![]() |
|
Plagegeister aller Art und deren Bekämpfung: Antimaleware Doctor entfernt - Logfiles zur AuswertungWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
![]() | #1 |
| ![]() Antimaleware Doctor entfernt - Logfiles zur Auswertung Guten Abend Liebe trojaner-board.de´ler ![]() habe mir auf meinem Notebook heute den Antimalware Doctor eingefangen... Nach kurzem googlen bin ich dann auch direkt bei Euch gelandet und muss erst mal sagen: Daumen hoch!!! ![]() Hatte bisher noch nie probleme mit Viren/Trojanern (auf jeden Fall nie bemerkt ![]() Bin ein totaler PC Laie und konnte trotzdem etwas damit anfangen...Vielen Dank also schon mal!!!! Jetzt meine Bitte / Problem: Bin wie gesagt Eurer Anleitung ( http://www.trojaner-board.de/83172-a...entfernen.html ) gefolgt und denke auch, dass der "Doctor" weg ist (nachdem ich Malwarebytes hab laufen lassen und den Rechner neu gestartet habe, kam kein POP-Up Fenster mehr...) Ihr schreibt ja aber, dass ich noch mal diese LOG-Files zum überprüfen hier hichladen soll. Daher meine Bitte, ob mir jemand sagen kann, ob jetzt alles OK ist und das Programm wirklich entfernt wurde?!?! Hier die Auswertungen: Malwarebytes' Anti-Malware 1.45 www.malwarebytes.org Datenbank Version: 4042 Windows 5.1.2600 Service Pack 2 Internet Explorer 6.0.2900.2180 27.04.2010 17:31:33 mbam-log-2010-04-27 (17-31-33).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 166615 Laufzeit: 34 Minute(n), 0 Sekunde(n) Infizierte Speicherprozesse: 1 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 10 Infizierte Registrierungswerte: 29 Infizierte Dateiobjekte der Registrierung: 4 Infizierte Verzeichnisse: 1 Infizierte Dateien: 90 Infizierte Speicherprozesse: C:\Programme\Intel\Wireless\Bin\ZCfgSvc.exe (Trojan.Downloader) -> Unloaded process successfully. Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\_tey-t0nrzt (Adware.AdRotator) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\AppDataLow\HavingFunOnline (Adware.BHO.FL) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ed6a00d8-c592-00a7-0052-022d0a607fcf} (Adware.AdRotator) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{ed6a00d8-c592-00a7-0052-022d0a607fcf} (Adware.AdRotator) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Programme\Intel\Wireless\Bin\ZCfgSvc.exe (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\intelzeroconfig (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\newupdate1142c.exe (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\newupdate1142c .exe (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hcontrol (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rthdcpl (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\alcmtr (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\asus live update (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nb probe (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wireless console (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\syntplpr (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\syntpenh (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\atipta (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Programme\Intel\Wireless\Bin\iFrmewrk.exe (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\intelwireless (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Programme\Intel\Wireless\Bin\EOUWiz.exe (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\eouapp (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sunjavaupdatesched (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winampagent (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\opwarese2 (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\easy-printtoolbox (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\NeroCheck.exe (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nerofiltercheck (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\adobe reader speed launcher (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fixcamera (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\snpstd3 (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tsnpstd3 (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\uid (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls\appsecdll (Trojan.Agent) -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Downloader) -> Data: c:\dokumente und einstellungen\sven\anwendungsdaten\sdra64.exe -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Spyware.Zbot) -> Data: c:\windows\system32\sdra64.exe -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Spyware.Zbot) -> Data: system32\sdra64.exe -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\Dokumente und Einstellungen\Sven\Anwendungsdaten\sdra64.exe,C:\WINDOWS\system32\sdra64.exe,) Good: (Userinit.exe) -> Quarantined and deleted successfully. Infizierte Verzeichnisse: C:\WINDOWS\system32\lowsec (Stolen.data) -> Delete on reboot. Infizierte Dateien: C:\Programme\Intel\Wireless\Bin\ZCfgSvc.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Sven\Anwendungsdaten\B1FCC6ED88EB7E920B847EE6CC15E14F\newupdate1142C.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\dokumente und einstellungen\Sven\anwendungsdaten\b1fcc6ed88eb7e920b847ee6cc15e14f\newupdate1142c .exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\ATK0100\HControl.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\system32\rthdcpl.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\system32\alcmtr.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Programme\Asus\ASUS Live Update\alu.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Programme\Asus\NB Probe\NBProbe.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Programme\Asus\Wireless Console\wcourier.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Programme\Synaptics\SynTP\SynTPEnh.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Programme\Intel\Wireless\Bin\iFrmewrk.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Programme\Intel\Wireless\Bin\EOUWiz.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Programme\Java\jre6\bin\jusched.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Programme\Winamp\winampa.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Programme\ScanSoft\OmniPageSE2.0\OpwareSE2.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Programme\Canon\Easy-PrintToolBox\bjpsmain.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\system32\NeroCheck.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\FixCamera.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\vsnpstd3.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\tsnpstd3.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\system32\_TEY-t0nRzT.exe (Adware.AdRotator) -> Quarantined and deleted successfully. C:\WINDOWS\system32\rthdcpl .exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\system32\alcmtr .exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\wmpscfgs.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Sven\Eigene Dateien\Downloads\Everest Poker(3).exe (PUP.Casino) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Sven\Lokale Einstellungen\Temp\tyysqcc .exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Sven\Anwendungsdaten\sdra64.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Programme\Internet Explorer\js.mui (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Programme\Internet Explorer\wmpscfgs.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Programme\Asus\Power4 Gear\batterylife.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Programme\Windows Live\Messenger\msnmsgr.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{541A478E-488F-434C-B197-C0FA308CE087}\RP1\A0000004.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{541A478E-488F-434C-B197-C0FA308CE087}\RP1\A0000005.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{541A478E-488F-434C-B197-C0FA308CE087}\RP1\A0000006.EXE (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{541A478E-488F-434C-B197-C0FA308CE087}\RP1\A0000007.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{541A478E-488F-434C-B197-C0FA308CE087}\RP1\A0000008.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{541A478E-488F-434C-B197-C0FA308CE087}\RP1\A0000009.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{541A478E-488F-434C-B197-C0FA308CE087}\RP1\A0000010.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{541A478E-488F-434C-B197-C0FA308CE087}\RP1\A0000011.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{541A478E-488F-434C-B197-C0FA308CE087}\RP1\A0000012.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{541A478E-488F-434C-B197-C0FA308CE087}\RP1\A0000013.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{541A478E-488F-434C-B197-C0FA308CE087}\RP1\A0000014.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{541A478E-488F-434C-B197-C0FA308CE087}\RP1\A0000015.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{541A478E-488F-434C-B197-C0FA308CE087}\RP1\A0000016.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{541A478E-488F-434C-B197-C0FA308CE087}\RP1\A0000017.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{541A478E-488F-434C-B197-C0FA308CE087}\RP1\A0000018.EXE (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{541A478E-488F-434C-B197-C0FA308CE087}\RP1\A0000019.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{541A478E-488F-434C-B197-C0FA308CE087}\RP1\A0000020.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{541A478E-488F-434C-B197-C0FA308CE087}\RP1\A0000021.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{541A478E-488F-434C-B197-C0FA308CE087}\RP1\A0000022.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{541A478E-488F-434C-B197-C0FA308CE087}\RP1\A0000023.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{541A478E-488F-434C-B197-C0FA308CE087}\RP1\A0000024.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{541A478E-488F-434C-B197-C0FA308CE087}\RP1\A0000036.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{541A478E-488F-434C-B197-C0FA308CE087}\RP1\A0000037.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{541A478E-488F-434C-B197-C0FA308CE087}\RP1\A0000039.EXE (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{541A478E-488F-434C-B197-C0FA308CE087}\RP1\A0000040.EXE (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{541A478E-488F-434C-B197-C0FA308CE087}\RP1\A0000041.EXE (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{541A478E-488F-434C-B197-C0FA308CE087}\RP1\A0000042.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{541A478E-488F-434C-B197-C0FA308CE087}\RP1\A0000043.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{541A478E-488F-434C-B197-C0FA308CE087}\RP1\A0000044.EXE (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{541A478E-488F-434C-B197-C0FA308CE087}\RP1\A0000045.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{541A478E-488F-434C-B197-C0FA308CE087}\RP1\A0000046.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{541A478E-488F-434C-B197-C0FA308CE087}\RP1\A0000047.EXE (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{541A478E-488F-434C-B197-C0FA308CE087}\RP1\A0000048.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{541A478E-488F-434C-B197-C0FA308CE087}\RP1\A0000049.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{541A478E-488F-434C-B197-C0FA308CE087}\RP1\A0000050.EXE (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{541A478E-488F-434C-B197-C0FA308CE087}\RP1\A0000051.EXE (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{541A478E-488F-434C-B197-C0FA308CE087}\RP1\A0000052.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{541A478E-488F-434C-B197-C0FA308CE087}\RP1\A0000053.EXE (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{541A478E-488F-434C-B197-C0FA308CE087}\RP1\A0000054.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{541A478E-488F-434C-B197-C0FA308CE087}\RP1\A0000055.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{541A478E-488F-434C-B197-C0FA308CE087}\RP1\A0000056.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{541A478E-488F-434C-B197-C0FA308CE087}\RP1\A0000057.EXE (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{541A478E-488F-434C-B197-C0FA308CE087}\RP1\A0000058.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{541A478E-488F-434C-B197-C0FA308CE087}\RP1\A0000059.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Recycled\Dc42.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Recycled\Dc43.tmp (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Recycled\Dc67.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Recycled\Dc72.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\system32\lowsec\user.ds (Stolen.data) -> Delete on reboot. C:\WINDOWS\system32\lowsec\local.ds (Stolen.data) -> Delete on reboot. C:\Dokumente und Einstellungen\Sven\Startmenü\Programme\Autostart\Antimalware Doctor.lnk (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Sven\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Sven\Desktop\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Sven\Startmenü\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully. C:\WINDOWS\system32\sdra64.exe (Spyware.Zbot) -> Delete on reboot. C:\WINDOWS\system32\bU-o24-d__us4.dll (Adware.AdRotator) -> Quarantined and deleted successfully. info.txt logfile of random's system information tool 1.06 2010-04-27 18:42:59 ======Uninstall list====== -->C:\Programme\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL -->C:\WINDOWS\IsUn0407.exe -fC:\WINDOWS\orun32.isu -->C:\WINDOWS\UNNeroVision.exe /UNINSTALL -->C:\WINDOWS\UNNMP.exe /UNINSTALL -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Adobe Acrobat 5.0-->C:\WINDOWS\ISUN0407.EXE -f"C:\Programme\Gemeinsame Dateien\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Programme\Gemeinsame Dateien\Adobe\Acrobat 5.0\NT\Uninst.dll" Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Photoshop CS-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x9 Adobe Reader 9.1 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A91000000001} Adobe Shockwave Player 11.5-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe" ArcSoft PhotoStudio 5.5-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{85309D89-7BE9-4094-BB17-24999C6118FC}\Setup.exe" -l0x7 Asus ChkMail-->C:\WINDOWS\IsUninst.exe -f"C:\Programme\Asus\Asus ChkMail\Uninst.isu" ASUS Live Update-->C:\WINDOWS\IsUninst.exe -f"C:\Programme\ASUS\ASUS Live Update\Uninst.isu" -c"C:\Programme\ASUS\ASUS Live Update\Uninst.dll" Asus_A6_ScreenSaver-->C:\WINDOWS\Asus_A6_ScreenSaver.scr /u ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class ![]() ATI Systemsteuerung-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe" ATK0100 ACPI UTILITY-->C:\WINDOWS\ATK0100\XPunin.exe Avira AntiVir Personal - Free Antivirus-->C:\Programme\Avira\AntiVir Desktop\setup.exe /REMOVE BeCyBookKeeper-->C:\Programme\BeCyBookKeeper\UnInstall.exe Bullzip PDF Printer 7.1.0.1007-->"C:\Programme\Bullzip\PDF Printer\unins000.exe" Canon CanoScan Toolbox 4.9-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}\setup.exe" -l0x7 anything Canon iP5200-->C:\WINDOWS\system32\CNMCP79.exe "-PRINTERNAMECanon iP5200" "-HELPERDLLC:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP5200 Installer\Inst2\cnmis.dll" "-RCDLLcnmi0407.dll" Canon ScanGear Starter-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{18A5DFF2-8A95-49F3-873F-743CB5549F3D}\SETUP.EXE" -l0x7 anything Canon Setup Utility 2.0-->"C:\Programme\Canon\Canon Setup Utility 2.0\Maint.exe" /Uninstall C:\Programme\Canon\Canon Setup Utility 2.0\uninst.ini Canon Utilities Easy-PhotoPrint-->C:\Programme\Canon\Easy-PhotoPrint\uninst.exe uninst.ini Canon Utilities Easy-PrintToolBox-->C:\WINDOWS\BJPSUNST.EXE CCleaner-->"C:\Programme\CCleaner\uninst.exe" CD-LabelPrint-->"C:\Programme\Canon\CD-LabelPrint\Uninstal.exe" Canon.CDLabelPrint.Application Easy-WebPrint-->C:\WINDOWS\IsUn0407.exe -fC:\Programme\Canon\Easy-WebPrint\Uninst.isu Everest Casino (Remove Only)-->C:\Programme\Everest Casino\cstart.exe /uninstall Everest Poker (Remove Only)-->C:\Programme\Everest Poker\cstart.exe /uninstall GoldWave v5.52-->"C:\Programme\GoldWave\unstall.exe" "GoldWave v5.52" "C:\Programme\GoldWave\unstall.log" Google Earth-->MsiExec.exe /X{08C0729E-3E50-11DF-9D81-005056806466} Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} GPL Ghostscript Lite 8.64-->"C:\Programme\Bullzip\PDF Printer\gs\unins000.exe" GTK+ Runtime 2.14.7 rev a (nur entfernen)-->C:\Programme\Gemeinsame Dateien\GTK\2.0\uninst.exe HDAUDIO SoftV92 Data Fax Modem with SmartCP-->C:\Programme\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10431966\HXFSETUP.EXE -U -IHDAUDIO\FUNC_02&VEN_14F1&DEV_2BFA&SUBSYS_10431966 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT="" Hotfix für Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe" HyperCam 2-->C:\Programme\HyCam2\UnHyCam2.exe Intel(R) PROSet/Wireless Software-->C:\WINDOWS\Installer\iProInst.exe Java(TM) 6 Update 16-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216016FF} Malwarebytes' Anti-Malware-->"C:\Programme\Malwarebytes' Anti-Malware\unins000.exe" Manual CanoScan LiDE 60-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{23B72D50-1C7E-491C-8086-9E060051D316}\setup.exe" -l0x7 mCore-->MsiExec.exe /I{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A} mDriver-->MsiExec.exe /I{28DA872A-0848-48CF-B749-19A198157A2A} mDrWiFi-->MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49} mEoU.msi-->MsiExec.exe /I{B502B428-3386-40A9-98DB-079AAB72E64F} mHelp-->MsiExec.exe /I{8C6BB412-D3A8-4AAE-A01B-35B681789D68} Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU-->MsiExec.exe /I{C314CE45-3392-3B73-B4E1-139CD41CA933} Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU-->MsiExec.exe /I{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7} Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7} Microsoft .NET Framework 3.5 Language Pack SP1 - DEU-->c:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - deu\setup.exe Microsoft .NET Framework 3.5 Language Pack SP1 - deu-->MsiExec.exe /I{052FDD78-A6EA-3187-8386-C82F4CA3A929} Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570} Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475} MIKSOFT Mobile AMR converter-->"C:\Programme\MIKSOFT\Mobile AMR converter\unins000.exe" mIWA-->MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F} mIWCA-->MsiExec.exe /I{6FFFE74E-3FBD-4E2E-97F9-5E9A2A077626} mLogView-->MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7} mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5} Mozilla Firefox (3.6.3)-->C:\Programme\Mozilla Firefox\uninstall\helper.exe Mozilla Thunderbird (2.0.0.23)-->C:\Programme\Mozilla Thunderbird\uninstall\helper.exe mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5} mPfWiz-->MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9} mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83} MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC} MSXML 6 Service Pack 2 (KB973686)-->MsiExec.exe /I{56EA8BC0-3751-4B93-BC9D-6651CC36E5AA} mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4} mXML-->MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401} mZConfig-->MsiExec.exe /I{7CD7A451-7224-49C8-95EF-9A1859C66607} NB Probe-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}\setup.exe" -l0x9 Nero Suite-->C:\Programme\Gemeinsame Dateien\Nero\Uninstall\Setupx.exe /uninstall ExtraUninstallID="" OmniPage SE 2.0-->MsiExec.exe /I{79D5997E-BF79-48BB-8B41-9BE59C15C2D7} OpenOffice.org 3.1-->MsiExec.exe /I{D765F1CE-5AE5-4C47-B134-AE58AC474740} PC Camera-168-->C:\Programme\InstallShield Installation Information\{ECD03DA7-5952-406A-8156-5F0C93618D1F}\setup.exe -runfromtemp -l0x0007 -removeonly Pidgin-->C:\Programme\Pidgin\pidgin-uninst.exe Power4 Gear-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{4462AD13-F2AA-4CBD-9F95-293C38EED870}\setup.exe" -l0x9 Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x7 -removeonly Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7} Sicherheitsupdate für Windows Media Player (KB979402)-->"C:\WINDOWS\$NtUninstallKB979402_WM9L$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB977165)-->"C:\WINDOWS\$NtUninstallKB977165$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB979683)-->"C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB981350)-->"C:\WINDOWS\$NtUninstallKB981350$\spuninst\spuninst.exe" Synaptics Pointing Device Driver-->rundll32.exe "C:\Programme\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT="" Update für Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe" Update für Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe" Update für Windows XP (KB978207)-->"C:\WINDOWS\$NtUninstallKB978207$\spuninst\spuninst.exe" Update für Windows XP (KB980182)-->"C:\WINDOWS\$NtUninstallKB980182$\spuninst\spuninst.exe" VLC media player 1.0.2-->C:\Programme\VideoLAN\VLC\uninstall.exe Wacom Tablett-->C:\Programme\Tablet\Wacom\Remove.exe /u WAV to MP3-->C:\WAVTOMP3\Uninstal.exe Winamp-->"C:\Programme\Winamp\UninstWA.exe" Windows Live Anmelde-Assistent-->MsiExec.exe /I{52B97218-98CB-4B8B-9283-D213C85E1AA4} Windows Live Call-->MsiExec.exe /I{5FC68772-6D56-41C6-9DF1-24E868198AE6} Windows Live Communications Platform-->MsiExec.exe /I{ED00D08A-3C5F-488D-93A0-A04F21F23956} Windows Live Essentials-->C:\Programme\Windows Live\Installer\wlarp.exe Windows Live Essentials-->MsiExec.exe /I{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F} Windows Live Messenger-->MsiExec.exe /X{41E654A9-26D0-4EAC-854B-0FA824FFFABB} Windows Live-Uploadtool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238} Windows Media Format Runtime-->"C:\Programme\Windows Media Player\wmsetsdk.exe" /UninstallAll WinFlash-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{DE10AB76-4756-4913-BE25-55D1C1051F9A}\setup.exe" -l0x9 WinRAR-->C:\Programme\WinRAR\uninstall.exe Wireless Console-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{83F73CB1-7705-49D1-9852-84D839CA2A45}\setup.exe" -l0x9 -removeonly ======Security center information====== AV: AntiVir Desktop ======System event log====== Computer Name: PCSVEN Event Code: 7036 Message: Dienst "Google Update Service (gupdate)" befindet sich jetzt im Status "Beendet". Record Number: 8704 Source Name: Service Control Manager Time Written: 20100302080324.000000+060 Event Type: Informationen User: Computer Name: PCSVEN Event Code: 17 Message: AVGNTFLT successfully loaded Record Number: 8703 Source Name: avgntflt Time Written: 20100302080311.000000+060 Event Type: Informationen User: Computer Name: PCSVEN Event Code: 83 Message: Port A is down Record Number: 8702 Source Name: yukonwxp Time Written: 20100302080311.000000+060 Event Type: Informationen User: Computer Name: PCSVEN Event Code: 7036 Message: Dienst "Computerbrowser" befindet sich jetzt im Status "Beendet". Record Number: 8701 Source Name: Service Control Manager Time Written: 20100302080259.000000+060 Event Type: Informationen User: Computer Name: PCSVEN Event Code: 7036 Message: Dienst "Gatewaydienst auf Anwendungsebene" befindet sich jetzt im Status "Ausgeführt". Record Number: 8700 Source Name: Service Control Manager Time Written: 20100302080257.000000+060 Event Type: Informationen User: =====Application event log===== Computer Name: PCSVEN Event Code: 0 Message: Record Number: 5 Source Name: RegSrvc Time Written: 20091218195228.000000+060 Event Type: Informationen User: Computer Name: PCSVEN Event Code: 0 Message: Record Number: 4 Source Name: OwnershipProtocol Time Written: 20091218195228.000000+060 Event Type: Informationen User: Computer Name: PCSVEN Event Code: 4 Message: The LightScribe Service started successfully. Record Number: 3 Source Name: LightScribeService Time Written: 20091218195227.000000+060 Event Type: Informationen User: Computer Name: PCSVEN Event Code: 0 Message: Record Number: 2 Source Name: gupdate Time Written: 20091218195227.000000+060 Event Type: Informationen User: Computer Name: PCSVEN Event Code: 0 Message: Record Number: 1 Source Name: EvtEng Time Written: 20091218195225.000000+060 Event Type: Informationen User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Programme\ATI Technologies\ATI Control Panel "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 13 Stepping 8, GenuineIntel "PROCESSOR_REVISION"=0d08 "NUMBER_OF_PROCESSORS"=1 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP -----------------EOF----------------- Logfile of random's system information tool 1.06 (written by random/random) Run by Sven at 2010-04-27 18:42:57 Microsoft Windows XP Home Edition Service Pack 2 System drive C: has 25 GB (57%) free of 45 GB Total RAM: 1023 MB (65% free) HijackThis download failed ======Scheduled tasks folder====== C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job C:\WINDOWS\tasks\At1.job C:\WINDOWS\tasks\At2.job C:\WINDOWS\tasks\At3.job C:\WINDOWS\tasks\At4.job C:\WINDOWS\tasks\At5.job C:\WINDOWS\tasks\At6.job C:\WINDOWS\tasks\At7.job C:\WINDOWS\tasks\At8.job C:\WINDOWS\tasks\At9.job C:\WINDOWS\tasks\At10.job C:\WINDOWS\tasks\At11.job C:\WINDOWS\tasks\At12.job C:\WINDOWS\tasks\At13.job C:\WINDOWS\tasks\At14.job C:\WINDOWS\tasks\At15.job C:\WINDOWS\tasks\At16.job C:\WINDOWS\tasks\At17.job C:\WINDOWS\tasks\At18.job C:\WINDOWS\tasks\At19.job C:\WINDOWS\tasks\At20.job C:\WINDOWS\tasks\At21.job C:\WINDOWS\tasks\At22.job C:\WINDOWS\tasks\At23.job C:\WINDOWS\tasks\At24.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live Anmelde-Hilfsprogramm - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Programme\Java\jre6\bin\jp2ssv.dll [2009-10-09 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-09 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Programme\Canon\Easy-WebPrint\Toolband.dll [2004-08-26 405504] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] ""= [] "avgnt"=C:\Programme\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360] "msnmsgr"=c:\programme\windows live\messenger\msnmsgr .exe [2009-07-26 3883840] C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart ASUS ChkMail.lnk - C:\Programme\Asus\Asus ChkMail\ChkMail.exe Adobe Gamma Loader.lnk - C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe C:\Dokumente und Einstellungen\Sven\Startmenü\Programme\Autostart OpenOffice.org 3.1.lnk - C:\Programme\OpenOffice.org 3\program\quickstart.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] C:\WINDOWS\system32\Ati2evxx.dll [2005-08-30 46080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\IntelWireless] C:\Programme\Intel\Wireless\Bin\LgNotify.dll [2005-05-31 110592] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Programme\Java\jre6\bin\javaw.exe"="C:\Programme\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary" "C:\Programme\Java\jre6\bin\java.exe"="C:\Programme\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary" "C:\Programme\Windows Live\Messenger\wlcsdk.exe"="C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Programme\Windows Live\Messenger\msnmsgr.exe"="C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Programme\Windows Live\Messenger\wlcsdk.exe"="C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Programme\Windows Live\Messenger\msnmsgr.exe"="C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{122122cc-b49e-11de-9583-0015f237a387}] shell\AutoRun\command - H:\LaunchU3.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3b602422-b506-11de-b680-0015003e2b44}] shell\AutoRun\command - H:\LaunchU3.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9a0090d8-39c8-11df-b797-0015003e2b44}] shell\AutoRun\command - H:\Get_Started_for_Win.exe ======List of files/folders created in the last 1 months====== 2010-04-27 18:42:57 ----D---- C:\rsit 2010-04-27 18:42:57 ----D---- C:\Programme\trend micro 2010-04-27 18:10:47 ----D---- C:\Programme\CCleaner 2010-04-27 16:52:22 ----D---- C:\Dokumente und Einstellungen\Sven\Anwendungsdaten\Malwarebytes 2010-04-27 16:51:35 ----D---- C:\Programme\Malwarebytes' Anti-Malware 2010-04-27 16:51:35 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes 2010-04-27 13:39:56 ----D---- C:\WINDOWS\system32\LogFiles 2010-04-27 13:35:08 ----D---- C:\Dokumente und Einstellungen\Sven\Anwendungsdaten\B1FCC6ED88EB7E920B847EE6CC15E14F 2010-04-27 13:35:07 ----A---- C:\feed.txt 2010-04-15 00:27:39 ----HD---- C:\WINDOWS\$NtUninstallKB979683$ 2010-04-15 00:27:27 ----HD---- C:\WINDOWS\$NtUninstallKB980232$ 2010-04-15 00:27:21 ----HD---- C:\WINDOWS\$NtUninstallKB981350$ 2010-04-15 00:27:14 ----HD---- C:\WINDOWS\$NtUninstallKB978338$ 2010-04-15 00:27:08 ----HD---- C:\WINDOWS\$NtUninstallKB977816$ 2010-04-15 00:27:02 ----HD---- C:\WINDOWS\$NtUninstallKB978601$ 2010-04-15 00:26:55 ----HD---- C:\WINDOWS\$NtUninstallKB979309$ 2010-04-15 00:26:38 ----HD---- C:\WINDOWS\$NtUninstallKB979402_WM9L$ 2010-03-31 17:25:32 ----HD---- C:\WINDOWS\$NtUninstallKB980182$ 2010-03-29 12:42:17 ----D---- C:\Programme\BeCyBookKeeper ======List of files/folders modified in the last 1 months====== 2010-04-27 18:29:24 ----A---- C:\WINDOWS\SchedLgU.Txt 2010-04-26 12:08:46 ----A---- C:\WINDOWS\a20.ini 2010-04-21 12:32:56 ----A---- C:\WINDOWS\win.ini 2010-04-14 23:55:12 ----A---- C:\WINDOWS\NeroDigital.ini ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 avgio;avgio; \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104] R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 40192] R1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520] R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.2.0.3; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2009-10-09 17801] R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-12-08 56816] R2 ghaio;ghaio; \??\C:\Programme\ASUS\NB Probe\SPM\ghaio.sys [] R2 irda;IrDA-Protokoll; C:\WINDOWS\system32\DRIVERS\irda.sys [2004-08-03 87424] R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-01-16 13059] R2 s24trans;WLAN-Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2005-05-03 11354] R3 Arp1394;1394-ARP-Clientprotokoll; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800] R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-08-30 1333760] R3 CmBatt;Treiber für Microsoft-ACPI-Kontrollmethodenkompatible Batterie; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-03 14080] R3 HDAudBus;Microsoft UAA-Bustreiber für High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752] R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2005-01-16 1036928] R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2005-01-16 163328] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-09-07 3959808] R3 irsir;Microsoft serieller Infrarottreiber; C:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688] R3 IWCA;Intel Wireless Connection Agent Miniport for Win XP; C:\WINDOWS\system32\DRIVERS\iwca.sys [2004-08-12 234496] R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-18 12288] R3 MTsensor;ATK0100 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ATKACPI.sys [2005-02-17 5632] R3 NIC1394;1394-Netzwerktreiber; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824] R3 Rasirda;WAN-Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584] R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2004-12-21 186240] R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624] R3 usbhub;USB2-aktivierter Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600] R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480] R3 w29n51;Intel(R) PRO/Wireless 2200BG Netzwerkverbindungstreiber für Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2005-04-30 3281408] R3 wacommousefilter;Wacom Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [2007-02-16 11312] R3 wacomvhid;Wacom Virtual Hid Driver; C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2008-07-11 13352] R3 WacomVKHid;Virtual Keyboard Driver; C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys [2007-02-16 11440] R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-01-16 702592] R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Gigabit Ethernet Adapter; C:\WINDOWS\system32\DRIVERS\yukonwxp.sys [2004-06-01 142464] S3 Asushwio;Asushwio; \??\C:\WINDOWS\system32\drivers\Asushwio.sys [] S3 CCDECODE;Untertiteldecoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024] S3 HidUsb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504] S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376] S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136] S3 SNPSTD3;USB PC Camera (SNPSTD3); C:\WINDOWS\system32\DRIVERS\snpstd3.sys [2009-06-22 10498688] S3 streamip;BDA-IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360] S3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616] S3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856] S3 usbscan;USB-Scannertreiber; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104] S3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496] S3 wacmoumonitor;Wacom Mode Helper; C:\WINDOWS\system32\DRIVERS\wacmoumonitor.sys [2008-10-06 15656] S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Programme\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289] R2 AntiVirService;Avira AntiVir Guard; C:\Programme\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089] R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-08-30 376832] R2 EvtEng;EvtEng; C:\Programme\Intel\Wireless\Bin\EvtEng.exe [2005-06-03 86016] R2 Irmon;Infrarotüberwachung; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336] R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2009-10-09 153376] R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe [2005-06-20 53248] R2 OwnershipProtocol;OwnershipProtocol; C:\Programme\Intel\Wireless\Bin\OProtSvc.exe [2005-05-31 98304] R2 RegSrvc;RegSrvc; C:\Programme\Intel\Wireless\Bin\RegSrvc.exe [2005-06-03 139264] R2 S24EventMonitor;Spectrum24 Event Monitor; C:\Programme\Intel\Wireless\Bin\S24EvMon.exe [2005-06-03 372809] R2 spmgr;spmgr; C:\Programme\ASUS\NB Probe\SPM\spmgr.exe [2005-04-20 118784] R2 TabletServiceWacom;TabletServiceWacom; C:\WINDOWS\system32\Wacom_Tablet.exe [2009-03-27 2789672] R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912] S2 gupdate;Google Update Service (gupdate); C:\Programme\Google\Update\GoogleUpdate.exe [2009-10-19 133104] S3 Adobe LM Service;Adobe LM Service; C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe [2010-01-12 68096] S3 aspnet_state;ASP.NET-Zustandsdienst; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S4 Dac9frasu-4;Dac9frasu-4; C:\WINDOWS\system32\vssadmin.exe [2004-08-04 33792] S4 NetTcpPortSharing;Net.Tcp-Portfreigabedienst; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF----------------- Vielen Dank schon mal...!!!!!!!!!!!!! |
Themen zu Antimaleware Doctor entfernt - Logfiles zur Auswertung |
.com, adobe, adware.adrotator, antimaleware, antimaleware doctor, antimalware doctor, antivir, antivir guard, appdatalow, auswertung, avg, avgntflt.sys, browser, canon, desktop, einstellungen, entfernen, firefox, flash player, fontcache, google, gupdate, helper, home, installation, jusched.exe, log file, log-file, log-files, logfile, msiexec.exe, photoshop, plug-in, pop-up, pop-up fenster, port, programm, pup.casino, registry, rogue.antimalwaredoctor, rundll, software, spyware.zbot, stolen.data, svchost.exe, system, tablet, trojan.downloader, trojan.dropper, windows xp |