logs nach trojanerbefall

ahirte · 28.04.2010, 08:05

hatte/habe den internet security 2010 trojaner. hab alles durchgeführt wie im forum beschrieben und nun hier wie empfohlen meine logs:

malware:

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Datenbank Version: 4044

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

28.04.2010 08:38:07
mbam-log-2010-04-28 (08-38-07).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|F:\|)
Durchsuchte Objekte: 140401
Laufzeit: 12 Minute(n), 4 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 5
Infizierte Registrierungswerte: 5
Infizierte Dateiobjekte der Registrierung: 6
Infizierte Verzeichnisse: 0
Infizierte Dateien: 16

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\CLSID\{0140df95-9128-4053-ae72-f43f0cfca062} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0140df95-9128-4053-ae72-f43f0cfca062} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cdrom (Trojan.Patched) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\SiKernel.PolyMimeFilter (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Schmidt-Pro (Trojan.Agent) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\syncman (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\syncman (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windowsxp (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\regedit32 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vgt (Trojan.Dialer) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Anwendungsdaten\ave.exe" /START "C:\Programme\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Anwendungsdaten\ave.exe" /START "C:\Programme\Internet) Good: (iexplore.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Anwendungsdaten\ave.exe" /START "C:\Programme\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\WINDOWS\system32\wuaucldt.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SiKernel.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Programme\ClearProg\eBay\eBayShortcuts.exe (Adware.ADON) -> Quarantined and deleted successfully.
C:\Programme\Outlook Express\k02-ccc.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Programme\Outlook Express\k10-dd.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cmdow.exe (Malware.Tool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\~TM17C.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\user\wuaucldt.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\wuaucldt.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dllcache\cdrom.sys (Trojan.Patched) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\cdrom.sys (Trojan.Patched) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\user\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\user\Anwendungsdaten\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\win1.bat (Trojan.BAT.DriveBy) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mfc22.dll (Trojan.Agent) -> Quarantined and deleted successfully.

RSIT:

info:

info.txt logfile of random's system information tool 1.06 2010-04-28 08:54:12

======Uninstall list======

-->C:\Programme\Gemeinsame Dateien\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Programme\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->MsiExec /X{3FDF4C9C-BFA0-43AE-B7D4-54BC33B1B0DA}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A81200000003}
AGFEO AIS Konfigurator-->MsiExec.exe /I{32D5A69D-2599-4351-AE2E-25AEAB09F780}
AntiVirenKit InternetSecurity-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{044EB318-D3B0-498D-86F4-1EC1C93BCE88}\setup.exe" -l0x7 -removeonly
AnyDVD-->"C:\Programme\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Programme\SlySoft\AnyDVD"
CCleaner-->"C:\Programme\CCleaner\uninst.exe"
ClearProg 1.5.1 Beta 6-->C:\Programme\ClearProg\Uninstall.exe
CloneCD-->"C:\Programme\SlySoft\CloneCD\ccd-uninst.exe" /D="C:\Programme\SlySoft\CloneCD"
CloneDVD2-->"C:\Programme\Elaborate Bytes\CloneDVD2\CloneDVD2-uninst.exe" /D="C:\Programme\Elaborate Bytes\CloneDVD2"
Compatibility Pack für 2007 Office System-->MsiExec.exe /X{90120000-0020-0407-0000-0000000FF1CE}
Cool Resizer 2009 (remove only)-->"C:\Programme\Cool Resizer\uninst.exe"
ElsterFormular-->C:\Programme\ElsterFormular\uninstall.exe
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Programme\trend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix für Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Malwarebytes' Anti-Malware-->"C:\Programme\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU-->MsiExec.exe /I{C314CE45-3392-3B73-B4E1-139CD41CA933}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU-->MsiExec.exe /I{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU-->c:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - deu\setup.exe
Microsoft .NET Framework 3.5 Language Pack SP1 - deu-->MsiExec.exe /I{052FDD78-A6EA-3187-8386-C82F4CA3A929}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Office XP Professional mit FrontPage-->MsiExec.exe /I{90280407-6000-11D3-8CFE-0050048383C9}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729-->MsiExec.exe /X{6AFCA4E1-9B78-3640-8F72-A7BF33448200}
Mozilla Firefox (3.6.3)-->C:\Programme\Mozilla Firefox\uninstall\helper.exe
Nero 7 Demo-->MsiExec.exe /I{D3492D9E-7FBB-1DF6-F759-2A37FA231031}
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA PhysX v8.07.18-->MsiExec.exe /X{3FDF4C9C-BFA0-43AE-B7D4-54BC33B1B0DA}
PowerDVD-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
RealPlayer-->C:\Programme\Gemeinsame Dateien\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
REALTEK GbE & FE Ethernet PCI NIC Driver-->C:\Programme\InstallShield Installation Information\{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}\SETUP.EXE -runfromtemp -l0x0007 -removeonly
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
Sicherheitsupdate für Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Sicherheitsupdate für Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Update für Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update für Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update für Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update für Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Programme\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10-->"C:\Programme\Windows Media Player\Setup_wm.exe" /Uninstall
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Windows-Treiberpaket - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /d /u C:\WINDOWS\system32\DRVSTORE\amdk8_87B606860B720724BEB5DCEB69E8628A61DE0A7E\amdk8.inf
WinZip-->"C:\Programme\WinZip\WINZIP32.EXE" /uninstall
XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"

======Hosts File======

127.0.0.1 mpa.one.microsoft.com
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com

======Security center information======

AV: G DATA AntiVirenKit 2005 (disabled) (outdated)
FW: Kaspersky Anti-Hacker

======System event log======

Computer Name: HOMEPC
Event Code: 2
Message: Device identified.

Record Number: 10045
Source Name: nvata
Time Written: 20100315173817.000000+060
Event Type: Informationen
User:

Computer Name: HOMEPC
Event Code: 6005
Message: Der Ereignisprotokolldienst wurde gestartet.

Record Number: 10044
Source Name: EventLog
Time Written: 20100315173803.000000+060
Event Type: Informationen
User:

Computer Name: HOMEPC
Event Code: 6009
Message: Microsoft (R) Windows (R) 5.01. 2600 Service Pack 3 Multiprocessor Free.

Record Number: 10043
Source Name: EventLog
Time Written: 20100315173803.000000+060
Event Type: Informationen
User:

Computer Name: HOMEPC
Event Code: 6006
Message: Der Ereignisprotokolldienst wurde beendet.

Record Number: 10042
Source Name: EventLog
Time Written: 20100315172812.000000+060
Event Type: Informationen
User:

Computer Name: HOMEPC
Event Code: 8021
Message: Der Suchdienst konnte keine Serverliste vom Hauptsuchdienst "\\KATHARINA" auf dem Netzwerk "\Device\NetBT_Tcpip_{D17C50E1-A215-4D5E-A543-B6C1FBDA54B1}" erhalten.
Daten: Fehlercode.

Record Number: 10041
Source Name: BROWSER
Time Written: 20100315172756.000000+060
Event Type: Warnung
User:

=====Application event log=====

Computer Name: HOMEPC
Event Code: 11707
Message: Product: CCC Help English -- Installation operation completed successfully.

Record Number: 74
Source Name: MsiInstaller
Time Written: 20081016102041.000000+120
Event Type: Informationen
User: HOMEPC\user

Computer Name: HOMEPC
Event Code: 11707
Message: Product: CCC Help Greek -- Installation operation completed successfully.

Record Number: 73
Source Name: MsiInstaller
Time Written: 20081016102040.000000+120
Event Type: Informationen
User: HOMEPC\user

Computer Name: HOMEPC
Event Code: 11707
Message: Product: CCC Help German -- Installation operation completed successfully.

Record Number: 72
Source Name: MsiInstaller
Time Written: 20081016102038.000000+120
Event Type: Informationen
User: HOMEPC\user

Computer Name: HOMEPC
Event Code: 11707
Message: Product: CCC Help Danish -- Installation operation completed successfully.

Record Number: 71
Source Name: MsiInstaller
Time Written: 20081016102037.000000+120
Event Type: Informationen
User: HOMEPC\user

Computer Name: HOMEPC
Event Code: 11707
Message: Product: CCC Help Czech -- Installation operation completed successfully.

Record Number: 70
Source Name: MsiInstaller
Time Written: 20081016102036.000000+120
Event Type: Informationen
User: HOMEPC\user

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Programme\ATI Technologies\ATI.ACE\Core-Static
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 107 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=6b02
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------

log:

Logfile of random's system information tool 1.06 (written by random/random)
Run by user at 2010-04-28 08:53:54
Microsoft Windows XP Professional Service Pack 3
System drive C: has 82 GB (80%) free of 102 GB
Total RAM: 2047 MB (82% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:54:11, on 28.04.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programme\Gemeinsame Dateien\G DATA\AVKMail\AVKPOP.EXE
C:\Programme\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\AntiVirenKit InternetSecurity\AVK\AVKService.exe
C:\Programme\AntiVirenKit InternetSecurity\AVK\AVKWCtl.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Dokumente und Einstellungen\user\Desktop\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Programme\trend micro\user.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = hxxp://windowsupdate.microsoft.com/
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SIPAKBHO Class - {40FB69E1-9B7B-453F-B238-37D8E9528929} - C:\Programme\AntiVirenKit InternetSecurity\Webfilter\PAKIEPlugins.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Offliner AdFilter Helper - {DC9377A2-2E8D-44A1-99DB-F8A821DF254D} - C:\WINDOWS\system32\SiPlugins.dll
O3 - Toolbar: WebFilter-Leiste - {75CD0BC5-E317-449C-9FF6-4986B3D48F64} - C:\PROGRA~1\ANTIVI~1\WEBFIL~1\PAKIEGUI.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVK Mail Checker] "C:\Programme\Gemeinsame Dateien\G DATA\AVKMail\AVKPOP.EXE"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [browserpcGlade] rundll32.exe "C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Anwendungsdaten\browserpcGlade\browserpcGlade.dll", DllInit
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [iasmapDraw] rundll32.exe "C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\iasmapDraw\iasmapDraw.dll", DllInit (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: srvaju32.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Planer (AntiVirScheduler) - Unknown owner - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe (file missing)
O23 - Service: AVK Service (AVKService) - Unknown owner - C:\Programme\AntiVirenKit InternetSecurity\AVK\AVKService.exe
O23 - Service: AVK Wächter (AVKWCtl) - Unknown owner - C:\Programme\AntiVirenKit InternetSecurity\AVK\AVKWCtl.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 5003 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{40FB69E1-9B7B-453F-B238-37D8E9528929}]
SIPAKBHO Class - C:\Programme\AntiVirenKit InternetSecurity\Webfilter\PAKIEPlugins.dll [2004-04-01 86016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DC9377A2-2E8D-44A1-99DB-F8A821DF254D}]
Offliner AdFilter Helper - C:\WINDOWS\system32\SiPlugins.dll [2004-04-07 236032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{75CD0BC5-E317-449C-9FF6-4986B3D48F64} - WebFilter-Leiste - C:\PROGRA~1\ANTIVI~1\WEBFIL~1\PAKIEGUI.dll [2004-09-14 311808]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-05-10 16342528]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2007-05-07 1826816]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-07-26 13570048]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-07-26 86016]
"Adobe Reader Speed Launcher"=C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"AVK Mail Checker"=C:\Programme\Gemeinsame Dateien\G DATA\AVKMail\AVKPOP.EXE [2004-10-07 364544]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Programme\Messenger\msmsgs.exe [2008-04-14 1695232]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"UpData"= []
"BD"= []
"browserpcGlade"=C:\WINDOWS\system32\config\system [2010-04-28 5505024]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Programme\CyberLink\PowerDVD\PDVDServ.exe [2004-11-02 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
C:\WINDOWS\RTHDCPL.EXE [2007-05-10 16342528]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe [2008-10-17 180269]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader - Schnellstart.lnk]
C:\PROGRA~1\Adobe\READER~1.0\Reader\READER~1.EXE [2008-01-11 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader Synchronizer.lnk]
C:\PROGRA~1\Adobe\READER~1.0\Reader\ADOBEC~1.EXE [2007-05-11 738968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^WinZip Quick Pick.lnk]
C:\PROGRA~1\WinZip\WZQKPICK.EXE [2002-10-28 106561]

C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
Microsoft Office.lnk - C:\Programme\Microsoft Office\Office10\OSA.EXE

C:\Dokumente und Einstellungen\user\Startmenü\Programme\Autostart
srvaju32.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a484f458-c5e4-11dd-a100-806d6172696f}]
shell\AutoRun\command - R:\Setup.exe

======List of files/folders created in the last 1 months======

2010-04-28 08:53:54 ----D---- C:\rsit
2010-04-28 08:53:54 ----D---- C:\Programme\trend micro
2010-04-28 08:47:09 ----D---- C:\Programme\CCleaner
2010-04-28 07:20:50 ----D---- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Malwarebytes
2010-04-28 07:20:38 ----D---- C:\Programme\Malwarebytes' Anti-Malware
2010-04-28 07:20:38 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2010-04-28 06:51:06 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\G DATA
2010-04-28 06:50:42 ----D---- C:\Programme\Gemeinsame Dateien\Kaspersky Lab
2010-04-28 06:50:41 ----A---- C:\WINDOWS\system32\SiPlugins.dll
2010-04-28 06:50:41 ----A---- C:\WINDOWS\system32\SI_APP.dll
2010-04-28 06:50:40 ----D---- C:\Dokumente und Einstellungen\user\Anwendungsdaten\AdsCleaner
2010-04-28 06:50:38 ----A---- C:\WINDOWS\system32\SiRPCSrv2.dll
2010-04-28 06:50:38 ----A---- C:\WINDOWS\system32\SiRPCPrx.dll
2010-04-28 06:50:36 ----A---- C:\WINDOWS\system32\WNASPI32.DLL
2010-04-28 06:50:35 ----D---- C:\Programme\CDRecordKit
2010-04-28 06:50:29 ----D---- C:\Programme\Gemeinsame Dateien\G DATA
2010-04-28 06:50:26 ----D---- C:\Programme\AntiVirenKit InternetSecurity
2010-04-27 14:45:03 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\avG
2010-04-27 13:36:14 ----A---- C:\WINDOWS\system32\fjhdyfhsn.bat
2010-04-12 09:41:49 ----D---- C:\Programme\Mozilla Sunbird

======List of files/folders modified in the last 1 months======

2010-04-28 08:53:54 ----RD---- C:\Programme
2010-04-28 08:48:20 ----D---- C:\WINDOWS\Debug
2010-04-28 08:48:20 ----D---- C:\WINDOWS
2010-04-28 08:48:20 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2010-04-28 08:40:19 ----D---- C:\WINDOWS\Temp
2010-04-28 08:39:50 ----D---- C:\WINDOWS\system32\drivers
2010-04-28 08:39:19 ----N---- C:\WINDOWS\SchedLgU.Txt
2010-04-28 08:38:18 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-04-28 08:38:08 ----D---- C:\WINDOWS\system32\CatRoot2
2010-04-28 08:38:07 ----D---- C:\WINDOWS\system32
2010-04-28 08:38:07 ----D---- C:\Programme\Outlook Express
2010-04-28 08:37:36 ----D---- C:\WINDOWS\Prefetch
2010-04-28 06:50:42 ----D---- C:\Programme\Gemeinsame Dateien
2010-04-28 06:50:24 ----HD---- C:\Programme\InstallShield Installation Information
2010-04-27 17:32:35 ----D---- C:\WINDOWS\WinSxS
2010-04-27 17:32:34 ----SHD---- C:\WINDOWS\Installer
2010-04-27 17:32:34 ----D---- C:\Programme\Gemeinsame Dateien\Microsoft Shared
2010-04-27 17:24:01 ----D---- C:\Programme\Mozilla Firefox
2010-04-12 09:41:52 ----D---- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla
2010-03-29 19:36:24 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-06-18 43520]
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-05-27 75096]
R1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
R1 Klif;Klif; \??\C:\WINDOWS\system32\Drivers\klif.sys []
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-11-08 21248]
R2 Aspi32;Aspi32; C:\WINDOWS\System32\drivers\aspi32.sys [2010-04-28 16512]
R2 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2005-04-21 10624]
R3 GDInterceptor;GDInterceptor; \??\C:\WINDOWS\system32\interceptor.sys []
R3 HDAudBus;Microsoft UAA-Bustreiber für High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HookCentre;HookCentre; \??\C:\WINDOWS\system32\drivers\HookCentre.sys []
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-05-10 4419584]
R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-18 12288]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-07-26 6097536]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-11-27 58368]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-11-27 19968]
R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2-aktivierter Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Miniporttreiber für Microsoft USB Open Host-Controller; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S1 avgio;avgio; \??\C:\Programme\Avira\AntiVir PersonalEdition Classic\avgio.sys []
S1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys []
S1 InCDRm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys []
S3 AnyDVD;AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [2005-12-11 19200]
S3 avgntflt;avgntflt; \??\C:\Programme\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
S3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2005-05-03 27392]
S3 ElbyDelay;ElbyDelay; C:\WINDOWS\System32\Drivers\ElbyDelay.sys [2005-04-12 4608]
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2006-12-14 85120]
S3 usbscan;USB-Scannertreiber; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S4 InCDFs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AVKService;AVK Service; C:\Programme\AntiVirenKit InternetSecurity\AVK\AVKService.exe [2004-09-28 299008]
R2 AVKWCtl;AVK Wächter; C:\Programme\AntiVirenKit InternetSecurity\AVK\AVKWCtl.exe [2004-11-30 561152]
R2 MDM;Machine Debug Manager; C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-07-26 159812]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
S2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Planer; C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S4 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe []
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 WinDefend;Speicher Reserve; C:\Programme\Reserve Speicher\MMsMpEng.exe []

-----------------EOF-----------------

ich hoffe ich habe alles richtig gemacht.

danke

cosinus · 29.04.2010, 12:24

Hallo und

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in den Thread.

logs nach trojanerbefall

Log-Analyse und Auswertung: logs nach trojanerbefall

logs nach trojanerbefall

logs nach trojanerbefall

Ähnliche Themen: logs nach trojanerbefall