Antimalware Doctor

Dosenwurst · 23.05.2010, 12:11

Habe mir vor ein paar Tagen den Antimalware Doctor eingefangen und danach direkt Malwarebytes Anti-Malware heruntergeladen und drüberlaufen lassen. Er hat auch jede Menge Einträge entdeckt und gelöscht, erneute Scans zeigen nichts mehr an. Dennoch scheint der Trojaner nicht ganz weg zu sein, denn es öffnen sich gelegentlich Fenster im Browser und ich kann unter XP den Ruhezustand nicht mehr aktivieren, ein Klick darauf bringt keinerlei Reaktion.

RSIT Logfile

Code:

ATTFilter

OTL logfile created on: 23.05.2010 13:01:32 - Run 2
OTL by OldTimer - Version 3.2.5.0     Folder = C:\Dokumente und Einstellungen\User\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 71,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 39,06 Gb Total Space | 10,36 Gb Free Space | 26,52% Space Free | Partition Type: NTFS
Drive D: | 15,13 Gb Total Space | 4,61 Gb Free Space | 30,45% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 75,63 Gb Total Space | 22,22 Gb Free Space | 29,38% Space Free | Partition Type: NTFS
Drive I: | 19,53 Gb Total Space | 15,88 Gb Free Space | 81,30% Space Free | Partition Type: NTFS
Drive J: | 7,81 Gb Total Space | 6,63 Gb Free Space | 84,91% Space Free | Partition Type: NTFS
Drive K: | 58,07 Gb Total Space | 25,49 Gb Free Space | 43,90% Space Free | Partition Type: NTFS
 
Computer Name: COMPUTERNAME
Current User Name: XYZ
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 14 Days
Output = Standard
 
========== Processes (SafeList) ==========
 
PRC - [2010.05.23 12:12:45 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\User\Desktop\OTL.exe
PRC - [2010.04.03 12:01:18 | 000,910,296 | ---- | M] (Mozilla Corporation) -- I:\Firefox\firefox.exe
PRC - [2009.11.11 18:02:14 | 000,603,856 | ---- | M] (Trend Micro Inc.) -- C:\Programme\Trend Micro\Client Server Security Agent\ntrtscan.exe
PRC - [2009.11.11 18:02:12 | 000,685,776 | ---- | M] (Trend Micro Inc.) -- C:\Programme\Trend Micro\Client Server Security Agent\tmlisten.exe
PRC - [2009.11.11 18:02:12 | 000,399,048 | ---- | M] (Trend Micro Inc.) -- C:\Programme\Trend Micro\Client Server Security Agent\pccntmon.exe
PRC - [2009.11.11 18:02:10 | 000,282,704 | ---- | M] (Trend Micro Inc.) -- C:\Programme\Trend Micro\Client Server Security Agent\ofcpfwsvc.exe
PRC - [2009.11.11 18:02:10 | 000,214,712 | ---- | M] () -- C:\WINDOWS\Temp\VX3EF9.EXE
PRC - [2009.04.23 15:51:38 | 000,691,656 | ---- | M] (DT Soft Ltd) -- C:\Programme\DAEMON Tools Lite\daemon.exe
PRC - [2008.12.06 01:48:08 | 000,699,392 | ---- | M] () -- C:\Programme\Samsung\Samsung PC Studio 7\PCSuite.exe
PRC - [2008.11.21 12:58:00 | 000,146,432 | ---- | M] () -- C:\Programme\PC Connectivity Solution\Transports\NclBCBTSrv.exe
PRC - [2008.11.11 09:38:06 | 000,620,544 | ---- | M] (Nokia.) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe
PRC - [2008.09.19 08:52:04 | 000,130,560 | ---- | M] () -- C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2008.06.03 08:02:34 | 000,119,808 | ---- | M] () -- C:\Programme\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2008.04.14 07:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.03.18 06:27:12 | 000,013,312 | R--- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe
PRC - [2007.12.20 18:02:52 | 000,576,104 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2007.08.02 09:33:01 | 004,128,768 | ---- | M] (Quanta Computer, INC.) -- C:\Programme\Keyboard Manager\Manager Utility\KeyboardManager.exe
PRC - [2007.05.08 21:43:38 | 001,026,048 | ---- | M] () -- J:\MySQL\MySQL Tools\MySQL Tools for 5.0\MySQLSystemTrayMonitor.exe
PRC - [2006.10.26 13:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\mdm.exe
PRC - [2005.08.11 16:30:30 | 000,618,496 | ---- | M] (Macrovision Corporation) -- C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\agent.exe
PRC - [2005.08.11 16:30:30 | 000,249,856 | ---- | M] (Macrovision Corporation) -- c:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe
PRC - [2005.08.11 16:30:30 | 000,081,920 | ---- | M] (Macrovision Corporation) -- C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.05.23 12:12:45 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\User\Desktop\OTL.exe
MOD - [2008.04.14 07:51:08 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2007.12.20 17:56:06 | 000,073,728 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\BtMmHook.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] --  -- (NMIndexingService)
SRV - [2009.12.08 11:46:20 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009.11.11 18:02:14 | 000,603,856 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Programme\Trend Micro\Client Server Security Agent\ntrtscan.exe -- (ntrtscan)
SRV - [2009.11.11 18:02:12 | 000,685,776 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Programme\Trend Micro\Client Server Security Agent\tmlisten.exe -- (tmlisten)
SRV - [2009.11.11 18:02:10 | 000,282,704 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Programme\Trend Micro\Client Server Security Agent\ofcpfwsvc.exe -- (OfcPfwSvc)
SRV - [2008.11.15 06:53:14 | 006,447,744 | ---- | M] () [On_Demand | Stopped] -- J:\MySQL\MySQL Server\bin\mysqld.exe -- (MySQL)
SRV - [2008.11.11 09:38:06 | 000,620,544 | ---- | M] (Nokia.) [On_Demand | Running] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008.11.04 01:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008.03.18 06:27:12 | 000,013,312 | R--- | M] (Agere Systems) [Auto | Running] -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006.12.02 07:28:10 | 002,805,000 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006.10.26 13:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\mdm.exe -- (MDM)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2010.03.17 14:01:22 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009.12.04 16:39:06 | 000,230,928 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Programme\Trend Micro\Client Server Security Agent\tmxpflt.sys -- (TmFilter)
DRV - [2009.12.04 16:38:18 | 000,036,368 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Programme\Trend Micro\Client Server Security Agent\tmpreflt.sys -- (TmPreFilter)
DRV - [2009.12.04 16:05:06 | 001,322,680 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Programme\Trend Micro\Client Server Security Agent\vsapint.sys -- (VSApiNt)
DRV - [2009.11.11 18:02:14 | 000,138,384 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2009.11.11 18:02:12 | 001,844,928 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Programme\Trend Micro\Client Server Security Agent\tm_cfw.sys -- (TM_CFW)
DRV - [2008.08.26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.07.31 15:35:00 | 004,751,872 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008.07.30 03:53:52 | 000,017,920 | ---- | M] (SAMSUNG Electronics Co.,Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SSUSBDownload.sys -- (SSUSBDownload)
DRV - [2008.07.01 05:27:44 | 000,108,800 | R--- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008.06.09 13:53:00 | 006,584,160 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008.06.09 13:53:00 | 000,038,304 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)
DRV - [2008.04.28 00:14:54 | 003,626,112 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel(R)
DRV - [2008.04.13 22:06:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008.03.21 06:13:00 | 001,203,776 | R--- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2007.12.10 06:21:26 | 000,539,640 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2007.12.06 11:41:42 | 000,220,032 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2007.11.27 09:40:38 | 000,074,688 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2007.11.21 04:51:30 | 000,879,624 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2007.06.29 05:38:30 | 000,156,392 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2007.05.02 16:32:34 | 000,135,680 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdsa.sys -- (nmwcdsa)
DRV - [2007.05.02 16:31:54 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdsacm.sys -- (nmwcdsacm)
DRV - [2007.05.02 16:31:54 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdsacj.sys -- (nmwcdsacj)
DRV - [2007.05.02 16:31:54 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdsac.sys -- (nmwcdsac)
DRV - [2007.03.31 06:02:40 | 000,055,352 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2007.03.23 03:50:08 | 000,037,424 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2007.03.13 04:12:00 | 000,255,232 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2007.02.25 00:05:24 | 002,203,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel(R)
DRV - [2007.02.12 13:36:54 | 000,277,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2007.02.01 03:38:54 | 000,033,792 | R--- | M] (KM Software Team) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\qkbfiltr.sys -- (qkbfiltr)
DRV - [2007.01.23 13:13:26 | 000,036,608 | R--- | M] (Infineon Technologies AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2006.07.06 07:44:00 | 000,168,448 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005.12.01 19:43:16 | 000,062,848 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfhid.sys -- (Tosrfhid)
DRV - [2005.11.24 13:37:36 | 000,047,104 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2005.11.22 21:29:58 | 000,108,800 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (Tosrfbd)
DRV - [2005.11.15 22:36:20 | 000,036,736 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2005.11.11 15:09:52 | 000,052,864 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfsnd.sys -- (TosRfSnd) Bluetooth Audio Device (WDM)
DRV - [2005.09.15 18:06:08 | 000,036,480 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (Tosrfbnp)
DRV - [2005.08.01 16:45:08 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2005.07.11 18:58:56 | 000,003,712 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\toshidpt.sys -- (toshidpt)
DRV - [2005.01.06 13:42:42 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 172.20.21.253:8080
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "LEO Eng-Deu"
FF - prefs.js..browser.startup.homepage: "google.de"
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.0.4
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {A5C87640-F7CF-11DA-974D-0800200C9A66}:0.2.0
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.3
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..network.proxy.ftp: "172.20.21.253"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.gopher: "172.20.21.253"
FF - prefs.js..network.proxy.gopher_port: 8080
FF - prefs.js..network.proxy.http: "172.20.21.253"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.socks: "172.20.21.253"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "172.20.21.253"
FF - prefs.js..network.proxy.ssl_port: 8080
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: I:\Firefox\components [2010.04.03 12:01:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: I:\Firefox\plugins [2010.04.03 12:01:22 | 000,000,000 | ---D | M]
 
[2009.12.06 16:06:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Extensions
[2010.05.23 12:13:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\5glsty8p.default\extensions
[2010.04.15 16:12:56 | 000,000,000 | ---D | M] (Flagfox) -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\5glsty8p.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2009.12.06 16:08:14 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\5glsty8p.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.12.29 02:02:07 | 000,000,000 | ---D | M] (Mobile Barcoder) -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\5glsty8p.default\extensions\{A5C87640-F7CF-11DA-974D-0800200C9A66}
[2010.04.15 16:12:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\5glsty8p.default\extensions\personas@christopher.beard
[2009.12.06 16:04:01 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
 
O1 HOSTS File: ([2009.12.08 11:56:00 | 000,000,853 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1				activate.adobe.com
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] c:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\isuspm.exe (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [Keyboard Manager Utility] C:\Programme\Keyboard Manager\Manager Utility\KeyboardManager.exe (Quanta Computer, INC.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\Programme\Trend Micro\Client Server Security Agent\pccntmon.exe (Trend Micro Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Programme\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKCU..\Run: [S60 PC Suite Tray] C:\Programme\Samsung\Samsung PC Studio 7\PCSuite.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk = C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\MySQL System Tray Monitor (2).lnk = J:\MySQL\MySQL Tools\MySQL Tools for 5.0\MySQLSystemTrayMonitor.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 [2010.03.24 23:35:48 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 [2010.03.24 23:35:48 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 [2010.03.24 23:35:48 | 000,000,000 | ---D | M]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Senden an Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_06\bin\npjpi160_06.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - I:\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - I:\ICQ6.5\ICQ.exe (ICQ, LLC.)
O16 - DPF: {} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/F/D/9/FD9E437D-5BC8-4264-A093-DFA2C39D197E/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1233235496935 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 145.253.2.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = blindow.local
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.08.01 09:30:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{41d2b7e0-d0c7-11dc-a096-000df0433e78}\Shell\AutoRun\command - "" = F:\PStart.exe -- File not found
O33 - MountPoints2\{dffd6269-4a3e-11dc-8a97-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{dffd6269-4a3e-11dc-8a97-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{dffd6269-4a3e-11dc-8a97-806d6172696f}\Shell\AutoRun\command - "" = D:\SETUP.EXE -- File not found
O33 - MountPoints2\{dffd6269-4a3e-11dc-8a97-806d6172696f}\Shell\configure\command - "" = D:\SETUP.EXE -- File not found
O33 - MountPoints2\{dffd6269-4a3e-11dc-8a97-806d6172696f}\Shell\install\command - "" = D:\SETUP.EXE -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 14 Days ==========
 
[2010.05.23 12:12:55 | 000,000,000 | ---D | C] -- C:\rsit
[2010.05.23 12:12:38 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\User\Desktop\OTL.exe
[2010.05.21 09:57:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\User\Desktop\DNS Server
[2010.05.20 18:57:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Macromedia
[2010.05.20 11:54:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\User\Desktop\Herr Meier
[2010.05.19 21:53:40 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\User\Recent
[2010.05.19 21:51:37 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2010.05.19 21:42:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Adobe
[2010.05.19 21:18:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Malwarebytes
[2010.05.19 21:18:12 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.05.19 21:18:11 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.05.19 21:18:11 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.05.19 21:18:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2010.05.19 21:07:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\ATManager
[2010.05.19 21:06:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\FBAA90E1B0066288E3F148B7125CC365
[2010.05.17 14:30:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\LolClient
[2010.05.17 08:25:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\User\Desktop\LF2 Klausursachen
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 14 Days ==========
 
[2010.05.23 12:12:45 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\User\Desktop\OTL.exe
[2010.05.23 12:11:29 | 000,824,681 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Desktop\RSIT.exe
[2010.05.23 12:02:24 | 000,189,259 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010.05.23 12:01:26 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.05.23 12:01:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.05.23 12:01:10 | 3218,296,832 | -HS- | M] () -- C:\hiberfil.sys
[2010.05.22 18:23:03 | 005,505,024 | ---- | M] () -- C:\Dokumente und Einstellungen\User\NTUSER.DAT
[2010.05.22 18:23:03 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\User\ntuser.ini
[2010.05.21 09:27:24 | 000,008,774 | ---- | M] () -- C:\WINDOWS\cfgall.ini
[2010.05.19 21:06:49 | 000,183,296 | ---- | M] () -- C:\WINDOWS\Txijea.exe
[2010.05.17 07:58:51 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.05.11 20:20:48 | 001,772,313 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Desktop\Optische Laufwerke.pptx
[2010.05.11 19:41:26 | 000,097,455 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Desktop\3beam.png
[2010.05.11 18:12:03 | 000,045,710 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Desktop\daemontools.jpg
[2010.05.09 21:10:40 | 000,018,097 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Desktop\Unbenannt 1.odt
[2010.05.09 20:14:28 | 000,004,348 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Desktop\Neu WordPad-Dokument.doc
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.05.23 12:11:23 | 000,824,681 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Desktop\RSIT.exe
[2010.05.19 21:06:53 | 000,183,296 | ---- | C] () -- C:\WINDOWS\Txijea.exe
[2010.05.19 10:33:37 | 002,255,430 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Desktop\M_Network.tiff
[2010.05.11 19:41:25 | 000,097,455 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Desktop\3beam.png
[2010.05.11 18:12:03 | 000,045,710 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Desktop\daemontools.jpg
[2010.05.11 17:57:30 | 001,772,313 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Desktop\Optische Laufwerke.pptx
[2010.05.11 17:48:50 | 000,004,348 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Desktop\Neu WordPad-Dokument.doc
[2010.05.11 17:48:47 | 000,018,097 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Desktop\Unbenannt 1.odt
[2010.03.17 14:01:22 | 000,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009.12.29 02:09:28 | 000,000,084 | ---- | C] () -- C:\WINDOWS\bctester_de.INI
[2009.12.06 15:49:07 | 000,000,952 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2009.12.03 11:18:23 | 000,008,774 | ---- | C] () -- C:\WINDOWS\cfgall.ini
[2009.05.05 11:44:34 | 000,162,304 | ---- | C] () -- C:\WINDOWS\libpng13.dll
[2009.05.04 21:42:20 | 000,059,392 | ---- | C] () -- C:\WINDOWS\zlib1.dll
[2009.04.28 09:04:00 | 009,250,816 | ---- | C] () -- C:\WINDOWS\avcodec-52.dll
[2009.04.28 09:04:00 | 000,733,184 | ---- | C] () -- C:\WINDOWS\avformat-52.dll
[2009.04.28 09:04:00 | 000,211,968 | ---- | C] () -- C:\WINDOWS\swscale-0.dll
[2009.04.28 09:04:00 | 000,070,144 | ---- | C] () -- C:\WINDOWS\avutil-50.dll
[2009.04.26 16:28:36 | 000,167,936 | ---- | C] () -- C:\WINDOWS\lua5.1.dll
[2009.02.17 11:19:22 | 000,194,048 | ---- | C] () -- C:\WINDOWS\curllib.dll
[2008.12.23 09:03:04 | 000,065,536 | ---- | C] () -- C:\WINDOWS\libsasl.dll
[2008.11.12 04:45:58 | 000,286,371 | ---- | C] () -- C:\WINDOWS\libidn-11.dll
[2008.06.09 13:53:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008.06.09 13:53:00 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008.06.09 13:53:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008.06.09 13:53:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007.12.20 17:56:26 | 002,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2007.08.15 10:13:36 | 000,000,216 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007.08.14 11:25:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2007.08.01 15:31:47 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007.08.01 10:17:02 | 000,002,480 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2007.08.01 09:39:33 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005.02.17 12:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005.02.17 12:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2004.02.20 22:36:34 | 000,416,256 | ---- | C] () -- C:\WINDOWS\exchndl.dll
[2003.10.24 00:27:46 | 000,110,592 | ---- | C] () -- C:\WINDOWS\openldap.dll
[2001.11.14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
< End of report >

Antimalware Doctor

Plagegeister aller Art und deren Bekämpfung: Antimalware Doctor

Antimalware Doctor

Ähnliche Themen: Antimalware Doctor