TR/Drop.agent.vze in C:/WINDOWS/msa.exe

MetalLugia96 · 13.07.2009, 21:39

ich habe hijack runtergeladen und die logfile erstellt hier ist sie:
es ist ein trojaner

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:28:38, on 13.07.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Avira\AntiVir Desktop\sched.exe
C:\DOKUME~1\METALL~1\LOKALE~1\Temp\d.exe
C:\WINDOWS\msa.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Programme\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\Programme\Java\jre6\bin\jusched.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe
C:\Programme\MSI\US54EX\Installer\WINXP\MSI US54EX Wireless Client Utility.exe
C:\WINDOWS\system32\sopidkc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\PROGRA~1\GEMEIN~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\DOKUME~1\METALL~1\LOKALE~1\Temp\Rar$EX00.125\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://www.windowsxlive.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157[/url]
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = h**p://go.microsoft.com/fwlink/?LinkId=74005[/
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: P2P Max DE Toolbar - {e0007d18-baa4-4573-ae78-8bea0958c610} - C:\Programme\P2P_Max_DE\tbP2P_.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - C:\WINDOWS\system32\msxml71.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\GEMEIN~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: P2P Max DE Toolbar - {e0007d18-baa4-4573-ae78-8bea0958c610} - C:\Programme\P2P_Max_DE\tbP2P_.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: P2P Max DE Toolbar - {e0007d18-baa4-4573-ae78-8bea0958c610} - C:\Programme\P2P_Max_DE\tbP2P_.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [osCheck] "C:\Programme\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [ccApp] C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DrvIcon] C:\Programme\Vista Drive Icon\DrvIcon.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ares] "C:\Programme\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [wausgoy] "c:\dokumente und einstellungen\XXX\lokale einstellungen\anwendungsdaten\wausgoy.exe" wausgoy
O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ViOrb] C:\Programme\ViOrb\ViOrb.exe
O4 - HKCU\..\Run: [LClock] C:\Programme\LClock\LClock.exe
O4 - HKCU\..\Run: [Vista Rainbar] C:\Programme\Vista Rainbar\launcher.exe
O4 - HKCU\..\Run: [ViStart] C:\Programme\ViStart\ViStart.exe
O4 - HKCU\..\Run: [VisualTooltip] C:\Programme\VisualTooltip\VisualToolTip.exe
O4 - HKCU\..\Run: [Cognac] C:\DOKUME~1\METALL~1\LOKALE~1\Temp\d.exe
O4 - HKCU\..\Run: [ColdWare] C:\WINDOWS\msa.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Dienst-Manager.lnk = C:\Programme\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: MSI US54EX Wireless Client Utility.lnk = C:\Programme\MSI\US54EX\Installer\WINXP\MSI US54EX Wireless Client Utility.exe
O8 - Extra context menu item: Alles mit FDM herunterladen - file://C:\Programme\Free Download Manager\dlall.htm
O8 - Extra context menu item: Auswahl mit FDM herunterladen - file://C:\Programme\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Datei mit FDM herunterladen - file://C:\Programme\Free Download Manager\dllink.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Videos mit FDM herunterladen - file://C:\Programme\Free Download Manager\dlfvideo.htm
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Automatisches LiveUpdate - Scheduler (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Update Service (gupdate1ca66d2ae8a2f9c) (gupdate1ca66d2ae8a2f9c) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Programme\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: sopidkc Service (sopidkc) - Unknown owner - C:\WINDOWS\system32\sopidkc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\GEMEIN~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUpUtilities2006\WinStylerThemeSvc.exe

--
End of file - 9061 bytes

ich bitte um sofortige hilfe! bitte! bitte! bitte!

wie ich herausgefunden habe hat der trojaner einen freund: TR/Renos.OSV in C:\Dokumente und Einstellungen\XXX\Lokale Einstellungen\Temp\d.exe

es ist ebenfalls ein trojaner

john.doe · 13.07.2009, 21:52

Hallo und

Zitat:

wie ich herausgefunden habe hat der trojaner einen freund:

Da sind noch viel mehr.

Damit wir alle erwischen, klicke auf "Für alle Neuen" in meiner Signatur, lies alles aufmerksam und arbeite die komplette Liste unter Punkt 2 ab.

ciao, andreas

MetalLugia96 · 13.07.2009, 22:01

Gut ok hab ich gemacht.
ist die logfile falsch oder ist sie korekkt?

john.doe · 13.07.2009, 22:04

Sie schadet nicht, bietet aber viel zu wenig Informationen über den Rechner. Deshalb sollst du auf "Für alle Neuen" klicken und die komplette Liste unter Punkt 2 abarbeiten. Wir brauchen ein Log von Malwarebytes und zwei Logs von RSIT.

ciao, andreas

MetalLugia96 · 14.07.2009, 19:21

malewarebytes log file:

Malwarebytes' Anti-Malware 1.39
Datenbank Version: 2421
Windows 5.1.2600 Service Pack 2

14.07.2009 20:01:37
mbam-log-2009-07-14 (20-01-37).txt

Scan-Methode: Vollständiger Scan (C:\|)
Durchsuchte Objekte: 134213
Laufzeit: 1 hour(s), 9 minute(s), 52 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 14
Infizierte Registrierungswerte: 10
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 2
Infizierte Dateien: 10

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\xml.xml (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xml.xml.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{40196867-19f8-7157-c097-ecaff653c9ad} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\WebMediaPlayer (Rogue.Webmediaplayer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\sopidkc (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Cognac (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sopidkc (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sopidkc (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ColdWare (Malware.Trace) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\coldware (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\BuildW (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\FirstInstallFlag (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\guid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mso (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\udso (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\uid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Ulrn (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Update (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\UpdateNew (Malware.Trace) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CrucialSoft Ltd (Rogue.Multiple) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\all users\anwendungsdaten\crucialsoft ltd\MS AntiSpyware 2009 (Rogue.Multiple) -> Quarantined and deleted successfully.

Infizierte Dateien:
C:\WINDOWS\msa.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{01a5f159-1525-422c-bf15-8488b7321dc8}\RP79\A0022817.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\WINDOWS\msb.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\cmdow.exe (Malware.Tool) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\comsa32.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\FInstall.sys (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sopidkc.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tpsaxyd.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\certstore.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wiawow32.sys (Backdoor.Bot) -> Quarantined and deleted successfully.

die anderen zwei log files kommen noch

MetalLugia96 · 14.07.2009, 19:32

RSIT log file:

Logfile of random's system information tool 1.06 (written by random/random)
Run by XXX at 2009-07-14 20:19:31
Microsoft Windows XP Professional Service Pack 2
System drive C: has 142 GB (93%) free of 153 GB
Total RAM: 479 MB (31% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:20:54, on 14.07.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir Desktop\sched.exe
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\TuneUp Utilities 2009\MemOptimizer.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe
C:\Programme\MSI\US54EX\Installer\WINXP\MSI US54EX Wireless Client Utility.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Malwarebytes' Anti-Malware\mbam.exe
C:\Dokumente und Einstellungen\XXX\Desktop\RSIT.exe
C:\DOKUME~1\METALL~1\LOKALE~1\Temp\Rar$EX00.125\XXX.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: P2P Max DE Toolbar - {e0007d18-baa4-4573-ae78-8bea0958c610} - C:\Programme\P2P_Max_DE\tbP2P_.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\GEMEIN~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: P2P Max DE Toolbar - {e0007d18-baa4-4573-ae78-8bea0958c610} - C:\Programme\P2P_Max_DE\tbP2P_.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: P2P Max DE Toolbar - {e0007d18-baa4-4573-ae78-8bea0958c610} - C:\Programme\P2P_Max_DE\tbP2P_.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [osCheck] "C:\Programme\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [ccApp] C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Programme\TuneUp Utilities 2009\MemOptimizer.exe" autostart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: MSI US54EX Wireless Client Utility.lnk = C:\Programme\MSI\US54EX\Installer\WINXP\MSI US54EX Wireless Client Utility.exe
O8 - Extra context menu item: Alles mit FDM herunterladen - file://C:\Programme\Free Download Manager\dlall.htm
O8 - Extra context menu item: Auswahl mit FDM herunterladen - file://C:\Programme\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Datei mit FDM herunterladen - file://C:\Programme\Free Download Manager\dllink.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Videos mit FDM herunterladen - file://C:\Programme\Free Download Manager\dlfvideo.htm
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Automatisches LiveUpdate - Scheduler (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Update Service (gupdate1ca66d2ae8a2f9c) (gupdate1ca66d2ae8a2f9c) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Programme\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\GEMEIN~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUpUtilities2006\WinStylerThemeSvc.exe

--
End of file - 7492 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Klick-Wartung.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1227031557.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\PROGRA~1\GEMEIN~1\SYMANT~1\IDS\IPSBHO.dll [2008-11-15 116088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Programme\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e0007d18-baa4-4573-ae78-8bea0958c610}]
P2P Max DE Toolbar - C:\Programme\P2P_Max_DE\tbP2P_.dll [2008-11-23 1784856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-09 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{e0007d18-baa4-4573-ae78-8bea0958c610} - P2P Max DE Toolbar - C:\Programme\P2P_Max_DE\tbP2P_.dll [2008-11-23 1784856]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd []
"VTTimer"=C:\WINDOWS\system32\VTTimer.exe [2005-03-08 53248]
"osCheck"=C:\Programme\Norton AntiVirus\osCheck.exe [2007-08-24 714608]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"avgnt"=C:\Programme\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"ccApp"=C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe [2008-10-17 51048]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2006-06-01 15360]
"TuneUp MemOptimizer"=C:\Programme\TuneUp Utilities 2009\MemOptimizer.exe [2009-04-27 163072]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe [2008-10-17 51048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\couuu]
c:\dokumente und einstellungen\XXX\lokale einstellungen\anwendungsdaten\couuu.exe couuu []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager]
C:\Programme\Free Download Manager\fdm.exe -autorun []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Programme\QuickTime\qttask.exe [2009-05-26 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Programme\CyberLink\PowerDVD\PDVDServ.exe [2004-11-02 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Programme\Winamp\winampa.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^hp psc 1000 series.lnk]
C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hpohmr08.exe [2003-04-09 147456]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^hpoddt01.exe.lnk]
C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hpotdd01.exe [2003-04-09 28672]

C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
MSI US54EX Wireless Client Utility.lnk - C:\Programme\MSI\US54EX\Installer\WINXP\MSI US54EX Wireless Client Utility.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
WgaLogon.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-05-09 52224]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Programme\ICQ6\ICQ.exe"="C:\Programme\ICQ6\ICQ.exe:*:Enabled:ICQ Library"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2009-11-26 16:25:48 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2009-11-26 16:24:18 ----HDC---- C:\WINDOWS\$NtUninstallKB925720$
2009-11-25 19:49:44 ----N---- C:\WINDOWS\system32\spmsg2.dll
2009-11-25 19:49:21 ----HDC---- C:\WINDOWS\$NtUninstallXPSEPSCLP$
2009-11-25 19:40:42 ----D---- C:\WINDOWS\system32\XPSViewer
2009-11-25 19:40:23 ----D---- C:\Programme\MSBuild
2009-11-25 19:40:19 ----D---- C:\WINDOWS\system32\en-US
2009-11-25 19:40:03 ----D---- C:\Programme\Reference Assemblies
2009-11-25 19:37:29 ----N---- C:\WINDOWS\system32\prntvpt.dll
2009-11-25 19:37:28 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2009-11-25 19:37:27 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2009-11-25 19:37:21 ----D---- C:\7ba7fe1a53c911e2fda2cc1c
2009-11-25 19:23:36 ----HDC---- C:\WINDOWS\$NtUninstallWIC$
2009-11-25 19:22:58 ----D---- C:\Programme\MSXML 6.0
2009-11-25 19:15:40 ----RHD---- C:\AHCache
2009-11-25 14:05:03 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-11-25 14:04:46 ----HDC---- C:\WINDOWS\$NtUninstallKB969898$
2009-11-25 14:01:43 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-11-25 13:59:29 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-11-19 20:52:22 ----D---- C:\Programme\Audacity 1.3 Beta (Unicode)
2009-11-19 19:20:07 ----D---- C:\Programme\No23 Recorder
2009-11-16 17:42:43 ----D---- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Google
2009-11-16 17:35:59 ----D---- C:\Programme\Google
2009-11-15 16:56:59 ----D---- C:\YouTubeDownload
2009-11-15 16:56:58 ----D---- C:\ConverterOutput
2009-11-15 16:56:51 ----A---- C:\Cucu_Video_log.txt
2009-11-15 16:56:26 ----A---- C:\WINDOWS\system32\unicows.dll
2009-11-15 16:56:26 ----A---- C:\WINDOWS\system32\pthreadGC2.dll
2009-11-15 16:56:26 ----A---- C:\WINDOWS\system32\ff_vfw.dll.manifest
2009-11-15 16:56:26 ----A---- C:\WINDOWS\system32\ff_vfw.dll
2009-11-15 16:56:10 ----D---- C:\Programme\Cucusoft
2009-11-14 23:29:02 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NCH Swift Sound
2009-11-14 23:29:01 ----D---- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\NCH Swift Sound
2009-11-14 23:24:41 ----D---- C:\Programme\NCH Swift Sound
2009-11-10 22:56:47 ----A---- C:\WINDOWS\system32\d3dx10_41.dll
2009-11-10 22:56:47 ----A---- C:\WINDOWS\system32\D3DCompiler_41.dll
2009-11-10 22:56:42 ----A---- C:\WINDOWS\system32\D3DX9_41.dll
2009-11-10 22:56:40 ----A---- C:\WINDOWS\system32\XAPOFX1_3.dll
2009-11-10 22:56:39 ----A---- C:\WINDOWS\system32\XAudio2_4.dll
2009-11-10 22:56:38 ----A---- C:\WINDOWS\system32\xactengine3_4.dll
2009-11-10 22:56:37 ----A---- C:\WINDOWS\system32\X3DAudio1_6.dll
2009-11-10 22:56:35 ----A---- C:\WINDOWS\system32\d3dx10_40.dll
2009-11-10 22:56:35 ----A---- C:\WINDOWS\system32\D3DCompiler_40.dll
2009-11-10 22:56:30 ----A---- C:\WINDOWS\system32\D3DX9_40.dll
2009-11-10 22:56:28 ----A---- C:\WINDOWS\system32\XAPOFX1_2.dll
2009-11-10 22:56:27 ----A---- C:\WINDOWS\system32\XAudio2_3.dll
2009-11-10 22:56:26 ----A---- C:\WINDOWS\system32\xactengine3_3.dll
2009-11-10 22:56:25 ----A---- C:\WINDOWS\system32\X3DAudio1_5.dll
2009-11-10 22:56:24 ----A---- C:\WINDOWS\system32\XAudio2_2.dll
2009-11-10 22:56:24 ----A---- C:\WINDOWS\system32\XAPOFX1_1.dll
2009-11-10 22:56:22 ----A---- C:\WINDOWS\system32\xactengine3_2.dll
2009-11-10 22:56:21 ----A---- C:\WINDOWS\system32\d3dx10_39.dll
2009-11-10 22:56:21 ----A---- C:\WINDOWS\system32\D3DCompiler_39.dll
2009-11-10 22:56:20 ----A---- C:\WINDOWS\system32\D3DX9_39.dll
2009-11-10 22:56:17 ----A---- C:\WINDOWS\system32\XAudio2_1.dll
2009-11-10 22:56:17 ----A---- C:\WINDOWS\system32\XAPOFX1_0.dll
2009-11-10 22:56:14 ----A---- C:\WINDOWS\system32\xactengine3_1.dll
2009-11-10 22:56:11 ----A---- C:\WINDOWS\system32\X3DAudio1_4.dll
2009-11-10 22:56:10 ----A---- C:\WINDOWS\system32\D3DCompiler_38.dll
2009-11-10 22:56:09 ----A---- C:\WINDOWS\system32\d3dx10_38.dll
2009-11-10 22:56:06 ----A---- C:\WINDOWS\system32\D3DX9_38.dll
2009-11-10 22:55:59 ----A---- C:\WINDOWS\system32\XAudio2_0.dll
2009-11-10 22:55:54 ----A---- C:\WINDOWS\system32\xactengine3_0.dll
2009-11-10 22:55:53 ----A---- C:\WINDOWS\system32\X3DAudio1_3.dll
2009-11-10 22:55:50 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll
2009-11-10 22:55:49 ----A---- C:\WINDOWS\system32\d3dx10_37.dll
2009-11-10 22:55:47 ----A---- C:\WINDOWS\system32\D3DX9_37.dll
2009-11-10 22:55:42 ----A---- C:\WINDOWS\system32\xactengine2_10.dll
2009-11-10 22:55:40 ----A---- C:\WINDOWS\system32\d3dx10_36.dll
2009-11-10 22:55:40 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll
2009-11-10 22:55:36 ----A---- C:\WINDOWS\system32\d3dx9_36.dll
2009-11-10 22:55:25 ----A---- C:\WINDOWS\system32\xactengine2_9.dll
2009-11-10 22:55:24 ----A---- C:\WINDOWS\system32\d3dx10_35.dll
2009-11-10 22:55:24 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll
2009-11-10 22:55:20 ----A---- C:\WINDOWS\system32\d3dx9_35.dll
2009-11-10 22:55:11 ----A---- C:\WINDOWS\system32\xactengine2_8.dll
2009-11-10 22:55:11 ----A---- C:\WINDOWS\system32\X3DAudio1_2.dll
2009-11-10 22:54:57 ----A---- C:\WINDOWS\system32\d3dx10_34.dll
2009-11-10 22:54:57 ----A---- C:\WINDOWS\system32\D3DCompiler_34.dll
2009-11-10 22:54:43 ----A---- C:\WINDOWS\system32\d3dx9_34.dll
2009-11-10 22:54:35 ----A---- C:\WINDOWS\system32\xinput1_3.dll
2009-11-10 22:54:30 ----A---- C:\WINDOWS\system32\xactengine2_7.dll
2009-11-10 22:54:25 ----A---- C:\WINDOWS\system32\d3dx10_33.dll
2009-11-10 22:54:25 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll
2009-11-10 22:54:08 ----A---- C:\WINDOWS\system32\d3dx9_33.dll
2009-11-10 22:54:06 ----A---- C:\WINDOWS\system32\xactengine2_6.dll
2009-11-10 22:54:05 ----A---- C:\WINDOWS\system32\xactengine2_5.dll
2009-11-10 22:54:04 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
2009-11-10 22:54:03 ----A---- C:\WINDOWS\system32\xactengine2_4.dll
2009-11-10 22:54:03 ----A---- C:\WINDOWS\system32\x3daudio1_1.dll
2009-11-10 22:54:02 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
2009-11-10 22:54:01 ----A---- C:\WINDOWS\system32\xactengine2_3.dll
2009-11-10 22:54:00 ----A---- C:\WINDOWS\system32\xinput1_2.dll
2009-11-10 22:53:59 ----A---- C:\WINDOWS\system32\xactengine2_2.dll
2009-11-10 22:53:58 ----A---- C:\WINDOWS\system32\xinput1_1.dll
2009-11-10 22:53:57 ----A---- C:\WINDOWS\system32\xactengine2_1.dll
2009-11-10 22:53:39 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2009-11-10 22:53:36 ----A---- C:\WINDOWS\system32\xactengine2_0.dll
2009-11-10 22:53:36 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll
2009-11-10 22:53:25 ----A---- C:\WINDOWS\system32\d3dx9_29.dll
2009-11-10 22:53:21 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
2009-11-10 22:53:20 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll
2009-11-10 22:53:18 ----A---- C:\WINDOWS\system32\d3dx9_27.dll
2009-11-10 22:53:15 ----A---- C:\WINDOWS\system32\d3dx9_26.dll
2009-11-10 22:53:13 ----A---- C:\WINDOWS\system32\d3dx9_25.dll
2009-11-10 22:52:49 ----A---- C:\WINDOWS\system32\d3dx9_24.dll
2009-11-10 22:51:59 ----D---- C:\WINDOWS\Logs
2009-11-10 22:37:21 ----D---- C:\Programme\QuickTime
2009-11-10 22:33:44 ----D---- C:\Programme\Apple Software Update
2009-11-04 23:12:56 ----D---- C:\Programme\gPotato.eu
2009-11-04 14:55:32 ----A---- C:\WINDOWS\system32\javaws.exe
2009-11-04 14:55:32 ----A---- C:\WINDOWS\system32\javaw.exe
2009-11-04 14:55:32 ----A---- C:\WINDOWS\system32\java.exe
2009-07-14 20:19:31 ----D---- C:\rsit
2009-07-14 17:34:54 ----A---- C:\DELSETUP.BAT
2009-07-14 14:38:40 ----D---- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\TuneUp Software
2009-07-13 23:13:54 ----D---- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Malwarebytes
2009-07-13 23:13:35 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2009-07-13 23:13:33 ----D---- C:\Programme\Malwarebytes' Anti-Malware
2009-07-12 18:04:42 ----D---- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Audio Recorder for Free
2009-07-12 18:04:10 ----A---- C:\WINDOWS\system32\NCTWMAFile2.dll
2009-07-12 18:04:10 ----A---- C:\WINDOWS\system32\NCTTextToAudio2.dll
2009-07-12 18:04:10 ----A---- C:\WINDOWS\system32\NCTAudioVisualization2.dll
2009-07-12 18:04:09 ----A---- C:\WINDOWS\system32\NCTAudioTransform2.dll
2009-07-12 18:04:09 ----A---- C:\WINDOWS\system32\NCTAudioRecord2.dll
2009-07-12 18:04:09 ----A---- C:\WINDOWS\system32\NCTAudioPlayer2.dll
2009-07-12 18:04:09 ----A---- C:\WINDOWS\system32\NCTAudioInformation2.dll
2009-07-12 18:04:09 ----A---- C:\WINDOWS\system32\NCTAudioFile2.dll
2009-07-12 18:04:09 ----A---- C:\WINDOWS\system32\NCTAudioEditor2.dll
2009-07-12 18:04:08 ----A---- C:\WINDOWS\system32\NCTAudioCDGrabber2.dll
2009-07-12 17:32:13 ----A---- C:\WINDOWS\system32\tsccvid.dll
2009-07-12 17:32:11 ----D---- C:\WINDOWS\system32\QuickTime
2009-07-12 17:31:53 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TechSmith
2009-07-12 17:30:49 ----D---- C:\Programme\Gemeinsame Dateien\TechSmith Shared
2009-07-12 17:30:06 ----D---- C:\Programme\TechSmith
2009-07-11 23:36:43 ----D---- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Publish Providers
2009-07-11 22:40:31 ----N---- C:\WINDOWS\system32\dbmsqlgc.dll
2009-07-11 22:40:31 ----N---- C:\WINDOWS\system32\dbmsgnet.dll
2009-07-11 22:39:56 ----A---- C:\WINDOWS\IsUninst.exe
2009-07-11 22:38:06 ----D---- C:\Programme\Microsoft SQL Server
2009-07-11 22:36:30 ----D---- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Sony
2009-07-11 22:31:58 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sony
2009-07-11 22:31:10 ----D---- C:\Programme\Sony
2009-07-11 22:28:22 ----D---- C:\Programme\Sony Setup
2009-07-11 22:00:27 ----D---- C:\WINDOWS\system32\VIRepair
2009-07-10 14:32:14 ----D---- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\ViStart
2009-07-10 14:25:22 ----D---- C:\Programme\ViSplore
2009-07-10 14:25:17 ----D---- C:\Programme\TrueTransparency
2009-07-10 14:25:11 ----D---- C:\Programme\WinFlip
2009-07-10 14:24:52 ----D---- C:\Programme\Styler
2009-07-10 14:24:48 ----D---- C:\Programme\Vista Rainbar
2009-07-10 14:24:18 ----D---- C:\WINDOWS\Cursors
2009-07-10 14:16:38 ----D---- C:\WINDOWS\system32\VITrans
2009-07-10 14:16:36 ----D---- C:\VTPFiles
2009-07-10 14:16:35 ----A---- C:\WINDOWS\system32\Uharc.exe
2009-07-10 14:16:35 ----A---- C:\WINDOWS\system32\reico.exe
2009-07-10 14:16:35 ----A---- C:\WINDOWS\system32\modifype.exe
2009-07-10 14:16:34 ----A---- C:\WINDOWS\system32\pskill.exe
2009-07-10 14:16:34 ----A---- C:\WINDOWS\system32\moveex.exe
2009-07-10 14:15:12 ----A---- C:\WINDOWS\system32\scrnrdr.exe
2009-07-08 22:55:27 ----D---- C:\Programme\Mesa Dynamics, LLC
2009-07-02 23:58:44 ----D---- C:\Programme\7-Zip
2009-07-02 23:38:49 ----D---- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\WinRAR

nick0877 · 04.01.2010, 20:47

hallo an alle, ich habde dasselbe problem, der internet explorer öffnet sich immer von selbst..
was soll ich denn tun? den hijjack bericht hochladen und "für alle neue" durchgehen oder was?
bin echt hilflos, keiner konnte mir helfen bis jetzt...

bin am verzweifeln...

nick0877 · 04.01.2010, 21:14

Malwarebytes' Anti-Malware 1.43
Datenbank Version: 3492
Windows 6.1.7600
Internet Explorer 8.0.7600.16385

04.01.2010 21:06:23
mbam-log-2010-01-04 (21-06-23).txt

Scan-Methode: Vollständiger Scan (C:\|)
Durchsuchte Objekte: 263546
Laufzeit: 45 minute(s), 39 second(s)

Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 3
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 8

Infizierte Speicherprozesse:
C:\Windows\msa.exe (Trojan.Agent) -> Failed to unload process.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\PUT2VIDQLG (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\B1RQJ7YJ0U (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\put2vidqlg (Trojan.Dropper) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\Kadi\AppData\Local\Temp\a.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\sshnas.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\sshnas.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\msa.exe (Trojan.Agent) -> Delete on reboot.
C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Kadi\AppData\Local\Temp\b.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\Kadi\AppData\Local\Temp\c.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

nick0877 · 04.01.2010, 21:22

jetzt wollte ich gerade noch den 3ten schritt machen mit dem RSIT, aber der bricht das ab und sagt Error 1..

was nun??

TR/Drop.agent.vze in C:/WINDOWS/msa.exe

Plagegeister aller Art und deren Bekämpfung: TR/Drop.agent.vze in C:/WINDOWS/msa.exe