Code: 4672 Message: Einer neuen Anmeldung wurden besondere Rechte zugewiesen. Antragsteller: Sicherheits-ID: S-1-5-20 Kontoname: NETZWERKDIENST Kontodomäne: NT-AUTORITÄT Anmelde-ID: 0x3e4 Berechtigungen: SeAuditPrivilege SeImpersonatePrivilege SeAssignPrimaryTokenPrivilege Record Number: 125522 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20100226112844.525695-000 Event Type: Überwachung erfolgreich User: Computer Name: Christian-PC Event Code: 4648 Message: Anmeldeversuch mit expliziten Anmeldeinformationen. Antragsteller: Sicherheits-ID: S-1-5-18 Kontoname: CHRISTIAN-PC$ Kontodomäne: WORKGROUP Anmelde-ID: 0x3e7 Anmelde-GUID: {00000000-0000-0000-0000-000000000000} Konto, dessen Anmeldeinformationen verwendet wurden: Kontoname: SYSTEM Kontodomäne: NT-AUTORITÄT Anmelde-GUID: {00000000-0000-0000-0000-000000000000} Zielserver: Zielservername: localhost Weitere Informationen: localhost Prozessinformationen: Prozess-ID: 0x290 Prozessname: C:\Windows\System32\services.exe Netzwerkinformationen: Netzwerkadresse: - Port: - Dieses Ereignis wird bei einem Anmeldeversuch durch einen Prozess generiert, wenn ausdrücklich die Anmeldeinformationen des Kontos angegeben werden. Dies ist normalerweise der Fall in Batch-Konfigurationen, z. B. bei geplanten Aufgaben oder wenn der Befehl "runas" verwendet wird. Record Number: 125523 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20100226112844.588095-000 Event Type: Überwachung erfolgreich User: Computer Name: Christian-PC Event Code: 4624 Message: Ein Konto wurde erfolgreich angemeldet. Antragsteller: Sicherheits-ID: S-1-5-18 Kontoname: CHRISTIAN-PC$ Kontodomäne: WORKGROUP Anmelde-ID: 0x3e7 Anmeldetyp: 5 Neue Anmeldung: Sicherheits-ID: S-1-5-18 Kontoname: SYSTEM Kontodomäne: NT-AUTORITÄT Anmelde-ID: 0x3e7 Anmelde-GUID: {00000000-0000-0000-0000-000000000000} Prozessinformationen: Prozess-ID: 0x290 Prozessname: C:\Windows\System32\services.exe Netzwerkinformationen: Arbeitsstationsname: Quellnetzwerkadresse: - Quellport: - Detaillierte Authentifizierungsinformationen: Anmeldeprozess: Advapi Authentifizierungspaket: Negotiate Übertragene Dienste: - Paketname (nur NTLM): - Schlüssellänge: 0 Dieses Ereignis wird beim Erstellen einer Anmeldesitzung generiert. Es wird auf dem Computer generiert, auf den zugegriffen wurde. Die Antragstellerfelder geben das Konto auf dem lokalen System an, von dem die Anmeldung angefordert wurde. Dies ist meistens ein Dienst wie der Serverdienst oder ein lokaler Prozess wie "Winlogon.exe" oder "Services.exe". Das Anmeldetypfeld gibt den jeweiligen Anmeldetyp an. Die häufigsten Typen sind 2 (interaktiv) und 3 (Netzwerk). Die Felder für die neue Anmeldung geben das Konto an, für das die Anmeldung erstellt wurde, d. h. das angemeldete Konto. Die Netzwerkfelder geben die Quelle einer Remoteanmeldeanforderung an. der Arbeitsstationsname ist nicht immer verfügbar und kann in manchen Fällen leer bleiben. Die Felder für die Authentifizierungsinformationen enthalten detaillierte Informationen zu dieser speziellen Anmeldeanforderung. - Die Anmelde-GUID ist ein eindeutiger Bezeichner, der verwendet werden kann, um dieses Ereignis mit einem KDC-Ereignis zu korrelieren. - Die übertragenen Dienste geben an, welche Zwischendienste an der Anmeldeanforderung beteiligt waren. - Der Paketname gibt das in den NTLM-Protokollen verwendete Unterprotokoll an. - Die Schlüssellänge gibt die Länge des generierten Sitzungsschlüssels an. Wenn kein Sitzungsschlüssel angefordert wurde, ist dieser Wert 0. Record Number: 125524 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20100226112844.588095-000 Event Type: Überwachung erfolgreich User: Computer Name: Christian-PC Event Code: 4672 Message: Einer neuen Anmeldung wurden besondere Rechte zugewiesen. Antragsteller: Sicherheits-ID: S-1-5-18 Kontoname: SYSTEM Kontodomäne: NT-AUTORITÄT Anmelde-ID: 0x3e7 Berechtigungen: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Record Number: 125525 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20100226112844.588095-000 Event Type: Überwachung erfolgreich User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;c:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Smart Projects\IsoBuster;C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis2\;D:\PROGRA~1\ThriXXX\3D SexVilla;C:\Program Files\CIB software GmbH\CIB pdf brewer;C:\Program Files\Common Files\DivX Shared\ "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC "PROCESSOR_ARCHITECTURE"=x86 "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "USERNAME"=SYSTEM "windir"=%SystemRoot% "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel "PROCESSOR_REVISION"=0f0d "NUMBER_OF_PROCESSORS"=2 "CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip "QTJAVA"=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip -----------------EOF----------------- |
|
29.03.2010, 19:45
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Agent.ruo in C:\Windows\system32\ntnluj.dll Bitte mal den Avenger anwenden: 1.) Lade Dir von hier Avenger: Swandog46's Public Anti-Malware Tools (Download, linksseitig) 2.) Entpack das zip-Archiv, führe die Datei "avenger.exe" aus (unter Vista per Rechtsklick => als Administrator ausführen). Die Haken unten wie abgebildet setzen:  3.) Kopiere Dir exakt die Zeilen aus dem folgenden Code-Feld: Code:
ATTFilter files to delete:
C:\Windows\system32\drivers\kbdqgmj.sys
C:\Windows\system32\drivers\EagleNT.sys
C:\Windows\system32\drivers\HH9Help.sys
C:\Users\CHRIST~1\AppData\Local\Temp\mdxgthkn.sys
drivers to delete:
kbdqgmj
EagleNT
HH9Help.sys
mdxgthkn
5.) Der Code-Text hier aus meinem Beitrag müsste nun unter "Input Script here" in "The Avenger" zu sehen sein. 6.) Falls dem so ist, klick unten rechts auf "Execute". Bestätige die nächste Abfrage mit "Ja", die Frage zu "Reboot now" (Neustart des Systems) ebenso. 7.) Nach dem Neustart erhältst Du ein LogFile von Avenger eingeblendet. Kopiere dessen Inhalt und poste ihn hier. 8.) Die Datei c:\avenger\backup.zip bei file-upload.net hochladen und hier verlinken 9.) Frisches Logfile mit OSAM erstellen + posten
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
08.04.2010, 08:29
| #5 |
| | TR/Agent.ruo in C:\Windows\system32\ntnluj.dll h**p://www.file-upload.net/download-2417661/backup.zip.html Logfile of The Avenger Version 2.0, (c) by Swandog46 hxxp://swandog46.geekstogo.com Platform: Windows Vista ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! Error: file "C:\Windows\system32\drivers\kbdqgmj.sys" not found! Deletion of file "C:\Windows\system32\drivers\kbdqgmj.sys" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\Windows\system32\drivers\EagleNT.sys" not found! Deletion of file "C:\Windows\system32\drivers\EagleNT.sys" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist File "C:\Windows\system32\drivers\HH9Help.sys" deleted successfully. Error: file "C:\Users\CHRIST~1\AppData\Local\Temp\mdxgthkn.sys" not found! Deletion of file "C:\Users\CHRIST~1\AppData\Local\Temp\mdxgthkn.sys" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\kbdqgmj" not found! Deletion of driver "kbdqgmj" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Driver "EagleNT" deleted successfully. Driver "HH9Help.sys" deleted successfully. Driver "mdxgthkn" deleted successfully. Completed script processing. ******************* Finished! Terminate. __________________________ Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 09:33:38 on 08.04.2010 OS: Windows Vista Home Premium Edition (Build 6000), 32-bit Default Browser: Opera Software Opera Internet Browser 10.51 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Google Software Updater.job" - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "BDEADMIN.CPL" - ? - C:\Windows\system32\BDEADMIN.CPL "PhysX.cpl" - "NVIDIA Corporation" - C:\Windows\system32\PhysX.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Nero BurnRights" - "Nero AG" - C:\Program Files\Nero\Nero 7\Nero Toolkit\NeroBurnRights.cpl "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl "ToSysCnf" - "Deutsche Telekom AG, Marmiko IT-Solutions GmbH" - C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToSysCnf.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "atksgt" (atksgt) - ? - C:\Windows\System32\DRIVERS\atksgt.sys (File found, but it contains no detailed information) "avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "Hamachi Network Interface" (hamachi) - "LogMeIn, Inc." - C:\Windows\System32\DRIVERS\hamachi.sys "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found) "ISO DVD/CD-ROM Device Driver" (ISODrive) - "EZB Systems, Inc." - C:\Program Files\UltraISO\drivers\ISODrive.sys "lirsgt" (lirsgt) - ? - C:\Windows\System32\DRIVERS\lirsgt.sys (File found, but it contains no detailed information) "MIINPazX NDIS Protocol Driver" (MIINPazX) - "Deutsche Telekom AG, Marmiko IT-Solutions GmbH" - C:\PROGRA~1\COMMON~1\MARMIK~1\MInfraIS\MIINPazX.SYS "MTOnlPktAlyX NDIS Protocol Driver" (MTOnlPktAlyX) - "Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH" - C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis1\MTOnlPktAlyX.SYS "REDLIGHT" (REDLIGHT) - "BufferZone" - C:\Windows\System32\drivers\REDLIGHT.SYS "sptd" (sptd) - "Duplex Secure Ltd." - C:\Windows\System32\Drivers\sptd.sys (File is exclusively opened, access blocked) "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys "StarForce Protection Environment Driver v6" (prodrv06) - "Protection Technology" - C:\Windows\System32\drivers\prodrv06.sys "StarForce Protection Helper Driver" (sfhlp01) - "Protection Technology" - C:\Windows\System32\drivers\sfhlp01.sys "StarForce Protection Helper Driver v2" (prohlp02) - "Protection Technology" - C:\Windows\System32\drivers\prohlp02.sys "StarForce Protection Synchronization Driver v1" (prosync1) - "Protection Technology" - C:\Windows\System32\drivers\prosync1.sys "StyleXPHelper" (StyleXPHelper) - "Windows (R) 2000 DDK provider" - C:\Program Files\TGTSoft\StyleXP\StyleXPHelper.exe "vdrv9000" (vdrv9000) - "H+H Software GmbH" - C:\Windows\System32\DRIVERS\vdrv9000.sys (Hidden registry entry, rootkit activity | File signed by Microsoft) [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {E2958773-ACDB-4553-A069-A1EEB4AFBA0F} "BufferZone context menu" - ? - C:\Windows\system32\RlShellExt.dll {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {94586423-855F-4EB2-9F6A-D9DA5658DBE3} "Context menu" - ? - C:\PROGRA~1\FREEM4~1\m4a_menu.dll (File found, but it contains no detailed information) {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {00020d75-0000-0000-c000-000000000046} "lnkfile" - ? - (File not found | COM-object registry key not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - ? - c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll {37ADBD0B-11EC-4A2C-9F93-5C3ACC7994DF} "SxBufferZoneOverlay" - ? - C:\Windows\system32\RlShellExt.dll {F594B094-8768-4632-8143-12852EBBD688} "SxConfidentialOverlay" - ? - C:\Windows\system32\RlShellExt.dll {F1A1DA12-E651-4AD0-A1A0-6214546B2F9D} "SxForbiddenOverlay" - ? - C:\Windows\system32\RlShellExt.dll {E4FC4B31-8A4F-45E6-BDAC-28F612371FE3} "SxUnknownOverlay" - ? - C:\Windows\system32\RlShellExt.dll {AD392E40-428C-459F-961E-9B147782D099} "UIContextMenu Class" - "EZB Systems, Inc." - C:\Program Files\UltraISO\isoshell.dll {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll (File found, but it contains no detailed information) [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "{855F3B16-6D32-4FE6-8A56-BBB695989046}" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} "Java Plug-in 1.6.0_05" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} "Java Plug-in 1.6.0_07" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_15" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} "Java Plug-in 1.6.0_15" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_15" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_15.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll "ICQ6" - "ICQ, LLC." - C:\Program Files\ICQ6.5\ICQ.exe {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Shortcut exists | File exists) "desktop.ini" - ? - C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "T-Online_Software_6\WLAN-Access Finder" - "Deutsche Telekom AG, Marmiko IT-Solutions GmbH" - C:\Program Files\T-Online\WLAN-Access Finder\ToWLaAcF.exe /StartMinimized -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" "avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "FreePDF Assistant" - "shbox.de" - C:\Program Files\FreePDF_XP\fpassist.exe "NeroFilterCheck" - "Nero AG" - C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe "QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime "StartCCC" - ? - c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (File found, but it contains no detailed information) "ToADiMon.exe" - "Deutsche Telekom AG, Marmiko IT-Solutions GmbH" - C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe -TOnlineAutodialStart [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "PDFConverter" - ? - C:\Windows\system32\pdfmonnt.dll (File found, but it contains no detailed information) "PDFCreator" - ? - C:\Windows\system32\pdfcmnnt.dll (File found, but it contains no detailed information) "Redirected Port" - ? - C:\Windows\system32\redmonnt.dll (File found, but it contains no detailed information) "Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "Automatisches LiveUpdate - Scheduler" (Automatisches LiveUpdate - Scheduler) - "Symantec Corporation" - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\CyberLink\Shared Files\RichVideo.exe "Firebird Server - MAGIX Instance" (FirebirdServerMAGIXInstance) - "MAGIX®" - D:\Program Files\MAGIX\Common\Database\bin\fbserver.exe "Fujitsu Siemens Computers Diagnostic Testhandler" (TestHandler) - "Fujitsu Siemens Computers" - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe "getPlus(R) Helper" (getPlus(R) Helper) - "NOS Microsystems Ltd." - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe "Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe "Google Update Service (gupdate1c9907fa83fb576)" (gupdate1c9907fa83fb576) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe "LiveUpdate" (LiveUpdate) - "Symantec Corporation" - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE "LogMeIn Hamachi 2.0 Tunneling Engine" (Hamachi2Svc) - "LogMeIn Inc." - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "NMIndexingService" (NMIndexingService) - "Nero AG" - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe "nProtect GameGuard Service" (npggsvc) - "INCA Internet Co., Ltd." - C:\Windows\system32\GameMon.des "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "PnkBstrA" (PnkBstrA) - ? - C:\Windows\system32\PnkBstrA.exe (File found, but it contains no detailed information) "StyleXPService" (StyleXPService) - ? - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe "Symantec Lic NetConnect service" (CLTNetCnService) - ? - "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (File not found) "Virtual CD v9 Management Service" (VC9SecS) - "H+H Software GmbH" - C:\Program Files\Virtual CD v9\System\VC9SecS.exe ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Geändert von Boreas (08.04.2010 um 08:34 Uhr) |
|
08.04.2010, 08:40
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Agent.ruo in C:\Windows\system32\ntnluj.dll Sieht ok aus. Mach bitte Kontrollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ --> TR/Agent.ruo in C:\Windows\system32\ntnluj.dll |
|
08.04.2010, 12:09
| #7 |
| | TR/Agent.ruo in C:\Windows\system32\ntnluj.dll Malwarebytes' Anti-Malware 1.45 www.malwarebytes.org Datenbank Version: 3930 Windows 6.0.6000 Internet Explorer 7.0.6000.16890 08.04.2010 10:15:36 mbam-log-2010-04-08 (10-15-36).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 102709 Laufzeit: 10 Minute(n), 58 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) _________________________________ SUPERAntiSpyware Scan Log hxxp://www.superantispyware.com Generated 04/08/2010 at 01:03 PM Application Version : 4.35.1002 Core Rules Database Version : 4781 Trace Rules Database Version: 2593 Scan type : Complete Scan Total Scan Time : 02:41:34 Memory items scanned : 798 Memory threats detected : 0 Registry items scanned : 7898 Registry threats detected : 0 File items scanned : 204772 File threats detected : 5 Adware.Tracking Cookie C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Cookies\christian@statcounter[1].txt C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Cookies\christian@ar.atwola[1].txt C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Cookies\christian@doubleclick[1].txt C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Cookies\christian@atwola[1].txt Virus.DirectX C:\WINDOWS\INSTALLER\{CFB9F7A0-A7ED-43A9-9551-EC1F319F971A}\DIRECTX.EXE |
|
08.04.2010, 12:19
| #8 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Agent.ruo in C:\Windows\system32\ntnluj.dll Die Funde von SUPERAntiSpyware bitte entfernen. Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
08.04.2010, 15:01
| #9 |
| | TR/Agent.ruo in C:\Windows\system32\ntnluj.dll Mal wieder nur die hälfte gemacht... Malwarebytes' Anti-Malware 1.45 www.malwarebytes.org Datenbank Version: 3968 Windows 6.0.6000 Internet Explorer 7.0.6000.16890 08.04.2010 16:00:37 mbam-log-2010-04-08 (16-00-37).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 304701 Laufzeit: 1 Stunde(n), 43 Minute(n), 29 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) |
|
08.04.2010, 15:30
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Agent.ruo in C:\Windows\system32\ntnluj.dll Aber auch da keine Funde Die in SUPERAntiSpyware bitte entfernen lassen (falls noch nicht erfolgt) Wenn wieder soweit alles ok ist, bitte Updates prüfen: Microsoftupdate Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren. Windows Vista/7: Anleitung Windows-Update PDF-Reader aktualisieren Dein Adobe Reader ist nicht aktuell, was ein großes Sicherheitsrisiko darstellt. Du solltest daher besser die alte Version über Systemsteuerung => Software deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. Ich empfehle einen alternativen PDF-Reader wie SumatraPDF oder Foxit PDF Reader, beide sind sehr viel schlanker und flotter als der AdobeReader. Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers, hier der direkte Downloadlink => http://filepony.de/?q=Flash+Player Java-Update Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu TR/Agent.ruo in C:\Windows\system32\ntnluj.dll |
| 7-zip, adware.playmp3z, antivir, antivir guard, autorun, avgnt.exe, avira, desktop, desktop.ini, device driver, diagnostics, explorer, gupdate, home premium, internet browser, local\temp, magix, malware.trace, pdfconverter, pdfcreator, plug-in, programdata, registry, registry key, server, software, start menu, symantec, system, tr/agent.ruo, trojan.fbrowsingadvisor, trojaner, tunnel, vista, windows, windows vista home |
Linear-Darstellung
