| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Avira meldet Virus: BDS/Syspck.AWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
19.04.2010, 10:39
| #1 |
 |  Avira meldet Virus: BDS/Syspck.A Hallo, seit einer Weile meldet Avira immer wieder folgendes: "In der Datei 'C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temporary Internet Files\Content.IE5\UVU91I9X\load[1].exe' wurde ein Virus oder unerwünschtes Programm 'BDS/Syspck.A' [backdoor] gefunden." Ich wähle immer "Zugriff verweigern" wie angegeben. Andere Probleme mit dem Computer haben sich nicht gezeigt. Vor einiger Zeit funktionierte allerdings der Firefox nicht mehr, dann plötzlich wieder. Das Internet war oft extrem langsam oder konnte keine Seiten aufbauen. Über Google habe ich nichts Näheres herausgefunden, außer daß mir andere Avira-Berichte angezeigt wurden. Ansonsten habe ich etwas geforscht und inzwischen ahne ich immerhin, was ein Backdoor überhaupt ist. Meine Frage nun: Was ist zu tun und um was genau handelt es sich bei dem gemeldeten Virus? Ich bin leider nicht besonders bewandert in Computerangelegenheiten, deshalb bitte ich um Nachsicht... Jetzt habe alle drei Programme vorschriftsmäßig durchgeführt und sende hier nun die Logfiles: --> beim CCleaner konnte alles bereinigt und gelöscht werden. Malware-Bericht: Malwarebytes' Anti-Malware 1.45 w*w.malwarebytes.org Datenbank Version: 4006 Windows 5.1.2600 Service Pack 2 Internet Explorer 7.0.5730.11 19.04.2010 10:54:04 mbam-log-2010-04-19 (10-54-04).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 106219 Laufzeit: 5 Minute(n), 18 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 1 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 2 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\msupdate (Rootkit.Agent) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\WINDOWS\system32\drivers\tbzhbgwh.sys (Rootkit.Agent) -> Delete on reboot. C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully. --> hier kam allerdings nochmal eine Meldung, dass nicht alles entfernt werden konnte!? [/COLOR] RSIT: log-Editor: Logfile of random's system information tool 1.06 (written by random/random) Run by Administrator at 2010-04-19 11:09:23 Microsoft Windows XP Professional Service Pack 2 System drive C: has 28 GB (56%) free of 50 GB Total RAM: 1023 MB (52% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:09:29, on 19.04.2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.17023) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\Explorer.EXE C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\RTHDCPL.EXE C:\Programme\AntiVir PersonalEdition Classic\sched.exe C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programme\Bonjour\mDNSResponder.exe C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Programme\avmwlanstick\FRITZWLANMini.exe C:\Programme\Kodak\printer\center\KodakSvc.exe C:\Programme\Java\jre1.6.0_05\bin\jusched.exe C:\Programme\PowerDVD\PDVDServ.exe C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Programme\iTunes\iTunesHelper.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe C:\Programme\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Gemeinsame Dateien\Teleca Shared\CapabilityManager.exe C:\Programme\Octoshape Streaming Services\Administrator\OctoshapeClient.exe C:\Programme\Windows Live\Messenger\msnmsgr.exe C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Programme\Veoh\VeohClient.exe C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe C:\Programme\Last.fm\LastFMHelper.exe C:\WINDOWS\System32\nvsvc32.exe C:\Programme\Cyberlink\Shared Files\RichVideo.exe C:\WINDOWS\system32\svchost.exe C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\WINDOWS\system32\wuauclt.exe C:\Programme\iPod\bin\iPodService.exe C:\Programme\PC Connectivity Solution\ServiceLayer.exe C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Programme\PC Connectivity Solution\Transports\NclRSSrv.exe C:\Programme\Gemeinsame Dateien\Teleca Shared\Generic.exe C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\WINDOWS\system32\wuauclt.exe C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Downloads\RSIT.exe C:\Programme\trend micro\Administrator.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Programme\Veoh\Plugins\reg\VeohToolbar.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\FRITZWLANMini.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [RemoteControl] C:\Programme\PowerDVD\PDVDServ.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Programme\CyberLink\PowerDVD DX\PDVDDXSrv.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Programme\Octoshape Streaming Services\Administrator\OctoshapeClient.exe" -inv:bootrun O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Veoh] "C:\Programme\Veoh\VeohClient.exe" /VeohHide O4 - HKCU\..\Run: [PC Suite Tray] "C:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Last.fm Helper.lnk = C:\Programme\Last.fm\LastFMHelper.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\inetrepl.dll O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: Kodak AiO Device Service (KodakSvc) - Eastman Kodak Company - C:\Programme\Kodak\printer\center\KodakSvc.exe O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\Cyberlink\Shared Files\RichVideo.exe O23 - Service: ServiceLayer - Nokia. - C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- End of file - 10351 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\SesamTVMC.job C:\WINDOWS\tasks\WGASetup.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Adobe PDF Reader - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll [2008-02-22 509328] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live Anmelde-Hilfsprogramm - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C451C08A-EC37-45DF-AAAD-18B51AB5E837}] PDFCreator Toolbar Helper - C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll [2008-04-24 806912] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - PDFCreator Toolbar - C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll [2008-04-24 806912] {D0943516-5076-4020-A3B5-AEFAF26AB263} - Veoh Browser Plug-in - C:\Programme\Veoh\Plugins\reg\VeohToolbar.dll [2008-08-28 352256] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"=C:\WINDOWS\System32\NvCpl.dll [2006-10-31 7634944] "nwiz"=nwiz.exe /install [] "NvMediaCenter"=C:\WINDOWS\System32\NvMcTray.dll [2006-10-31 86016] "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-08-01 16049664] "SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488] "Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632] "avgnt"=C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe [2008-07-18 266497] ""= [] "Sony Ericsson PC Suite"=C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [2005-10-26 159744] "Adobe Photo Downloader"=C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [2005-06-23 57344] "AVMWlanClient"=C:\Programme\avmwlanstick\FRITZWLANMini.exe [2006-06-23 343552] "SunJavaUpdateSched"=C:\Programme\Java\jre1.6.0_05\bin\jusched.exe [2008-02-22 144784] "RemoteControl"=C:\Programme\PowerDVD\PDVDServ.exe [2007-01-08 68640] "Adobe Reader Speed Launcher"=C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792] "QuickTime Task"=C:\Programme\QuickTime\qttask.exe [2008-03-28 413696] "iTunesHelper"=C:\Programme\iTunes\iTunesHelper.exe [2008-03-30 267048] "EKIJ5000StatusMonitor"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe [2008-07-18 1306624] "PDVDDXSrv"=C:\Programme\CyberLink\PowerDVD DX\PDVDDXSrv.exe [2009-02-04 128232] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360] "Octoshape Streaming Services"=C:\Programme\Octoshape Streaming Services\Administrator\OctoshapeClient.exe [2006-02-13 214648] "MsnMsgr"=C:\Programme\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883840] "Veoh"=C:\Programme\Veoh\VeohClient.exe [2008-08-28 3660848] ""= [] "PC Suite Tray"=C:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe [2009-06-25 1414144] C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart Adobe Gamma Loader.lnk - C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe Last.fm Helper.lnk - C:\Programme\Last.fm\LastFMHelper.exe Microsoft Office.lnk - C:\Programme\Microsoft Office\Office\OSA9.EXE C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart Adobe Gamma.lnk - C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2004-08-04 183808] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2004-08-04 133632] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "authentication packages"=msv1_0 nwprovau [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Programme\uTorrent\uTorrent.exe"="C:\Programme\uTorrent\uTorrent.exe:*:Enabled:µTorrent" "C:\Programme\Last.fm\LastFM.exe"="C:\Programme\Last.fm\LastFM.exe:*:Enabled:Last.fm" "C:\Programme\Mozilla Firefox\firefox.exe"="C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox" "C:\Programme\PowerDVD\PowerDVD.exe"="C:\Programme\PowerDVD\PowerDVD.exe:*:Enabled:CyberLink PowerDVD" "C:\WINDOWS\system32\java.exe"="C:\WINDOWS\system32\java.exe:*  isabled:Java(TM) Platform SE binary""C:\Programme\Bonjour\mDNSResponder.exe"="C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour" "C:\Programme\iTunes\iTunes.exe"="C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes" "C:\Programme\Octoshape Streaming Services\Administrator\OctoshapeClient.exe"="C:\Programme\Octoshape Streaming Services\Administrator\OctoshapeClient.exe:*:Enabled:OctoshapeClient" "C:\Programme\Zattoo\zattood.exe"="C:\Programme\Zattoo\zattood.exe:*:Enabled:zattood" "C:\Programme\Zattoo\Zattoo2.exe"="C:\Programme\Zattoo\Zattoo2.exe:*:Enabled: " "C:\Programme\Zattoo\Zattoo.exe"="C:\Programme\Zattoo\Zattoo.exe:*:Enabled: " "C:\Programme\MSN Messenger\livecall.exe"="C:\Programme\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\Programme\Microsoft ActiveSync\wcescomm.exe"="C:\Programme\Microsoft ActiveSync\wcescomm.exe:*:Enabled:ActiveSync Connection Manager" "C:\Programme\Microsoft ActiveSync\WCESMgr.exe"="C:\Programme\Microsoft ActiveSync\WCESMgr.exe:*:Enabled:ActiveSync Application" "C:\Programme\Veoh\VeohClient.exe"="C:\Programme\Veoh\VeohClient.exe:* isabled:Veoh Client""C:\Programme\Cyberlink\PowerDVD DX\PowerDVD.exe"="C:\Programme\Cyberlink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX" "C:\Programme\Cyberlink\PowerDVD DX\PDVDDXSrv.exe"="C:\Programme\Cyberlink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program" "C:\Programme\Windows Live\Messenger\wlcsdk.exe"="C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Programme\Windows Live\Messenger\msnmsgr.exe"="C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Programme\MSN Messenger\livecall.exe"="C:\Programme\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\Programme\Cyberlink\PowerDVD DX\PowerDVD.exe"="C:\Programme\Cyberlink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX" "C:\Programme\Cyberlink\PowerDVD DX\PDVDDXSrv.exe"="C:\Programme\Cyberlink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program" "C:\Programme\Windows Live\Messenger\wlcsdk.exe"="C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Programme\Windows Live\Messenger\msnmsgr.exe"="C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0b832fda-d04e-11dd-b773-0019662287bd}] shell\AutoRun\command - F:\lhh3v.exe shell\open\command - F:\lhh3v.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1cf1a6b8-624d-11dc-b478-0019662287bd}] shell\AutoRun\command - F:\wd_windows_tools\setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4622f758-9006-11de-ba37-0019662287bd}] shell\AutoRun\command - F:\Launcher.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c6fbbfb2-6d11-11dc-b482-0019662287bd}] shell\AutoRun\command - F:\pushinst.exe ======List of files/folders created in the last 1 months====== 2010-04-19 11:09:24 ----D---- C:\Programme\trend micro 2010-04-19 11:09:23 ----D---- C:\rsit 2010-04-19 10:43:38 ----D---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Malwarebytes 2010-04-19 10:43:31 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes 2010-04-19 10:43:30 ----D---- C:\Programme\Malwarebytes' Anti-Malware 2010-04-19 10:33:50 ----D---- C:\Programme\CCleaner 2010-04-14 13:13:32 ----HDC---- C:\WINDOWS\$NtUninstallKB979683$ 2010-04-14 13:13:23 ----HDC---- C:\WINDOWS\$NtUninstallKB980232$ 2010-04-14 13:11:28 ----HDC---- C:\WINDOWS\$NtUninstallKB981349$ 2010-04-14 13:11:22 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$ 2010-04-14 13:11:17 ----HDC---- C:\WINDOWS\$NtUninstallKB977816$ 2010-04-14 13:11:12 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$ 2010-04-14 13:11:04 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$ 2010-03-26 18:49:56 ----N---- C:\WINDOWS\system32\browserchoice.exe 2010-03-25 20:57:00 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MSN6 2010-03-25 20:57:00 ----D---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\MSN6 ======List of files/folders modified in the last 1 months====== 2010-04-19 11:09:24 ----RD---- C:\Programme 2010-04-19 11:09:20 ----D---- C:\Programme\Veoh 2010-04-19 11:05:15 ----D---- C:\WINDOWS 2010-04-19 11:05:14 ----D---- C:\WINDOWS\Temp 2010-04-19 11:04:01 ----D---- C:\WINDOWS\system32\drivers 2010-04-19 11:03:25 ----A---- C:\WINDOWS\SchedLgU.Txt 2010-04-19 11:03:11 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$ 2010-04-19 10:56:14 ----D---- C:\WINDOWS\network diagnostic 2010-04-19 10:54:14 ----D---- C:\WINDOWS\Prefetch 2010-04-19 10:39:33 ----D---- C:\WINDOWS\Minidump 2010-04-19 10:39:33 ----D---- C:\WINDOWS\Debug 2010-04-19 10:01:45 ----D---- C:\WINDOWS\system32 2010-04-19 10:01:34 ----D---- C:\Programme\Mozilla Firefox 2010-04-18 19:49:51 ----D---- C:\Programme\AntiVir PersonalEdition Classic 2010-04-18 19:49:50 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AntiVir PersonalEdition Classic 2010-04-14 13:13:37 ----HD---- C:\WINDOWS\inf 2010-04-14 13:13:35 ----D---- C:\WINDOWS\system32\dllcache 2010-04-14 13:13:28 ----HD---- C:\WINDOWS\$hf_mig$ 2010-04-14 13:10:53 ----D---- C:\WINDOWS\system32\CatRoot2 2010-04-14 12:54:21 ----A---- C:\WINDOWS\wiso.ini 2010-04-06 19:52:54 ----A---- C:\WINDOWS\system32\MRT.exe 2010-04-06 09:52:16 ----A---- C:\WINDOWS\NeroDigital.ini 2010-03-31 14:29:44 ----D---- C:\WINDOWS\system32\de-de 2010-03-31 14:29:44 ----D---- C:\Programme\Internet Explorer 2010-03-28 20:16:14 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 avgio;avgio; \??\C:\Programme\AntiVir PersonalEdition Classic\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-05-27 75096] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2008-04-21 21248] R1 Tcpip6;Microsoft IPv6-Protokolltreiber; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2010-02-11 226880] R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS-kompatibles Transportprotokoll; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2004-08-04 88448] R2 NwlnkNb;NWLink-NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2004-08-04 63232] R2 NwlnkSpx;NWLink SPX/SPXII-Protokoll; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2004-08-04 55936] R3 avgntflt;avgntflt; \??\C:\Programme\AntiVir PersonalEdition Classic\avgntflt.sys [] R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168] R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-08-01 4356608] R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2006-10-31 3964256] R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [2006-07-11 57856] R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [2006-07-11 20480] R3 NWRDR;NetWare Rdr; C:\WINDOWS\system32\DRIVERS\nwrdr.sys [2004-08-04 163456] R3 tunmp;Microsoft Tun-Miniportadaptertreiber; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2004-08-04 12416] R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2006-10-23 30208] R3 usbhub;Microsoft USB-Standardhubtreiber; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2006-10-23 59264] R3 usbohci;Miniporttreiber für Microsoft USB Open Host-Controller; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2006-10-23 17152] R3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-04 26496] S3 FWLANUSB;AVM FRITZ!WLAN; C:\WINDOWS\system32\DRIVERS\fwlanusb.sys [2006-04-06 264704] S3 NinjaUSB;Freecom Turbo USB 2.0; C:\WINDOWS\system32\drivers\NinjaUSB.sys [2010-01-28 24704] S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2009-02-09 17664] S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-02-09 22016] S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816] S3 SONYPVU1;Sony USB-Filtertreiber (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552] S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2009-02-09 7808] S3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616] S3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856] S3 usbscan;USB-Scannertreiber; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104] S3 usbser;USB Modem Driver; C:\WINDOWS\system32\DRIVERS\usbser.sys [2004-08-03 25600] S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2009-02-09 7808] S3 w810bus;Sony Ericsson W810 Driver driver (WDM); C:\WINDOWS\system32\DRIVERS\w810bus.sys [2006-02-20 58288] S3 w810mdfl;Sony Ericsson W810 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\w810mdfl.sys [2006-02-20 8336] S3 w810mdm;Sony Ericsson W810 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\w810mdm.sys [2006-02-20 94064] S3 w810mgmt;Sony Ericsson W810 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\w810mgmt.sys [2006-02-20 85408] S3 w810obex;Sony Ericsson W810 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\w810obex.sys [2006-02-20 83344] S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 83328] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 6to4;IPv6-Hilfsdienst; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336] R2 aawservice;Ad-Aware 2007 Service; C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe [2007-06-18 565248] R2 AntiVirScheduler;AntiVir PersonalEdition Classic Planer; C:\Programme\AntiVir PersonalEdition Classic\sched.exe [2008-10-24 68865] R2 AntiVirService;AntiVir PersonalEdition Classic Guard; C:\Programme\AntiVir PersonalEdition Classic\avguard.exe [2008-10-24 151297] R2 Apple Mobile Device;Apple Mobile Device; C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-02-18 110592] R2 Bonjour Service;Bonjour-Dienst; C:\Programme\Bonjour\mDNSResponder.exe [2007-07-24 229376] R2 ForcewareWebInterface;Forceware Web Interface; C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe [2006-04-03 20543] R2 KodakSvc;Kodak AiO Device Service; C:\Programme\Kodak\printer\center\KodakSvc.exe [2008-07-25 18944] R2 nSvcIp;ForceWare IP service; C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe [2006-07-13 131131] R2 nSvcLog;ForceWare user log service; C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe [2006-07-13 65599] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\System32\nvsvc32.exe [2006-10-31 155715] R2 NWCWorkstation;Client Service für NetWare; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336] R2 NwSapAgent;SAP-Agent; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336] R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Programme\Cyberlink\Shared Files\RichVideo.exe [2007-01-08 171040] R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336] R3 iPod Service;iPod-Dienst; C:\Programme\iPod\bin\iPodService.exe [2008-03-30 504104] R3 ServiceLayer;ServiceLayer; C:\Programme\PC Connectivity Solution\ServiceLayer.exe [2009-06-02 637952] S3 Adobe LM Service;Adobe LM Service; C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-07-06 72704] S3 aspnet_state;ASP.NET-Zustandsdienst; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 IDriverT;InstallDriver Table Manager; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 WMPNetworkSvc;Windows Media Player-Netzwerkfreigabedienst; C:\Programme\Windows Media Player\WMPNetwk.exe [2006-11-03 920576] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF----------------- info-Editor: info.txt logfile of random's system information tool 1.06 2010-04-19 11:09:32 ======Uninstall list====== -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Ad-Aware 2007-->MsiExec.exe /X{46AC899A-9ECB-43DC-85DE-272E0D116A1E} Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7} Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001} Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39} Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001} Adobe Illustrator CS-->RunDll32 "C:\Programme\Gemeinsame Dateien\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll",LaunchSetup "C:\Programme\InstallShield Installation Information\{91A4AD99-69CE-4745-97B7-0E0DFBECFDE5}\setup.exe" Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0407-1E257A25E34D} Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D} Adobe Reader 8.1.2 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A81200000003} Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001} Adobe SVG Viewer 3.0-->C:\Programme\Gemeinsame Dateien\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Programme\Gemeinsame Dateien\Adobe\SVG Viewer 3.0\Uninstall\Install.log Adobe® Photoshop® Album Starter Edition 3.0-->MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B} aiofw-->MsiExec.exe /I{791E3D44-33D3-4446-82AD-5CD4B0169083} aioocr-->MsiExec.exe /I{3BED0238-3A25-41AE-BC23-316914B5B048} aioprnt-->MsiExec.exe /I{2A97D5B3-A989-47E1-B207-1CA9E3635655} aioscnnr-->MsiExec.exe /I{C0251585-1BE8-4278-B3CB-964B6E01C59D} Apple Mobile Device Support-->MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543} Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033} Avira AntiVir Personal - Free Antivirus-->C:\Programme\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE AVS DVD Player version 2.4-->"C:\Programme\AVSMedia DVDPlayer\unins000.exe" BlazeDVD 7 Professional-->"C:\Programme\BlazeDVD 7 Professional\unins000.exe" Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3} CCleaner-->"C:\Programme\CCleaner\uninst.exe" center-->MsiExec.exe /I{79E41D91-BA1C-44B9-9358-48E598263ECF} Disc2Phone-->MsiExec.exe /I{6E65247F-58F9-41CA-BE69-0316F7907170} DivX Web Player-->C:\Programme\DivX\DivXWebPlayerUninstall.exe /PLUGIN FreeDVD v2.0-->C:\WINDOWS\st6unst.exe -n "C:\Programme\FreeDVD\ST6UNST.LOG" FujiDirekt 2.7-->"C:\Programme\FujiDirekt\unins000.exe" Help_CTR-->MsiExec.exe /I{0996C331-6DCB-4E38-A3EC-0A77ABAE1361} helptut-->MsiExec.exe /I{843081BD-351F-46FC-8A17-517A0D9117A3} helpug-->MsiExec.exe /I{DC626A21-EDF1-40C7-8F2F-D2BA7535529F} Heroes of Might and Magic® III Complete-->C:\WINDOWS\IsUninst.exe -f"g:\spiele\heroes3\Heroes of Might and Magic® III.isu" -c"C:\Programme\Gemeinsame Dateien\3DO Shared\3DOUnInst.dll High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe" HijackThis 2.0.2-->"C:\Programme\trend micro\HijackThis.exe" /uninstall Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT="" Hotfix für Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe" Hotfix für Windows XP (KB935448)-->"C:\WINDOWS\$NtUninstallKB935448$\spuninst\spuninst.exe" Hotfix für Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" Hotfix für Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe" Hotfix für Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe" Hotfix für Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe" Hotfix für Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe" IKEA Home Planner-->MsiExec.exe /I{A987FEC8-5616-49BD-BCA6-ACFFFE7403FE} iTunes-->MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B} Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030} Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050} KODAK All-in-One-Druckersoftware-->C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kodak\EasyShareSetup\$SETUP_320002_7c9b6\Setup.exe /APR-REMOVE ksdip-->MsiExec.exe /I{73F1681F-ADE1-461F-9F18-B7640507D395} Last.fm 1.3.2.13-->"C:\Programme\Last.fm\unins000.exe" LiveUpdate BVRP Software-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe" -l0x7 Malwarebytes' Anti-Malware-->"C:\Programme\Malwarebytes' Anti-Malware\unins000.exe" Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp" Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 2.0 Language Pack - DEU-->MsiExec.exe /X{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38} Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7} Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Microsoft ActiveSync 3.8-->"C:\WINDOWS\ISUN0407.EXE" -f"C:\Programme\Microsoft ActiveSync\DeIsL1.isu" -c"C:\Programme\Microsoft ActiveSync\ceuninst.dll" Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570} Microsoft Kernel-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe" Microsoft Office 2000 SR-1 Premium-->MsiExec.exe /I{00000407-78E1-11D2-B60F-006097C998E7} Microsoft User-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWudf01007$\spuninst\spuninst.exe" Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989} mobile PhoneTools-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{F18E8A0F-BE99-4305-96A5-6C0FD9D7D999}\setup.exe" -l0x7 Monopoly Deluxe-->"C:\Programme\Zylom Games\Monopoly Deluxe\GameInstlr.exe" --uninstall UnInstall.log Mozilla Firefox (3.6.3)-->C:\Programme\Mozilla Firefox\uninstall\helper.exe MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27} MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94} MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC} MSXML 6 Service Pack 2 (KB973686)-->MsiExec.exe /I{56EA8BC0-3751-4B93-BC9D-6651CC36E5AA} Nero 7 Lite 7.9.6.0-->"C:\Programme\Nero\unins001.exe" Nero 7 Micro 7.9.6.0-->"C:\Programme\Nero\unins000.exe" netbrdg-->MsiExec.exe /I{4537EA4B-F603-4181-89FB-2953FC695AB1} Nokia Connectivity Cable Driver-->MsiExec.exe /I{52D02A2B-03D2-4E34-A358-DC5D951FD296} Nokia Map Loader-->MsiExec.exe /I{45D4F727-43B5-49CD-B474-B9866A8F4FB8} Nokia PC Suite-->C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Nokia_PC_Suite_7_1_30_9_ger.exe Nokia PC Suite-->MsiExec.exe /I{3D39E775-DDDA-4327-B747-0BDC5F191331} NVIDIA Drivers-->C:\WINDOWS\System32\nvuide.exe UninstallGUI NVIDIA ForceWare Network Access Manager-->C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{1F6423DE-7959-4178-80E0-023C7EAA5347} /l1031 PC Connectivity Solution-->MsiExec.exe /I{0C973594-7DDF-4BD0-84ED-3517F7622037} PDFCreator Toolbar-->"C:\WINDOWS\PDFCreator_Toolbar_Uninstaller_4437.exe" _?=C:\Programme\PDFCreator Toolbar PDFCreator-->C:\Programme\Adobe\PDFCreator\unins000.exe PowerDVD DX-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -l0x7 -cluninstall PowerDVD-->"C:\Programme\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -l0x000407 /z-uninstall QuickTime-->MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD} Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x7 -removeonly Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7} SesamTV Media Center-->C:\WINDOWS\SesamTV Media Center Uninstaller.exe SFR-->MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B} Sicherheitsupdate für Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe" Sicherheitsupdate für Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe" Sicherheitsupdate für Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe" Sicherheitsupdate für Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe" Sicherheitsupdate für Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe" Sicherheitsupdate für Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe" Sicherheitsupdate für Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe" Sicherheitsupdate für Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe" Sicherheitsupdate für Windows Internet Explorer 7 (KB972260)-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe" Sicherheitsupdate für Windows Internet Explorer 7 (KB974455)-->"C:\WINDOWS\ie7updates\KB974455-IE7\spuninst\spuninst.exe" Sicherheitsupdate für Windows Internet Explorer 7 (KB976325)-->"C:\WINDOWS\ie7updates\KB976325-IE7\spuninst\spuninst.exe" Sicherheitsupdate für Windows Internet Explorer 7 (KB978207)-->"C:\WINDOWS\ie7updates\KB978207-IE7\spuninst\spuninst.exe" Sicherheitsupdate für Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe" Sicherheitsupdate für Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe" Sicherheitsupdate für Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe" Sicherheitsupdate für Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe" Sicherheitsupdate für Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe" Sicherheitsupdate für Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB937894)-->"C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB971032)-->"C:\WINDOWS\$NtUninstallKB971032$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB977165)-->"C:\WINDOWS\$NtUninstallKB977165$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB979683)-->"C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB981349)-->"C:\WINDOWS\$NtUninstallKB981349$\spuninst\spuninst.exe" Sony Ericsson PC Suite 1.20.173-->MsiExec.exe /I{C5ADA65A-7828-4D85-B071-ECC52B51F794} Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT="" Update für Windows Internet Explorer 7 (KB976749)-->"C:\WINDOWS\ie7updates\KB976749-IE7\spuninst\spuninst.exe" Update für Windows Internet Explorer 7 (KB980182)-->"C:\WINDOWS\ie7updates\KB980182-IE7\spuninst\spuninst.exe" Update für Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe" Update für Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe" Update für Windows XP (KB932823-v3)-->"C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe" Update für Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe" Update für Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe" Update für Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe" Update für Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe" Update für Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe" Update für Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe" Update für Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe" Update für Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe" Update für Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe" Update für Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe" VeohTV BETA-->C:\Programme\InstallShield Installation Information\{0405E51E-9582-4207-8F38-AC44201D3808}\setup.exe -runfromtemp -l0x0409 Wichtiges Update für Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe" Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe" Windows Live Anmelde-Assistent-->MsiExec.exe /I{52B97218-98CB-4B8B-9283-D213C85E1AA4} Windows Live Call-->MsiExec.exe /I{5FC68772-6D56-41C6-9DF1-24E868198AE6} Windows Live Communications Platform-->MsiExec.exe /I{ED00D08A-3C5F-488D-93A0-A04F21F23956} Windows Live Essentials-->C:\Programme\Windows Live\Installer\wlarp.exe Windows Live Essentials-->MsiExec.exe /I{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F} Windows Live Messenger-->MsiExec.exe /X{41E654A9-26D0-4EAC-854B-0FA824FFFABB} Windows Live-Uploadtool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238} Windows XP-Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe Windows-Treiberpaket - Nokia Modem (06/01/2009 4.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokia_blue_C08496D7A0050438DFE13C55799AE2D4157A8E7A\nokia_bluetooth.inf Windows-Treiberpaket - Nokia Modem (06/01/2009 7.01.0.3)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_9C48E34C57B7D4AAE5FFF5FB9B476B538394FD30\nokbtmdm.inf Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)-->C:\PROGRA~1\DIFX\B4723E9A0713E5B1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294\pccsmcfd.inf WISO Sparbuch 2008-->C:\Programme\InstallShield Installation Information\{A1973A71-BC23-4A8C-A0A0-2B0497B7EAF4}\Setup.exe -runfromtemp -l0x0007 -removeonly WISO Sparbuch 2009-->C:\Programme\InstallShield Installation Information\{2792CBEF-15D2-4E2E-8A0F-4D896DBE9607}\Setup.exe -runfromtemp -l0x0007 -removeonly WISO Steuer 2009-->C:\Programme\InstallShield Installation Information\{00C58EBE-223E-4AB6-8AE9-38F27F4420BD}\Setup.exe -runfromtemp -l0x0007 -removeonly WISO Steuer 2010-->"C:\Programme\InstallShield Installation Information\{46B70DEB-97B3-4E38-B746-EC16905E6A8F}\Setup.exe" -runfromtemp -l0x0007 -removeonly Zattoo 3.2.1 Beta-->C:\Programme\Zattoo\uninst.exe ======Security center information====== AV: Avira AntiVir PersonalEdition ======System event log====== Computer Name: SCHAKKELINE Event Code: 7035 Message: Der Steuerbefehl "starten" wurde erfolgreich an den Dienst "RAS-Verbindungsverwaltung" gesendet. Record Number: 64224 Source Name: Service Control Manager Time Written: 20100316181536.000000+060 Event Type: Informationen User: SCHAKKELINE\Administrator Computer Name: SCHAKKELINE Event Code: 7036 Message: Dienst "Telefonie" befindet sich jetzt im Status "Ausgeführt". Record Number: 64223 Source Name: Service Control Manager Time Written: 20100316181536.000000+060 Event Type: Informationen User: Computer Name: SCHAKKELINE Event Code: 7036 Message: Dienst "Kompatibilität für schnelle Benutzerumschaltung" befindet sich jetzt im Status "Ausgeführt". Record Number: 64222 Source Name: Service Control Manager Time Written: 20100316181532.000000+060 Event Type: Informationen User: Computer Name: SCHAKKELINE Event Code: 7035 Message: Der Steuerbefehl "starten" wurde erfolgreich an den Dienst "Kompatibilität für schnelle Benutzerumschaltung" gesendet. Record Number: 64221 Source Name: Service Control Manager Time Written: 20100316181532.000000+060 Event Type: Informationen User: NT-AUTORITÄT\SYSTEM Computer Name: SCHAKKELINE Event Code: 7036 Message: Dienst "SSDP-Suchdienst" befindet sich jetzt im Status "Ausgeführt". Record Number: 64220 Source Name: Service Control Manager Time Written: 20100316180006.000000+060 Event Type: Informationen User: =====Application event log===== Computer Name: SCHAKKELINE Event Code: 0 Message: Record Number: 14637 Source Name: RichVideo Time Written: 20100119204725.000000+060 Event Type: Informationen User: Computer Name: SCHAKKELINE Event Code: 1 Message: Record Number: 14636 Source Name: Bonjour Service Time Written: 20100119204716.000000+060 Event Type: Informationen User: Computer Name: SCHAKKELINE Event Code: 4096 Message: Record Number: 14635 Source Name: Avira AntiVir Time Written: 20100119204712.000000+060 Event Type: Informationen User: NT-AUTORITÄT\SYSTEM Computer Name: SCHAKKELINE Event Code: 1007 Message: Der Endbenutzer-Lizenzvertrag wurde zuvor abgelehnt. Record Number: 14634 Source Name: WgaSetup Time Written: 20100119192625.000000+060 Event Type: Informationen User: Computer Name: SCHAKKELINE Event Code: 1003 Message: Setup fehlgeschlagen. Code = 0x800704c7, Fehler = Der Vorgang wurde durch den Benutzer abgebrochen. ??? Record Number: 14633 Source Name: WgaSetup Time Written: 20100119192625.000000+060 Event Type: Informationen User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=C:\Programme\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM;C:\Programme\Gemeinsame Dateien\Adobe\AGL;C:\Programme\Gemeinsame Dateien\Teleca Shared;C:\Programme\QuickTime\QTSystem\ "windir"=%SystemRoot% "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=15 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 107 Stepping 1, AuthenticAMD "PROCESSOR_REVISION"=6b01 "NUMBER_OF_PROCESSORS"=2 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "FP_NO_HOST_CHECK"=NO "CLASSPATH"=.;C:\Programme\Java\jre1.6.0_03\lib\ext\QTJava.zip "QTJAVA"=C:\Programme\Java\jre1.6.0_03\lib\ext\QTJava.zip "KDS_LANGUAGE"=6 -----------------EOF----------------- Ich hoffe, das war alles richtig so. Und freue mich natürlich über Hilfe! Beste Grüße sususoleil |
|
19.04.2010, 13:50
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Avira meldet Virus: BDS/Syspck.A Hallo und
__________________ bitte nen Vollscan mit Malwarebytes machen und Log posten. Danach bitte OSAM und OTL: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ |
|
20.04.2010, 13:09
| #3 |
| | Avira meldet Virus: BDS/Syspck.A Hallo Arne,
__________________erstmal danke für die schnelle Antwort und entschuldigung für meine SPÄTE Antwort... ich habe ein kleines Baby und bin nicht immer so flexibel am PC... ich habe alle Programme durchlaufen lassen: OTL: OTL logfile created on: 20.04.2010 13:58:02 - Run 1 OTL by OldTimer - Version 3.2.1.3 Folder = C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Downloads Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1.023,00 Mb Total Physical Memory | 508,00 Mb Available Physical Memory | 50,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 80,00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 48,83 Gb Total Space | 27,13 Gb Free Space | 55,57% Space Free | Partition Type: NTFS Drive D: | 647,19 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive E: | 79,16 Gb Total Space | 78,11 Gb Free Space | 98,66% Space Free | Partition Type: NTFS F: Drive not present or media not loaded Drive G: | 104,89 Gb Total Space | 25,41 Gb Free Space | 24,23% Space Free | Partition Type: NTFS H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: SCHAKKELINE Current User Name: Administrator Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia) PRC - C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia.) PRC - C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia) PRC - C:\Programme\PC Connectivity Solution\Transports\NclRSSrv.exe (Nokia) PRC - C:\Programme\Cyberlink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.) PRC - C:\Programme\AntiVir PersonalEdition Classic\sched.exe (Avira GmbH) PRC - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe (Avira GmbH) PRC - C:\Programme\Veoh\VeohClient.exe (Veoh Networks) PRC - C:\Programme\Kodak\Printer\Center\KodakSvc.exe (Eastman Kodak Company) PRC - C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH) PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company) PRC - C:\Programme\Java\jre1.6.0_05\bin\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Programme\Java\jre1.6.0_05\bin\jucheck.exe (Sun Microsystems, Inc.) PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple, Inc.) PRC - C:\Programme\Last.fm\LastFMHelper.exe (Last.fm) PRC - C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe (Lavasoft AB) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\PowerDVD\PDVDServ.exe (Cyberlink Corp.) PRC - C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe (NVIDIA Corporation) PRC - C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe (NVIDIA Corporation) PRC - C:\Programme\avmwlanstick\FRITZWLanMini.exe (AVM Berlin GmbH) PRC - C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe (Apache Software Foundation) PRC - C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe (Sony Ericsson Mobile Communications AB) PRC - C:\Programme\Octoshape Streaming Services\Administrator\OctoshapeClient.exe () PRC - C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe (Sony Ericsson Mobile Communications AB) PRC - C:\Programme\Gemeinsame Dateien\Teleca Shared\Generic.exe (Teleca Software Solutions) PRC - C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated) PRC - C:\Programme\Gemeinsame Dateien\Teleca Shared\CapabilityManager.exe (Teleca Software Solutions AB) ========== Modules (SafeList) ========== MOD - C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Downloads\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia.) SRV - (AntiVirScheduler) -- C:\Programme\AntiVir PersonalEdition Classic\sched.exe (Avira GmbH) SRV - (AntiVirService) -- C:\Programme\AntiVir PersonalEdition Classic\avguard.exe (Avira GmbH) SRV - (KodakSvc) -- C:\Programme\Kodak\printer\center\KodakSvc.exe (Eastman Kodak Company) SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple, Inc.) SRV - (Adobe LM Service) -- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems) SRV - (aawservice) -- C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe (Lavasoft AB) SRV - (nSvcIp) -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe (NVIDIA Corporation) SRV - (nSvcLog) -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe (NVIDIA Corporation) SRV - (ForcewareWebInterface) -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe (Apache Software Foundation) SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation) ========== Driver Services (SafeList) ========== DRV - (Tcpip6) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation) DRV - (NinjaUSB) -- C:\WINDOWS\system32\drivers\NinjaUSB.sys () DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Programme\AntiVir PersonalEdition Classic\avgntflt.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\AntiVir PersonalEdition Classic\avgio.sys (Avira GmbH) DRV - (UsbserFilt) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys (Nokia) DRV - (upperdev) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Nokia) DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia) DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia) DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (AVIRA GmbH) DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.) DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation) DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation) DRV - (nvata) -- C:\WINDOWS\System32\DRIVERS\nvata.sys (NVIDIA Corporation) DRV - (FWLANUSB) -- C:\WINDOWS\system32\drivers\fwlanusb.sys (AVM GmbH) DRV - (w810obex) -- C:\WINDOWS\system32\drivers\w810obex.sys (MCCI) DRV - (w810mdm) -- C:\WINDOWS\system32\drivers\w810mdm.sys (MCCI) DRV - (w810mgmt) Sony Ericsson W810 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\w810mgmt.sys (MCCI) DRV - (w810mdfl) -- C:\WINDOWS\system32\drivers\w810mdfl.sys (MCCI) DRV - (w810bus) Sony Ericsson W810 Driver driver (WDM) -- C:\WINDOWS\system32\drivers\w810bus.sys (MCCI) DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys (Windows (R) Server 2003 DDK provider) DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation) DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation) DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation) DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Bing" FF - prefs.js..browser.search.defaulturl: "hxxp://www.bing.com/search?FORM=IEFM1&q=" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://de.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de  fficial"FF - prefs.js..extensions.enabledItems: videofinder@veoh.com:1.3 FF - prefs.js..keyword.URL: "hxxp://www.bing.com/search?FORM=IEFM1&q=" FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Programme\Nokia\Nokia PC Suite 7\bkmrksync\ [2009.08.23 19:15:13 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.04.03 13:32:50 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.04.03 13:32:50 | 000,000,000 | ---D | M] [2009.01.14 16:05:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions [2010.04.18 20:00:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\wsmkqp1q.default\extensions [2009.09.02 19:36:53 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\wsmkqp1q.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009.11.24 22:32:11 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\wsmkqp1q.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2008.07.20 22:58:38 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\wsmkqp1q.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2009.10.25 20:14:37 | 000,002,163 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\wsmkqp1q.default\searchplugins\bing.xml [2010.04.18 20:00:57 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2007.09.27 17:59:30 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2006.09.26 13:03:14 | 000,098,304 | ---- | M] (Zylom) -- C:\Programme\Mozilla Firefox\plugins\npzylomgamesplayer.dll [2010.03.16 20:28:04 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.03.16 20:28:04 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.03.16 20:28:04 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.03.16 20:28:04 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.03.16 20:28:04 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2001.08.23 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (PDFCreator Toolbar Helper) - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll () O3 - HKLM\..\Toolbar: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll () O3 - HKLM\..\Toolbar: (Veoh Browser Plug-in) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Programme\Veoh\Plugins\reg\VeohToolbar.dll (Veoh Networks Inc) O3 - HKCU\..\Toolbar\WebBrowser: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll () O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [avgnt] C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\FRITZWLanMini.exe (AVM Berlin GmbH) O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [PDVDDXSrv] C:\Programme\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.) O4 - HKLM..\Run: [RemoteControl] C:\Programme\PowerDVD\PDVDServ.exe (Cyberlink Corp.) O4 - HKLM..\Run: [SkyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [Sony Ericsson PC Suite] C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe (Sony Ericsson Mobile Communications AB) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.6.0_05\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKCU..\Run: [] File not found O4 - HKCU..\Run: [Octoshape Streaming Services] C:\Programme\Octoshape Streaming Services\Administrator\OctoshapeClient.exe () O4 - HKCU..\Run: [PC Suite Tray] C:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia) O4 - HKCU..\Run: [Veoh] C:\Programme\Veoh\VeohClient.exe (Veoh Networks) O4 - HKLM..\RunOnceEx: [] File not found O4 - Startup: C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Last.fm Helper.lnk = C:\Programme\Last.fm\LastFMHelper.exe (Last.fm) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.) O9 - Extra Button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\inetrepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\inetrepl.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mctp {d7b95390-b1c5-11d0-b111-0080c712fe82} - C:\Programme\Microsoft ActiveSync\aatp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\system32\msdxm.ocx (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007.07.06 20:30:07 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2009.11.06 18:00:00 | 000,000,052 | R--- | M] () - D:\autorun.inf -- [ CDFS ] O33 - MountPoints2\{0b832fda-d04e-11dd-b773-0019662287bd}\Shell\AutoRun\command - "" = F:\lhh3v.exe -- File not found O33 - MountPoints2\{0b832fda-d04e-11dd-b773-0019662287bd}\Shell\open\Command - "" = F:\lhh3v.exe -- File not found O33 - MountPoints2\{1cf1a6b8-624d-11dc-b478-0019662287bd}\Shell\AutoRun\command - "" = F:\wd_windows_tools\setup.exe -- File not found O33 - MountPoints2\{4622f758-9006-11de-ba37-0019662287bd}\Shell\AutoRun\command - "" = F:\Launcher.exe -- File not found O33 - MountPoints2\{89c4c10f-2c37-11dc-b5c7-806d6172696f}\Shell - "" = AutoRun O33 - MountPoints2\{89c4c10f-2c37-11dc-b5c7-806d6172696f}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{89c4c10f-2c37-11dc-b5c7-806d6172696f}\Shell\AutoRun\command - "" = D:\start.exe -- [2009.11.06 18:00:00 | 000,288,040 | R--- | M] () O33 - MountPoints2\{c6fbbfb2-6d11-11dc-b482-0019662287bd}\Shell - "" = AutoRun O33 - MountPoints2\{c6fbbfb2-6d11-11dc-b482-0019662287bd}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{c6fbbfb2-6d11-11dc-b482-0019662287bd}\Shell\AutoRun\command - "" = F:\pushinst.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe () O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.04.19 11:09:24 | 000,000,000 | ---D | C] -- C:\Programme\trend micro [2010.04.19 11:09:23 | 000,000,000 | ---D | C] -- C:\rsit [2010.04.19 10:43:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Malwarebytes [2010.04.19 10:43:33 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.04.19 10:43:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2010.04.19 10:43:30 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.04.19 10:43:30 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.04.19 10:40:06 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Administrator\Recent [2010.04.19 10:33:50 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner [2010.04.14 12:24:31 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vbscript.dll [2010.04.14 12:23:43 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wintrust.dll [2010.04.14 12:23:41 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cabview.dll [2010.03.26 18:49:56 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe [2010.03.26 18:07:48 | 008,188,928 | ---- | C] (Mozilla) -- C:\Dokumente und Einstellungen\Administrator\Desktop\Firefox Setup 3.6.2.exe [2010.03.25 20:57:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MSN6 [2010.03.25 20:57:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\MSN6 [2009.07.19 10:54:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Eastman Kodak Company [2008.10.22 11:57:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Microsoft [2008.09.01 17:54:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Apple [2007.07.06 20:32:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Microsoft [2007.07.06 20:29:54 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Microsoft [2007.07.06 20:29:54 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Microsoft [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\*.tmp files -> C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\*.tmp -> ] [1 C:\Dokumente und Einstellungen\Administrator\Desktop\*.tmp files -> C:\Dokumente und Einstellungen\Administrator\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.04.20 13:53:54 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job [2010.04.20 13:52:30 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn [2010.04.20 13:52:13 | 000,081,506 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2010.04.20 13:51:31 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.04.20 13:51:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.04.19 20:59:57 | 007,077,888 | -H-- | M] () -- C:\Dokumente und Einstellungen\Administrator\NTUSER.DAT [2010.04.19 20:59:57 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\Administrator\ntuser.ini [2010.04.19 20:13:03 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2010.04.19 16:45:47 | 000,002,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Microsoft Word.lnk [2010.04.19 16:38:23 | 000,020,992 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Malwarebytes.doc [2010.04.19 11:08:48 | 000,000,685 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Verknüpfung mit RSIT.lnk [2010.04.19 10:56:47 | 000,023,040 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\trojanerbericht.doc [2010.04.19 10:40:22 | 000,000,172 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\cc_20100419_104017.reg [2010.04.19 10:39:54 | 000,001,490 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\cc_20100419_103951.reg [2010.04.19 10:39:04 | 000,167,060 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\cc_20100419_103857.reg [2010.04.19 10:33:51 | 000,001,512 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\CCleaner.lnk [2010.04.18 19:47:27 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.04.17 12:17:14 | 000,027,136 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Liebe Tanja.doc [2010.04.14 12:54:21 | 000,000,610 | ---- | M] () -- C:\WINDOWS\wiso.ini [2010.04.09 10:31:58 | 000,020,992 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\arcor2.doc [2010.04.06 09:52:16 | 000,155,648 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.04.06 09:52:16 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2010.03.30 14:04:49 | 000,000,045 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\AVSDVDPlayer.m3u [2010.03.29 15:24:58 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.03.29 15:24:46 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.03.28 20:16:14 | 001,069,228 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010.03.28 20:16:14 | 000,458,476 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2010.03.28 20:16:14 | 000,440,684 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010.03.28 20:16:14 | 000,084,318 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2010.03.28 20:16:14 | 000,071,002 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010.03.26 18:59:17 | 000,001,566 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk [2010.03.26 18:50:41 | 000,000,008 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\jasltw.dat [2010.03.26 17:47:34 | 004,285,396 | -H-- | M] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\IconCache.db [2010.03.26 17:02:30 | 008,188,928 | ---- | M] (Mozilla) -- C:\Dokumente und Einstellungen\Administrator\Desktop\Firefox Setup 3.6.2.exe [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\*.tmp files -> C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\*.tmp -> ] [1 C:\Dokumente und Einstellungen\Administrator\Desktop\*.tmp files -> C:\Dokumente und Einstellungen\Administrator\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.04.19 20:13:03 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2010.04.19 16:38:22 | 000,020,992 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Malwarebytes.doc [2010.04.19 11:08:48 | 000,000,685 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Verknüpfung mit RSIT.lnk [2010.04.19 10:56:46 | 000,023,040 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\trojanerbericht.doc [2010.04.19 10:40:19 | 000,000,172 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\cc_20100419_104017.reg [2010.04.19 10:39:52 | 000,001,490 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\cc_20100419_103951.reg [2010.04.19 10:38:59 | 000,167,060 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\cc_20100419_103857.reg [2010.04.19 10:33:51 | 000,001,512 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\CCleaner.lnk [2010.04.17 12:17:14 | 000,027,136 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Liebe Tanja.doc [2010.04.09 10:31:57 | 000,020,992 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\arcor2.doc [2010.03.26 18:50:41 | 000,000,008 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\jasltw.dat [2010.03.26 18:08:06 | 000,001,566 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk [2010.03.24 20:57:58 | 000,000,008 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\jasltw.dat [2010.01.28 21:19:10 | 000,024,704 | ---- | C] () -- C:\WINDOWS\System32\drivers\NinjaUSB.sys [2009.12.16 15:35:01 | 000,131,080 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\mdbu.bin [2009.07.20 20:28:24 | 000,012,800 | ---- | C] () -- C:\WINDOWS\System32\EKDeviceServices.dll [2008.09.23 20:16:14 | 000,000,298 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\IfolorJavaUpload.data [2008.05.19 20:32:48 | 000,003,040 | ---- | C] () -- C:\WINDOWS\tm.ini [2008.04.24 07:18:02 | 000,014,852 | ---- | C] () -- C:\Programme\settings.dat [2008.04.15 06:48:44 | 000,000,610 | ---- | C] () -- C:\WINDOWS\wiso.ini [2008.01.03 21:51:37 | 000,000,045 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\AVSDVDPlayer.m3u [2008.01.03 21:48:05 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2008.01.03 21:48:05 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2007.10.19 06:44:40 | 000,001,755 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QTSBandwidthCache [2007.09.29 18:54:28 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html [2007.09.24 20:10:34 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2007.07.08 17:44:28 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2007.07.08 17:34:16 | 000,143,360 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll [2007.07.08 17:22:36 | 000,271,264 | ---- | C] () -- C:\WINDOWS\System32\vbrun100.dll [2007.07.08 14:13:35 | 000,004,563 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini [2007.07.08 14:13:32 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS [2007.07.06 21:34:46 | 000,155,648 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007.07.06 21:16:46 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2007.07.06 20:32:41 | 000,001,024 | -H-- | C] () -- C:\Dokumente und Einstellungen\Administrator\ntuser.dat.LOG [2007.07.06 20:32:41 | 000,000,190 | -HS- | C] () -- C:\Dokumente und Einstellungen\Administrator\ntuser.ini [2007.07.06 20:32:40 | 007,077,888 | -H-- | C] () -- C:\Dokumente und Einstellungen\Administrator\NTUSER.DAT [2006.12.22 11:36:06 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\tvOut.dll [2006.12.22 11:36:06 | 000,038,912 | ---- | C] () -- C:\WINDOWS\System32\stvp.dll [2006.10.31 08:35:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2006.10.31 08:35:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2006.10.31 08:35:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2006.10.31 08:35:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll [2006.10.31 08:35:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2006.10.31 08:35:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2006.10.31 08:35:00 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll [2004.08.04 14:00:00 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll [1999.01.22 20:46:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL < End of report > extras: OTL Extras logfile created on: 20.04.2010 13:58:02 - Run 1 OTL by OldTimer - Version 3.2.1.3 Folder = C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Downloads Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1.023,00 Mb Total Physical Memory | 508,00 Mb Available Physical Memory | 50,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 80,00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 48,83 Gb Total Space | 27,13 Gb Free Space | 55,57% Space Free | Partition Type: NTFS Drive D: | 647,19 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive E: | 79,16 Gb Total Space | 78,11 Gb Free Space | 98,66% Space Free | Partition Type: NTFS F: Drive not present or media not loaded Drive G: | 104,89 Gb Total Space | 25,41 Gb Free Space | 24,23% Space Free | Partition Type: NTFS H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: SCHAKKELINE Current User Name: Administrator Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\Programme\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Programme\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation) http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet isabled:@xpsp2res.dll,-22007"2869:TCP" = 2869:TCP:LocalSubNet isabled:@xpsp2res.dll,-22008========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Programme\MSN Messenger\livecall.exe" = C:\Programme\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found "C:\Programme\Cyberlink\PowerDVD DX\PowerDVD.exe" = C:\Programme\Cyberlink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX -- (CyberLink Corp.) "C:\Programme\Cyberlink\PowerDVD DX\PDVDDXSrv.exe" = C:\Programme\Cyberlink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program -- (CyberLink Corp.) "C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Programme\uTorrent\uTorrent.exe" = C:\Programme\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- () "C:\Programme\Last.fm\LastFM.exe" = C:\Programme\Last.fm\LastFM.exe:*:Enabled:Last.fm -- (Last.fm) "C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation) "C:\Programme\PowerDVD\PowerDVD.exe" = C:\Programme\PowerDVD\PowerDVD.exe:*:Enabled:CyberLink PowerDVD -- (CyberLink Corp.) "C:\WINDOWS\system32\java.exe" = C:\WINDOWS\system32\java.exe:* isabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.) "C:\Programme\Octoshape Streaming Services\Administrator\OctoshapeClient.exe" = C:\Programme\Octoshape Streaming Services\Administrator\OctoshapeClient.exe:*:Enabled:OctoshapeClient -- () "C:\Programme\Zattoo\zattood.exe" = C:\Programme\Zattoo\zattood.exe:*:Enabled:zattood -- () "C:\Programme\Zattoo\Zattoo2.exe" = C:\Programme\Zattoo\Zattoo2.exe:*:Enabled: -- () "C:\Programme\Zattoo\Zattoo.exe" = C:\Programme\Zattoo\Zattoo.exe:*:Enabled: -- () "C:\Programme\MSN Messenger\livecall.exe" = C:\Programme\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found "C:\Programme\Microsoft ActiveSync\wcescomm.exe" = C:\Programme\Microsoft ActiveSync\wcescomm.exe:*:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation) "C:\Programme\Microsoft ActiveSync\WCESMgr.exe" = C:\Programme\Microsoft ActiveSync\WCESMgr.exe:*:Enabled:ActiveSync Application -- (Microsoft Corporation) "C:\Programme\Veoh\VeohClient.exe" = C:\Programme\Veoh\VeohClient.exe:* isabled:Veoh Client -- (Veoh Networks)"C:\Programme\Cyberlink\PowerDVD DX\PowerDVD.exe" = C:\Programme\Cyberlink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX -- (CyberLink Corp.) "C:\Programme\Cyberlink\PowerDVD DX\PDVDDXSrv.exe" = C:\Programme\Cyberlink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program -- (CyberLink Corp.) "C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Premium "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{00C58EBE-223E-4AB6-8AE9-38F27F4420BD}" = WISO Steuer 2009 "{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA "{0819E89D-6214-4B6F-A18D-4633CB4E0E4A}" = Softwareupdate für Webordner "{0996C331-6DCB-4E38-A3EC-0A77ABAE1361}" = Help_CTR "{0C973594-7DDF-4BD0-84ED-3517F7622037}" = PC Connectivity Solution "{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}" = QuickTime "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86 "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{236BB7C4-4419-42FD-0407-1E257A25E34D}" = Adobe Photoshop CS2 "{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2 "{2792CBEF-15D2-4E2E-8A0F-4D896DBE9607}" = WISO Sparbuch 2009 "{2A97D5B3-A989-47E1-B207-1CA9E3635655}" = aioprnt "{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3 "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5 "{3BED0238-3A25-41AE-BC23-316914B5B048}" = aioocr "{3D39E775-DDDA-4327-B747-0BDC5F191331}" = Nokia PC Suite "{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger "{44734179-8A79-4DEE-BB08-73037F065543}" = Apple Mobile Device Support "{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg "{45D4F727-43B5-49CD-B474-B9866A8F4FB8}" = Nokia Map Loader "{46AC899A-9ECB-43DC-85DE-272E0D116A1E}" = Ad-Aware 2007 "{46B70DEB-97B3-4E38-B746-EC16905E6A8F}" = WISO Steuer 2010 "{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}" = Bonjour "{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0 "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{52D02A2B-03D2-4E34-A358-DC5D951FD296}" = Nokia Connectivity Cable Driver "{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}" = iTunes "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6E65247F-58F9-41CA-BE69-0316F7907170}" = Disc2Phone "{73F1681F-ADE1-461F-9F18-B7640507D395}" = ksdip "{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = LiveUpdate BVRP Software "{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0 "{791E3D44-33D3-4446-82AD-5CD4B0169083}" = aiofw "{79E41D91-BA1C-44B9-9358-48E598263ECF}" = center "{843081BD-351F-46FC-8A17-517A0D9117A3}" = helptut "{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU "{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer "{91A4AD99-69CE-4745-97B7-0E0DFBECFDE5}" = Adobe Illustrator CS "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{A1973A71-BC23-4A8C-A0A0-2B0497B7EAF4}" = WISO Sparbuch 2008 "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A987FEC8-5616-49BD-BCA6-ACFFFE7403FE}" = IKEA Home Planner "{AC76BA86-7AD7-1031-7B44-A81200000003}" = Adobe Reader 8.1.2 - Deutsch "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0 "{C0251585-1BE8-4278-B3CB-964B6E01C59D}" = aioscnnr "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C5ADA65A-7828-4D85-B071-ECC52B51F794}" = Sony Ericsson PC Suite 1.20.173 "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = KODAK All-in-One-Druckersoftware "{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR "{DC626A21-EDF1-40C7-8F2F-D2BA7535529F}" = helpug "{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0 "{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F18E8A0F-BE99-4305-96A5-6C0FD9D7D999}" = mobile PhoneTools "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0407-1E257A25E34D}" = Adobe Photoshop CS2 "Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2 "Adobe SVG Viewer" = Adobe SVG Viewer 3.0 "AntiVir PersonalEdition Classic" = Avira AntiVir Personal - Free Antivirus "AVS DVD Player_is1" = AVS DVD Player version 2.4 "BlazeDVD 7 Professional_is1" = BlazeDVD 7 Professional "CCleaner" = CCleaner "E8A6D621B6D3FC5D43C68C549D959DE76EEF5D84" = Windows-Treiberpaket - Nokia Modem (06/01/2009 4.1) "F779F5541ABD99C95C03B0FD5E3C058B22DA0FF7" = Windows-Treiberpaket - Nokia Modem (06/01/2009 7.01.0.3) "FujiDirekt_is1" = FujiDirekt 2.7 "Heroes of Might and Magic® III" = Heroes of Might and Magic® III Complete "HijackThis" = HijackThis 2.0.2 "InstallShield_{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA "InstallShield_{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager "InstallShield_{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "LastFM_is1" = Last.fm 1.3.2.13 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Monopoly Deluxe" = Monopoly Deluxe "Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3) "Navigator" = SesamTV Media Center "Nero 7 Lite_is1" = Nero 7 Lite 7.9.6.0 "Nero 7 Micro_is1" = Nero 7 Micro 7.9.6.0 "Nokia PC Suite" = Nokia PC Suite "NVIDIA Drivers" = NVIDIA Drivers "PDFCreator Toolbar" = PDFCreator Toolbar "ST6UNST #1" = FreeDVD v2.0 "Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 "WIC" = Windows Imaging Component "Windows CE Services" = Microsoft ActiveSync 3.8 "WinLiveSuite_Wave3" = Windows Live Essentials "Wudf01007" = Microsoft User-Mode Driver Framework Feature Pack 1.7 "WUV20" = Windows Update Agent 2.0 "Zattoo" = Zattoo 3.2.1 Beta ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Move Media Player" = Move Media Player "Octoshape Streaming Services" = Octoshape Streaming Services "uTorrent" = µTorrent ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 06.03.2010 12:33:42 | Computer Name = SCHAKKELINE | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung firefox.exe, Version 1.9.0.3685, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 07.03.2010 17:52:09 | Computer Name = SCHAKKELINE | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung AVSDVDPlayer.exe, Version 2.4.2.125, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 07.03.2010 17:53:54 | Computer Name = SCHAKKELINE | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung AVSDVDPlayer.exe, Version 2.4.2.125, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 12.03.2010 16:52:19 | Computer Name = SCHAKKELINE | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung firefox.exe, Version 1.9.0.3685, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 13.03.2010 14:54:53 | Computer Name = SCHAKKELINE | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung firefox.exe, Version 1.9.0.3685, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 13.03.2010 15:56:56 | Computer Name = SCHAKKELINE | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung firefox.exe, Version 1.9.0.3685, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 18.03.2010 17:01:28 | Computer Name = SCHAKKELINE | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung firefox.exe, Version 1.9.0.3685, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 19.03.2010 10:16:59 | Computer Name = SCHAKKELINE | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung firefox.exe, Version 1.9.0.3685, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 24.03.2010 15:01:24 | Computer Name = SCHAKKELINE | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung firefox.exe, Version 1.9.0.3685, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 24.03.2010 15:01:26 | Computer Name = SCHAKKELINE | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung firefox.exe, Version 1.9.0.3685, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. [ System Events ] Error - 20.03.2010 05:58:56 | Computer Name = SCHAKKELINE | Source = Service Control Manager | ID = 7011 Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung von Dienst NVSvc. Error - 22.03.2010 14:17:45 | Computer Name = SCHAKKELINE | Source = Service Control Manager | ID = 7011 Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung von Dienst NVSvc. Error - 23.03.2010 04:34:10 | Computer Name = SCHAKKELINE | Source = Service Control Manager | ID = 7011 Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung von Dienst NVSvc. Error - 23.03.2010 09:37:49 | Computer Name = SCHAKKELINE | Source = Service Control Manager | ID = 7011 Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung von Dienst NVSvc. Error - 24.03.2010 04:09:16 | Computer Name = SCHAKKELINE | Source = Service Control Manager | ID = 7011 Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung von Dienst NVSvc. Error - 24.03.2010 14:58:44 | Computer Name = SCHAKKELINE | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Microsoft Kernel-Echounterdrückung" wurde aufgrund folgenden Fehlers nicht gestartet: %%31 Error - 24.03.2010 15:01:16 | Computer Name = SCHAKKELINE | Source = Service Control Manager | ID = 7011 Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung von Dienst NVSvc. Error - 25.03.2010 07:52:10 | Computer Name = SCHAKKELINE | Source = Service Control Manager | ID = 7011 Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung von Dienst NVSvc. Error - 09.04.2010 07:11:32 | Computer Name = SCHAKKELINE | Source = Service Control Manager | ID = 7011 Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung von Dienst NVSvc. Error - 19.04.2010 05:04:29 | Computer Name = SCHAKKELINE | Source = sr | ID = 1 Description = Beim Verarbeiten der Datei "" auf Volume "HarddiskVolume1" ist im Wiederherstellungsfilter der unerwartete Fehler "0xC0000001" aufgetreten. Die Volumeüberwachung wurde angehalten. < End of report > Malware Fullscan: Malwarebytes' Anti-Malware 1.45 www.malwarebytes.org Datenbank Version: 4006 Windows 5.1.2600 Service Pack 2 Internet Explorer 7.0.5730.11 19.04.2010 16:28:55 mbam-log-2010-04-19 (16-28-55).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|G:\|) Durchsuchte Objekte: 185096 Laufzeit: 48 Minute(n), 47 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Ich hoffe, das war es, was du benötigt hast. Beste Grüße Sususoleil |
|
20.04.2010, 20:01
| #5 |
| | Avira meldet Virus: BDS/Syspck.A huch, das hatte ich vergessen reinzukopieren. Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 16:45:20 on 19.04.2010 OS: Windows XP Professional Service Pack 2 (Build 2600) Default Browser: Mozilla Corporation Firefox 3.6.3 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Boot Execute] -----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )----- "BootExecute" - ? - C:\WINDOWS\system32\lsdelete.exe (File found, but it contains no detailed information) [Common] -----( %SystemRoot%\Tasks )----- "AppleSoftwareUpdate.job" - "Apple Inc." - C:\Programme\Apple Software Update\SoftwareUpdate.exe "SesamTVMC.job" - ? - C:\WINDOWS\Tasks\SesamTVMC.job "WGASetup.job" - "Microsoft Corporation" - C:\WINDOWS\system32\KB905474\wgasetup.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl "javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl "mbllnk.cpl" - "AvantGo, Inc." - C:\WINDOWS\system32\mbllnk.cpl "nvcpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.cpl "nvtuicpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvtuicpl.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Adobe Gamma" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma.cpl "AdobeGamma" - ? - %CommonFiles%\Adobe\Callibration\Adobe Gamma.cpl (File not found) "Avira AntiVir PersonalEdition Classic" - "Avira GmbH" - C:\PROGRA~1\ANTIVI~1\avconfig.cpl "ECSEPM" - "Sony Ericsson Mobile Communications AB" - C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\ecsepm.cpl "NokiaConnectionManager" - "Nokia" - C:\PROGRA~1\Nokia\NOKIAP~1\CONNEC~1.CPL "QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "avgio" (avgio) - "Avira GmbH" - C:\Programme\AntiVir PersonalEdition Classic\avgio.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\Programme\AntiVir PersonalEdition Classic\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys "Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found) "Freecom Turbo USB 2.0" (NinjaUSB) - ? - C:\WINDOWS\System32\drivers\NinjaUSB.sys "GEARAspiWDM" (GEARAspiWDM) - "GEAR Software Inc." - C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys "i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys (File not found) "lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found) "PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found) "PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found) "PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found) "PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found) "PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found) "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys "ssmdrv" (ssmdrv) - "AVIRA GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys "tbzhbgwh" (tbzhbgwh) - ? - C:\WINDOWS\system32\drivers\tbzhbgwh.sys (File not found) "WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found) [Explorer] -----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {BDEADF00-C265-11d0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\msonsext.dll -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll -----( HKLM\Software\Classes\Protocols\Handler )----- {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL {d7b95390-b1c5-11d0-b111-0080c712fe82} "mctp: Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Programme\Microsoft ActiveSync\aatp.dll {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll (File not found) {1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll {1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Programme\iTunes\iTunesMiniPlayer.dll {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found) {32683183-48a0-441b-a342-7c2a440a9478} "Media Band" - ? - (File not found | COM-object registry key not found) {416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} "Nokia Phone Browser" - "Nokia" - C:\Programme\Nokia\Nokia PC Suite 7\PhoneBrowser.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll {0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL {35786D3C-B075-49b9-88DD-029876E11C01} "Portable Devices" - "Microsoft Corporation" - C:\WINDOWS\system32\wpdshext.dll {D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} "Portable Devices Menu" - "Microsoft Corporation" - C:\WINDOWS\system32\wpdshext.dll {640167b4-59b0-47a6-b335-a6b3c0695aea} "Portable Media Devices" - "Microsoft Corporation" - C:\WINDOWS\system32\audiodev.dll {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\AntiVir PersonalEdition Classic\shlext.dll {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll {764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found) {6B3A1F0C-C382-40d6-AA13-33B0AB46EEAA} "ShellExt.BatchResultContextMenu" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {82C62DC5-1A4B-43ac-92C8-571410996B45} "ShellExt.CommandShellExtension" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll {A5110426-177D-4e08-AB3F-785F10B4439C} "Sony Ericsson Datei-Manager" - "Sony Ericsson Mobile Communications AB" - C:\Programme\Sony Ericsson\Mobile2\File Manager\fmgrgui.dll {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\msonsext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR shell extension" - ? - (File not found | COM-object registry key not found) {F1B9284F-E9DC-4e68-9D7E-42362A59F0FD} "WMP Add To Playlist Launcher" - "Microsoft Corporation" - C:\WINDOWS\system32\wmpshell.dll {8DD448E6-C188-4aed-AF92-44956194EB1F} "WMP Burn Audio CD Launcher" - "Microsoft Corporation" - C:\WINDOWS\system32\wmpshell.dll {CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C} "WMP Play As Playlist Launcher" - "Microsoft Corporation" - C:\WINDOWS\system32\wmpshell.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad )----- {AAA288BA-9A4C-45B0-95D7-94D524869DB5} "WPDShServiceObj Class" - "Microsoft Corporation" - C:\WINDOWS\system32\wpdshserviceobj.dll [Internet Explorer] -----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )----- {32683183-48a0-441b-a342-7c2a440a9478} "{32683183-48a0-441b-a342-7c2a440a9478}" - ? - (File not found | COM-object registry key not found) -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found) <binary data> "PDFCreator Toolbar" - ? - C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} "Java Plug-in 1.6.0_03" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.6.0_03\bin\npjpi160_03.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_05" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.6.0_05\bin\npjpi160_05.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} "Java Plug-in 1.6.0_05" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.6.0_05\bin\npjpi160_05.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_05" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.6.0_05\bin\npjpi160_05.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} "ClsidExtension" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.6.0_05\bin\npjpi160_05.dll {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "ClsidExtension" - "Microsoft Corporation" - C:\Programme\Microsoft ActiveSync\inetrepl.dll {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "Mobilen Favoriten erstellen" - "Microsoft Corporation" - C:\Programme\Microsoft ActiveSync\inetrepl.dll -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} "PDFCreator Toolbar" - ? - C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll {D0943516-5076-4020-A3B5-AEFAF26AB263} "Veoh Browser Plug-in" - "Veoh Networks Inc" - C:\Programme\Veoh\Plugins\reg\VeohToolbar.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll {C451C08A-EC37-45DF-AAAD-18B51AB5E837} "PDFCreator Toolbar Helper" - ? - C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "SSVHelper Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll {5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? - (File not found | COM-object registry key not found) [Logon] -----( %AllUsersProfile%\Startmenü\Programme\Autostart )----- "Adobe Gamma Loader.lnk" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe (Shortcut exists | File exists) "desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini "Last.fm Helper.lnk" - "Last.fm" - C:\Programme\Last.fm\LastFMHelper.exe (Shortcut exists | File exists) "Microsoft Office.lnk" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office\OSA9.EXE (Shortcut exists | File exists) -----( %UserProfile%\Startmenü\Programme\Autostart )----- "Adobe Gamma.lnk" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe (Shortcut exists | File exists) "desktop.ini" - ? - C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\desktop.ini -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "MsnMsgr" - "Microsoft Corporation" - "C:\Programme\Windows Live\Messenger\msnmsgr.exe" /background "Octoshape Streaming Services" - ? - "C:\Programme\Octoshape Streaming Services\Administrator\OctoshapeClient.exe" -inv:bootrun (File found, but it contains no detailed information) "PC Suite Tray" - "Nokia" - "C:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray "Veoh" - "Veoh Networks" - "C:\Programme\Veoh\VeohClient.exe" /VeohHide -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe Photo Downloader" - "Adobe Systems Incorporated" - "C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" "avgnt" - "Avira GmbH" - "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min "AVMWlanClient" - "AVM Berlin GmbH" - C:\Programme\avmwlanstick\FRITZWLANMini.exe "iTunesHelper" - "Apple Inc." - "C:\Programme\iTunes\iTunesHelper.exe" "nwiz" - "NVIDIA Corporation" - nwiz.exe /install "PDVDDXSrv" - "CyberLink Corp." - "C:\Programme\CyberLink\PowerDVD DX\PDVDDXSrv.exe" "QuickTime Task" - "Apple Inc." - "C:\Programme\QuickTime\qttask.exe" -atboottime "RemoteControl" - "Cyberlink Corp." - C:\Programme\PowerDVD\PDVDServ.exe "Sony Ericsson PC Suite" - "Sony Ericsson Mobile Communications AB" - "C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Java\jre1.6.0_05\bin\jusched.exe" [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "PDFCreator" - "internet-support foehr.com" - C:\WINDOWS\system32\pdfcmnnt.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe "Ad-Aware 2007 Service" (aawservice) - "Lavasoft AB" - C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe "Adobe LM Service" (Adobe LM Service) - "Adobe Systems" - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe "AntiVir PersonalEdition Classic Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe "AntiVir PersonalEdition Classic Planer" (AntiVirScheduler) - "Avira GmbH" - C:\Programme\AntiVir PersonalEdition Classic\sched.exe "Apple Mobile Device" (Apple Mobile Device) - "Apple, Inc." - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe "ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe "Automatische Updates" (wuauserv) - "Microsoft Corporation" - C:\WINDOWS\system32\wuauserv.dll "Bonjour-Dienst" (Bonjour Service) - "Apple Inc." - C:\Programme\Bonjour\mDNSResponder.exe "Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Programme\Cyberlink\Shared Files\RichVideo.exe "ForceWare IP service" (nSvcIp) - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe "ForceWare user log service" (nSvcLog) - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe "Forceware Web Interface" (ForcewareWebInterface) - "Apache Software Foundation" - C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Programme\iPod\bin\iPodService.exe "Kodak AiO Device Service" (KodakSvc) - "Eastman Kodak Company" - C:\Programme\Kodak\printer\center\KodakSvc.exe "Portable Media Serial Number Service" (WmdmPmSN) - "Microsoft Corporation" - C:\WINDOWS\system32\mspmsnsv.dll "ServiceLayer" (ServiceLayer) - "Nokia." - C:\Programme\PC Connectivity Solution\ServiceLayer.exe "Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe "Windows Installer" (MSIServer) - "Microsoft Corporation" - C:\WINDOWS\system32\msiexec.exe "Windows Media Player-Netzwerkfreigabedienst" (WMPNetworkSvc) - "Microsoft Corporation" - C:\Programme\Windows Media Player\WMPNetwk.exe "Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [Winlogon] -----( HKCU\Control Panel\IOProcs )----- "MVB" - ? - mvfs32.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Programme\Bonjour\mdnsNSP.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru grüße su |
|
21.04.2010, 15:55
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Avira meldet Virus: BDS/Syspck.ACode:
ATTFilter [Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"tbzhbgwh" (tbzhbgwh) - ? - C:\WINDOWS\system32\drivers\tbzhbgwh.sys (File not found)
__________________ --> Avira meldet Virus: BDS/Syspck.A |
|
22.04.2010, 10:48
| #7 |
| | Avira meldet Virus: BDS/Syspck.A Hallo, hier der Report von OSAM: (Success) HKLM\SYSTEM\CurrentControlSet\Services\tbzhbgwh tbzhbgwh C:\WINDOWS\system32\drivers\tbzhbgwh.sys Und das neue Logfile: Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 11:46:35 on 22.04.2010 OS: Windows XP Professional Service Pack 2 (Build 2600) Default Browser: Mozilla Corporation Firefox 3.6.3 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Boot Execute] -----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )----- "BootExecute" - ? - C:\WINDOWS\system32\lsdelete.exe (File found, but it contains no detailed information) [Common] -----( %SystemRoot%\Tasks )----- "AppleSoftwareUpdate.job" - "Apple Inc." - C:\Programme\Apple Software Update\SoftwareUpdate.exe "SesamTVMC.job" - ? - C:\WINDOWS\Tasks\SesamTVMC.job "WGASetup.job" - "Microsoft Corporation" - C:\WINDOWS\system32\KB905474\wgasetup.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl "javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl "mbllnk.cpl" - "AvantGo, Inc." - C:\WINDOWS\system32\mbllnk.cpl "nvcpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.cpl "nvtuicpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvtuicpl.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Adobe Gamma" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma.cpl "AdobeGamma" - ? - %CommonFiles%\Adobe\Callibration\Adobe Gamma.cpl (File not found) "Avira AntiVir PersonalEdition Classic" - "Avira GmbH" - C:\PROGRA~1\ANTIVI~1\avconfig.cpl "ECSEPM" - "Sony Ericsson Mobile Communications AB" - C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\ecsepm.cpl "NokiaConnectionManager" - "Nokia" - C:\PROGRA~1\Nokia\NOKIAP~1\CONNEC~1.CPL "QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "avgio" (avgio) - "Avira GmbH" - C:\Programme\AntiVir PersonalEdition Classic\avgio.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\Programme\AntiVir PersonalEdition Classic\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys "Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found) "Freecom Turbo USB 2.0" (NinjaUSB) - ? - C:\WINDOWS\System32\drivers\NinjaUSB.sys "GEARAspiWDM" (GEARAspiWDM) - "GEAR Software Inc." - C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys "i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys (File not found) "lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found) "PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found) "PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found) "PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found) "PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found) "PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found) "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys "ssmdrv" (ssmdrv) - "AVIRA GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys "WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found) [Explorer] -----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {BDEADF00-C265-11d0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\msonsext.dll -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll -----( HKLM\Software\Classes\Protocols\Handler )----- {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL {d7b95390-b1c5-11d0-b111-0080c712fe82} "mctp: Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Programme\Microsoft ActiveSync\aatp.dll {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll (File not found) {1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll {1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Programme\iTunes\iTunesMiniPlayer.dll {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found) {32683183-48a0-441b-a342-7c2a440a9478} "Media Band" - ? - (File not found | COM-object registry key not found) {416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} "Nokia Phone Browser" - "Nokia" - C:\Programme\Nokia\Nokia PC Suite 7\PhoneBrowser.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll {0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL {35786D3C-B075-49b9-88DD-029876E11C01} "Portable Devices" - "Microsoft Corporation" - C:\WINDOWS\system32\wpdshext.dll {D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} "Portable Devices Menu" - "Microsoft Corporation" - C:\WINDOWS\system32\wpdshext.dll {640167b4-59b0-47a6-b335-a6b3c0695aea} "Portable Media Devices" - "Microsoft Corporation" - C:\WINDOWS\system32\audiodev.dll {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\AntiVir PersonalEdition Classic\shlext.dll {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll {764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found) {6B3A1F0C-C382-40d6-AA13-33B0AB46EEAA} "ShellExt.BatchResultContextMenu" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {82C62DC5-1A4B-43ac-92C8-571410996B45} "ShellExt.CommandShellExtension" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll {A5110426-177D-4e08-AB3F-785F10B4439C} "Sony Ericsson Datei-Manager" - "Sony Ericsson Mobile Communications AB" - C:\Programme\Sony Ericsson\Mobile2\File Manager\fmgrgui.dll {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\msonsext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR shell extension" - ? - (File not found | COM-object registry key not found) {F1B9284F-E9DC-4e68-9D7E-42362A59F0FD} "WMP Add To Playlist Launcher" - "Microsoft Corporation" - C:\WINDOWS\system32\wmpshell.dll {8DD448E6-C188-4aed-AF92-44956194EB1F} "WMP Burn Audio CD Launcher" - "Microsoft Corporation" - C:\WINDOWS\system32\wmpshell.dll {CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C} "WMP Play As Playlist Launcher" - "Microsoft Corporation" - C:\WINDOWS\system32\wmpshell.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad )----- {AAA288BA-9A4C-45B0-95D7-94D524869DB5} "WPDShServiceObj Class" - "Microsoft Corporation" - C:\WINDOWS\system32\wpdshserviceobj.dll [Internet Explorer] -----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )----- {32683183-48a0-441b-a342-7c2a440a9478} "{32683183-48a0-441b-a342-7c2a440a9478}" - ? - (File not found | COM-object registry key not found) -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found) <binary data> "PDFCreator Toolbar" - ? - C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} "Java Plug-in 1.6.0_03" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.6.0_03\bin\npjpi160_03.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_05" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.6.0_05\bin\npjpi160_05.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} "Java Plug-in 1.6.0_05" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.6.0_05\bin\npjpi160_05.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_05" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.6.0_05\bin\npjpi160_05.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} "ClsidExtension" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.6.0_05\bin\npjpi160_05.dll {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "ClsidExtension" - "Microsoft Corporation" - C:\Programme\Microsoft ActiveSync\inetrepl.dll {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "Mobilen Favoriten erstellen" - "Microsoft Corporation" - C:\Programme\Microsoft ActiveSync\inetrepl.dll -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} "PDFCreator Toolbar" - ? - C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll {D0943516-5076-4020-A3B5-AEFAF26AB263} "Veoh Browser Plug-in" - "Veoh Networks Inc" - C:\Programme\Veoh\Plugins\reg\VeohToolbar.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll {C451C08A-EC37-45DF-AAAD-18B51AB5E837} "PDFCreator Toolbar Helper" - ? - C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "SSVHelper Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll {5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? - (File not found | COM-object registry key not found) [Logon] -----( %AllUsersProfile%\Startmenü\Programme\Autostart )----- "Adobe Gamma Loader.lnk" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe (Shortcut exists | File exists) "desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini "Last.fm Helper.lnk" - "Last.fm" - C:\Programme\Last.fm\LastFMHelper.exe (Shortcut exists | File exists) "Microsoft Office.lnk" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office\OSA9.EXE (Shortcut exists | File exists) -----( %UserProfile%\Startmenü\Programme\Autostart )----- "Adobe Gamma.lnk" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe (Shortcut exists | File exists) "desktop.ini" - ? - C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\desktop.ini -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "MsnMsgr" - "Microsoft Corporation" - "C:\Programme\Windows Live\Messenger\msnmsgr.exe" /background "Octoshape Streaming Services" - ? - "C:\Programme\Octoshape Streaming Services\Administrator\OctoshapeClient.exe" -inv:bootrun (File found, but it contains no detailed information) "PC Suite Tray" - "Nokia" - "C:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray "Veoh" - "Veoh Networks" - "C:\Programme\Veoh\VeohClient.exe" /VeohHide -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe Photo Downloader" - "Adobe Systems Incorporated" - "C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" "avgnt" - "Avira GmbH" - "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min "AVMWlanClient" - "AVM Berlin GmbH" - C:\Programme\avmwlanstick\FRITZWLANMini.exe "iTunesHelper" - "Apple Inc." - "C:\Programme\iTunes\iTunesHelper.exe" "nwiz" - "NVIDIA Corporation" - nwiz.exe /install "PDVDDXSrv" - "CyberLink Corp." - "C:\Programme\CyberLink\PowerDVD DX\PDVDDXSrv.exe" "QuickTime Task" - "Apple Inc." - "C:\Programme\QuickTime\qttask.exe" -atboottime "RemoteControl" - "Cyberlink Corp." - C:\Programme\PowerDVD\PDVDServ.exe "Sony Ericsson PC Suite" - "Sony Ericsson Mobile Communications AB" - "C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Java\jre1.6.0_05\bin\jusched.exe" [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "PDFCreator" - "internet-support foehr.com" - C:\WINDOWS\system32\pdfcmnnt.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe "Ad-Aware 2007 Service" (aawservice) - "Lavasoft AB" - C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe "Adobe LM Service" (Adobe LM Service) - "Adobe Systems" - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe "AntiVir PersonalEdition Classic Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe "AntiVir PersonalEdition Classic Planer" (AntiVirScheduler) - "Avira GmbH" - C:\Programme\AntiVir PersonalEdition Classic\sched.exe "Apple Mobile Device" (Apple Mobile Device) - "Apple, Inc." - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe "ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe "Automatische Updates" (wuauserv) - "Microsoft Corporation" - C:\WINDOWS\system32\wuauserv.dll "Bonjour-Dienst" (Bonjour Service) - "Apple Inc." - C:\Programme\Bonjour\mDNSResponder.exe "Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Programme\Cyberlink\Shared Files\RichVideo.exe "ForceWare IP service" (nSvcIp) - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe "ForceWare user log service" (nSvcLog) - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe "Forceware Web Interface" (ForcewareWebInterface) - "Apache Software Foundation" - C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Programme\iPod\bin\iPodService.exe "Kodak AiO Device Service" (KodakSvc) - "Eastman Kodak Company" - C:\Programme\Kodak\printer\center\KodakSvc.exe "Portable Media Serial Number Service" (WmdmPmSN) - "Microsoft Corporation" - C:\WINDOWS\system32\mspmsnsv.dll "ServiceLayer" (ServiceLayer) - "Nokia." - C:\Programme\PC Connectivity Solution\ServiceLayer.exe "Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe "Windows Installer" (MSIServer) - "Microsoft Corporation" - C:\WINDOWS\system32\msiexec.exe "Windows Media Player-Netzwerkfreigabedienst" (WMPNetworkSvc) - "Microsoft Corporation" - C:\Programme\Windows Media Player\WMPNetwk.exe "Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [Winlogon] -----( HKCU\Control Panel\IOProcs )----- "MVB" - ? - mvfs32.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Programme\Bonjour\mdnsNSP.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Hoffe, alles ist richtig. Gruß sususoleil |
|
22.04.2010, 12:03
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Avira meldet Virus: BDS/Syspck.A Sieht gut aus. Bitte nun einen Vollscan mit Malwarebytes machen und Log posten. Vorher bitte Malwarebytes aktualisieren!! Danach OTL: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
22.04.2010, 19:06
| #9 |
| | Avira meldet Virus: BDS/Syspck.A Hallo, so, hier noch einmal die geforderten logs: OTL: OTL Extras logfile created on: 22.04.2010 15:46:27 - Run 2 OTL by OldTimer - Version 3.2.1.3 Folder = C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Downloads Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1.023,00 Mb Total Physical Memory | 483,00 Mb Available Physical Memory | 47,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 80,00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 48,83 Gb Total Space | 27,00 Gb Free Space | 55,31% Space Free | Partition Type: NTFS Drive D: | 647,19 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive E: | 79,16 Gb Total Space | 78,11 Gb Free Space | 98,66% Space Free | Partition Type: NTFS F: Drive not present or media not loaded Drive G: | 104,89 Gb Total Space | 25,41 Gb Free Space | 24,23% Space Free | Partition Type: NTFS H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: SCHAKKELINE Current User Name: Administrator Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\Programme\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Programme\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation) http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet isabled:@xpsp2res.dll,-22007"2869:TCP" = 2869:TCP:LocalSubNet isabled:@xpsp2res.dll,-22008========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Programme\MSN Messenger\livecall.exe" = C:\Programme\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found "C:\Programme\Cyberlink\PowerDVD DX\PowerDVD.exe" = C:\Programme\Cyberlink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX -- (CyberLink Corp.) "C:\Programme\Cyberlink\PowerDVD DX\PDVDDXSrv.exe" = C:\Programme\Cyberlink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program -- (CyberLink Corp.) "C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Programme\uTorrent\uTorrent.exe" = C:\Programme\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- () "C:\Programme\Last.fm\LastFM.exe" = C:\Programme\Last.fm\LastFM.exe:*:Enabled:Last.fm -- (Last.fm) "C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation) "C:\Programme\PowerDVD\PowerDVD.exe" = C:\Programme\PowerDVD\PowerDVD.exe:*:Enabled:CyberLink PowerDVD -- (CyberLink Corp.) "C:\WINDOWS\system32\java.exe" = C:\WINDOWS\system32\java.exe:* isabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.) "C:\Programme\Octoshape Streaming Services\Administrator\OctoshapeClient.exe" = C:\Programme\Octoshape Streaming Services\Administrator\OctoshapeClient.exe:*:Enabled:OctoshapeClient -- () "C:\Programme\Zattoo\zattood.exe" = C:\Programme\Zattoo\zattood.exe:*:Enabled:zattood -- () "C:\Programme\Zattoo\Zattoo2.exe" = C:\Programme\Zattoo\Zattoo2.exe:*:Enabled: -- () "C:\Programme\Zattoo\Zattoo.exe" = C:\Programme\Zattoo\Zattoo.exe:*:Enabled: -- () "C:\Programme\MSN Messenger\livecall.exe" = C:\Programme\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found "C:\Programme\Microsoft ActiveSync\wcescomm.exe" = C:\Programme\Microsoft ActiveSync\wcescomm.exe:*:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation) "C:\Programme\Microsoft ActiveSync\WCESMgr.exe" = C:\Programme\Microsoft ActiveSync\WCESMgr.exe:*:Enabled:ActiveSync Application -- (Microsoft Corporation) "C:\Programme\Veoh\VeohClient.exe" = C:\Programme\Veoh\VeohClient.exe:* isabled:Veoh Client -- (Veoh Networks)"C:\Programme\Cyberlink\PowerDVD DX\PowerDVD.exe" = C:\Programme\Cyberlink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX -- (CyberLink Corp.) "C:\Programme\Cyberlink\PowerDVD DX\PDVDDXSrv.exe" = C:\Programme\Cyberlink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program -- (CyberLink Corp.) "C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Premium "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{00C58EBE-223E-4AB6-8AE9-38F27F4420BD}" = WISO Steuer 2009 "{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA "{0819E89D-6214-4B6F-A18D-4633CB4E0E4A}" = Softwareupdate für Webordner "{0996C331-6DCB-4E38-A3EC-0A77ABAE1361}" = Help_CTR "{0C973594-7DDF-4BD0-84ED-3517F7622037}" = PC Connectivity Solution "{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}" = QuickTime "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86 "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{236BB7C4-4419-42FD-0407-1E257A25E34D}" = Adobe Photoshop CS2 "{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2 "{2792CBEF-15D2-4E2E-8A0F-4D896DBE9607}" = WISO Sparbuch 2009 "{2A97D5B3-A989-47E1-B207-1CA9E3635655}" = aioprnt "{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3 "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5 "{3BED0238-3A25-41AE-BC23-316914B5B048}" = aioocr "{3D39E775-DDDA-4327-B747-0BDC5F191331}" = Nokia PC Suite "{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger "{44734179-8A79-4DEE-BB08-73037F065543}" = Apple Mobile Device Support "{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg "{45D4F727-43B5-49CD-B474-B9866A8F4FB8}" = Nokia Map Loader "{46AC899A-9ECB-43DC-85DE-272E0D116A1E}" = Ad-Aware 2007 "{46B70DEB-97B3-4E38-B746-EC16905E6A8F}" = WISO Steuer 2010 "{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}" = Bonjour "{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0 "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{52D02A2B-03D2-4E34-A358-DC5D951FD296}" = Nokia Connectivity Cable Driver "{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}" = iTunes "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6E65247F-58F9-41CA-BE69-0316F7907170}" = Disc2Phone "{73F1681F-ADE1-461F-9F18-B7640507D395}" = ksdip "{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = LiveUpdate BVRP Software "{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0 "{791E3D44-33D3-4446-82AD-5CD4B0169083}" = aiofw "{79E41D91-BA1C-44B9-9358-48E598263ECF}" = center "{843081BD-351F-46FC-8A17-517A0D9117A3}" = helptut "{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU "{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer "{91A4AD99-69CE-4745-97B7-0E0DFBECFDE5}" = Adobe Illustrator CS "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{A1973A71-BC23-4A8C-A0A0-2B0497B7EAF4}" = WISO Sparbuch 2008 "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A987FEC8-5616-49BD-BCA6-ACFFFE7403FE}" = IKEA Home Planner "{AC76BA86-7AD7-1031-7B44-A81200000003}" = Adobe Reader 8.1.2 - Deutsch "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0 "{C0251585-1BE8-4278-B3CB-964B6E01C59D}" = aioscnnr "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C5ADA65A-7828-4D85-B071-ECC52B51F794}" = Sony Ericsson PC Suite 1.20.173 "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = KODAK All-in-One-Druckersoftware "{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR "{DC626A21-EDF1-40C7-8F2F-D2BA7535529F}" = helpug "{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0 "{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F18E8A0F-BE99-4305-96A5-6C0FD9D7D999}" = mobile PhoneTools "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0407-1E257A25E34D}" = Adobe Photoshop CS2 "Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2 "Adobe SVG Viewer" = Adobe SVG Viewer 3.0 "AntiVir PersonalEdition Classic" = Avira AntiVir Personal - Free Antivirus "AVS DVD Player_is1" = AVS DVD Player version 2.4 "BlazeDVD 7 Professional_is1" = BlazeDVD 7 Professional "CCleaner" = CCleaner "E8A6D621B6D3FC5D43C68C549D959DE76EEF5D84" = Windows-Treiberpaket - Nokia Modem (06/01/2009 4.1) "F779F5541ABD99C95C03B0FD5E3C058B22DA0FF7" = Windows-Treiberpaket - Nokia Modem (06/01/2009 7.01.0.3) "FujiDirekt_is1" = FujiDirekt 2.7 "Heroes of Might and Magic® III" = Heroes of Might and Magic® III Complete "HijackThis" = HijackThis 2.0.2 "InstallShield_{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA "InstallShield_{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager "InstallShield_{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "LastFM_is1" = Last.fm 1.3.2.13 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Monopoly Deluxe" = Monopoly Deluxe "Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3) "Navigator" = SesamTV Media Center "Nero 7 Lite_is1" = Nero 7 Lite 7.9.6.0 "Nero 7 Micro_is1" = Nero 7 Micro 7.9.6.0 "Nokia PC Suite" = Nokia PC Suite "NVIDIA Drivers" = NVIDIA Drivers "PDFCreator Toolbar" = PDFCreator Toolbar "ST6UNST #1" = FreeDVD v2.0 "Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 "WIC" = Windows Imaging Component "Windows CE Services" = Microsoft ActiveSync 3.8 "WinLiveSuite_Wave3" = Windows Live Essentials "Wudf01007" = Microsoft User-Mode Driver Framework Feature Pack 1.7 "WUV20" = Windows Update Agent 2.0 "Zattoo" = Zattoo 3.2.1 Beta ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Move Media Player" = Move Media Player "Octoshape Streaming Services" = Octoshape Streaming Services "uTorrent" = µTorrent ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 06.03.2010 12:33:42 | Computer Name = SCHAKKELINE | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung firefox.exe, Version 1.9.0.3685, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 07.03.2010 17:52:09 | Computer Name = SCHAKKELINE | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung AVSDVDPlayer.exe, Version 2.4.2.125, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 07.03.2010 17:53:54 | Computer Name = SCHAKKELINE | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung AVSDVDPlayer.exe, Version 2.4.2.125, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 12.03.2010 16:52:19 | Computer Name = SCHAKKELINE | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung firefox.exe, Version 1.9.0.3685, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 13.03.2010 14:54:53 | Computer Name = SCHAKKELINE | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung firefox.exe, Version 1.9.0.3685, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 13.03.2010 15:56:56 | Computer Name = SCHAKKELINE | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung firefox.exe, Version 1.9.0.3685, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 18.03.2010 17:01:28 | Computer Name = SCHAKKELINE | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung firefox.exe, Version 1.9.0.3685, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 19.03.2010 10:16:59 | Computer Name = SCHAKKELINE | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung firefox.exe, Version 1.9.0.3685, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 24.03.2010 15:01:24 | Computer Name = SCHAKKELINE | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung firefox.exe, Version 1.9.0.3685, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 24.03.2010 15:01:26 | Computer Name = SCHAKKELINE | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung firefox.exe, Version 1.9.0.3685, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. [ System Events ] Error - 22.03.2010 14:17:45 | Computer Name = SCHAKKELINE | Source = Service Control Manager | ID = 7011 Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung von Dienst NVSvc. Error - 23.03.2010 04:34:10 | Computer Name = SCHAKKELINE | Source = Service Control Manager | ID = 7011 Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung von Dienst NVSvc. Error - 23.03.2010 09:37:49 | Computer Name = SCHAKKELINE | Source = Service Control Manager | ID = 7011 Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung von Dienst NVSvc. Error - 24.03.2010 04:09:16 | Computer Name = SCHAKKELINE | Source = Service Control Manager | ID = 7011 Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung von Dienst NVSvc. Error - 24.03.2010 14:58:44 | Computer Name = SCHAKKELINE | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Microsoft Kernel-Echounterdrückung" wurde aufgrund folgenden Fehlers nicht gestartet: %%31 Error - 24.03.2010 15:01:16 | Computer Name = SCHAKKELINE | Source = Service Control Manager | ID = 7011 Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung von Dienst NVSvc. Error - 25.03.2010 07:52:10 | Computer Name = SCHAKKELINE | Source = Service Control Manager | ID = 7011 Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung von Dienst NVSvc. Error - 09.04.2010 07:11:32 | Computer Name = SCHAKKELINE | Source = Service Control Manager | ID = 7011 Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung von Dienst NVSvc. Error - 19.04.2010 05:04:29 | Computer Name = SCHAKKELINE | Source = sr | ID = 1 Description = Beim Verarbeiten der Datei "" auf Volume "HarddiskVolume1" ist im Wiederherstellungsfilter der unerwartete Fehler "0xC0000001" aufgetreten. Die Volumeüberwachung wurde angehalten. < End of report > |
|
22.04.2010, 19:08
| #10 |
| | Avira meldet Virus: BDS/Syspck.A OTL2: OTL logfile created on: 22.04.2010 15:46:27 - Run 2 OTL by OldTimer - Version 3.2.1.3 Folder = C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Downloads Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1.023,00 Mb Total Physical Memory | 483,00 Mb Available Physical Memory | 47,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 80,00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 48,83 Gb Total Space | 27,00 Gb Free Space | 55,31% Space Free | Partition Type: NTFS Drive D: | 647,19 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive E: | 79,16 Gb Total Space | 78,11 Gb Free Space | 98,66% Space Free | Partition Type: NTFS F: Drive not present or media not loaded Drive G: | 104,89 Gb Total Space | 25,41 Gb Free Space | 24,23% Space Free | Partition Type: NTFS H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: SCHAKKELINE Current User Name: Administrator Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia) PRC - C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia.) PRC - C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia) PRC - C:\Programme\PC Connectivity Solution\Transports\NclRSSrv.exe (Nokia) PRC - C:\Programme\Cyberlink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.) PRC - C:\Programme\AntiVir PersonalEdition Classic\sched.exe (Avira GmbH) PRC - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe (Avira GmbH) PRC - C:\Programme\Veoh\VeohClient.exe (Veoh Networks) PRC - C:\Programme\Kodak\Printer\Center\KodakSvc.exe (Eastman Kodak Company) PRC - C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH) PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company) PRC - C:\Programme\Java\jre1.6.0_05\bin\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Programme\Java\jre1.6.0_05\bin\jucheck.exe (Sun Microsystems, Inc.) PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple, Inc.) PRC - C:\Programme\Last.fm\LastFMHelper.exe (Last.fm) PRC - C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe (Lavasoft AB) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\PowerDVD\PDVDServ.exe (Cyberlink Corp.) PRC - C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe (NVIDIA Corporation) PRC - C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe (NVIDIA Corporation) PRC - C:\Programme\avmwlanstick\FRITZWLanMini.exe (AVM Berlin GmbH) PRC - C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe (Apache Software Foundation) PRC - C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe (Sony Ericsson Mobile Communications AB) PRC - C:\Programme\Octoshape Streaming Services\Administrator\OctoshapeClient.exe () PRC - C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe (Sony Ericsson Mobile Communications AB) PRC - C:\Programme\Gemeinsame Dateien\Teleca Shared\Generic.exe (Teleca Software Solutions) PRC - C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated) PRC - C:\Programme\Gemeinsame Dateien\Teleca Shared\CapabilityManager.exe (Teleca Software Solutions AB) ========== Modules (SafeList) ========== MOD - C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Downloads\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia.) SRV - (AntiVirScheduler) -- C:\Programme\AntiVir PersonalEdition Classic\sched.exe (Avira GmbH) SRV - (AntiVirService) -- C:\Programme\AntiVir PersonalEdition Classic\avguard.exe (Avira GmbH) SRV - (KodakSvc) -- C:\Programme\Kodak\printer\center\KodakSvc.exe (Eastman Kodak Company) SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple, Inc.) SRV - (Adobe LM Service) -- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems) SRV - (aawservice) -- C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe (Lavasoft AB) SRV - (nSvcIp) -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe (NVIDIA Corporation) SRV - (nSvcLog) -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe (NVIDIA Corporation) SRV - (ForcewareWebInterface) -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe (Apache Software Foundation) SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation) ========== Driver Services (SafeList) ========== DRV - (Tcpip6) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation) DRV - (NinjaUSB) -- C:\WINDOWS\system32\drivers\NinjaUSB.sys () DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Programme\AntiVir PersonalEdition Classic\avgntflt.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\AntiVir PersonalEdition Classic\avgio.sys (Avira GmbH) DRV - (UsbserFilt) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys (Nokia) DRV - (upperdev) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Nokia) DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia) DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia) DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (AVIRA GmbH) DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.) DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation) DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation) DRV - (nvata) -- C:\WINDOWS\System32\DRIVERS\nvata.sys (NVIDIA Corporation) DRV - (FWLANUSB) -- C:\WINDOWS\system32\drivers\fwlanusb.sys (AVM GmbH) DRV - (w810obex) -- C:\WINDOWS\system32\drivers\w810obex.sys (MCCI) DRV - (w810mdm) -- C:\WINDOWS\system32\drivers\w810mdm.sys (MCCI) DRV - (w810mgmt) Sony Ericsson W810 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\w810mgmt.sys (MCCI) DRV - (w810mdfl) -- C:\WINDOWS\system32\drivers\w810mdfl.sys (MCCI) DRV - (w810bus) Sony Ericsson W810 Driver driver (WDM) -- C:\WINDOWS\system32\drivers\w810bus.sys (MCCI) DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys (Windows (R) Server 2003 DDK provider) DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation) DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation) DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation) DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Bing" FF - prefs.js..browser.search.defaulturl: "hxxp://www.bing.com/search?FORM=IEFM1&q=" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://de.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de fficial"FF - prefs.js..extensions.enabledItems: videofinder@veoh.com:1.3 FF - prefs.js..keyword.URL: "hxxp://www.bing.com/search?FORM=IEFM1&q=" FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Programme\Nokia\Nokia PC Suite 7\bkmrksync\ [2009.08.23 19:15:13 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.04.03 13:32:50 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.04.03 13:32:50 | 000,000,000 | ---D | M] [2009.01.14 16:05:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions [2010.04.18 20:00:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\wsmkqp1q.default\extensions [2009.09.02 19:36:53 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\wsmkqp1q.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009.11.24 22:32:11 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\wsmkqp1q.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2008.07.20 22:58:38 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\wsmkqp1q.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2009.10.25 20:14:37 | 000,002,163 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\wsmkqp1q.default\searchplugins\bing.xml [2010.04.18 20:00:57 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2007.09.27 17:59:30 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2006.09.26 13:03:14 | 000,098,304 | ---- | M] (Zylom) -- C:\Programme\Mozilla Firefox\plugins\npzylomgamesplayer.dll [2010.03.16 20:28:04 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.03.16 20:28:04 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.03.16 20:28:04 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.03.16 20:28:04 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.03.16 20:28:04 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2001.08.23 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (PDFCreator Toolbar Helper) - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll () O3 - HKLM\..\Toolbar: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll () O3 - HKLM\..\Toolbar: (Veoh Browser Plug-in) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Programme\Veoh\Plugins\reg\VeohToolbar.dll (Veoh Networks Inc) O3 - HKCU\..\Toolbar\WebBrowser: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll () O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [avgnt] C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\FRITZWLanMini.exe (AVM Berlin GmbH) O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [PDVDDXSrv] C:\Programme\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.) O4 - HKLM..\Run: [RemoteControl] C:\Programme\PowerDVD\PDVDServ.exe (Cyberlink Corp.) O4 - HKLM..\Run: [SkyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [Sony Ericsson PC Suite] C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe (Sony Ericsson Mobile Communications AB) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.6.0_05\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKCU..\Run: [] File not found O4 - HKCU..\Run: [Octoshape Streaming Services] C:\Programme\Octoshape Streaming Services\Administrator\OctoshapeClient.exe () O4 - HKCU..\Run: [PC Suite Tray] C:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia) O4 - HKCU..\Run: [Veoh] C:\Programme\Veoh\VeohClient.exe (Veoh Networks) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\RunOnceEx: [] File not found O4 - Startup: C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Last.fm Helper.lnk = C:\Programme\Last.fm\LastFMHelper.exe (Last.fm) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.) O9 - Extra Button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\inetrepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\inetrepl.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mctp {d7b95390-b1c5-11d0-b111-0080c712fe82} - C:\Programme\Microsoft ActiveSync\aatp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\system32\msdxm.ocx (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007.07.06 20:30:07 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2009.11.06 18:00:00 | 000,000,052 | R--- | M] () - D:\autorun.inf -- [ CDFS ] O33 - MountPoints2\{0b832fda-d04e-11dd-b773-0019662287bd}\Shell\AutoRun\command - "" = F:\lhh3v.exe -- File not found O33 - MountPoints2\{0b832fda-d04e-11dd-b773-0019662287bd}\Shell\open\Command - "" = F:\lhh3v.exe -- File not found O33 - MountPoints2\{1cf1a6b8-624d-11dc-b478-0019662287bd}\Shell\AutoRun\command - "" = F:\wd_windows_tools\setup.exe -- File not found O33 - MountPoints2\{4622f758-9006-11de-ba37-0019662287bd}\Shell\AutoRun\command - "" = F:\Launcher.exe -- File not found O33 - MountPoints2\{89c4c10f-2c37-11dc-b5c7-806d6172696f}\Shell - "" = AutoRun O33 - MountPoints2\{89c4c10f-2c37-11dc-b5c7-806d6172696f}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{89c4c10f-2c37-11dc-b5c7-806d6172696f}\Shell\AutoRun\command - "" = D:\start.exe -- [2009.11.06 18:00:00 | 000,288,040 | R--- | M] () O33 - MountPoints2\{c6fbbfb2-6d11-11dc-b482-0019662287bd}\Shell - "" = AutoRun O33 - MountPoints2\{c6fbbfb2-6d11-11dc-b482-0019662287bd}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{c6fbbfb2-6d11-11dc-b482-0019662287bd}\Shell\AutoRun\command - "" = F:\pushinst.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe () O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.04.22 11:14:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Online Solutions [2010.04.19 11:09:24 | 000,000,000 | ---D | C] -- C:\Programme\trend micro [2010.04.19 11:09:23 | 000,000,000 | ---D | C] -- C:\rsit [2010.04.19 10:43:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Malwarebytes [2010.04.19 10:43:33 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.04.19 10:43:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2010.04.19 10:43:30 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.04.19 10:43:30 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.04.19 10:40:06 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Administrator\Recent [2010.04.19 10:33:50 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner [2010.04.14 12:24:31 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vbscript.dll [2010.04.14 12:23:43 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wintrust.dll [2010.04.14 12:23:41 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cabview.dll [2010.03.26 18:49:56 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe [2010.03.26 18:07:48 | 008,188,928 | ---- | C] (Mozilla) -- C:\Dokumente und Einstellungen\Administrator\Desktop\Firefox Setup 3.6.2.exe [2010.03.25 20:57:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MSN6 [2010.03.25 20:57:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\MSN6 [2009.07.19 10:54:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Eastman Kodak Company [2008.10.22 11:57:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Microsoft [2008.09.01 17:54:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Apple [2007.07.06 20:32:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Microsoft [2007.07.06 20:29:54 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Microsoft [2007.07.06 20:29:54 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Microsoft [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\*.tmp files -> C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\*.tmp -> ] [1 C:\Dokumente und Einstellungen\Administrator\Desktop\*.tmp files -> C:\Dokumente und Einstellungen\Administrator\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.04.22 15:42:59 | 000,020,992 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\mal2.doc [2010.04.22 15:42:46 | 000,002,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Microsoft Word.lnk [2010.04.22 14:34:45 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn [2010.04.22 14:34:42 | 000,081,506 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2010.04.22 14:34:31 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job [2010.04.22 14:31:29 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.04.22 14:31:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.04.22 12:54:35 | 007,077,888 | -H-- | M] () -- C:\Dokumente und Einstellungen\Administrator\NTUSER.DAT [2010.04.22 12:54:35 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\Administrator\ntuser.ini [2010.04.22 11:43:50 | 000,044,525 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\osam2.html [2010.04.22 11:25:04 | 000,019,456 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Hallo.doc [2010.04.19 20:13:03 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2010.04.19 16:38:23 | 000,020,992 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Malwarebytes.doc [2010.04.19 11:08:48 | 000,000,685 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Verknüpfung mit RSIT.lnk [2010.04.19 10:56:47 | 000,023,040 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\trojanerbericht.doc [2010.04.19 10:40:22 | 000,000,172 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\cc_20100419_104017.reg [2010.04.19 10:39:54 | 000,001,490 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\cc_20100419_103951.reg [2010.04.19 10:39:04 | 000,167,060 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\cc_20100419_103857.reg [2010.04.19 10:33:51 | 000,001,512 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\CCleaner.lnk [2010.04.18 19:47:27 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.04.17 12:17:14 | 000,027,136 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Liebe Tanja.doc [2010.04.14 12:54:21 | 000,000,610 | ---- | M] () -- C:\WINDOWS\wiso.ini [2010.04.09 10:31:58 | 000,020,992 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\arcor2.doc [2010.04.06 09:52:16 | 000,155,648 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.04.06 09:52:16 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2010.03.30 14:04:49 | 000,000,045 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\AVSDVDPlayer.m3u [2010.03.29 15:24:58 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.03.29 15:24:46 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.03.28 20:16:14 | 001,069,228 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010.03.28 20:16:14 | 000,458,476 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2010.03.28 20:16:14 | 000,440,684 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010.03.28 20:16:14 | 000,084,318 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2010.03.28 20:16:14 | 000,071,002 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010.03.26 18:59:17 | 000,001,566 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk [2010.03.26 18:50:41 | 000,000,008 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\jasltw.dat [2010.03.26 17:47:34 | 004,285,396 | -H-- | M] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\IconCache.db [2010.03.26 17:02:30 | 008,188,928 | ---- | M] (Mozilla) -- C:\Dokumente und Einstellungen\Administrator\Desktop\Firefox Setup 3.6.2.exe [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\*.tmp files -> C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\*.tmp -> ] [1 C:\Dokumente und Einstellungen\Administrator\Desktop\*.tmp files -> C:\Dokumente und Einstellungen\Administrator\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.04.22 15:42:58 | 000,020,992 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\mal2.doc [2010.04.22 11:43:50 | 000,044,525 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\osam2.html [2010.04.22 11:25:03 | 000,019,456 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Hallo.doc [2010.04.19 20:13:03 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2010.04.19 16:38:22 | 000,020,992 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Malwarebytes.doc [2010.04.19 11:08:48 | 000,000,685 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Verknüpfung mit RSIT.lnk [2010.04.19 10:56:46 | 000,023,040 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\trojanerbericht.doc [2010.04.19 10:40:19 | 000,000,172 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\cc_20100419_104017.reg [2010.04.19 10:39:52 | 000,001,490 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\cc_20100419_103951.reg [2010.04.19 10:38:59 | 000,167,060 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\cc_20100419_103857.reg [2010.04.19 10:33:51 | 000,001,512 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\CCleaner.lnk [2010.04.17 12:17:14 | 000,027,136 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Liebe Tanja.doc [2010.04.09 10:31:57 | 000,020,992 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\arcor2.doc [2010.03.26 18:50:41 | 000,000,008 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\jasltw.dat [2010.03.26 18:08:06 | 000,001,566 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk [2010.03.24 20:57:58 | 000,000,008 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\jasltw.dat [2010.01.28 21:19:10 | 000,024,704 | ---- | C] () -- C:\WINDOWS\System32\drivers\NinjaUSB.sys [2009.12.16 15:35:01 | 000,131,080 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\mdbu.bin [2009.07.20 20:28:24 | 000,012,800 | ---- | C] () -- C:\WINDOWS\System32\EKDeviceServices.dll [2008.09.23 20:16:14 | 000,000,298 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\IfolorJavaUpload.data [2008.05.19 20:32:48 | 000,003,040 | ---- | C] () -- C:\WINDOWS\tm.ini [2008.04.24 07:18:02 | 000,014,852 | ---- | C] () -- C:\Programme\settings.dat [2008.04.15 06:48:44 | 000,000,610 | ---- | C] () -- C:\WINDOWS\wiso.ini [2008.01.03 21:51:37 | 000,000,045 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\AVSDVDPlayer.m3u [2008.01.03 21:48:05 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2008.01.03 21:48:05 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2007.10.19 06:44:40 | 000,001,755 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QTSBandwidthCache [2007.09.29 18:54:28 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html [2007.09.24 20:10:34 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2007.07.08 17:44:28 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2007.07.08 17:34:16 | 000,143,360 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll [2007.07.08 17:22:36 | 000,271,264 | ---- | C] () -- C:\WINDOWS\System32\vbrun100.dll [2007.07.08 14:13:35 | 000,004,563 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini [2007.07.08 14:13:32 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS [2007.07.06 21:34:46 | 000,155,648 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007.07.06 21:16:46 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2007.07.06 20:32:41 | 000,001,024 | -H-- | C] () -- C:\Dokumente und Einstellungen\Administrator\ntuser.dat.LOG [2007.07.06 20:32:41 | 000,000,190 | -HS- | C] () -- C:\Dokumente und Einstellungen\Administrator\ntuser.ini [2007.07.06 20:32:40 | 007,077,888 | -H-- | C] () -- C:\Dokumente und Einstellungen\Administrator\NTUSER.DAT [2006.12.22 11:36:06 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\tvOut.dll [2006.12.22 11:36:06 | 000,038,912 | ---- | C] () -- C:\WINDOWS\System32\stvp.dll [2006.10.31 08:35:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2006.10.31 08:35:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2006.10.31 08:35:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2006.10.31 08:35:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll [2006.10.31 08:35:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2006.10.31 08:35:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2006.10.31 08:35:00 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll [2004.08.04 14:00:00 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll [1999.01.22 20:46:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL < End of report > |
|
22.04.2010, 19:11
| #11 |
| | Avira meldet Virus: BDS/Syspck.A Malware: Malwarebytes' Anti-Malware 1.45 www.malwarebytes.org Datenbank Version: 4021 Windows 5.1.2600 Service Pack 2 Internet Explorer 7.0.5730.11 22.04.2010 15:41:25 mbam-log-2010-04-22 (15-41-25).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|G:\|) Durchsuchte Objekte: 186426 Laufzeit: 48 Minute(n), 3 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Beim Scan hat Avira wieder folgendes gemeldet: In der Datei 'C:\System Volume Information\_restore{EA2AF699-443D-43C9-AA8C-91DB77F9A515}\RP570\A0080017.exe' wurde ein Virus oder unerwünschtes Programm 'BDS/Syspck.A' [backdoor] gefunden. Ausgeführte Aktion: Zugriff verweigern P.S.: ich konnte den Beitrag nicht als einen posten. Da kam den ganzen TAg über eine Fehlermeldeung... verzeihung! Beste Grüße Sususoleil |
|
22.04.2010, 20:08
| #12 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Avira meldet Virus: BDS/Syspck.A Die Logs sehen ok aus. Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
23.04.2010, 11:11
| #13 |
| | Avira meldet Virus: BDS/Syspck.A Hallo, nein, es kam nur diese Meldung unter Malware-Fund. "Zugriff verweigern" ist immer empfohlen... aber dann werde ich in Zukunft die Quarantäne wählen. Aber vielleicht hat sichs ja auch erledigt? Besten Dank jedenfalls und alles Gute! Sususoleil |
|
23.04.2010, 11:36
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Avira meldet Virus: BDS/Syspck.A Das ist aber vermutlich noch mehr, das sollte man abklopfen. Bitte CF anwenden: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.04.2010, 11:58
| #15 |
| | Avira meldet Virus: BDS/Syspck.A Hallo, hier das geforderte Combo-Fix! ComboFix 10-04-21.01 - Administrator 26.04.2010 12:34:19.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.2.1252.49.1031.18.1023.519 [GMT 2:00] ausgeführt von:: c:\dokumente und einstellungen\Administrator\Desktop\cofi.exe.exe AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . C:\test.txt c:\windows\system32\mshta.exe . . . ist infiziert!! c:\windows\system32\msiexec.exe . . . ist infiziert!! . ((((((((((((((((((((((((((((((((((((((( Treiber/Dienste ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_MSUPDATE ((((((((((((((((((((((( Dateien erstellt von 2010-03-26 bis 2010-04-26 )))))))))))))))))))))))))))))) . 2010-04-22 09:14 . 2010-04-22 09:22 -------- d-----w- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Online Solutions 2010-04-19 18:13 . 2010-04-19 18:13 664 ----a-w- c:\windows\system32\d3d9caps.dat 2010-04-19 09:09 . 2010-04-19 09:09 -------- d-----w- c:\programme\trend micro 2010-04-19 09:09 . 2010-04-19 09:09 -------- d-----w- C:\rsit 2010-04-19 08:43 . 2010-04-19 08:43 -------- d-----w- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Malwarebytes 2010-04-19 08:43 . 2010-03-29 13:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-19 08:43 . 2010-04-19 08:43 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes 2010-04-19 08:43 . 2010-04-22 12:39 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware 2010-04-19 08:43 . 2010-03-29 13:24 20824 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-19 08:33 . 2010-04-26 10:25 -------- d-----w- c:\programme\CCleaner 2010-04-14 10:24 . 2010-03-09 11:09 430080 ------w- c:\windows\system32\dllcache\vbscript.dll 2010-04-14 10:23 . 2009-12-24 07:05 177664 ------w- c:\windows\system32\dllcache\wintrust.dll 2010-04-14 10:23 . 2010-01-13 14:08 86016 ------w- c:\windows\system32\dllcache\cabview.dll . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-04-26 10:40 . 2008-10-29 19:41 -------- d-----w- c:\programme\Veoh 2010-04-25 17:54 . 2007-07-14 13:50 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\AntiVir PersonalEdition Classic 2010-03-28 18:16 . 2001-08-23 12:00 84318 ----a-w- c:\windows\system32\perfc007.dat 2010-03-28 18:16 . 2001-08-23 12:00 458476 ----a-w- c:\windows\system32\perfh007.dat 2010-03-26 16:50 . 2010-03-26 16:50 8 ----a-w- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\jasltw.dat 2010-03-25 18:59 . 2010-03-25 18:57 -------- d-----w- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\MSN6 2010-03-25 18:57 . 2010-03-25 18:57 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\MSN6 2010-03-25 11:51 . 2010-03-25 11:51 8 ----a-w- c:\windows\system32\config\systemprofile\Anwendungsdaten\jasltw.dat 2010-03-24 18:57 . 2010-03-24 18:57 8 ----a-w- c:\dokumente und einstellungen\LocalService\Anwendungsdaten\jasltw.dat 2010-03-13 19:10 . 2010-03-13 19:10 144053 ----a-w- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Move Networks\uninstall.exe 2010-03-13 19:10 . 2009-04-24 12:40 -------- d-----w- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Move Networks 2010-03-13 19:10 . 2010-02-11 19:31 5640640 ----a-w- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Move Networks\plugins\071802000001\npqmp071802000001.dll 2010-03-13 19:10 . 2010-03-13 19:08 1811472 ----a-w- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Move Networks\MoveMediaPlayerWin_071802000001.exe 2010-03-11 12:31 . 2004-08-04 12:00 832512 ----a-w- c:\windows\system32\wininet.dll 2010-03-11 12:31 . 2004-08-04 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll 2010-03-11 12:31 . 2004-08-04 12:00 17408 ----a-w- c:\windows\system32\corpol.dll 2010-03-09 11:09 . 2004-08-04 12:00 430080 ----a-w- c:\windows\system32\vbscript.dll 2010-02-24 12:48 . 2004-08-04 12:00 457216 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2010-02-16 19:23 . 2004-08-04 12:00 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-02-16 19:23 . 2007-02-28 18:06 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-02-12 10:03 . 2010-03-26 16:49 293376 ------w- c:\windows\system32\browserchoice.exe 2010-02-12 04:45 . 2004-08-04 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll 2010-02-11 19:31 . 2010-02-11 19:31 97216 ----a-w- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Move Networks\ie_bin\MovePlayerUpgrade.exe 2010-02-11 12:01 . 2004-08-04 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys 2010-02-03 13:18 . 2008-05-27 16:05 71960 ----a-w- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Mozilla\Plugins\npoctoshape.dll 2010-01-28 19:19 . 2010-01-28 19:19 24704 ----a-w- c:\windows\system32\drivers\NinjaUSB.sys 2008-04-24 05:18 . 2008-04-24 05:18 14852 ----a-w- c:\programme\settings.dat . ------- Sigcheck ------- [-] 2004-08-04 12:00 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Octoshape Streaming Services"="c:\programme\Octoshape Streaming Services\Administrator\OctoshapeClient.exe" [2006-02-13 214648] "MsnMsgr"="c:\programme\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840] "Veoh"="c:\programme\Veoh\VeohClient.exe" [2008-08-28 3660848] "PC Suite Tray"="c:\programme\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-06-25 1414144] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2006-10-31 7634944] "nwiz"="nwiz.exe" [2006-10-31 1622016] "NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2006-10-31 86016] "RTHDCPL"="RTHDCPL.EXE" [2006-08-01 16049664] "SkyTel"="SkyTel.EXE" [2006-05-16 2879488] "avgnt"="c:\programme\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-18 266497] "Sony Ericsson PC Suite"="c:\programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 159744] "Adobe Photo Downloader"="c:\programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-23 57344] "AVMWlanClient"="c:\programme\avmwlanstick\FRITZWLANMini.exe" [2006-06-23 343552] "SunJavaUpdateSched"="c:\programme\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784] "RemoteControl"="c:\programme\PowerDVD\PDVDServ.exe" [2007-01-08 68640] "Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2008-03-28 413696] "iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe" [2008-03-30 267048] "EKIJ5000StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2008-07-18 1306624] "PDVDDXSrv"="c:\programme\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-04 128232] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_2"="shell32" [X] "TSClientMSIUninstaller"="c:\windows\Installer\TSClientMsiTrans\tscuinst.vbs" [2004-08-04 12451] "tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544] "nltide_3"="advpack.dll" [2010-03-11 124928] c:\dokumente und einstellungen\Administrator\Startmen\Programme\Autostart\ Adobe Gamma.lnk - c:\programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 110592] c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\ Adobe Gamma Loader.lnk - c:\programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 110592] Last.fm Helper.lnk - c:\programme\Last.fm\LastFMHelper.exe [2007-10-18 110592] Microsoft Office.lnk - c:\programme\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 nwprovau [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Programme\\uTorrent\\uTorrent.exe"= "c:\\Programme\\Last.fm\\LastFM.exe"= "c:\\Programme\\Mozilla Firefox\\firefox.exe"= "c:\\Programme\\PowerDVD\\PowerDVD.exe"= "c:\\WINDOWS\\system32\\java.exe"= "c:\\Programme\\Bonjour\\mDNSResponder.exe"= "c:\\Programme\\iTunes\\iTunes.exe"= "c:\\Programme\\Octoshape Streaming Services\\Administrator\\OctoshapeClient.exe"= "c:\\Programme\\Zattoo\\zattood.exe"= "c:\\Programme\\Zattoo\\Zattoo2.exe"= "c:\\Programme\\Zattoo\\Zattoo.exe"= "c:\\Programme\\Microsoft ActiveSync\\wcescomm.exe"= "c:\\Programme\\Microsoft ActiveSync\\WCESMgr.exe"= "c:\\Programme\\Veoh\\VeohClient.exe"= "c:\\Programme\\Cyberlink\\PowerDVD DX\\PowerDVD.exe"= "c:\\Programme\\Cyberlink\\PowerDVD DX\\PDVDDXSrv.exe"= "c:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"= R2 KodakSvc;Kodak AiO Device Service;c:\programme\Kodak\Printer\Center\KodakSvc.exe [25.07.2008 13:34 18944] S3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\drivers\fwlanusb.sys [27.09.2007 17:53 264704] S3 NinjaUSB;Freecom Turbo USB 2.0;c:\windows\system32\drivers\NinjaUSB.sys [28.01.2010 21:19 24704] . Inhalt des "geplante Tasks" Ordners 2010-01-25 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\programme\Apple Software Update\SoftwareUpdate.exe [2007-08-29 10:34] 2010-04-26 c:\windows\Tasks\WGASetup.job - c:\windows\system32\KB905474\wgasetup.exe [2009-04-28 20:18] . . ------- Zusätzlicher Suchlauf ------- . uInternet Settings,ProxyOverride = *.local FF - ProfilePath - c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\wsmkqp1q.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q= FF - prefs.js: browser.startup.homepage - hxxp://de.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de fficialFF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q= FF - component: c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\wsmkqp1q.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll FF - plugin: c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Move Networks\plugins\071802000001\npqmp071802000001.dll FF - plugin: c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Mozilla\plugins\npoctoshape.dll FF - plugin: c:\dokumente und einstellungen\All Users\Anwendungsdaten\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll FF - plugin: c:\programme\Octoshape Streaming Services\Administrator\octoprogram-L03-NMS1002170_SUA_000\npoctoshape.dll FF - plugin: c:\programme\Veoh\Plugins\noreg\NPVeohVersion.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX Richtlinien ---- c:\programme\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\programme\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\programme\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\programme\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\programme\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\programme\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\programme\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\programme\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false); c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\programme\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\programme\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "hxxp://www.firefox.com"); c:\programme\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net Rootkit scan 2010-04-26 12:39 Windows 5.1.2600 Service Pack 2 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostarteinträge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** . --------------------- Durch laufende Prozesse gestartete DLLs --------------------- - - - - - - - > 'explorer.exe'(2508) c:\progra~1\WINDOW~3\wmpband.dll c:\windows\system32\wpdshserviceobj.dll c:\programme\Nokia\Nokia PC Suite 7\PhoneBrowser.dll c:\programme\Nokia\Nokia PC Suite 7\NGSCM.DLL c:\programme\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_ger.nlr c:\programme\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr c:\windows\system32\portabledevicetypes.dll c:\windows\system32\portabledeviceapi.dll . ------------------------ Weitere laufende Prozesse ------------------------ . c:\programme\AntiVir PersonalEdition Classic\avguard.exe c:\programme\Lavasoft\Ad-Aware 2007\aawservice.exe c:\programme\AntiVir PersonalEdition Classic\sched.exe c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\programme\Bonjour\mDNSResponder.exe c:\programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe c:\programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe c:\programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe c:\windows\System32\nvsvc32.exe c:\programme\Cyberlink\Shared Files\RichVideo.exe c:\programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe c:\windows\RTHDCPL.EXE c:\programme\Gemeinsame Dateien\Teleca Shared\CapabilityManager.exe c:\programme\iPod\bin\iPodService.exe c:\programme\PC Connectivity Solution\ServiceLayer.exe c:\programme\PC Connectivity Solution\Transports\NclUSBSrv.exe c:\programme\PC Connectivity Solution\Transports\NclRSSrv.exe c:\programme\Gemeinsame Dateien\Teleca Shared\Generic.exe c:\programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe . ************************************************************************** . Zeit der Fertigstellung: 2010-04-26 12:42:05 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2010-04-26 10:42 Vor Suchlauf: 6 Verzeichnis(se), 29.435.224.064 Bytes frei Nach Suchlauf: 7 Verzeichnis(se), 29.348.397.056 Bytes frei WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect - - End Of File - - EDCFE2A2E1033FC4F1596DE90F03A28D beste Grüße Sususoleil |
|
| Themen zu Avira meldet Virus: BDS/Syspck.A |
| ad-aware, antivir, avgntflt.sys, avira, backdoor, backdoor bds or agentay, black, bonjour, browser, computer, downloader, drvstore, extrem langsam, firefox, firefox.exe, flash player, fontcache, google, hijack, hijackthis, hkus\s-1-5-18, home, hotfix.exe, kompatibilität, langsam, msiexec.exe, pdfcreator, plug-in, programm, realtek, security, security update, software, sparbuch, starten, system, virus, windows internet, windows internet explorer, windows xp |
Linear-Darstellung
