| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojanermeldung beim Öffnen eines InternetbrowsersWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
09.07.2009, 12:19
| #1 |
 |  Trojanermeldung beim Öffnen eines Internetbrowsers Hallo Leute, ich habe seit einigen Tagen ein Problem.Ich habe auf meinem Notebook AVG und Antivir zu laufen.Jedesmal wenn mein Computer gestartet wird,bekomm ich eine Meldung über eine Bedrohung,welche ich danach auch nicht entfernen kann,wahrscheinlich weil die befallene Anwendung noch läuft.Ausserdem erkennt AVG beim Öffnen eines Internetbrowser,ob nun IE oder Firefox, einen Trojaner.Und zwar einmal den Trojaner: Downloader.Zlob.ANLJ und manchmal Trojaner Agent2.MHP,beide lassen sich nicht entfernen und werden immer wieder erkannt.Die folgende Datei soll infiziert sein: C:\Windows\System32\MSIVXbkqyqplwtwneecqqqibmcoxsyfedxoxt.dll(finde sie aber nicht) Ich habe schon gegoogelt,aber nichts hilfreiches gefunden. Ich hoffe mir kann geholfen werden!?  |
|
09.07.2009, 15:52
| #2 |
| | Trojanermeldung beim Öffnen eines Internetbrowsers neuerdings taucht ein neuer Fund auf,wenn ich den Internetbrowser öffne,es ist zwar die gleiche Datei infiziert,aber diesmal durch das trojanische Pferd TR/PCK.Tdss.W3.
__________________ |
|
13.07.2009, 15:18
| #3 |
| |  Trojanermeldung beim Öffnen eines Internetbrowsers hey Helfer, den CCleaner hab ich laufen lassen.
__________________MAM hab ich bisher 4mal laufen lassen und ich bekomme jedesmal bei ca. 35-37min keine Rückmeldung mehr vom Programm.Ausserdem tritt ein Fehler auf wenn ich das Programm updaten will. P.S  as Googleproblem habe ich auch noch. Hier aber meine beiden RSIT files. |
|
13.07.2009, 15:19
| #4 |
| | Trojanermeldung beim Öffnen eines Internetbrowsers info.txt logfile of random's system information tool 1.06 2009-07-13 14:24:41 ERSTER TEIL ======Uninstall list====== -->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER -->C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL -->C:\Windows\UNNeroBackItUp.exe /UNINSTALL -->C:\Windows\UNRecode.exe /UNINSTALL 32 Bit HP CIO Components Installer-->MsiExec.exe /I{2614F54E-A828-49FA-93BA-45A3F756BFAA} 7-Zip 4.65-->"C:\Program Files\7-Zip\Uninstall.exe" Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95} Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61} Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394} Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23} Adobe BridgeTalk Plugin CS3-->MsiExec.exe /I{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E} Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C} Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C} Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E} Adobe Color Common Settings-->C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe Adobe Color Common Settings-->MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF} Adobe Color EU Recommended Settings-->MsiExec.exe /I{73B5D990-04EA-4751-B10F-5534770B91F2} Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029} Adobe Color NA Extra Settings-->MsiExec.exe /I{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A} Adobe Creative Suite 3 Design Premium hinzufügen oder entfernen-->C:\Program Files\Common Files\Adobe\Installers\061850775b1c6d22bf2a145678e05e0\Setup.exe Adobe Creative Suite 3 Design Premium-->MsiExec.exe /I{4393DE35-AD67-4F37-95E4-30F06EA0FDB2} Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D} Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD} Adobe Dreamweaver CS3-->MsiExec.exe /I{4AA5B8A5-BEEF-4AD8-B11D-4443A042EA4F} Adobe ExtendScript Toolkit 2-->C:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8} Adobe Extension Manager CS3-->MsiExec.exe /I{BE5F3842-8309-4754-92D5-83E02E6077A3} Adobe Flash CS3-->MsiExec.exe /I{8C640345-AF96-4ABA-A697-97D2A0B8C6DB} Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe Adobe Flash Video Encoder-->MsiExec.exe /I{BCEDD813-269C-4D8F-A4BA-01FDC66254D3} Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B} Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245} Adobe Illustrator CS3-->MsiExec.exe /I{C8D7A672-F697-4572-AC62-C856053A8DBC} Adobe InDesign CS3 Icon Handler-->MsiExec.exe /I{EA7B3CC4-366D-4CF6-8350-FD7A7034116E} Adobe InDesign CS3-->MsiExec.exe /I{411E0CC3-587A-468C-B461-95FAFD05E4DE} Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078} Adobe MotionPicture Color Files-->MsiExec.exe /I{6B708481-748A-4EB4-97C1-CD386244FF77} Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C} Adobe Photoshop CS3-->MsiExec.exe /I{D3C605D8-3A5E-4BAD-965D-2C61441BF2AC} Adobe Reader 8.1.6 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A81300000003} Adobe Setup-->MsiExec.exe /I{5518E08A-2053-4A3E-85B2-F912D4666C9F} Adobe Setup-->MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1} Adobe Setup-->MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D} Adobe Shockwave Player 11.5-->C:\Windows\system32\Adobe\uninstaller.exe Adobe SING CS3-->MsiExec.exe /I{B671CBFD-4109-4D35-9252-3062D3CCB7B2} Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183} Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312} Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8} Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5} Adobe Version Cue CS3 Server {ko_KR} -->MsiExec.exe /I{1D58229F-C505-45CA-8223-F35F3A34B963} Adobe WAS CS3-->MsiExec.exe /I{C5BD220A-EFE8-48A5-B70E-9503D535FACE} Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6} Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923} Agere Systems HDA Modem-->agrsmdel AHV content for Acrobat and Flash-->MsiExec.exe /I{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD} Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033} Assassin's Creed-->C:\Program Files\InstallShield Installation Information\{8CFA9151-6404-409A-AF22-4632D04582FD}\setup.exe -runfromtemp -l0x0007 -removeonly ASUS CopyProtect-->MsiExec.exe /I{6B77A7F6-DD63-4F13-A6FF-83137A5AC354} ASUS Data Security Manager-->C:\Program Files\InstallShield Installation Information\{1C8521E5-5A7B-4A4E-A9CD-AD53116EAEE0}\Setup.exe -runfromtemp -l0x0009 -removeonly ASUS LifeFrame3-->MsiExec.exe /I{1DBD1F12-ED93-49C0-A7CC-56CBDE488158} ASUS Live Update-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}\Setup.exe" -l0x9 ASUS Power4Gear eXtreme-->MsiExec.exe /I{9B6239BF-4E85-4590-8D72-51E30DB1A9AA} ASUS SmartLogon-->MsiExec.exe /I{64452561-169F-4A36-A2FF-B5E118EC65F5} ASUS Splendid Video Enhancement Technology-->MsiExec.exe /I{0969AF05-4FF6-4C00-9406-43599238DE0D} ASUS Virtual Camera-->MsiExec.exe /I{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1} Asus_Camera_ScreenSaver-->"C:\Windows\ASUS Camera ScreenSaver Uninstaller.exe" ATK Generic Function Service-->C:\Program Files\InstallShield Installation Information\{D3D54F3E-C5C3-443D-978F-87A72E5616E8}\Setup.exe -runfromtemp -l0x0009 -removeonly ATK Hotkey-->MsiExec.exe /I{7C05592D-424B-46CB-B505-E0013E8E75C9} ATK Media-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{139B0FFA-187E-4BA1-BCA6-6B56B2B6AB8C}\Setup.exe" -l0x9 ATKOSD2-->MsiExec.exe /I{3B05F2FB-745B-4012-ADF2-439F36B2E70B} AVG Free 8.5-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE Beijing 2008-->"C:\Program Files\InstallShield Installation Information\{2076B142-10FA-4536-B488-3FDCBB1013D3}\setup.exe" -runfromtemp -l0x0007 -removeonly Call of Duty(R) - World at War(TM) 1.2 Patch-->C:\Program Files\InstallShield Installation Information\{2BF0AE92-C3BC-4112-9066-1546342B1FAE}\setup.exe -runfromtemp -l0x0409 Call of Duty(R) - World at War(TM) 1.3 Patch-->C:\Program Files\InstallShield Installation Information\{149464D9-B06F-4505-9968-FD1206F67AD3}\setup.exe -runfromtemp -l0x0409 Call of Duty(R) - World at War(TM) 1.4 Patch-->C:\Program Files\InstallShield Installation Information\{CC862A04-B2B0-4A79-ADD2-4B76D6CF4DCD}\setup.exe -runfromtemp -l0x0409 Call of Duty(R) - World at War(TM)-->C:\Program Files\InstallShield Installation Information\{D80A6A73-E58A-4673-AFF5-F12D7110661F}\setup.exe -runfromtemp -l0x0407 Call of Duty(R) 2-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{D0A05794-48C2-4424-A15A-9F20FCFDD374} Call of Duty-->D:\CALLOF~2\Uninstall\Unwise.exe /u D:\CALLOF~2\Uninstall\Install.log Call of Juarez-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{3E7940A4-495B-4DC5-B5C9-D2EE1DE9E5EF} /Z"UNINSTALL" CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe" CyberLink Power2Go-->"C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe" /z-uninstall CyberLink Power2Go-->"C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe" /z-uninstall Diablo II-->C:\Windows\DIIUnin.exe C:\Windows\DIIUnin.dat Die*Sims™*3-->"C:\Program Files\InstallShield Installation Information\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}\Sims3Setup.exe" -runfromtemp -l0x0007 -removeonly DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN Empire: Total War-->"D:\Steam\steam.exe" steam://uninstall/10500 Express Gate-->MsiExec.exe /X{62CF8923-31DC-4285-A23C-17CE5AA6A679} Far Cry 2-->"C:\Program Files\InstallShield Installation Information\{F2835483-37F2-4123-B4FE-0E77D58447F2}\setup.exe" -runfromtemp -l0x0007 -removeonly Favorit-->c:\users\lippo\appdata\local\jdznifr.bat Free PDF to Word Doc Converter v1.1-->"C:\Program Files\Free PDF to Word Doc Converter\unins000.exe" FUSSBALL MANAGER 09-->D:\Fussball Manager 09\eauninstall.exe GameTracker Lite-->C:\Program Files\GameTracker\gametracker-uninst.exe Glary Utilities 2.12.0.658-->"C:\Program Files\Glary Utilities\unins000.exe" Grand Theft Auto IV-->"C:\Program Files\InstallShield Installation Information\{579BA58C-F33D-4970-9953-B94B43768AC3}\setup.exe" -runfromtemp -l0x0007 -removeonly Hamachi 1.0.3.0-->C:\Program Files\Hamachi\uninstall.exe HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall HipHop 6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CFEBE886-3EF2-4389-96D0-B0808E58BC3E}\SETUP.EXE" -l0x7 -removeonly Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT="" HP Customer Participation Program 10.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat HP Deskjet F2200 All-In-One Driver Software 10.0 Rel .3-->C:\Program Files\HP\Digital Imaging\{D77D43B5-ED55-426b-B67B-E21F804F6102}\setup\hpzscr01.exe -datfile hposcr27.dat -onestop HP Imaging Device Functions 10.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat HP Photosmart Essential 2.5-->C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat HP Smart Web Printing-->C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpzscr01.exe -datfile hpqbud15.dat HP Solution Center 10.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat HP Update-->MsiExec.exe /X{FE57DE70-95DE-4B64-9266-84DA811053DB} ICQ Toolbar-->C:\Program Files\ICQ6Toolbar\ICQUnToolbar.exe ICQ6.5-->"C:\Program Files\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly InterVideo WinDVD 8-->C:\Program Files\InstallShield Installation Information\{20471B27-D702-4FE8-8DEC-0702CC8C0A85}\setup.exe -runfromtemp Java DB 10.4.1.3-->MsiExec.exe /X{998D6972-F58E-479D-9248-8F179E55AE38} Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216012FF} Java(TM) SE Development Kit 6 Update 13-->MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160130} LightScribe System Software 1.14.17.1-->MsiExec.exe /X{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB} Logitech Gaming Software-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B9242864-2841-4ADE-86E0-8F90F91B04DD}\setup.exe" -l0x7 Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Microsoft .NET Framework 3.5 Language Pack SP1 - DEU-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - deu\setup.exe Microsoft .NET Framework 3.5 Language Pack SP1 - deu-->MsiExec.exe /I{052FDD78-A6EA-3187-8386-C82F4CA3A929} Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Microsoft Games for Windows - LIVE -->MsiExec.exe /X{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F} Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{FD052FB9-FE90-4438-B355-15EDC89D8FB1} Microsoft Office Access MUI (German) 2007-->MsiExec.exe /X{90120000-0015-0407-0000-0000000FF1CE} Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE} Microsoft Office Excel MUI (German) 2007-->MsiExec.exe /X{90120000-0016-0407-0000-0000000FF1CE} Microsoft Office Groove MUI (German) 2007-->MsiExec.exe /X{90120000-00BA-0407-0000-0000000FF1CE} Microsoft Office InfoPath MUI (German) 2007-->MsiExec.exe /X{90120000-0044-0407-0000-0000000FF1CE} Microsoft Office OneNote MUI (German) 2007-->MsiExec.exe /X{90120000-00A1-0407-0000-0000000FF1CE} Microsoft Office Outlook MUI (German) 2007-->MsiExec.exe /X{90120000-001A-0407-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (German) 2007-->MsiExec.exe /X{90120000-0018-0407-0000-0000000FF1CE} Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE} Microsoft Office Proof (Italian) 2007-->MsiExec.exe /X{90120000-001F-0410-0000-0000000FF1CE} Microsoft Office Proofing (German) 2007-->MsiExec.exe /X{90120000-002C-0407-0000-0000000FF1CE} Microsoft Office Publisher MUI (German) 2007-->MsiExec.exe /X{90120000-0019-0407-0000-0000000FF1CE} Microsoft Office Shared MUI (German) 2007-->MsiExec.exe /X{90120000-006E-0407-0000-0000000FF1CE} Microsoft Office Word MUI (German) 2007-->MsiExec.exe /X{90120000-001B-0407-0000-0000000FF1CE} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475} Microsoft WSE 3.0 Runtime-->MsiExec.exe /X{E3E71D07-CD27-46CB-8448-16D4FB29AA13} Mozilla Firefox (3.0.11)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} NB Probe-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}\Setup.exe" -l0x9 Nero 8 Essentials-->MsiExec.exe /X{2CC667CD-2234-4774-A536-2757606A1031} neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B} NetBeans IDE 6.5.1-->"C:\Program Files\NetBeans 6.5.1\uninstall.exe" NHL™ 09-->MsiExec.exe /X{827B97A9-B347-4110-9F89-37AF2B758F94} NVIDIA Drivers-->C:\Windows\system32\nvuninst.exe UninstallGUI PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5} Picasa 2-->"C:\Program Files\Picasa2\Uninstall.exe" PokerStars-->"C:\Program Files\PokerStars\PokerStarsUninstall.exe" /u:PokerStars Pro Evolution Soccer 2009-->MsiExec.exe /X{A8DB611A-D80E-450D-85F6-3ACDD164BE31} PunkBuster Services-->C:\Windows\system32\pbsvc.exe -u QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68} Realtek 8169 8168 8101E 8102E Ethernet Driver-->C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -l0x0009 -removeonly Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -removeonly RICOH R5C83x/84x Flash Media Controller Driver Ver.3.55.03-->"C:\Program Files\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\setup.exe" -runfromtemp -l0x0009 anything -removeonly Rockstar Games Social Club-->"C:\Program Files\InstallShield Installation Information\{08B3869E-D282-424C-9AFC-870E04A4BA14}\setup.exe" -runfromtemp -l0x0007 -removeonly Shop for HP Supplies-->C:\Program Files\HP\Digital Imaging\HPSSupply\hpzscr01.exe -datfile hpqbud16.dat Sinking Island-->"D:\Sinking Island\unins000.exe" SopCast 3.0.3-->C:\Program Files\SopCast\uninst.exe SPEED-LINK DUAL SHOCK ADAPTER-->C:\Program Files\InstallShield Installation Information\{AEC7CD2E-2BB5-40C3-9592-078F64677E6C}\setup.exe -runfromtemp -l0x0009 -removeonly Spelling Dictionaries Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003} Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3} Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall TextPad 5-->MsiExec.exe /X{B6EC7388-E277-4A5B-8C8F-71067A41BA64} USB 2.0 1.3M UVC WebCam-->C:\Windows\Uninstsxga.bat VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B} VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027} VideoLAN VLC media player 0.8.1-->C:\Program Files\VideoLAN\VLC\uninstall.exe Vision-Patch 2009 v2.0 Chants-->"C:\Program Files\KONAMI\Pro Evolution Soccer 2009\unins000.exe" WIDCOMM Bluetooth Software-->MsiExec.exe /X{03D1988F-469F-4843-8E6E-E5FE9D17889D} WinFlash-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DE10AB76-4756-4913-BE25-55D1C1051F9A}\Setup.exe" -l0x9 Wireless Console 2-->C:\Program Files\InstallShield Installation Information\{83F73CB1-7705-49D1-9852-84D839CA2A45}\Setup.exe -runfromtemp -l0x0009 -removeonly Xfire (remove only)-->"C:\Program Files\Xfire\uninst.exe" Zattoo 3.3.4 Beta-->C:\Program Files\Zattoo\uninst.exe ======Security center information====== AS: Windows Defender ======System event log====== Computer Name: Lippo-PC Event Code: 7036 Message: Dienst "WinHTTP-Web Proxy Auto-Discovery-Dienst" befindet sich jetzt im Status "Ausgeführt". Record Number: 100193 Source Name: Service Control Manager Time Written: 20090713115409.000000-000 Event Type: Informationen User: Computer Name: Lippo-PC Event Code: 3004 Message: Vom Windows-Defender-Echtzeitschutz-Agent wurden Änderungen erkannt. Microsoft empfiehlt, die Software, die diese Änderungen vorgenommen hat, zu analysieren, um potenzielle Risiken festzustellen. Sie können anhand der Informationen über die Funktionsweise dieser Programme entscheiden, ob die Software ausgeführt werden kann oder vom Computer entfernt werden soll. Lassen Sie nur Änderungen zu, wenn das Programm oder der Softwareherausgeber vertrauenswürdig ist. Windows-Defender kann Änderungen, die Sie zugelassen haben, nicht mehr rückgängig machen. Weitere Informationen finden Sie im Folgenden: Nicht zutreffend Scan-ID: {114F8E3E-3E08-4082-A3E3-6A382B21DF5A} Benutzer: Lippo-PC\Lippo Name: Unknown ID: Schweregrad-ID: Kategorie-ID: Gefundener Pfad: service:lvupdtio Warnungsart: Nicht klassifizierte Software Feststellungstyp: Record Number: 100194 Source Name: Microsoft-Windows-Windows Defender Time Written: 20090713115937.000000-000 Event Type: Warnung User: Computer Name: Lippo-PC Event Code: 3004 Message: Vom Windows-Defender-Echtzeitschutz-Agent wurden Änderungen erkannt. Microsoft empfiehlt, die Software, die diese Änderungen vorgenommen hat, zu analysieren, um potenzielle Risiken festzustellen. Sie können anhand der Informationen über die Funktionsweise dieser Programme entscheiden, ob die Software ausgeführt werden kann oder vom Computer entfernt werden soll. Lassen Sie nur Änderungen zu, wenn das Programm oder der Softwareherausgeber vertrauenswürdig ist. Windows-Defender kann Änderungen, die Sie zugelassen haben, nicht mehr rückgängig machen. Weitere Informationen finden Sie im Folgenden: Nicht zutreffend Scan-ID: {D303420C-DC3F-4549-B24D-1BB6385E61C9} Benutzer: Lippo-PC\Lippo Name: Unknown ID: Schweregrad-ID: Kategorie-ID: Gefundener Pfad: driver:lvupdtio Warnungsart: Nicht klassifizierte Software Feststellungstyp: Record Number: 100195 Source Name: Microsoft-Windows-Windows Defender Time Written: 20090713115937.000000-000 Event Type: Warnung User: Computer Name: Lippo-PC Event Code: 7036 Message: Dienst "Windows Modules Installer" befindet sich jetzt im Status "Beendet". Record Number: 100196 Source Name: Service Control Manager Time Written: 20090713120123.000000-000 Event Type: Informationen User: Computer Name: Lippo-PC Event Code: 7036 Message: Dienst "WinHTTP-Web Proxy Auto-Discovery-Dienst" befindet sich jetzt im Status "Beendet". Record Number: 100197 Source Name: Service Control Manager Time Written: 20090713121339.000000-000 Event Type: Informationen User: =====Application event log===== Computer Name: Lippo-PC Event Code: 4113 Message: AntiVir erkannte in der Datei C:\Windows\System32\MSIVXbkqyqplwtwneecqqqibmcoxsyfedxoxt.dll verdächtigen Code mit der Bezeichnung 'TR/PCK.Tdss.W.3'! Record Number: 15330 Source Name: Avira AntiVir Time Written: 20090713121819.000000-000 Event Type: Warnung User: NT-AUTORITÄT\SYSTEM Computer Name: Lippo-PC Event Code: 4113 Message: AntiVir erkannte in der Datei C:\Windows\System32\MSIVXbkqyqplwtwneecqqqibmcoxsyfedxoxt.dll verdächtigen Code mit der Bezeichnung 'TR/PCK.Tdss.W.3'! Record Number: 15331 Source Name: Avira AntiVir Time Written: 20090713121952.000000-000 Event Type: Warnung User: NT-AUTORITÄT\SYSTEM Computer Name: Lippo-PC Event Code: 4113 Message: AntiVir erkannte in der Datei C:\Windows\System32\MSIVXbkqyqplwtwneecqqqibmcoxsyfedxoxt.dll verdächtigen Code mit der Bezeichnung 'TR/PCK.Tdss.W.3'! Record Number: 15332 Source Name: Avira AntiVir Time Written: 20090713122015.000000-000 Event Type: Warnung User: NT-AUTORITÄT\SYSTEM Computer Name: Lippo-PC Event Code: 4113 Message: AntiVir erkannte in der Datei C:\Windows\System32\MSIVXbkqyqplwtwneecqqqibmcoxsyfedxoxt.dll verdächtigen Code mit der Bezeichnung 'TR/PCK.Tdss.W.3'! Record Number: 15333 Source Name: Avira AntiVir Time Written: 20090713122303.000000-000 Event Type: Warnung User: NT-AUTORITÄT\SYSTEM Computer Name: Lippo-PC Event Code: 5 Message: Unsupported service control request (see data below) Record Number: 15334 Source Name: LightScribeService Time Written: 20090713122441.000000-000 Event Type: Informationen User: |
|
13.07.2009, 15:21
| #5 |
| | Trojanermeldung beim Öffnen eines Internetbrowsers Zweiter Teil =====Security event log===== Computer Name: Lippo-PC Event Code: 5038 Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen. Dateiname: \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys Record Number: 25414 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090713122439.762029-000 Event Type: Überwachung gescheitert User: Computer Name: Lippo-PC Event Code: 5038 Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen. Dateiname: \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys Record Number: 25415 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090713122439.808829-000 Event Type: Überwachung gescheitert User: Computer Name: Lippo-PC Event Code: 5038 Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen. Dateiname: \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys Record Number: 25416 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090713122439.840029-000 Event Type: Überwachung gescheitert User: Computer Name: Lippo-PC Event Code: 5038 Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen. Dateiname: \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys Record Number: 25417 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090713122439.871229-000 Event Type: Überwachung gescheitert User: Computer Name: Lippo-PC Event Code: 5038 Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen. Dateiname: \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys Record Number: 25418 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090713122439.902429-000 Event Type: Überwachung gescheitert User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "configsetroot"=%SystemRoot%\ConfigSetRoot "DFSTRACINGON"=FALSE "FP_NO_HOST_CHECK"=NO "NUMBER_OF_PROCESSORS"=2 "OS"=Windows_NT "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\ "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 6, GenuineIntel "PROCESSOR_LEVEL"=6 "PROCESSOR_REVISION"=1706 "RGSC"=D:\Rockstar Games Social Club\1_0_0_0 "RGSCLauncher"=D:\Rockstar Games Social Club "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat "USERNAME"=SYSTEM "windir"=%SystemRoot% "CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip "QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip -----------------EOF----------------- |
|
13.07.2009, 15:27
| #6 |
| | Trojanermeldung beim Öffnen eines Internetbrowsers ERSTER TEIL logfile Logfile of random's system information tool 1.06 (written by random/random) Run by Lippo at 2009-07-13 14:24:36 Microsoft® Windows Vista™ Home Premium Service Pack 1 System drive C: has 22 GB (19%) free of 119 GB Total RAM: 3070 MB (63% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:24:40, on 13.07.2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Windows\system32\taskeng.exe C:\Program Files\ASUS\SmartLogon\sensorsrv.exe C:\Program Files\ASUS\ASUS Live Update\ALU.exe C:\Program Files\ASUS\ASUS CopyProtect\aspg.exe C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe C:\Windows\System32\rundll32.exe C:\Windows\RtHDVCpl.exe C:\Program Files\ASUS\ATK Media\DMedia.exe C:\Windows\AsScrPro.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe D:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\SearchProtocolHost.exe C:\Users\Lippo\Desktop\RSIT.exe C:\Program Files\Trend Micro\HijackThis\Lippo.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.freenet.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - - (no file) R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe" O4 - HKLM\..\Run: [P2Go_Menu] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" O4 - HKLM\..\Run: [HControlUser] C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\AsScrProlog.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "D:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKCU\..\Run: [Steam] "D:\Steam\Steam.exe" -silent O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - Global Startup: Bluetooth.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: An vorhandenes PDF anfügen - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: In Adobe PDF konvertieren - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: HP Intelligente Auswahl - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe O13 - Gopher Prefix: O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{6E33DEAE-F7A7-43B7-87E3-DB787FD9A538}: NameServer = 85.255.112.62,85.255.112.231 O17 - HKLM\System\CCS\Services\Tcpip\..\{D0C4219E-231E-461D-A254-33924A9F076B}: NameServer = 85.255.112.62,85.255.112.231 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.62,85.255.112.231 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.62,85.255.112.231 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.62,85.255.112.231 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,avgrsstx.dll O23 - Service: Adobe Version Cue CS3 {de_DE} (Adobe Version Cue CS3) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe O23 - Service: ADSM Service (ADSMService) - Unknown owner - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: GS In-Game Service - ClanServers Hosting LLC - C:\Program Files\GameTracker\GSInGameService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe -- End of file - 11907 bytes ======Scheduled tasks folder====== C:\Windows\tasks\GlaryInitialize.job C:\Windows\tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}] AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-05-12 1107224] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}] Adobe PDF Conversion Toolbar Helper - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}] HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2007-11-06 542016] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2008-06-12 958712] {47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184] "CLMLServer"=C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe [2008-07-19 104936] "P2Go_Menu"=C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [2008-06-14 210216] "HControlUser"=C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe [2008-08-18 98304] "ATKOSD2"=C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe [2008-07-15 7651328] "NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-09-19 13593120] "NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-09-19 92704] "RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-08-12 6265376] "ATKMEDIA"=C:\Program Files\ASUS\ATK Media\DMEDIA.EXE [2008-02-02 61440] "ASUS Screen Saver Protector"=C:\Windows\AsScrPro.exe [2008-11-27 3054136] "ASUS Camera ScreenSaver"=C:\Windows\AsScrProlog.exe [2008-11-27 47672] "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-12-06 1029416] "AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-06-29 1948440] "avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153] "Acrobat Assistant 8.0"=D:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [2008-10-14 623992] "Adobe_ID0EYTHM"=C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE [2007-03-20 1884160] "GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016] ""= [] "Windows Mobile-based device management"=C:\Windows\WindowsMobile\wmdSync.exe [2008-01-21 215552] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792] "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Steam"=D:\Steam\Steam.exe [2009-06-11 1217784] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,avgrsstx.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableUIADesktopToggle"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{36eade78-1885-11de-8262-00235491e738}] shell\AutoRun\command - H:\Autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{48d88d07-4b99-11de-892b-00235491e738}] shell\AutoRun\command - I:\Toshiba\more4you.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{76ff78cd-12d1-11de-9803-00235491e738}] shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL http://www.enter-telekom.de [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d97a3cd4-114a-11de-8e09-00235491e738}] shell\AutoRun\command - I:\LaunchU3.exe -a ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* |
|
13.07.2009, 15:29
| #7 |
| | Trojanermeldung beim Öffnen eines Internetbrowsers ======List of files/folders created in the last 1 months====== 2009-07-13 14:24:36 ----D---- C:\rsit 2009-07-13 14:17:48 ----D---- C:\Program Files\Trend Micro 2009-07-11 16:22:23 ----D---- C:\Users\Lippo\AppData\Roaming\Xfire 2009-07-11 16:22:21 ----D---- C:\ProgramData\Xfire 2009-07-10 21:34:31 ----D---- C:\Users\Lippo\AppData\Roaming\Malwarebytes 2009-07-10 21:34:21 ----D---- C:\ProgramData\Malwarebytes 2009-07-10 21:34:21 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2009-07-10 10:36:07 ----D---- C:\Program Files\CCleaner 2009-07-08 01:56:18 ----A---- C:\Windows\system32\xfcodec.dll 2009-06-29 14:07:35 ----A---- C:\Windows\game.ini 2009-06-29 13:24:27 ----A---- C:\Windows\CoD.INI 2009-06-23 13:09:49 ----A---- C:\Windows\system32\AdobePDF.dll 2009-06-14 20:13:13 ----A---- C:\Windows\system32\wininet.dll 2009-06-14 20:13:13 ----A---- C:\Windows\system32\ieui.dll 2009-06-14 20:13:13 ----A---- C:\Windows\system32\iesetup.dll 2009-06-14 20:13:13 ----A---- C:\Windows\system32\iertutil.dll 2009-06-14 20:13:13 ----A---- C:\Windows\system32\iernonce.dll 2009-06-14 20:13:13 ----A---- C:\Windows\system32\ie4uinit.exe 2009-06-14 20:13:12 ----A---- C:\Windows\system32\urlmon.dll 2009-06-14 20:13:12 ----A---- C:\Windows\system32\jsproxy.dll 2009-06-14 20:13:12 ----A---- C:\Windows\system32\iedkcs32.dll 2009-06-14 20:13:11 ----A---- C:\Windows\system32\mshtml.dll 2009-06-14 20:13:11 ----A---- C:\Windows\system32\ieframe.dll 2009-06-14 20:11:46 ----A---- C:\Windows\system32\mshtmled.dll 2009-06-14 20:11:45 ----A---- C:\Windows\system32\msls31.dll 2009-06-14 20:11:45 ----A---- C:\Windows\system32\mshtmler.dll 2009-06-14 20:11:45 ----A---- C:\Windows\system32\ieakeng.dll 2009-06-14 20:11:45 ----A---- C:\Windows\system32\icardie.dll 2009-06-14 20:11:45 ----A---- C:\Windows\system32\corpol.dll 2009-06-14 20:11:45 ----A---- C:\Windows\system32\admparse.dll 2009-06-14 20:11:44 ----A---- C:\Windows\system32\WinFXDocObj.exe 2009-06-14 20:11:44 ----A---- C:\Windows\system32\wextract.exe 2009-06-14 20:11:44 ----A---- C:\Windows\system32\webcheck.dll 2009-06-14 20:11:44 ----A---- C:\Windows\system32\occache.dll 2009-06-14 20:11:44 ----A---- C:\Windows\system32\msrating.dll 2009-06-14 20:11:44 ----A---- C:\Windows\system32\msfeedssync.exe 2009-06-14 20:11:44 ----A---- C:\Windows\system32\msfeedsbs.dll 2009-06-14 20:11:44 ----A---- C:\Windows\system32\licmgr10.dll 2009-06-14 20:11:44 ----A---- C:\Windows\system32\inseng.dll 2009-06-14 20:11:44 ----A---- C:\Windows\system32\imgutil.dll 2009-06-14 20:11:44 ----A---- C:\Windows\system32\iepeers.dll 2009-06-14 20:11:44 ----A---- C:\Windows\system32\ieakui.dll 2009-06-14 20:11:44 ----A---- C:\Windows\system32\ieaksie.dll 2009-06-14 20:11:44 ----A---- C:\Windows\system32\dxtrans.dll 2009-06-14 20:11:44 ----A---- C:\Windows\system32\dxtmsft.dll 2009-06-14 20:11:43 ----A---- C:\Windows\system32\vbscript.dll 2009-06-14 20:11:43 ----A---- C:\Windows\system32\url.dll 2009-06-14 20:11:43 ----A---- C:\Windows\system32\pngfilt.dll 2009-06-14 20:11:43 ----A---- C:\Windows\system32\mstime.dll 2009-06-14 20:11:43 ----A---- C:\Windows\system32\msfeeds.dll 2009-06-14 20:11:43 ----A---- C:\Windows\system32\jscript.dll 2009-06-14 20:11:43 ----A---- C:\Windows\system32\ieapfltr.dll 2009-06-14 20:11:43 ----A---- C:\Windows\system32\advpack.dll 2009-06-14 20:11:42 ----A---- C:\Windows\system32\SetIEInstalledDate.exe 2009-06-14 20:11:42 ----A---- C:\Windows\system32\SetDepNx.exe 2009-06-14 20:11:42 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe 2009-06-14 20:11:42 ----A---- C:\Windows\system32\PDMSetup.exe 2009-06-14 20:11:42 ----A---- C:\Windows\system32\mshta.exe 2009-06-14 20:11:42 ----A---- C:\Windows\system32\iexpress.exe 2009-06-14 20:11:42 ----A---- C:\Windows\system32\ieUnatt.exe 2009-06-14 20:11:42 ----A---- C:\Windows\system32\iesysprep.dll 2009-06-14 11:38:11 ----A---- C:\Windows\system32\psisdecd.dll 2009-06-14 11:38:11 ----A---- C:\Windows\system32\EncDec.dll ======List of files/folders modified in the last 1 months====== 2009-07-13 14:24:40 ----D---- C:\Windows\Prefetch 2009-07-13 14:24:39 ----D---- C:\Windows\Temp 2009-07-13 14:17:48 ----RD---- C:\Program Files 2009-07-13 13:49:34 ----A---- C:\Windows\system32\acovcnt.exe 2009-07-13 00:40:46 ----A---- C:\Windows\system32\PnkBstrB.exe 2009-07-12 23:55:18 ----D---- C:\Users\Lippo\AppData\Roaming\GameTracker 2009-07-11 21:15:26 ----D---- C:\Users\Lippo\AppData\Roaming\uTorrent 2009-07-11 16:32:29 ----D---- C:\Program Files\Xfire 2009-07-11 16:22:22 ----D---- C:\Windows\System32 2009-07-11 16:22:21 ----HD---- C:\ProgramData 2009-07-11 11:35:44 ----D---- C:\Windows\system32\WDI 2009-07-10 21:34:23 ----D---- C:\Windows\system32\drivers 2009-07-10 10:50:38 ----D---- C:\Windows\Minidump 2009-07-10 10:50:38 ----D---- C:\Windows\Debug 2009-07-10 10:50:38 ----D---- C:\Windows 2009-07-09 16:37:39 ----D---- C:\Windows\system32\Tasks 2009-07-06 09:08:48 ----D---- C:\ProgramData\avg8 2009-07-05 11:48:46 ----HD---- C:\$AVG8.VAULT$ 2009-07-03 20:24:38 ----D---- C:\Program Files\Common Files\Steam 2009-07-03 13:39:06 ----D---- C:\Users\Lippo\AppData\Roaming\temp 2009-07-02 22:58:05 ----D---- C:\Windows\inf 2009-07-02 22:58:05 ----A---- C:\Windows\system32\PerfStringBackup.INI 2009-07-02 22:49:15 ----D---- C:\Users\Lippo\AppData\Roaming\Adobe 2009-07-01 17:46:09 ----D---- C:\Windows\system32\catroot2 2009-06-29 15:12:31 ----HD---- C:\Program Files\InstallShield Installation Information 2009-06-29 15:09:49 ----SHD---- C:\Windows\Installer 2009-06-29 15:09:49 ----HD---- C:\Config.Msi 2009-06-29 12:49:29 ----A---- C:\Windows\system32\avgrsstx.dll 2009-06-28 15:15:19 ----D---- C:\ProgramData\FLEXnet 2009-06-27 16:40:01 ----SD---- C:\Users\Lippo\AppData\Roaming\Microsoft 2009-06-27 14:00:00 ----D---- C:\Windows\Tasks 2009-06-27 13:47:12 ----SHD---- C:\System Volume Information 2009-06-24 20:33:16 ----D---- C:\Windows\winsxs 2009-06-24 20:33:16 ----D---- C:\Program Files\Internet Explorer 2009-06-24 09:27:32 ----D---- C:\Windows\system32\catroot 2009-06-24 09:11:58 ----A---- C:\Windows\NeroDigital.ini 2009-06-21 20:54:40 ----D---- C:\Program Files\Mozilla Firefox 2009-06-14 20:38:58 ----D---- C:\Windows\rescache 2009-06-14 20:29:07 ----D---- C:\Windows\Microsoft.NET 2009-06-14 20:28:31 ----RSD---- C:\Windows\assembly 2009-06-14 20:20:34 ----D---- C:\Windows\ehome 2009-06-14 20:20:27 ----D---- C:\Windows\system32\migration 2009-06-14 20:20:26 ----D---- C:\Windows\system32\de-DE 2009-06-14 20:20:23 ----D---- C:\Windows\system32\en-US 2009-06-14 20:20:23 ----D---- C:\Windows\PolicyDefinitions ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [2009-02-13 11608] R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\Windows\System32\Drivers\avgldx86.sys [2009-06-29 327688] R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\Windows\System32\Drivers\avgmfx86.sys [2009-06-29 27784] R1 AvgTdiX;AVG Free8 Network Redirector; C:\Windows\System32\Drivers\avgtdix.sys [2009-05-12 108552] R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-04-27 96104] R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-06-12 28520] R2 ASMMAP;ASMMAP; \??\C:\Program Files\ATKGFNEX\ASMMAP.sys [2007-07-24 13880] R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2009-04-27 55640] R2 ghaio;ghaio; \??\C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [2007-08-03 20936] R2 regi;regi; C:\Windows\system32\drivers\regi.sys [2007-04-17 11032] R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2008-06-25 47104] R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-07-30 43008] R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-07-30 38400] R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2008-03-21 1203776] R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-08-12 2159384] R3 kbfiltr;Keyboard Filter; C:\Windows\system32\DRIVERS\kbfiltr.sys [2008-06-03 15928] R3 MODEMCSA;Unimodem Streaming Filter Device; C:\Windows\system32\drivers\MODEMCSA.sys [2008-01-21 18432] R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATKACPI.sys [2006-12-14 7680] R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw5v32.sys [2008-08-28 3664384] R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda32v.sys [2008-09-05 45600] R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-09-19 7404832] R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2008-05-02 122368] R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-21 88576] R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2008-06-09 1748352] R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-12-06 196400] S3 atunr44j;atunr44j; C:\Windows\system32\drivers\atunr44j.sys [] S3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-04-17 23040] S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160] S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2008-04-17 507904] S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2008-04-17 30208] S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2008-07-09 81960] S3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\drivers\btwavdt.sys [2008-05-13 100392] S3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2008-01-29 29736] S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2008-05-13 17320] S3 Dot4;MS IEEE-1284.4-Treiber; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-21 131584] S3 Dot4Print;Druckerklassentreiber für IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-21 16384] S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-21 36864] S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632] S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-05-08 25280] S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520] S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys [2009-06-17 38160] S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192] S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192] S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888] S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016] S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2008-04-17 149504] S3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2006-11-02 1010560] S3 usbscan;USB-Scannertreiber; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328] S3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016] S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328] S3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-02 194048] S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656] S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616] S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-21 11264] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 ADSMService;ADSM Service; C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe [2007-05-18 73728] R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2008-03-18 13312] R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-06-12 108289] R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-06-12 185089] R2 ASLDRService;ASLDR Service; C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe [2008-08-14 100920] R2 ATKGFNEXSrv;ATKGFNEX Service; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [2007-08-08 94208] R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-06-29 298776] R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376] R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504] R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2008-07-30 522792] R2 GS In-Game Service;GS In-Game Service; C:\Program Files\GameTracker\GSInGameService.exe [2009-02-26 1547264] R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2008-01-21 21504] R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2008-06-10 222456] R2 IviRegMgr;IviRegMgr; C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe [2007-01-04 112152] R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2008-06-09 73728] R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2007-09-20 853288] R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-21 21504] R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-09-19 196608] R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-21 21504] R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2009-03-24 75064] R2 spmgr;spmgr; C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe [2007-08-03 125496] R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968] R3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-04-25 654848] R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-21 21504] S3 Adobe Version Cue CS3;Adobe Version Cue CS3 {de_DE} ; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe [2007-03-20 153792] S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-27 156656] S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824] S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2007-11-15 382248] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2009-07-03 316664] -----------------EOF----------------- so ich werde weiterhin versuchen Malwarebytes' Anti-Malware zum Laufen zu kriegen. |
|
14.07.2009, 16:15
| #8 |
  | Trojanermeldung beim Öffnen eines Internetbrowsers Nutze bitte einmal http://www.trojaner-board.de/51187-a...i-malware.html . Poste danach den erstellten Report...
__________________ MfG Ralf |
|
15.07.2009, 16:06
| #9 |
| | Trojanermeldung beim Öffnen eines Internetbrowsers hi Ralf,erstmal danke für deine Antwort. Also wie bereits erwähnt habe ich das Anti-Malware Programm mehrmals laufen lassen,zuletzt vor einer halben Stunden,doch das Programm hängt sich immer bei 35-37min auf,beim Updaten tritt auch ein Fehler auf. |
|
15.07.2009, 16:11
| #10 |
| | Trojanermeldung beim Öffnen eines Internetbrowsers Deinstalliere bitte deine Mbam version, lade eine neue und versuche es mit dieser. Ein manuelles Update kannst du danachmit dieser Datei machen. http://www.malwarebytes.org/mbam/dat...mbam-rules.exe Kannst du mit einem Rootkitscan von Avira die Malware nicht in Quarantaene schieben? Nachtrag: Mit Mbam bitte nur ein Quickscan machen
__________________ MfG Ralf |
|
15.07.2009, 20:42
| #11 |
| | Trojanermeldung beim Öffnen eines Internetbrowsers Guten Abend.Also ich habe MBam nochmal deinstalliert und neuinstalliert.Der von dir gepostete Link funktioniert irgendwie nicht.Update funktioniert wieder nicht.Ich habe bis jetzt nur den Komplettscan versucht,also lass ich jetzt den Quicksan laufen und poste das Ergebnis. Ist Rootkitscan sowas wie ein "normaler" Scan? Avira erkennt den Trojaner ja,aber wenn ich in löschen oder in Quarantäne verschieben will,bekomme ich die Meldung das der zugriff verweigert wurde. |
|
15.07.2009, 20:46
| #12 |
| | Trojanermeldung beim Öffnen eines Internetbrowsers Ob Quickscan oder Komplettscan,das MBAM Programm hängt sich immer im Ordner c:\windows\system32\config an .LOG-Dateien auf. Im Ordner c:\windows\system32 soll sich ja auch die infizierte Datei befinden , ob es damit ewtas zu tun hat!? |
|
19.07.2009, 17:05
| #13 |
| | Trojanermeldung beim Öffnen eines Internetbrowsers Tschuldige, dein Thread ist mir irgendwie "durch gegangen".... Falls du das Problem noch hast, erstelle bitte ein Combofix Report: Sollte nach dem Kontrollieren der Reporte aus dem ersten Posting, durch einen Helfer ein Combofix Report gefordert werden, findet ihr hier die Anleitung dazu. Lade es von http://download.bleepingcomputer.com/sUBs/ComboFix.exe und speichere es als test.exe auf den Desktop Danach schliesse alle Fenster, deaktiviere alle Hintergrundwaechter (AV und z.B. Spybots Tea-Timer) starte die combofix.exe, lies die Informationen auf den auftauchenden Fenstern und beantworte sie danach mit Ja. Der Scan mit Combofix kann einige Zeit in Anspruch nehmen, also habe etwas Geduld. Waehrend des Scans bitte nichts am Rechner unternehmen Es kann moeglich sein, das der Rechner zwischendurch neu gestartet wird. Nach Scanende wird ein Report angezeigt, den bitte kopieren und in deinem Thread einfuegen. Ein Leitfaden und Tutorium zur Nutzung von ComboFix Nutze immer eine aktuelle Version von Combofix, auch wenn du "deine" erst vor einem Tag heruntergeladen hast. Um Combofix unter Vista(32 Bit) nutzen zu koennen muss man es als Administrator starten. Also rechte Maustaste auf die Combofix.exe und "Als Administrator ausfuehren" waehlen.
__________________ MfG Ralf |
|
19.07.2009, 20:44
| #14 |
| | Trojanermeldung beim Öffnen eines Internetbrowsers hey wiedermal danke für deine Antwort! ComboFix 09-07-19.01 - Lippo 19.07.2009 21:20.1.2 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.49.1031.18.3070.2035 [GMT 2:00] ausgeführt von:: c:\users\Lippo\Desktop\test.exe SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} * Neuer Wiederherstellungspunkt wurde erstellt . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . c:\users\Lippo\AppData\Local\jdznifr_nav.dat c:\windows\Installer\2cb70.msi c:\windows\system32\acovcnt.exe c:\windows\system32\drivers\MSIVXwucpobvnhtqeefttossbhxxypwmjkbrf.sys c:\windows\system32\MSIVXbkqyqplwtwneecqqqibmcoxsyfedxoxt.dll c:\windows\system32\MSIVXcount c:\windows\system32\MSIVXimuvrfjrhnpjpkieibteiredbpmmpqxo.dll c:\windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job . ((((((((((((((((((((((((((((((((((((((( Treiber/Dienste ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_MSIVXserv.sys ((((((((((((((((((((((( Dateien erstellt von 2009-06-19 bis 2009-07-19 )))))))))))))))))))))))))))))) . 2009-07-19 19:33 . 2009-07-19 19:33 -------- d-----w- c:\users\Lippo\AppData\Local\temp 2009-07-15 19:59 . 2009-07-19 18:17 138064 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2009-07-15 19:36 . 2009-07-13 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-07-15 19:36 . 2009-07-13 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-07-15 19:36 . 2009-07-15 19:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-07-13 12:24 . 2009-07-13 12:24 -------- d-----w- C:\rsit 2009-07-13 12:17 . 2009-07-13 12:17 -------- d-----w- c:\program files\Trend Micro 2009-07-11 14:22 . 2009-07-19 19:01 -------- d-----w- c:\users\Lippo\AppData\Roaming\Xfire 2009-07-11 14:22 . 2009-07-17 18:31 -------- d-----w- c:\programdata\Xfire 2009-07-10 19:34 . 2009-07-10 19:34 -------- d-----w- c:\users\Lippo\AppData\Roaming\Malwarebytes 2009-07-10 19:34 . 2009-07-10 19:34 -------- d-----w- c:\programdata\Malwarebytes 2009-07-10 08:36 . 2009-07-10 08:36 -------- d-----w- c:\program files\CCleaner 2009-07-07 23:56 . 2009-07-07 23:56 41808 ----a-w- c:\windows\system32\xfcodec.dll 2009-06-23 11:09 . 2007-03-23 02:05 29272 ----a-w- c:\windows\system32\AdobePDF.dll . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-07-19 19:16 . 2008-11-27 19:04 12 ----a-w- c:\windows\bthservsdp.dat 2009-07-19 18:17 . 2009-02-25 15:39 189184 ----a-w- c:\windows\system32\PnkBstrB.exe 2009-07-19 18:15 . 2009-04-28 10:01 -------- d-----w- c:\users\Lippo\AppData\Roaming\GameTracker 2009-07-19 18:15 . 2009-02-25 12:06 31871 ----a-w- c:\programdata\nvModes.dat 2009-07-18 10:59 . 2008-11-27 19:25 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-07-17 21:31 . 2009-06-05 11:12 -------- d-----w- c:\users\Lippo\AppData\Roaming\uTorrent 2009-07-16 19:18 . 2008-04-16 11:11 618442 ----a-w- c:\windows\system32\perfh007.dat 2009-07-16 19:18 . 2008-04-16 11:11 122842 ----a-w- c:\windows\system32\perfc007.dat 2009-07-11 14:32 . 2009-06-02 14:16 -------- d-----w- c:\program files\Xfire 2009-07-06 07:08 . 2009-02-25 13:54 -------- d-----w- c:\programdata\avg8 2009-07-03 18:24 . 2009-05-27 18:36 -------- d-----w- c:\program files\Common Files\Steam 2009-06-29 10:49 . 2009-02-25 13:54 11952 ----a-w- c:\windows\system32\avgrsstx.dll 2009-06-29 10:49 . 2009-02-25 13:54 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2009-06-29 10:49 . 2009-02-25 13:54 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2009-06-28 13:15 . 2009-04-25 18:54 -------- d-----w- c:\programdata\FLEXnet 2009-06-13 18:51 . 2009-06-13 18:51 -------- d-----w- c:\users\Lippo\AppData\Roaming\Leadertech 2009-06-08 15:05 . 2009-06-08 15:05 10134 ----a-r- c:\users\Lippo\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe 2009-06-08 15:05 . 2009-06-08 15:05 -------- d-----w- c:\program files\Microsoft WSE 2009-06-06 16:01 . 2009-04-25 18:12 -------- d-----w- c:\program files\QuickTime 2009-06-06 16:01 . 2009-06-06 16:01 -------- d-----w- c:\programdata\Apple Computer 2009-06-06 16:00 . 2009-06-06 16:00 -------- d-----w- c:\program files\Apple Software Update 2009-06-06 16:00 . 2009-06-06 16:00 -------- d-----w- c:\programdata\Apple 2009-06-06 09:30 . 2009-03-22 10:09 -------- d-----w- c:\users\Lippo\AppData\Roaming\DivX 2009-06-05 11:12 . 2009-06-05 11:12 -------- d-----w- c:\program files\uTorrent 2009-05-27 19:37 . 2009-05-27 19:37 -------- d-----w- c:\users\Lippo\AppData\Roaming\The Creative Assembly 2009-05-26 20:07 . 2009-05-26 20:07 -------- d-----w- c:\program files\Free PDF to Word Doc Converter 2009-05-12 05:28 . 2009-02-25 13:54 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2009-05-09 05:50 . 2009-06-14 18:13 915456 ----a-w- c:\windows\system32\wininet.dll 2009-05-09 05:34 . 2009-06-14 18:13 71680 ----a-w- c:\windows\system32\iesetup.dll 2009-05-08 12:50 . 2009-05-08 12:50 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys 2009-05-07 18:45 . 2009-05-07 18:45 1878984 ----a-w- c:\users\Lippo\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe 2009-05-05 16:20 . 2009-02-25 11:46 100720 ----a-w- c:\users\Lippo\AppData\Local\GDIPFONTCACHEV1.DAT 2009-04-30 12:37 . 2009-06-14 09:38 293376 ----a-w- c:\windows\system32\psisdecd.dll 2009-04-30 12:37 . 2009-06-14 09:38 428544 ----a-w- c:\windows\system32\EncDec.dll 2009-04-27 18:17 . 2009-03-18 16:50 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2009-04-27 18:17 . 2009-03-18 16:50 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-04-24 07:40 . 2009-04-24 07:40 49152 ----a-r- c:\users\Lippo\AppData\Roaming\Microsoft\Installer\{B6EC7388-E277-4A5B-8C8F-71067A41BA64}\NewShortcut1.exe 2009-04-24 07:40 . 2009-04-24 07:40 49152 ----a-r- c:\users\Lippo\AppData\Roaming\Microsoft\Installer\{B6EC7388-E277-4A5B-8C8F-71067A41BA64}\ARPPRODUCTICON.exe 2009-04-23 12:43 . 2009-06-10 14:25 784896 ----a-w- c:\windows\system32\rpcrt4.dll 2009-04-23 12:42 . 2009-06-10 14:25 636928 ----a-w- c:\windows\system32\localspl.dll 2009-04-21 11:55 . 2009-06-10 14:25 2033152 ----a-w- c:\windows\system32\win32k.sys 2008-08-08 22:48 . 2008-08-08 22:48 90112 ----a-w- c:\program files\Common Files\CPInstallAction.dll 2008-05-22 17:35 . 2008-05-22 17:35 51962 ----a-w- c:\program files\Common Files\banner.jpg 2007-06-12 18:34 . 2007-06-12 18:34 35822 ----a-w- c:\program files\Common Files\ASPG_icon.ico 2009-06-21 18:54 . 2009-02-25 13:58 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1] @="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}" [HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}] 2007-06-02 01:08 143360 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="d:\steam\Steam.exe" [2009-06-11 1217784] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184] "CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2008-07-19 104936] "P2Go_Menu"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216] "HControlUser"="c:\program files\ASUS\ATK Hotkey\HControlUser.exe" [2008-08-18 98304] "ATKOSD2"="c:\program files\ASUS\ATKOSD2\ATKOSD2.exe" [2008-07-15 7651328] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-19 13593120] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-19 92704] "ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2008-02-01 61440] "ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2008-11-27 3054136] "ASUS Camera ScreenSaver"="c:\windows\AsScrProlog.exe" [2008-11-27 47672] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-29 1948440] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "Acrobat Assistant 8.0"="d:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-14 623992] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016] "Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696] "RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-08-12 6265376] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "*WerKernelReporting"="c:\windows\SYSTEM32\WerFault.exe" [2008-01-21 217088] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-7-30 752168] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\System32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "mixer4"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter "AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount "ehTray.exe"=c:\windows\ehome\ehTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" "HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe "hpqSRMon"=c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe "NeroFilterCheck"=c:\program files\Common Files\Nero\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . |
|
19.07.2009, 20:45
| #15 |
| | Trojanermeldung beim Öffnen eines Internetbrowsers [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{06E56465-E60C-4F51-BEE0-4FF7C5D18B2E}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe "{36CAB0BE-3CE7-4593-A78E-6369EE52B699}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe "{66B77B83-69EE-45AE-949A-32720E025E9B}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA "{F66BA6F0-22C5-4058-8B85-F6DCE70ABA71}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA "{57D6024D-112A-4EDE-897B-FFEB0BC982D5}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB "{41E937ED-9707-4D68-9318-4EC376C2D76C}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB "{473733C5-3A84-4F88-839D-270C521A3D9B}"= UDP:d:\assassin's creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9 "{3FB73A3D-B75D-471D-AB12-A62421ED9EE6}"= TCP:d:\assassin's creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9 "{90A55BA1-663B-41D1-9D8C-27661E74662B}"= UDP:d:\assassin's creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10 "{A582571D-227E-4FDF-AC05-2DD1C016DF13}"= TCP:d:\assassin's creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10 "{7E380F9E-0AEF-4C1E-BF60-F81D149DD5C3}"= UDP:d:\assassin's creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update "{08097F86-2CB7-4C5C-B5E2-B61096A1A4FC}"= TCP:d:\assassin's creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update "{06FDD6B6-E56B-42DD-BF12-CB10981384AD}"= UDP:c:\program files\SEGA\Beijing 2008\Beijing.exe:Beijing 2008™ "{32E396CD-FC92-40CC-8633-09184FCFB9CF}"= TCP:c:\program files\SEGA\Beijing 2008\Beijing.exe:Beijing 2008™ "TCP Query User{3438E369-9E83-45CB-93F3-AA73BC6E19DE}c:\\program files\\icq6.5\\icq.exe"= UDP:c:\program files\icq6.5\icq.exe:ICQ Library "UDP Query User{64D6871D-06CD-4A18-A338-1861AE219D28}c:\\program files\\icq6.5\\icq.exe"= TCP:c:\program files\icq6.5\icq.exe:ICQ Library "{EFE0F158-6B07-42F1-8F12-EC00B9075EAE}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe "{5A3EA7EB-EFBB-4C46-B7A0-D9CC5BFEE2F5}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe "{43802727-1FE2-4E27-BAEA-676DAE3E002C}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe "{37A47786-3CC8-4AD1-BF88-DC9751888F35}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe "{B8521FE9-4231-45DE-BF78-3E90E3033688}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe "{955C06F6-9E18-4C2B-BB37-F6C414D7BB4C}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe "{1874AB2B-5A22-428B-BC20-274B19BD33B7}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpiscnapp.exe:hpiscnapp.exe "{35DBC724-A9B3-455D-BF41-BE110C627FAC}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpiscnapp.exe:hpiscnapp.exe "{7DB07608-C985-4158-A9CA-52750042BC2F}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe "{EF09CBA7-0B82-4D96-80BB-CFB325074EE0}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe "{16EA7381-A47D-499C-A9BE-020F4BE894C3}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\Lager\hpiscnapp.exe:hpiscnapp.exe "{77EAE644-3D66-4751-BE50-7747DA847313}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\Lager\hpiscnapp.exe:hpiscnapp.exe "{9BEA65BB-7582-4803-9B2A-1802A195A1B0}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\Lager\hpqkygrp.exe:hpqkygrp.exe "{E8EE74C9-0F83-4C14-8997-ABFF4C6F6976}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\Lager\hpqkygrp.exe:hpqkygrp.exe "TCP Query User{5456B549-3632-496B-A5E9-92D70DD42B0B}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{BC1C7BA5-26FC-4BBF-918C-F5DCCF343065}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "{448FC307-73D0-4CC2-A324-8AA3DAD336A3}"= UDP:c:\program files\KONAMI\Pro Evolution Soccer 2009\pes2009.exe:Pro Evolution Soccer 2009 "{9F295889-C9F9-4EE2-8135-0038D1230005}"= TCP:c:\program files\KONAMI\Pro Evolution Soccer 2009\pes2009.exe:Pro Evolution Soccer 2009 "{6776D65F-5E67-4AE4-97D6-C8F2C210504A}"= UDP:d:\rockstar games social club\RGSCLauncher.exe:Rockstar Games Social Club "{2A508DA8-8F84-47D8-9A35-C01EA9EB354C}"= TCP:d:\rockstar games social club\RGSCLauncher.exe:Rockstar Games Social Club "{04C7430B-536E-413E-AAFF-E03335406D4A}"= UDP:c:\program files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV "{A9B576FC-95F9-4D2E-8CB7-A05691427E36}"= TCP:c:\program files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV "TCP Query User{0C6579CC-3CAA-42DD-9BA5-3BDB45A9C4BC}c:\\program files\\rockstar games\\grand theft auto iv\\gtaiv.exe"= UDP:c:\program files\rockstar games\grand theft auto iv\gtaiv.exe:Grand Theft Auto IV "UDP Query User{B8375D94-8801-47F2-9E1F-B3A63BBE40E9}c:\\program files\\rockstar games\\grand theft auto iv\\gtaiv.exe"= TCP:c:\program files\rockstar games\grand theft auto iv\gtaiv.exe:Grand Theft Auto IV "{268A3182-BCDC-412B-B00F-C67B385725D6}"= UDP:c:\program files\Ubisoft\Far Cry 2\bin\FarCry2.exe:Far Cry 2 "{C12C7B29-D027-4BA2-B994-3B7A2BBE70B5}"= TCP:c:\program files\Ubisoft\Far Cry 2\bin\FarCry2.exe:Far Cry 2 "{CFE9FC5A-E122-4282-9121-F8003F8B613F}"= UDP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:Far Cry 2 Updater "{59AF3796-376E-49B7-9E25-A3E8B4BC22E2}"= TCP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:Far Cry 2 Updater "{8F92ED93-E752-4AC0-9547-CC0178176E92}"= UDP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Editor.exe:Editor "{23028F51-F184-4DB3-8660-39620F09D48F}"= TCP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Editor.exe:Editor "TCP Query User{EF72E458-BC32-43F5-BBEB-352D454A7EE9}c:\\program files\\sopcast\\adv\\sopadver.exe"= UDP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver "UDP Query User{AE23DE0A-3A2A-44AC-88B2-E3AB59961E27}c:\\program files\\sopcast\\adv\\sopadver.exe"= TCP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver "TCP Query User{91A2F85C-5958-441E-BE53-5532257F351E}c:\\program files\\sopcast\\sopcast.exe"= UDP:c:\program files\sopcast\sopcast.exe:SopCast Main Application "UDP Query User{E1CC8511-D7BC-4316-8EF7-F2EE52CF320E}c:\\program files\\sopcast\\sopcast.exe"= TCP:c:\program files\sopcast\sopcast.exe:SopCast Main Application "{F681E26B-44BE-43FF-9E6F-4169F6993428}"= UDP:c:\program files\Activision\Call of Duty - World at War\CoDWaW.exe:Call of Duty(R) - World at War(TM) "{AB5F2A69-C7F5-4107-BCB1-136E48671D73}"= TCP:c:\program files\Activision\Call of Duty - World at War\CoDWaW.exe:Call of Duty(R) - World at War(TM) "{7B5B5DD9-0B13-461C-A51E-5D799EC99F41}"= UDP:c:\program files\Activision\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty(R) - World at War(TM) "{8EC30181-72C7-4A83-8955-8EBC63DA6783}"= TCP:c:\program files\Activision\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty(R) - World at War(TM) "TCP Query User{0E901F75-D499-4562-9732-9BE4EB1BDD63}c:\\program files\\zattoo\\zattood.exe"= UDP:c:\program files\zattoo\zattood.exe:zattood "UDP Query User{8AD501C8-5362-4C88-91D1-9337FBCC172D}c:\\program files\\zattoo\\zattood.exe"= TCP:c:\program files\zattoo\zattood.exe:zattood "TCP Query User{20F50672-8FC7-45B2-82B8-D749BFB088DC}c:\\program files\\zattoo\\zattoo.exe"= UDP:c:\program files\zattoo\zattoo.exe: "UDP Query User{45A395E9-755D-4EC2-B2A4-0DB25D6904AC}c:\\program files\\zattoo\\zattoo.exe"= TCP:c:\program files\zattoo\zattoo.exe: "{79CFF9B5-F4BF-4733-8026-8082C5CBFF86}"= UDP:3703:Adobe Version Cue CS3 Server "{BBAC8AF5-30E3-4A23-9670-5CF7B4358E39}"= UDP:3704:Adobe Version Cue CS3 Server "{BA0CA2B4-240B-46AA-BF50-26784BB08D09}"= UDP:50900:Adobe Version Cue CS3 Server "{F03B7A0E-2474-4741-8323-863286F72BD1}"= UDP:50901:Adobe Version Cue CS3 Server "{0BCF56EC-B642-4E6E-BCB2-0474A8F0ACAF}"= UDP:c:\program files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server "{EB9C1BE3-36F6-479D-B1BA-6F447EEE714D}"= TCP:c:\program files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server "TCP Query User{7CF2D851-F52F-40DE-A3BE-E9938D8D99AF}c:\\program files\\xfire\\xfire.exe"= UDP:c:\program files\xfire\xfire.exe:Xfire "UDP Query User{D0B0D757-E67F-44EF-A567-07F01CBC6AEF}c:\\program files\\xfire\\xfire.exe"= TCP:c:\program files\xfire\xfire.exe:Xfire "{90545B0D-F7F1-4599-A749-9B9DDF8917A9}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{A4C1F598-7E03-49A2-9093-38CAB9753F50}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{A9C1BBA7-33F1-4433-9BE1-EC2E1857DFC4}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{0ACFDD1D-CAD6-4034-81CD-0E7A3215CE14}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{C23D37CF-45CC-499F-9F2E-B6F676BF1EF6}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "TCP Query User{16EB4053-A3C8-4930-BA85-F1491355CC5C}d:\\call of duty 4\\iw3mp.exe"= UDP:d:\call of duty 4\iw3mp.exe:iw3mp "UDP Query User{07D76C56-ED29-4FAC-B413-786613E7F6F9}d:\\call of duty 4\\iw3mp.exe"= TCP:d:\call of duty 4\iw3mp.exe:iw3mp "TCP Query User{354580A6-385A-4301-970C-B99409392EAA}c:\\users\\lippo\\appdata\\local\\temp\\rarsfx0\\hl.exe"= UDP:c:\users\lippo\appdata\local\temp\rarsfx0\hl.exe:hl.exe "UDP Query User{CB4252B6-EE3D-4C0F-9DC9-ABF7BD0956DA}c:\\users\\lippo\\appdata\\local\\temp\\rarsfx0\\hl.exe"= TCP:c:\users\lippo\appdata\local\temp\rarsfx0\hl.exe:hl.exe "TCP Query User{D6EBE6F5-43E5-45E0-8BAE-D80E1A2BD67C}c:\\program files\\icq6.5\\icq.exe"= UDP:c:\program files\icq6.5\icq.exe:ICQ "UDP Query User{A50A9BD2-632C-4FBF-B8DF-4443CD088B17}c:\\program files\\icq6.5\\icq.exe"= TCP:c:\program files\icq6.5\icq.exe:ICQ "TCP Query User{621F2338-533B-47C2-89BE-0220683460B7}c:\\program files\\xfire\\xfire.exe"= UDP:c:\program files\xfire\xfire.exe:Xfire "UDP Query User{3ACC506C-0429-47E9-BF58-43C36B7DFF33}c:\\program files\\xfire\\xfire.exe"= TCP:c:\program files\xfire\xfire.exe:Xfire "TCP Query User{3F3AF349-9780-44F4-AEBA-DBAD9FBED9D2}c:\\program files\\zattoo\\zattood.exe"= UDP:c:\program files\zattoo\zattood.exe:zattood "UDP Query User{FD2E9FF1-F0C5-4CBE-ABDE-F0DF244FD799}c:\\program files\\zattoo\\zattood.exe"= TCP:c:\program files\zattoo\zattood.exe:zattood "TCP Query User{A247B365-40F1-4C26-A812-EC8C676550D2}c:\\program files\\zattoo\\zattoo.exe"= UDP:c:\program files\zattoo\zattoo.exe: "UDP Query User{2F993E7F-B3B1-4232-ABA6-F66423E695E3}c:\\program files\\zattoo\\zattoo.exe"= TCP:c:\program files\zattoo\zattoo.exe: "{27560490-515E-4587-88AD-9974A2A11526}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In) "{9BDF4A47-6364-4254-971D-B700BBFA2B9C}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In) "TCP Query User{EED8DAC5-D03F-4D00-8568-DE56AF6FED09}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent "UDP Query User{54018085-5589-4154-AA18-44F68F2351F6}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent "{421792D0-381F-438B-B254-5D47EE9222F9}"= UDP:c:\program files\KONAMI\Pro Evolution Soccer 2009\pes2009.exe:Pro Evolution Soccer 2009 "{BC76A225-7B29-4EAF-85F9-B40148FB0011}"= TCP:c:\program files\KONAMI\Pro Evolution Soccer 2009\pes2009.exe:Pro Evolution Soccer 2009 "TCP Query User{A7E2A733-886E-4DDB-8C07-6ABBD01C10C9}d:\\call of duty\\codmp.exe"= UDP:d:\call of duty\codmp.exe:CoDMP "UDP Query User{B3B4C41C-630D-4ACC-898F-272142C990BD}d:\\call of duty\\codmp.exe"= TCP:d:\call of duty\codmp.exe:CoDMP "TCP Query User{E7D5DFB9-342B-4A93-89DF-DF23F8E26DF8}d:\\call of duty 2\\cod2mp_s.exe"= UDP:d:\call of duty 2\cod2mp_s.exe:CoD2MP_s "UDP Query User{A347B31F-0974-46E4-9CCD-83AF702728B8}d:\\call of duty 2\\cod2mp_s.exe"= TCP:d:\call of duty 2\cod2mp_s.exe:CoD2MP_s "{774F5A11-9BDB-4B1C-81EF-350A51CD384D}"= UDP:d:\steam\SteamApps\common\empire total war\Empire.exe:Empire: Total War "{74540618-97A6-4F12-8257-DCF1595CE36D}"= TCP:d:\steam\SteamApps\common\empire total war\Empire.exe:Empire: Total War "TCP Query User{1F4A654F-220D-457F-96E7-DAB1B5FC1ABB}d:\\call of duty 4\\iw3mp.exe"= UDP:d:\call of duty 4\iw3mp.exe:iw3mp "UDP Query User{CA0A72B6-0672-4A44-B152-5D36B1409B9B}d:\\call of duty 4\\iw3mp.exe"= TCP:d:\call of duty 4\iw3mp.exe:iw3mp "{18EBF329-B7A7-4951-A2AE-691B80D5FC92}"= UDP:c:\program files\Activision\Call of Duty - World at War\CoDWaW.exe:Call of Duty(R) - World at War(TM) "{D8743D64-4760-40B7-94A0-1033146C9E28}"= TCP:c:\program files\Activision\Call of Duty - World at War\CoDWaW.exe:Call of Duty(R) - World at War(TM) "{60091451-C26F-4326-9FC6-0462CA65B8A5}"= UDP:c:\program files\Activision\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty(R) - World at War(TM) "{059B5F91-5221-4167-94C4-FED62BFB453B}"= TCP:c:\program files\Activision\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty(R) - World at War(TM) R0 lullaby;lullaby;c:\windows\System32\drivers\lullaby.sys [27.11.2008 23:28 15416] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [25.02.2009 15:54 327688] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [25.02.2009 15:54 108552] R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [18.03.2009 18:50 108289] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [25.02.2009 15:54 298776] R2 GS In-Game Service;GS In-Game Service;c:\program files\GameTracker\GSInGameService.exe [28.04.2009 12:01 1547264] R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [26.02.2009 22:44 222456] R2 regi;regi;c:\windows\System32\drivers\regi.sys [17.04.2007 21:09 11032] R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [28.08.2008 17:48 3664384] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [05.09.2008 22:20 45600] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\System32\drivers\btwl2cap.sys [27.11.2008 23:10 29736] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\System32\drivers\mbamswissarmy.sys [15.07.2009 21:36 38160] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "c:\program files\Common Files\LightScribe\LSRunOnce.exe" . Inhalt des "geplante Tasks" Ordners 2009-07-19 c:\windows\Tasks\GlaryInitialize.job - c:\program files\Glary Utilities\initialize.exe [2009-05-07 07:49] . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://www.freenet.de/ mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS IE: An vorhandenes PDF anfügen - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Auswahl in Adobe PDF konvertieren - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Auswahl in vorhandene PDF-Datei konvertieren - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: In Adobe PDF konvertieren - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Verknüpfungsziel in Adobe PDF konvertieren - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html FF - ProfilePath - c:\users\Lippo\AppData\Roaming\Mozilla\Firefox\Profiles\1327mav3.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.freenet.de/ FF - plugin: c:\program files\Picasa2\npPicasa2.dll ---- FIREFOX Richtlinien ---- FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: nglayout.initialpaint.delay - 600 FF - user.js: content.notify.interval - 600000 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.switch.threshold - 600000 . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-07-19 21:33 Windows 6.0.6001 Service Pack 1 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostarteinträge... Scanne versteckte Dateien... C:\ADSM_PData_0150 Scan erfolgreich abgeschlossen versteckte Dateien: 1 ************************************************************************** . --------------------- Gesperrte Registrierungsschluessel --------------------- [HKEY_USERS\S-1-5-21-2130318960-3476417128-3393467325-1000\Software\SecuROM\License information*] "datasecu"=hex:79,38,ae,40,03,87,58,de,4e,31,d9,04,07,cd,e7,59,29,60,ae,8e,63, 22,d1,66,8c,10,09,34,da,a6,42,cd,9e,02,c3,50,e3,ed,3a,d2,c3,63,00,9b,64,cb,\ "rkeysecu"=hex:d1,b2,5e,21,74,d2,20,b0,85,a6,d1,58,9d,74,6e,b3 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Zeit der Fertigstellung: 2009-07-19 21:36 ComboFix-quarantined-files.txt 2009-07-19 19:36 Vor Suchlauf: 9 Verzeichnis(se), 25.673.277.440 Bytes frei Nach Suchlauf: 9 Verzeichnis(se), 25.635.463.168 Bytes frei 332 --- E O F --- 2009-06-26 09:45 |
|
| Themen zu Trojanermeldung beim Öffnen eines Internetbrowsers |
| .dll, agent, antivir, anwendung, avg, browser, computer, datei, entfernen, firefox, folge, folgende, gestartet, immer wieder, infiziert, internetbrowser, leute, meldung, nichts, notebook, system, system32, trojaner agent, wahrscheinlich, windows |
Linear-Darstellung
