| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: WIN32/Nuqel.E gefunden und bekämpft, PC aber immernoch nicht okWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
12.07.2010, 08:54
| #1 |
 |  WIN32/Nuqel.E gefunden und bekämpft, PC aber immernoch nicht ok Hallo Ihr Profis, schön das es EUCH gibt. Ich habe nach der Virusmeldung, bzw dieser AV Security Meldung alles nach FAQ erledigt. Der PC läuft nur im Abgesicherten Modus flüssig, daher auch alles im Abg.Modus durchgeführt !! Erst wurde mit Spyware-Doctor einiges gefunden. Hab dann Vollversion gekauft und aktiviert, dann wurde alles in Quarantäne geschickt. Siehe Screenshot. Habe Systemwiederherstellung abgeschaltet. ccleaner incl.registry aufgeräumt. rkill und Malwarebytes angewendet. Bitdefender online laufen lassen. Avira Anti-Vir lässt sich nicht starten. RIST ausgeführt. Nun bin ich am Ende mit meinen Fähigkeitem. Normal hochfahren, dann geht fast nix vorwärts, bzw. irgendann ist stillstand. Könnt Ihr bitte helfen !! Hier die logs: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4301 Windows 5.1.2600 Service Pack 2 (Safe Mode) Internet Explorer 8.0.6001.18702 11.07.2010 14:52:23 mbam-log-2010-07-11 (14-52-23).txt Scan type: Full scan (C:\|) Objects scanned: 200720 Time elapsed: 39 minute(s), 58 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\System Volume Information\_restore{D52CB87E-6BED-419D-AB86-85722B6901E6}\RP253\A0165342.exe (Trojan.Downloader) -> Quarantined and deleted successfully. später dann: Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 138583 Laufzeit: 8 Minute(n), 58 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) RKILL: This log file is located at C:\rkill.log. Please post this only if requested to by the person helping you. Otherwise you can close this log when you wish. Ran as Charlie on 12.07.2010 at 5:58:34. Processes terminated by Rkill or while it was running: Rkill completed on 12.07.2010 at 5:58:44. RIST: info.txtRSIT Logfile: Code:
ATTFilter logfile of random's system information tool 1.08 2010-07-12 06:15:02
======Uninstall list======
-->C:\Programme\Creative\SBLive\Program\Ctzapxx.EXE /X /U /S /R
-->C:\Programme\Gemeinsame Dateien\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{58582977-44D2-44A0-A09B-031CC2AE5938}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{58582977-44D2-44A0-A09B-031CC2AE5938}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{A731533B-B325-4D9C-91A4-D93C8E294C19}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{A731533B-B325-4D9C-91A4-D93C8E294C19}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x9 /remove
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3DSex_Villa_ThriXXX-->C:\PROGRA~1\ThriXXX\UNWISE.EXE C:\PROGRA~1\ThriXXX\INSTALL.LOG
AC3 Decoder v.1.2.4b-->C:\PROGRA~1\AC3DEC~1\UNWISE.EXE C:\PROGRA~1\AC3DEC~1\INSTALL.LOG
ACDSee Trial-Version-->C:\PROGRA~1\ACDSYS~1\ACDSEE~1\UNWISE.EXE C:\PROGRA~1\ACDSYS~1\ACDSEE~1\INSTALL.LOG
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Reader 8 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A80000000002}
Amazon MP3-Downloader 1.0.5-->C:\Programme\Amazon\MP3 Downloader\Uninstall.exe
AnyDVD-->"C:\Programme\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Programme\SlySoft\AnyDVD"
AudioEdit Deluxe-->C:\PROGRA~1\MYSTIK~1\AUDIOE~1\UNWISE.EXE C:\PROGRA~1\MYSTIK~1\AUDIOE~1\INSTALL.LOG
Avira AntiVir Personal - Free Antivirus-->C:\Programme\Avira\AntiVir Desktop\setup.exe /REMOVE
Avira UnErase Personal-->C:\Programme\Avira\UnErase\uninstall.exe
Browser Defender 2.0.6.15-->"C:\Programme\Spyware Doctor\BDT\unins000.exe"
Canon iP4600 series Benutzerregistrierung-->C:\Programme\Canon\IJEREG\iP4600 series\UNINST.EXE
Canon iP4600 series Printer Driver-->"C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4600_series\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4600_series /L0x0007
Canon Utilities My Printer-->C:\Programme\Canon\MyPrinter\uninst.exe uninst.ini
CCleaner (remove only)-->"C:\Programme\CCleaner\uninst.exe"
CD-LabelPrint-->"C:\Programme\Canon\CD-LabelPrint\Uninstal.exe" Canon.CDLabelPrint.Application
CloneDVD2-->"C:\Programme\Elaborate Bytes\CloneDVD2\CloneDVD2-uninst.exe" /D="C:\Programme\Elaborate Bytes\CloneDVD2"
CompuApps SwissKnife V3-->C:\WINDOWS\ISUNINST.EXE -fC:\SWISNIFE\SKUninst.ISU -cC:\SWISNIFE\SKUNINST.DLL
Corel Applications-->C:\WINDOWS\COREL\UNINSTAL.EXE
CTSPD-->C:\WINDOWS\IsUninst.exe -fC:\Programme\CTSPD\ctspd.isu
Defraggler (remove only)-->"C:\Programme\Defraggler\uninst.exe"
DivX Content Uploader-->C:\Programme\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX-Setup-->C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DivX\Setup\DivXSetup.exe /uninstall /bundleGroupId divx.com
DivxToDVD 0.5.2b-->"C:\Programme\vso\DivxToDVD\unins000.exe"
DVD Shrink 3.2-->"C:\Programme\DVD Shrink\unins000.exe"
DVD-RAM Driver-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}\setup.exe" -l0x9 DVD-RAM Driver
EVEREST Home Edition v1.51-->"C:\Programme\Lavalys\EVEREST Home Edition\unins000.exe"
FileZilla Client 3.3.3-->C:\Programme\FileZilla FTP Client\uninstall.exe
FLV Player 2.0 (build 25)-->C:\Programme\FLV Player\uninst.exe
Fonty 98-->C:\WINDOWS\unin0407.exe -f"C:\Programme\ceytec software\Fonty 98\DeIsL1.isu"
Free Audio CD Burner version 1.3-->"C:\Programme\DVDVideoSoft\Free Audio CD Burner\unins000.exe"
Free Video to iPhone Converter version 2.2-->"C:\Programme\DVDVideoSoft\Free Video to iPhone Converter\unins000.exe"
Free YouTube to MP3 Converter version 3.5-->"C:\Programme\DVDVideoSoft\Free YouTube to MP3 Converter\unins000.exe"
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
hp LaserJet 1000-->zuninst.exe
IncrediMail Xe-->C:\PROGRA~1\INCRED~1\bin\imsetup.exe /remove /addon:IncrediMail /log:IncMail.log
IrfanView (remove only)-->C:\Programme\irfanview\iv_uninstall.exe
JAP-->C:\Programme\JAP\uninstall.exe
Jasc Paint Shop Pro 8-->MsiExec.exe /I{81A34902-9D0B-4920-A25C-4CDC5D14B328}
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Lame ACM MP3 Codec-->C:\WINDOWS\System32\rundll32.exe setupapi,InstallHinfSection Remove_LameMP3 132 C:\WINDOWS\INF\LameACM.inf
LIDL Fotoservice-->"C:\Programme\LIDL\unins000.exe"
LiveReg (Symantec Corporation)-->C:\Programme\Gemeinsame Dateien\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 1.6 (Symantec Corporation)-->C:\Programme\Symantec\LiveUpdate\LSETUP.EXE /U
MAGIX Online Druck Service-->C:\PROGRA~1\MAGIXO~1\\UNWISE.EXE C:\PROGRA~1\MAGIXO~1\\INSTALL.LOG
MAGIX video deLuxe 2004 2005 PLUS-->C:\MAGIX\video_deLuxe_2004_2005_PLUS\instslct.exe
Malwarebytes' Anti-Malware-->"C:\Programme\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Office XP Professional mit FrontPage-->MsiExec.exe /I{90280407-6000-11D3-8CFE-0050048383C9}
Microsoft Sync Framework Runtime v1.0 (x86)-->MsiExec.exe /I{A8BD5A60-E843-46DC-8271-ABF20756BE0F}
Microsoft Sync Framework Services v1.0 (x86)-->MsiExec.exe /I{03CAB33F-D1C2-48C6-8766-DAE84DFC25FE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 SP1 CRT Redistributable-->MsiExec.exe /I{CC038D57-788A-4544-BF8F-179E5CF50D2F}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Mozilla Firefox (3.6.3)-->C:\Programme\Mozilla Firefox\uninstall\helper.exe
MP3-Cutter-->C:\WINDOWS\IsUninst.exe -fC:\Programme\MP3-Cutter\Uninst.isu
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 6 Service Pack 2 (KB973686)-->MsiExec.exe /I{56EA8BC0-3751-4B93-BC9D-6651CC36E5AA}
Nero Digital-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
Nero OEM-->C:\Programme\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
NVIDIA Windows 2000/XP Display Drivers-->rundll32.exe C:\WINDOWS\system32\nvinstnt.dll,NvUninstallNT4 nv4_disp.inf
Panorama Factory-->C:\WINDOWS\IsUninst.exe -f"C:\Programme\The Panorama Factory\PFactory\Uninst.isu"
PC Inspector smart recovery-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{C9A87D86-FDFD-418B-BF96-EF09320973B3}\Setup.exe" -l0x7
PDFCreator-->C:\Programme\PDFCreator\unins000.exe
PowerDVD-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
Print Server-->C:\WINDOWS\IsUninst.exe -f"C:\Programme\Broadband Router\Print Server\Uninst.isu"
ProjectX-->C:\Programme\ProjectX\uninstall.exe
QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
RealPlayer-->C:\Programme\Gemeinsame Dateien\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Riva FLV Player-->"C:\Programme\Riva\Riva FLV Player\unins000.exe"
Rm to Mp3 Wav Convertor 2.15-->"C:\Programme\Rm to Mp3 Wav Convertor\unins000.exe"
SD Formatter-->MsiExec.exe /I{3F9FB449-93DB-4C47-BB5B-7334C4D1736E}
SetEditArgus (remove only)-->"C:\Programme\SetEditArgus\uninstall.exe"
SetEditMX04 (remove only)-->"C:\Programme\SetEditMX04\uninstall.exe"
Shareaza Version 2.2.1.0-->"C:\Programme\Shareaza\Uninstall\unins000.exe"
Shockwave-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Sicherheitsupdate für Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 8 (KB974455)-->"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 8 (KB976325)-->"C:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 8 (KB978207)-->"C:\WINDOWS\ie8updates\KB978207-IE8\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 8 (KB981332)-->"C:\WINDOWS\ie8updates\KB981332-IE8\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 8 (KB982381)-->"C:\WINDOWS\ie8updates\KB982381-IE8\spuninst\spuninst.exe"
Sonic CinePlayer DVD Pack-->MsiExec.exe /I{D4576E0D-2295-4B8E-B663-B68086B00EE5}
SoulSeek Client 156c-->"C:\Programme\Soulseek\uninstall.exe"
Sound Blaster Live! Web 2K/XP-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{0A7B28CF-6BE3-11D6-A285-00A0CC51B2FE}\Setup.exe" -l0x9
Spybot - Search & Destroy-->"C:\Programme\Spybot - Search & Destroy\unins000.exe"
Spyware Doctor 7.0-->C:\Programme\Spyware Doctor\unins000.exe /LOG
TechniSat DVB-PC TV Star-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{D032A7F0-8B5C-4603-8B46-235025D5F9C1}\Setup.exe" -l0x7 anything -removeonly
TMPGEnc Plus 2.5-->C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{4C6F02E1-D873-45F3-B852-D83F84BEA8D4}
TomTom HOME 2.7.3.1894-->C:\Programme\TomTom HOME 2\Uninstall TomTom HOME.exe
TomTom HOME Visual Studio Merge Modules-->MsiExec.exe /I{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}
Two Worlds Pinball-->C:\PROGRA~1\TWOWOR~1\Unwise.exe /U C:\PROGRA~1\TWOWOR~1\install.log
Uninstall 1.0.0.1-->"C:\Programme\Gemeinsame Dateien\DVDVideoSoft\unins000.exe"
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update für Windows Internet Explorer 8 (KB971180)-->"C:\WINDOWS\ie8updates\KB971180-IE8\spuninst\spuninst.exe"
Update für Windows Internet Explorer 8 (KB976662)-->"C:\WINDOWS\ie8updates\KB976662-IE8\spuninst\spuninst.exe"
Update für Windows Internet Explorer 8 (KB976749)-->"C:\WINDOWS\ie8updates\KB976749-IE8\spuninst\spuninst.exe"
Update für Windows Internet Explorer 8 (KB980182)-->"C:\WINDOWS\ie8updates\KB980182-IE8\spuninst\spuninst.exe"
VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421}
VideoLAN VLC media player 0.6.2-->"C:\Programme\VideoLAN\VLC\uninstall.exe"
VirtualCloneDrive-->"C:\Programme\Elaborate Bytes\VirtualCloneDrive\vcd-uninst.exe" /D="C:\Programme\Elaborate Bytes\VirtualCloneDrive"
WGuardBDE-->MsiExec.exe /I{D378E8FB-A4D4-46B6-AD3F-ED046B90CFA0}
whomadewho Screen Saver-->C:\WINDOWS\whomadewho.scr /u
Winamp (nur entfernen)-->"C:\Programme\Winamp\deinstwa.exe"
Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Programme\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10-->"C:\Programme\Windows Media Player\Setup_wm.exe" /Uninstall
WinRAR Archivierer-->C:\Programme\WinRAR\uninstall.exe
WinRename-->MsiExec.exe /I{35CF37D9-6158-4DB7-8D4A-BC36CA7B8C57}
WISO Sparbuch 2008-->C:\Programme\InstallShield Installation Information\{A1973A71-BC23-4A8C-A0A0-2B0497B7EAF4}\Setup.exe -runfromtemp -l0x0007 -removeonly
WISO Sparbuch 2009-->C:\Programme\InstallShield Installation Information\{00C58EBE-223E-4AB6-8AE9-38F27F4420BD}\Setup.exe -runfromtemp -l0x0007 -removeonly
xp-AntiSpy 3.93-->C:\Programme\xp-AntiSpy\uninst.exe
======Hosts File======
127.0.0.1 0-ol1oiz-xolxii1-oxli10ozl1l1-o-l-11-iizxp-l-0o-oll11iz0oil-ol.com
127.0.0.1 1000stars.ru
127.0.0.1 11.rtcode.com
127.0.0.1 123counter.mycomputer.com
127.0.0.1 123go.com
127.0.0.1 123stat.com
127.0.0.1 192.168.112.2O7.net
127.0.0.1 1cgi.hitbox.com
127.0.0.1 1stblaze.com
127.0.0.1 1stpagehere.com
======Security center information======
AV: AntiVir PersonalEdition Classic Virenschutz
AV: AntiVir Desktop (disabled) (outdated)
AV: AntiVir PersonalEdition Classic Virenschutz
AV: AntiVir PersonalEdition Classic Virenschutz
AV: AntiVir PersonalEdition Classic Virenschutz
======System event log======
Computer Name: TORSTEN
Event Code: 7035
Message: Der Steuerbefehl "starten" wurde erfolgreich an den Dienst "Terminaldienste" gesendet.
Record Number: 40279
Source Name: Service Control Manager
Time Written: 20100323065325.000000+060
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM
Computer Name: TORSTEN
Event Code: 17
Message: AVGNTFLT successfully loaded
Record Number: 40278
Source Name: avgntflt
Time Written: 20100323065250.000000+060
Event Type: Informationen
User:
Computer Name: TORSTEN
Event Code: 14107
Message: QoS [Adapter NDISWANBH]:
Der Paketplaner konnte den virtuellen Miniport mit NDIS nicht initialisieren.
Record Number: 40277
Source Name: PSched
Time Written: 20100323065250.000000+060
Event Type: Fehler
User:
Computer Name: TORSTEN
Event Code: 14107
Message: QoS [Adapter NDISWANBH]:
Der Paketplaner konnte den virtuellen Miniport mit NDIS nicht initialisieren.
Record Number: 40276
Source Name: PSched
Time Written: 20100323065250.000000+060
Event Type: Fehler
User:
Computer Name: TORSTEN
Event Code: 14107
Message: QoS [Adapter NDISWANBH]:
Der Paketplaner konnte den virtuellen Miniport mit NDIS nicht initialisieren.
Record Number: 40275
Source Name: PSched
Time Written: 20100323065250.000000+060
Event Type: Fehler
User:
=====Application event log=====
Computer Name: TORSTEN
Event Code: 1800
Message: Der Windows-Sicherheitscenterdienst wurde gestartet.
Record Number: 5
Source Name: SecurityCenter
Time Written: 20100302173215.000000+060
Event Type: Informationen
User:
Computer Name: TORSTEN
Event Code: 4096
Message: Der AntiVir Dienst wurde erfolgreich gestartet!
Record Number: 4
Source Name: Avira AntiVir
Time Written: 20100302070425.000000+060
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM
Computer Name: TORSTEN
Event Code: 1800
Message: Der Windows-Sicherheitscenterdienst wurde gestartet.
Record Number: 3
Source Name: SecurityCenter
Time Written: 20100302070359.000000+060
Event Type: Informationen
User:
Computer Name: TORSTEN
Event Code: 4096
Message: Der AntiVir Dienst wurde erfolgreich gestartet!
Record Number: 2
Source Name: Avira AntiVir
Time Written: 20100301180746.000000+060
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM
Computer Name: TORSTEN
Event Code: 1800
Message: Der Windows-Sicherheitscenterdienst wurde gestartet.
Record Number: 1
Source Name: SecurityCenter
Time Written: 20100301180722.000000+060
Event Type: Informationen
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"devmgr_show_nonpresent_devices"=1
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=1
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM;C:\Programme\Gemeinsame Dateien\Ulead Systems\MPEG;C:\PROGRA~1\ThriXXX\3D SexVilla;C:\Programme\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 0 Stepping 7, GenuineIntel
"PROCESSOR_LEVEL"=15
"PROCESSOR_REVISION"=0007
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"windir"=%SystemRoot%
"CLASSPATH"=.;C:\Programme\Java\jre1.6.0_03\lib\ext\QTJava.zip
"QTJAVA"=C:\Programme\Java\jre1.6.0_03\lib\ext\QTJava.zip
"SAFEBOOT_OPTION"=NETWORK
-----------------EOF-----------------
RSIT Logfile: Code:
ATTFilter Logfile of random's system information tool 1.08 (written by random/random) Run by Charlie at 2010-07-12 06:14:46 Microsoft Windows XP Professional Service Pack 2 System drive C: has 6 GB (29%) free of 20 GB Total RAM: 511 MB (61% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 06:14:54, on 12.07.2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Safe mode with network support Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\explorer.exe C:\Dokumente und Einstellungen\Charlie\Desktop\RSIT.exe C:\Programme\trend micro\Charlie.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1F48AA48-C53A-4E21-85E7-AC7CC6B5FFAD} - (no file) O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Programme\Spyware Doctor\BDT\PCTBrowserDefender.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Programme\Spyware Doctor\BDT\PCTBrowserDefender.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Programme\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SystemTray] %windir%\system32\systray.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [CanonMyPrinter] C:\Programme\Canon\MyPrinter\BJMyPrt.exe /logon O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [DivXUpdate] "C:\Programme\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKLM\..\Run: [ISTray] "C:\Programme\Spyware Doctor\pctsTray.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [NBJ] "C:\Programme\Ahead\Nero BackItUp\NBJ.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Programme\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm O8 - Extra context menu item: Download with GetRight - C:\Programme\GetRight\GRdownload.htm O8 - Extra context menu item: Fotoabzug online bestellen ! - hxxp://fotoup.info/ie2wk.php?hid=9x13 O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Dokumente und Einstellungen\Charlie\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubetomp3.htm O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Open with GetRight Browser - C:\Programme\GetRight\GRbrowse.htm O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - hxxp://www.creative.com/su/ocx/15009/CTSUEng.cab O16 - DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} (HidInputMonitorX Control) - file://G:\components\hidinputmonitorx.ocx O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - hxxp://dl.tvunetworks.com/TVUAx.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - hxxp://207.188.7.150/25c2c84f1bab24d9d905/netzip/RdxIE601_de.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - hxxp://download.bitdefender.com/resources/scanner/sources/de/scan8/oscan8.cab O16 - DPF: {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} (WMVHDRatingCtrl Class) - file://G:\components\wmvhdrating.ocx O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} - hxxp://bitdefender.buhl.de/scan/Msie/bitdefender.cab O16 - DPF: {B1953AD6-C50E-11D3-B020-00A0C9251384} (O2C-Player (ELECO Software GmbH)) - hxxp://www.o2c.de/download/o2cplayer.cab O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - hxxp://asp03.photoprintit.de/microsite/1384/defaults/activex/IPSUploader.cab O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} - hxxp://www2.incredimail.com/contents/setup/downloader/imloader.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - hxxp://www.creative.com/su/ocx/15009/CTPID.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{F1B45E1B-D5BC-4B03-B953-B0CFEED12BC8}: NameServer = 192.168.178.1 O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe O23 - Service: Browser Defender Update Service - Unknown owner - C:\Programme\Spyware Doctor\BDT\BDTUpdateService.exe O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programme\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programme\Spyware Doctor\pctsSvc.exe O23 - Service: TomTomHOMEService - TomTom - C:\Programme\TomTom HOME 2\TomTomHOMEService.exe -- End of file - 7913 bytes ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Adobe PDF Reader - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1F48AA48-C53A-4E21-85E7-AC7CC6B5FFAD}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}] PC Tools Browser Guard BHO - C:\Programme\Spyware Doctor\BDT\PCTBrowserDefender.dll [2010-01-22 567248] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Programme\Java\jre6\bin\jp2ssv.dll [2009-04-11 35840] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-04-11 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {472734EA-242A-422B-ADF8-83D1E48CC825} - PC Tools Browser Guard - C:\Programme\Spyware Doctor\BDT\PCTBrowserDefender.dll [2010-01-22 567248] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2003-07-28 4841472] "nwiz"=nwiz.exe /install [] "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2003-07-28 49152] "UpdReg"=C:\WINDOWS\UpdReg.EXE [2000-05-11 90112] "VirtualCloneDrive"=C:\Programme\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [2004-08-20 45056] "QuickTime Task"=C:\Programme\QuickTime\qttask.exe [2008-11-04 413696] "SystemTray"=C:\WINDOWS\system32\systray.exe [2001-08-18 3072] "SunJavaUpdateSched"=C:\Programme\Java\jre6\bin\jusched.exe [2009-04-11 148888] "CanonMyPrinter"=C:\Programme\Canon\MyPrinter\BJMyPrt.exe [2008-03-18 1848648] "NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648] "avgnt"=C:\Programme\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153] "DivXUpdate"=C:\Programme\DivX\DivX Update\DivXUpdate.exe [2010-06-03 1144104] "ISTray"=C:\Programme\Spyware Doctor\pctsTray.exe [2010-07-11 1287120] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360] "NBJ"=C:\Programme\Ahead\Nero BackItUp\NBJ.exe [2004-11-30 1945600] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVGCtrl] C:\Programme\AntiVir PersonalEdition Classic\AVGNT.EXE /min [] C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart Adobe Reader - Schnellstart.lnk - C:\Programme\Adobe\Reader 8.0\Reader\reader_sl.exe Adobe Reader Synchronizer.lnk - C:\Programme\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2004-08-04 240128] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableClock"=0 "NoDispCPL"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=149 "NoSetFolders"=0 "NoFind"=0 "NoMultiIE"=0 "LWA"=0 "LWB"=0 "LWC"=0 "LWD"=0 "LWE"=0 "LWF"=0 "LWG"=0 "LWH"=0 "LWI"=0 "LWJ"=0 "LWK"=0 "LWL"=0 "LWM"=0 "LWN"=0 "LWO"=0 "LWP"=0 "LWQ"=0 "LWR"=0 "LWS"=0 "LWT"=0 "LWU"=0 "LWV"=0 "LWW"=0 "LWX"=0 "LWY"=0 "LWZ"=0 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"=1 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Programme\PPStream\PPStream.exe"="C:\Programme\PPStream\PPStream.exe:*:Enabled:PPStream" "C:\Programme\Internet Explorer\iexplore.exe"="C:\Programme\Internet Explorer\iexplore.exe:*:Enabled:iexplore" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" ======File associations====== .ini - open - C:\WINDOWS\SYSTEM32\NOTEPAD.EXE %1 .txt - open - C:\WINDOWS\SYSTEM32\NOTEPAD.EXE %1 ======List of files/folders created in the last 1 months====== 2010-07-12 06:14:47 ----D---- C:\Programme\trend micro 2010-07-12 06:14:46 ----D---- C:\rsit 2010-07-12 06:14:00 ----A---- C:\WINDOWS\ntbtlog.txt 2010-07-11 15:49:55 ----D---- C:\WINDOWS\BDOSCAN8 2010-07-11 12:29:36 ----D---- C:\Dokumente und Einstellungen\Charlie\Anwendungsdaten\Malwarebytes 2010-07-11 12:13:10 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2010-07-11 12:13:08 ----D---- C:\Programme\Malwarebytes' Anti-Malware 2010-07-11 12:13:08 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes 2010-07-11 12:13:08 ----A---- C:\WINDOWS\system32\drivers\mbam.sys 2010-07-11 08:19:23 ----A---- C:\WINDOWS\BDTSupport.dll 2010-07-11 08:19:22 ----A---- C:\WINDOWS\SGDetectionTool.dll 2010-07-11 08:19:22 ----A---- C:\WINDOWS\PCTBDRes.dll 2010-07-11 08:19:22 ----A---- C:\WINDOWS\PCTBDCore.dll 2010-07-11 08:19:10 ----A---- C:\WINDOWS\system32\drivers\pctgntdi.sys 2010-07-11 08:19:05 ----A---- C:\WINDOWS\system32\drivers\PCTCore.sys 2010-07-11 08:19:05 ----A---- C:\WINDOWS\system32\drivers\PCTAppEvent.sys 2010-07-11 08:18:53 ----A---- C:\WINDOWS\system32\drivers\pctplsg.sys 2010-07-11 08:18:25 ----D---- C:\Programme\Spyware Doctor 2010-07-11 08:18:25 ----D---- C:\Programme\Gemeinsame Dateien\PC Tools 2010-07-11 08:18:25 ----D---- C:\Dokumente und Einstellungen\Charlie\Anwendungsdaten\PC Tools 2010-07-11 08:18:25 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Tools 2010-07-11 08:18:05 ----AD---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP 2010-06-16 07:21:26 ----D---- C:\Programme\SDA 2010-06-14 09:16:04 ----D---- C:\Dokumente und Einstellungen\Charlie\Anwendungsdaten\FileZilla 2010-06-14 09:15:54 ----D---- C:\Programme\FileZilla FTP Client 2010-06-13 07:24:29 ----D---- C:\Dokumente und Einstellungen\Charlie\Anwendungsdaten\DVDVideoSoftIEHelpers ======List of files/folders modified in the last 1 months====== 2010-07-12 06:14:52 ----D---- C:\Temp 2010-07-12 06:14:47 ----RAD---- C:\Programme 2010-07-12 06:14:00 ----AD---- C:\WINDOWS 2010-07-12 05:56:59 ----D---- C:\Programme\CCleaner 2010-07-12 05:54:07 ----SHD---- C:\System Volume Information 2010-07-12 05:48:06 ----D---- C:\WINDOWS\Temp 2010-07-11 20:39:44 ----D---- C:\WINDOWS\system32\CatRoot2 2010-07-11 16:13:20 ----D---- C:\Programme\WinRAR 2010-07-11 16:12:23 ----D---- C:\Programme\Two Worlds Pinball 2010-07-11 15:49:57 ----SD---- C:\WINDOWS\Downloaded Program Files 2010-07-11 15:49:54 ----HD---- C:\WINDOWS\inf 2010-07-11 15:14:53 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy 2010-07-11 15:06:57 ----D---- C:\WINDOWS\system32\drivers 2010-07-11 14:53:43 ----HDC---- C:\WINDOWS\ie8 2010-07-11 12:28:28 ----D---- C:\WINDOWS\COREL 2010-07-11 12:27:42 ----D---- C:\Downloads 2010-07-11 09:12:29 ----SHD---- C:\Config.Msi 2010-07-11 08:50:09 ----D---- C:\Programme\Spybot - Search & Destroy 2010-07-11 08:32:32 ----RSHDC---- C:\WINDOWS\system32\dllcache 2010-07-11 08:19:01 ----SHD---- C:\WINDOWS\Installer 2010-07-11 08:18:59 ----D---- C:\WINDOWS\WinSxS 2010-07-11 08:18:25 ----D---- C:\Programme\Gemeinsame Dateien 2010-07-11 08:04:45 ----D---- C:\WINDOWS\system32\config 2010-07-11 08:03:33 ----D---- C:\WINDOWS\system32\wbem 2010-07-11 08:03:30 ----D---- C:\WINDOWS\Registration 2010-07-11 08:02:42 ----D---- C:\WINDOWS\system32 2010-07-11 08:01:17 ----D---- C:\Programme\Mozilla Firefox 2010-07-11 07:05:40 ----D---- C:\Dokumente und Einstellungen\Charlie\Anwendungsdaten\Anyg 2010-07-07 17:40:59 ----D---- C:\Programme\PostDa 2010-07-03 06:57:32 ----D---- C:\Programme\zoomplayer310rc1std 2010-06-24 03:09:38 ----RSD---- C:\WINDOWS\assembly 2010-06-24 03:09:16 ----D---- C:\WINDOWS\Microsoft.NET 2010-06-21 23:43:51 ----A---- C:\WINDOWS\winamp.ini 2010-06-14 13:38:15 ----D---- C:\WINDOWS\Debug 2010-06-13 09:11:01 ----A---- C:\WINDOWS\cdplayer.ini 2010-06-13 07:24:22 ----D---- C:\Programme\Gemeinsame Dateien\DVDVideoSoft 2010-06-13 07:23:54 ----D---- C:\Programme\DVDVideoSoft ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 agp440;Intel AGP-Bus-Filter; C:\WINDOWS\System32\DRIVERS\agp440.sys [2004-08-03 42368] R0 imagedrv;imagedrv; C:\WINDOWS\System32\Drivers\imagedrv.sys [2004-03-02 5504] R0 imagesrv;imagesrv; C:\WINDOWS\system32\DRIVERS\imagesrv.sys [2004-03-02 125184] R0 ohci1394;NEC FireWarden OHCI-konformer IEEE 1394-Hostcontroller; C:\WINDOWS\System32\DRIVERS\ohci1394.sys [2004-08-04 61056] R0 PCTCore;PCTools KDS; C:\WINDOWS\system32\drivers\PCTCore.sys [2010-07-11 218592] R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2010-03-31 44944] R0 VClone;VClone; C:\WINDOWS\system32\DRIVERS\VClone.sys [2004-09-02 22656] R1 meiudf;meiudf; C:\WINDOWS\System32\Drivers\meiudf.sys [2005-12-24 102384] R1 SSHDRV61;SSHDRV61; \??\C:\WINDOWS\System32\drivers\SSHDRV61.sys [] R1 SSHDRV85;SSHDRV85; \??\C:\WINDOWS\system32\drivers\SSHDRV85.sys [] R3 AnyDVD;AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [2010-04-23 106432] R3 E100B;Intel(R) PRO-Adaptertreiber; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-18 117760] R3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-04 26496] R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480] S1 avgio;avgio; \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys [] S1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104] S1 Cinemsup;Cinemsup; \??\C:\WINDOWS\system32\drivers\cinemsup.sys [] S1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2010-01-01 26024] S1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2004-08-04 14848] S1 P3;Intel PentiumIII-Prozessortreiber; C:\WINDOWS\System32\DRIVERS\p3.sys [2004-08-04 46592] S1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520] S2 ACEDRV05;ACEDRV05; \??\C:\WINDOWS\system32\drivers\ACEDRV05.sys [] S2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [1999-09-10 25244] S2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-12-08 56816] S2 MaVctrl;MaVctrl; C:\WINDOWS\system32\DRIVERS\MaVc2K.sys [2007-01-16 11986] S2 NTIOWP;NTIOWP; C:\WINDOWS\system32\drivers\NTIOWP.sys [2001-10-01 4960] S2 PfModNT;PfModNT; \??\C:\WINDOWS\system32\PfModNT.sys [] S2 SBKUPNT;SBKUPNT; \??\C:\WINDOWS\system32\Drivers\SBKUPNT.SYS [] S3 61883;61883-Einheitsgerät; C:\WINDOWS\System32\DRIVERS\61883.sys [2004-08-03 48128] S3 actser;actser; C:\WINDOWS\system32\drivers\actser.sys [2004-08-23 29440] S3 Arp1394;1394-ARP-Clientprotokoll; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-04 60800] S3 Avc;AVC-Gerät; C:\WINDOWS\System32\DRIVERS\avc.sys [2004-08-03 38912] S3 Bridge;MAC-Brücke; C:\WINDOWS\System32\DRIVERS\bridge.sys [2004-08-03 71552] S3 BridgeMP;MAC-Brückenminiport; C:\WINDOWS\System32\DRIVERS\bridge.sys [2004-08-03 71552] S3 BthEnum;Bluetooth-Anforderungsblocktreiber; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2004-08-04 17024] S3 BthPan;Bluetooth-Gerät (PAN); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2004-08-03 100992] S3 BTHPORT;Bluetooth-Porttreiber; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 273024] S3 BTHUSB;USB-Treiber für Bluetooth-Funkgerät; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2004-08-04 18944] S3 CCDECODE;Untertiteldecoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2004-08-03 17024] S3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\System32\drivers\ctac32k.sys [2002-03-22 114944] S3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2002-03-22 835636] S3 ctljystk;Creative SBLive!-Gameport; C:\WINDOWS\System32\DRIVERS\ctljystk.sys [2001-08-17 3712] S3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\System32\drivers\ctprxy2k.sys [2002-03-22 11068] S3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\System32\drivers\ctsfm2k.sys [2002-03-22 211724] S3 emu10k;Creative SB Live! series(WDM); C:\WINDOWS\system32\drivers\emu10k1f.sys [2001-08-14 775296] S3 emu10k1;Creative Interface Manager Driver (WDM); C:\WINDOWS\system32\drivers\ctlface.sys [2001-07-11 6912] S3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\System32\drivers\emupia2k.sys [2002-03-22 156604] S3 GcKernel;Microsoft SideWinder Value Add - Filtertreiber; C:\WINDOWS\System32\DRIVERS\GcKernel.sys [2004-08-03 59136] S3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\system32\drivers\ha10kx2k.sys [2002-03-22 991656] S3 hidgame;Microsoft HID-zu-Joystickanschlussaktivierung; C:\WINDOWS\System32\DRIVERS\hidgame.sys [2001-08-18 8576] S3 HIDSwvd;Microsoft SideWinder-Minitreiber für virtuelles HID-Gerät; C:\WINDOWS\System32\DRIVERS\HIDSwvd.sys [2001-08-17 2688] S3 HidUsb;Microsoft HID Class-Treiber; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-08-18 9600] S3 irsir;Microsoft serieller Infrarottreiber; C:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688] S3 ISSCSp50;ISSCSp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\ISSCSp50.sys [] S3 KMWDFilter;KMWDFilter; \??\C:\WINDOWS\System32\Drivers\KMWDFilter.SYS [] S3 LwAdiHid;Logitech WingMan-Digitalgeräte (autom. Erkennung); C:\WINDOWS\system32\DRIVERS\LwAdiHid.sys [2004-08-03 20864] S3 MHIKEY10;MHIKEY10; C:\WINDOWS\System32\Drivers\MHIKEY10.sys [] S3 mouhid;Maus-HID-Treiber; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-18 12288] S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\System32\DRIVERS\msdv.sys [2004-08-03 51328] S3 msgame;Sidewinder HID-zu-Joystickanschlussaktivierung; C:\WINDOWS\system32\DRIVERS\msgame.sys [2001-08-17 35200] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504] S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2004-08-03 85376] S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2004-08-04 10880] S3 NIC1394;1394-Netzwerktreiber; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-04 61824] S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2003-07-28 1341339] S3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2002-03-22 195432] S3 PLCMPR5;PLCMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PLCMPR5.SYS [] S3 PLCNDIS5;PLCNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PLCNDIS5.SYS [] S3 PSSdk23;PSSdk23; \??\C:\WINDOWS\system32\Drivers\PsSdk23.drv [] S3 PsSdkLB;PsSdkLB; \??\C:\WINDOWS\system32\Drivers\PsSdkLB.drv [] S3 QCDonner;Logitech QuickCam Express; C:\WINDOWS\System32\DRIVERS\OVCD.sys [2001-08-17 28032] S3 Rasirda;WAN-Miniport (IrDA); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2001-08-17 19584] S3 RFCOMM;Bluetooth-Gerät (RFCOMM-Protokoll-TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2004-08-04 59648] S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-08-18 5888] S3 rtl8029;NT-Treiber für Realtek RTL8029(AS)-basierter PCI-Ethernetadapter; C:\WINDOWS\System32\DRIVERS\RTL8029.SYS [] S3 rtl8139;NT-Treiber für Realtek RTL8139(A/B/C)-basierten PCI-Fast Ethernet-Adapter; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [] S3 sfman;Creative SoundFont Manager Driver (WDM); C:\WINDOWS\system32\drivers\sfman.sys [2001-08-31 36992] S3 SKYNET;TechniSat DVB-PC TV Star PCI; C:\WINDOWS\system32\drivers\SKYNET.sys [] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2004-08-04 11136] S3 streamip;BDA-IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2004-08-04 15360] S3 USB100;Teledat Fast Ethernet USB; C:\WINDOWS\System32\DRIVERS\USB100.sys [2001-06-20 25821] S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [] S3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-03 31616] S3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2004-08-03 25856] S3 usbscan;USB-Scannertreiber; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2004-08-03 15104] S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2004-08-10 18944] S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328] S4 WS2IFSL;Windows Socket 2.0 Non-IFS-Dienstanbieter-Unterstützungsumgebung; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-18 12032] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== S2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Programme\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289] S2 AntiVirService;Avira AntiVir Guard; C:\Programme\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089] S2 Browser Defender Update Service;Browser Defender Update Service; C:\Programme\Spyware Doctor\BDT\BDTUpdateService.exe [2010-01-22 112592] S2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336] S2 DVD-RAM_Service;DVD-RAM_Service; C:\WINDOWS\system32\DVDRAMSV.exe [2005-12-24 110592] S2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2009-04-11 152984] S2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\system32\nvsvc32.exe [2003-07-28 77824] S2 sdAuxService;PC Tools Auxiliary Service; C:\Programme\Spyware Doctor\pctsAuxs.exe [2010-03-11 366840] S2 sdCoreService;PC Tools Security Service; C:\Programme\Spyware Doctor\pctsSvc.exe [2010-03-15 1142224] S2 TomTomHOMEService;TomTomHOMEService; C:\Programme\TomTom HOME 2\TomTomHOMEService.exe [2009-11-13 92008] S2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-10 38912] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 Macromedia Licensing Service;Macromedia Licensing Service; C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe [2005-12-31 68096] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF----------------- Ich bin gespannt was Ihr findet. DANKE im Vorraus. Charlie |
| Themen zu WIN32/Nuqel.E gefunden und bekämpft, PC aber immernoch nicht ok |
| acedrv05.sys, antivir, antivir guard, antivirus scan, avgntflt.sys, bho, browser guard, c:\windows\system32\rundll32.exe, components, converter, desktop, device driver, druck, entfernen, excel, firefox, flash player, fontcache, hijack, hijackthis, hkus\s-1-5-18, home, iexplore.exe, installation, jusched.exe, log file, logfile, msiexec.exe, nodrives, notepad.exe, nt.dll, pc läuft, plug-in, proxy, realtek, rundll, security, security meldung, software, sparbuch, studio, symantec, updates, visual studio, vlc media player, win32/nuqel.e, windows internet, windows internet explorer, windows xp, windows-sicherheitscenterdienst |
Baum-Darstellung