|
Log-Analyse und Auswertung: Trojaner gefunden! - TR/NaviPromo.CWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
16.10.2009, 18:04 | #1 |
| Trojaner gefunden! - TR/NaviPromo.C Servus! Antivir hat mir einen Trojaner gemeldet: TR/NaviPromo.C Könnt ihr mir damit irgendwie helfen? Hier ist mein Logfile: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:51:32, on 16.10.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\Mixer.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\avmwlanstick\FRITZWLANMini.exe C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe C:\Program Files\Lexmark 7600 Series\lxdwmon.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\avmwlanstick\WlanNetService.exe C:\Program Files\Lexmark 7600 Series\lxdwMsdMon.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\lxdwcoms.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\VIA\RAID\vialogsv.exe C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe C:\Program Files\Last.fm\LastFM.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\WINDOWS\system32\imapi.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://start.icq.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = fritz.box O2 - BHO: Lexmark Symbolleiste - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Lexmark - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Lexmark Symbolleiste - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [AVMWlanClient] C:\Program Files\avmwlanstick\FRITZWLANMini.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe 1 O4 - HKLM\..\Run: [lxdwmon.exe] "C:\Program Files\Lexmark 7600 Series\lxdwmon.exe" O4 - HKLM\..\Run: [lxdwamon] "C:\Program Files\Lexmark 7600 Series\lxdwamon.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: AVM WLAN Connection Service - AVM Berlin - C:\Program Files\avmwlanstick\WlanNetService.exe O23 - Service: Google Update Service (gupdate1c9f821a74d73d0) (gupdate1c9f821a74d73d0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: lxdwCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdwserv.exe O23 - Service: lxdw_device - - C:\WINDOWS\system32\lxdwcoms.exe O23 - Service: VRAID Log Service - Unknown owner - C:\Program Files\VIA\RAID\vialogsv.exe -- End of file - 5437 bytes Geändert von Bam-Bam (16.10.2009 um 18:09 Uhr) |
16.10.2009, 18:29 | #2 |
/// Helfer-Team | Trojaner gefunden! - TR/NaviPromo.C Hallo Bam-Bam und
__________________Entfernung von Navipromo: http://www.trojaner-board.de/69713-e...navipromo.html Befolge bitte diese Anleitung und arbeite bitte folgende Liste zur Sicherheit ab Punkt 2 ab: http://www.trojaner-board.de/69886-a...-beachten.html Bitte alle anfallenden Logfiles hier posten. Gruß handball10
__________________ |
16.10.2009, 19:37 | #3 |
| Trojaner gefunden! - TR/NaviPromo.C Hallo, also ich hab mal angefangen:
__________________Code:
ATTFilter Fix Navipromo version 4.0.3 begonnen am 16.10.2009 20:24:44,38 Programm ausgefuehrt in: C:\Program Files\navilog1 Zuletzt von IL-MAFIOSO aktualisiert am 13.10.2009 um 19h00 Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 3 X86-based PC ( Uniprocessor Free : Intel(R) Celeron(R) CPU 2.00GHz ) BIOS : Default System BIOS USER : *** ( Administrator ) BOOT : Normal boot Antivirus : Avira AntiVir PersonalEdition 8.0.1.30 (Activated) A:\ (USB) C:\ (Local Disk) - NTFS - Total:37 Go (Free:5 Go) D:\ (CD or DVD) E:\ (CD or DVD) F:\ (USB) Suche Im normalen Modus ausgefuehrt Bereinigung beim Neustart des Rechners durchgefuehrt. C:\WINDOWS\prefetch\GACUTIL.EXE-2736E6B3.pf entfernt! Bereinigung in C:\WINDOWS\Temp ausgefuehrt! Bereinigung in C:\Documents and Settings\***\locals~1\Temp ausgefuehrt! *** Sicherung der Registry im Ordner Safebackup *** Sicherung der Registry erfolgreich abgeschlossen! *** Bereingung der Registry *** Registry Bereinigung Ok *** Scan beendet 16.10.2009 20:33:03,90 *** |
16.10.2009, 21:26 | #4 |
| Trojaner gefunden! - TR/NaviPromo.CCode:
ATTFilter Malwarebytes' Anti-Malware 1.36 Datenbank Version: 2174 Windows 5.1.2600 Service Pack 3 16.10.2009 22:21:05 mbam-log-2009-10-16 (22-21-05).txt Scan-Methode: Vollständiger Scan (A:\|C:\|D:\|E:\|) Durchsuchte Objekte: 165702 Laufzeit: 1 hour(s), 30 minute(s), 23 second(s) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) |
16.10.2009, 21:35 | #5 |
| Trojaner gefunden! - TR/NaviPromo.CCode:
ATTFilter Logfile of random's system information tool 1.06 (written by random/random) Run by *** at 2009-10-16 22:30:02 Microsoft Windows XP Home Edition Service Pack 3 System drive C: has 5 GB (14%) free of 38 GB Total RAM: 447 MB (58% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:30:15, on 16.10.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\Explorer.EXE C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\avmwlanstick\WlanNetService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\lxdwcoms.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\VIA\RAID\vialogsv.exe C:\WINDOWS\Mixer.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\avmwlanstick\FRITZWLANMini.exe C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe C:\Program Files\Lexmark 7600 Series\lxdwmon.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Lexmark 7600 Series\lxdwMsdMon.exe C:\Documents and Settings\***\Desktop\RSIT.exe C:\Program Files\Trend Micro\HijackThis\***.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://start.icq.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = fritz.box O2 - BHO: Lexmark Symbolleiste - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Lexmark - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Lexmark Symbolleiste - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [AVMWlanClient] C:\Program Files\avmwlanstick\FRITZWLANMini.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe 1 O4 - HKLM\..\Run: [lxdwmon.exe] "C:\Program Files\Lexmark 7600 Series\lxdwmon.exe" O4 - HKLM\..\Run: [lxdwamon] "C:\Program Files\Lexmark 7600 Series\lxdwamon.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: AVM WLAN Connection Service - AVM Berlin - C:\Program Files\avmwlanstick\WlanNetService.exe O23 - Service: Google Update Service (gupdate1c9f821a74d73d0) (gupdate1c9f821a74d73d0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: lxdwCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdwserv.exe O23 - Service: lxdw_device - - C:\WINDOWS\system32\lxdwcoms.exe O23 - Service: VRAID Log Service - Unknown owner - C:\Program Files\VIA\RAID\vialogsv.exe -- End of file - 5264 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}] Lexmark Symbolleiste - C:\Program Files\Lexmark Toolbar\toolband.dll [2008-09-10 372736] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2009-05-24 320920] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D2C5E510-BE6D-42CC-9F61-E4F939078474}] Lexmark - C:\Program Files\Lexmark Printable Web\bho.dll [2008-09-10 180224] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-05-24 35840] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-05-24 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - Lexmark Symbolleiste - C:\Program Files\Lexmark Toolbar\toolband.dll [2008-09-10 372736] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "C-Media Mixer"=Mixer.exe /startup [] "avgnt"=C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe [2008-07-19 266497] "AVMWlanClient"=C:\Program Files\avmwlanstick\FRITZWLANMini.exe [2006-06-23 343552] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696] "AudioDeck"=C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe [2007-08-09 528384] "lxdwmon.exe"=C:\Program Files\Lexmark 7600 Series\lxdwmon.exe [2008-09-10 676520] "lxdwamon"=C:\Program Files\Lexmark 7600 Series\lxdwamon.exe [2008-09-10 16040] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-05-24 148888] C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=91000000 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare" "C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer" "C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe"="C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater" "C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox" "C:\Program Files\IncrediMail\bin\ImApp.exe"="C:\Program Files\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail" "C:\Program Files\IncrediMail\bin\IncMail.exe"="C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail" "C:\Program Files\IncrediMail\bin\ImpCnt.exe"="C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\WNt500x86\RpcSandraSrv.exe"="C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\WNt500x86\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service" "C:\WINDOWS\system32\lxdwcoms.exe"="C:\WINDOWS\system32\lxdwcoms.exe:*:Enabled:7600 Series Server" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J] shell\AutoRun\command - J:\pushinst.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{71dd6e26-5a5b-11dd-b811-00040efa8b1c}] shell\AutoRun\command - F:\LaunchU3.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d1020120-6554-11dc-8f12-e4ad1e6ca65a}] shell\AutoRun\command - J:\pushinst.exe ======List of files/folders created in the last 1 months====== 2009-10-16 22:30:02 ----DC---- C:\rsit 2009-10-16 15:42:08 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Lexmark 7600 Series 2009-10-14 18:38:54 ----HDC---- C:\WINDOWS\$NtUninstallKB974455$ 2009-10-14 18:38:41 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$ 2009-10-14 18:35:48 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$ 2009-10-14 18:35:37 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$ 2009-10-14 18:35:26 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$ 2009-10-14 18:34:29 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$ 2009-10-14 18:33:43 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$ 2009-10-14 18:31:14 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$ 2009-10-14 18:30:54 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$ 2009-10-14 18:30:41 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$ 2009-10-12 21:21:03 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$ 2009-09-17 21:27:19 ----A---- C:\WINDOWS\Menu.INI ======List of files/folders modified in the last 1 months====== 2009-10-16 22:30:06 ----D---- C:\WINDOWS\Prefetch 2009-10-16 21:53:23 ----D---- C:\WINDOWS\Temp 2009-10-16 20:44:52 ----D---- C:\Program Files\Mozilla Firefox 2009-10-16 20:43:45 ----D---- C:\WINDOWS\Debug 2009-10-16 20:43:45 ----D---- C:\WINDOWS 2009-10-16 20:33:14 ----D---- C:\Program Files\Navilog1 2009-10-16 20:33:03 ----AC---- C:\cleannavi.txt 2009-10-16 20:31:10 ----N---- C:\WINDOWS\SchedLgU.Txt 2009-10-16 15:21:19 ----AC---- C:\WINDOWS\cdplayer.ini 2009-10-16 13:51:42 ----D---- C:\WINDOWS\Microsoft.NET 2009-10-16 13:51:27 ----RSD---- C:\WINDOWS\assembly 2009-10-16 13:14:27 ----D---- C:\Program Files\AntiVir PersonalEdition Classic 2009-10-16 13:14:21 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\AntiVir PersonalEdition Classic 2009-10-15 14:14:48 ----SHD---- C:\Config.Msi 2009-10-15 14:14:48 ----D---- C:\WINDOWS\system32 2009-10-14 18:46:00 ----SHD---- C:\WINDOWS\Installer 2009-10-14 18:44:58 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-10-14 18:43:54 ----D---- C:\WINDOWS\WinSxS 2009-10-14 18:39:09 ----HD---- C:\WINDOWS\inf 2009-10-14 18:39:02 ----RSHDC---- C:\WINDOWS\system32\dllcache 2009-10-14 18:31:05 ----HD---- C:\WINDOWS\$hf_mig$ 2009-10-14 16:04:14 ----D---- C:\WINDOWS\system32\CatRoot2 2009-10-13 17:48:13 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Skype 2009-10-13 17:48:12 ----RD---- C:\Program Files 2009-10-13 17:46:33 ----D---- C:\Program Files\QuickTime 2009-10-13 17:44:18 ----D---- C:\Program Files\Common Files 2009-10-12 21:21:06 ----D---- C:\WINDOWS\system32\drivers 2009-10-02 20:01:57 ----A---- C:\WINDOWS\system32\MRT.exe 2009-10-02 13:21:45 ----D---- C:\Documents and Settings\***\Application Data\vlc 2009-09-29 20:22:38 ----D---- C:\Documents and Settings\***\Application Data\dvdcss 2009-09-25 07:37:11 ----A---- C:\WINDOWS\system32\wininet.dll 2009-09-25 07:37:11 ----A---- C:\WINDOWS\system32\urlmon.dll 2009-09-25 07:37:10 ----A---- C:\WINDOWS\system32\shdocvw.dll 2009-09-25 07:37:10 ----A---- C:\WINDOWS\system32\mshtml.dll 2009-09-25 07:37:09 ----A---- C:\WINDOWS\system32\ieencode.dll ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 avgio;avgio; \??\C:\Program Files\AntiVir PersonalEdition Classic\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-05-27 75096] R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2008-04-21 21248] R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.5.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2007-08-06 21035] R2 irda;IrDA Protocol; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192] R3 avgntflt;avgntflt; \??\C:\Program Files\AntiVir PersonalEdition Classic\avgntflt.sys [] R3 FWLANUSB;AVM FRITZ!WLAN; C:\WINDOWS\system32\DRIVERS\fwlanusb.sys [2006-07-31 264704] R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 irsir;Microsoft Serial Infrared Driver; C:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688] R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584] R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] R3 VIAudio;Vinyl AC'97 Audio Controller (WDM); C:\WINDOWS\system32\drivers\vinyl97.sys [2007-06-27 207488] S1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-13 37760] S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [] S3 catchme;catchme; \??\C:\DOCUME~1\***~1\LOCALS~1\Temp\catchme.sys [] S3 cmpci;C-Media PCI Audio Driver (WDM); C:\WINDOWS\system32\drivers\cmaudio.sys [2002-01-29 370382] S3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2004-12-16 42496] S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165] S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-04 1897408] S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\wg111v2.sys [] S3 SANDRA;SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\WNt500x86\Sandra.sys [] S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-29 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-29 82944] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirScheduler;AntiVir PersonalEdition Classic Planer; C:\Program Files\AntiVir PersonalEdition Classic\sched.exe [2008-10-23 68865] R2 AntiVirService;AntiVir PersonalEdition Classic Guard; C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe [2008-10-23 151297] R2 AVM WLAN Connection Service;AVM WLAN Connection Service; C:\Program Files\avmwlanstick\WlanNetService.exe [2006-07-31 370756] R2 Irmon;Infrared Monitor; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-05-24 152984] R2 lxdw_device;lxdw_device; C:\WINDOWS\system32\lxdwcoms.exe [2008-05-16 594600] R2 VRAID Log Service;VRAID Log Service; C:\Program Files\VIA\RAID\vialogsv.exe [2009-06-08 52888] S2 gupdate1c9f821a74d73d0;Google Update Service (gupdate1c9f821a74d73d0); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-06-28 133104] S2 lxdwCATSCustConnectService;lxdwCATSCustConnectService; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdwserv.exe [2008-05-16 98984] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-06-07 137200] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728] S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF----------------- |
16.10.2009, 21:38 | #6 |
| Trojaner gefunden! - TR/NaviPromo.CCode:
ATTFilter info.txt logfile of random's system information tool 1.06 2009-10-16 22:30:22 ======Uninstall list====== -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf ABBYY FineReader 6.0 Sprint-->MsiExec.exe /X{ACF60000-22B9-4CE9-98D6-2CCF359BAC07} Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Reader 9.1 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A91000000001} Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033} Audiograbber 1.83 SE -->"C:\Program Files\Audiograbber\Uninstall.exe" Avira AntiVir Personal - Free Antivirus-->C:\Program Files\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE AVM FRITZ!WLAN-->C:\Program Files\avmwlanstick\instwcli.exe -d1 CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe" Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe" DeepBurner v1.8.0.224-->"C:\Program Files\Astonsoft\DeepBurner\Uninstall.exe" "C:\Program Files\Astonsoft\DeepBurner\install.log" Free PDF to Word Doc Converter v1.1-->"C:\Program Files\Free PDF to Word Doc Converter\unins000.exe" Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT="" Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe" Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe" Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe" janosch_bildschirmschoner Screensaver-->pysoft_uninstaller.exe /u C:\WINDOWS\system32\janosch_bildschirmschoner.scr Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF} Last.fm 1.5.4.24567-->"C:\Program Files\Last.fm\unins000.exe" Lexmark -->regsvr32.exe /s /u "C:\Program Files\Lexmark Printable Web\bho.dll" Lexmark 7600 Series-->C:\Program Files\Lexmark 7600 Series\Install\x86\Uninst.exe Lexmark Symbolleiste-->regsvr32.exe /s /u "C:\Program Files\Lexmark Toolbar\toolband.dll" Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp" Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7} Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft DirectX Transform optional components-->RUNDLL32.EXE ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\DXTXTRA.INF,UNINSTALL.NT,12 Microsoft Office 2000 Premium-->MsiExec.exe /I{00000407-78E1-11D2-B60F-006097C998E7} Mozilla Firefox (3.5.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F} MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} PCI Audio Driver-->cmuninst.exe Picasa 3-->"C:\Program Files\Google\Picasa3\Uninstall.exe" Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe" Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe" Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe" Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe" Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe" Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe" Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe" Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe" Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe" Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe" Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe" Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe" Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe" Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe" Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" Security Update for Windows XP (KB953155)-->"C:\WINDOWS\$NtUninstallKB953155$\spuninst\spuninst.exe" Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe" Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe" Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe" Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe" Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe" Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe" Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe" Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe" Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe" Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe" Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe" Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe" Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe" Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe" Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe" Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe" Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe" Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe" Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe" Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe" Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe" Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe" Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe" Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe" Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe" Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe" Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe" Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe" Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe" Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe" Security Update for Windows XP (KB963027)-->"C:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe" Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe" Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe" Security Update for Windows XP (KB969897)-->"C:\WINDOWS\$NtUninstallKB969897$\spuninst\spuninst.exe" Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe" Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe" Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe" Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe" Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe" Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe" Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe" Security Update for Windows XP (KB972260)-->"C:\WINDOWS\$NtUninstallKB972260$\spuninst\spuninst.exe" Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe" Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe" Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe" Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe" Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe" Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe" Security Update for Windows XP (KB974455)-->"C:\WINDOWS\$NtUninstallKB974455$\spuninst\spuninst.exe" Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe" Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe" Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe" Sony USB Driver-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\setup.exe" -l0x9 UNINSTALL -removeonly Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT="" Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe" Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe" Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe" Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe" Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe" Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe" VIA Platform Device Manager-->C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169} VIA Rhine-Family Fast Ethernet Adapter-->Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA VLC media player 1.0.0-->C:\Program Files\VLC\uninstall.exe Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe" Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe" =====HijackThis Backups===== O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2009-05-24] O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') [2009-05-24] O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-05-24] O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') [2009-05-24] O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') [2009-05-24] ======Security center information====== AV: Avira AntiVir PersonalEdition ======System event log====== Computer Name: ***-A63D2A32 Event Code: 32 Message: Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last Error was The referenced assembly is not installed on your system. Record Number: 58468 Source Name: SideBySide Time Written: 20090920201254.000000+120 Event Type: error User: Computer Name: ***-A63D2A32 Event Code: 6161 Message: The document Microsoft Word - Dokument2 owned by *** failed to print on printer Lexmark 7600 Series (USB). Data type: LEMF. Size of the spool file in bytes: 106529. Number of bytes printed: 106529. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\***-A63D2A32. Win32 error code returned by the print processor: 0 (0x0). Record Number: 58467 Source Name: Print Time Written: 20090920201244.000000+120 Event Type: error User: ***-A63D2A32\*** Computer Name: ***-A63D2A32 Event Code: 7000 Message: The lxdwCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Record Number: 58448 Source Name: Service Control Manager Time Written: 20090920193428.000000+120 Event Type: error User: Computer Name: ***-A63D2A32 Event Code: 7009 Message: Timeout (30000 milliseconds) waiting for the lxdwCATSCustConnectService service to connect. Record Number: 58447 Source Name: Service Control Manager Time Written: 20090920193428.000000+120 Event Type: error User: Computer Name: ***-A63D2A32 Event Code: 2504 Message: The server could not bind to the transport \Device\NetBT_Tcpip_{98780EAB-3E02-4215-A8C4-04ACCC6165E6}. Record Number: 58446 Source Name: Server Time Written: 20090920193415.000000+120 Event Type: warning User: =====Application event log===== Computer Name: ***-A63D2A32 Event Code: 1002 Message: Hanging application firefox.exe, version 1.9.0.3257, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Record Number: 2408 Source Name: Application Hang Time Written: 20090113191326.000000+060 Event Type: error User: Computer Name: ***-A63D2A32 Event Code: 1002 Message: Hanging application firefox.exe, version 1.9.0.3257, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Record Number: 2407 Source Name: Application Hang Time Written: 20090113191211.000000+060 Event Type: error User: Computer Name: ***-A63D2A32 Event Code: 1002 Message: Hanging application firefox.exe, version 1.9.0.3257, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Record Number: 2406 Source Name: Application Hang Time Written: 20090113170035.000000+060 Event Type: error User: Computer Name: ***-A63D2A32 Event Code: 1001 Message: Detection of product '{00000407-78E1-11D2-B60F-006097C998E7}', feature 'ThesaurusFiles_ITA' failed during request for component '{6C3C75EE-D6CD-11D2-B778-00805F4AD050}' Record Number: 2243 Source Name: MsiInstaller Time Written: 20081127183332.000000+060 Event Type: warning User: ***-A63D2A32\*** Computer Name: ***-A63D2A32 Event Code: 1002 Message: Hanging application WINWORD.EXE, version 9.0.0.2823, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Record Number: 2165 Source Name: Application Hang Time Written: 20081111190852.000000+060 Event Type: error User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=15 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 7, GenuineIntel "PROCESSOR_REVISION"=0207 "NUMBER_OF_PROCESSORS"=1 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP -----------------EOF----------------- |
16.10.2009, 21:49 | #7 |
/// Helfer-Team | Trojaner gefunden! - TR/NaviPromo.C moin bam-bam. Bitte poste noch die Logdatei von AntiVir. EDIT: Bitte mach einen Scan mit Super AntiSpyware: http://www.trojaner-board.de/51871-a...tispyware.html Gruß Handball10
__________________ Lustige Rechtschreibfehler des Trojanischen Pferdes "Trojan.Win32.FraudPack.ajn" Lustige Rechtschreibfehler von "XP Deluxe Protector" - Neu !! |
17.10.2009, 19:23 | #8 |
| Trojaner gefunden! - TR/NaviPromo.C Servus handball10, die Logdatei von AntiVir, wie find ich die?? :/ Hier ist jedenfalls schon mal das logfile von SuperAntiSpyware: Code:
ATTFilter SUPERAntiSpyware Scan Log h**p://w*w.superantispyware.com Generated 10/17/2009 at 07:58 PM Application Version : 4.29.1004 Core Rules Database Version : 4171 Trace Rules Database Version: 2093 Scan type : Complete Scan Total Scan Time : 02:50:13 Memory items scanned : 446 Memory threats detected : 0 Registry items scanned : 4540 Registry threats detected : 0 File items scanned : 66012 File threats detected : 138 Adware.Tracking Cookie .adtech.de [ C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\ny25hamf.default\cookies.txt ] .adtech.de [ C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\ny25hamf.default\cookies.txt ] .mediaplex.com [ C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\ny25hamf.default\cookies.txt ] .as-eu.falkag.net [ C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\ny25hamf.default\cookies.txt ] .specificclick.net [ C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\ny25hamf.default\cookies.txt ] .specificclick.net [ C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\ny25hamf.default\cookies.txt ] .specificclick.net [ C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\ny25hamf.default\cookies.txt ] .specificclick.net [ C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\ny25hamf.default\cookies.txt ] w*w.blogcounter.de [ C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\ny25hamf.default\cookies.txt ] .2o7.net [ C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\ny25hamf.default\cookies.txt ] .2o7.net [ C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\ny25hamf.default\cookies.txt ] .2o7.net [ C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\ny25hamf.default\cookies.txt ] .2o7.net [ C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\ny25hamf.default\cookies.txt ] .2o7.net [ C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\ny25hamf.default\cookies.txt ] .ice.112.2o7.net [ C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\ny25hamf.default\cookies.txt ] .adopt.euroclick.com [ C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\ny25hamf.default\cookies.txt ] adopt.euroclick.com [ C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\ny25hamf.default\cookies.txt ] .adopt.euroclick.com [ C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\ny25hamf.default\cookies.txt ] .adopt.euroclick.com [ C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\ny25hamf.default\cookies.txt ] .adopt.euroclick.com [ C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\ny25hamf.default\cookies.txt ] .adopt.euroclick.com [ C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\ny25hamf.default\cookies.txt ] .indextools.com [ C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\ny25hamf.default\cookies.txt ] .indextools.com [ C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\ny25hamf.default\cookies.txt ] statse.webtrendslive.com [ C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\ny25hamf.default\cookies.txt ] .komtrack.com [ C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\ny25hamf.default\cookies.txt ] .komtrack.com [ C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\ny25hamf.default\cookies.txt ] .e-2dj6wgkoancjskp.stats.esomniture.com [ C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\ny25hamf.default\cookies.txt ] .e-2dj6wjnygjd5mbq.stats.esomniture.com [ C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\ny25hamf.default\cookies.txt ] .doubleclick.net [ C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\ny25hamf.default\cookies.txt ] .4stats.de [ C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\ny25hamf.default\cookies.txt ] .4stats.de [ C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\ny25hamf.default\cookies.txt ] partners.webmasterplan.com [ C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\ny25hamf.default\cookies.txt ] partners.webmasterplan.com [ C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\ny25hamf.default\cookies.txt ] partners.webmasterplan.com [ C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\ny25hamf.default\cookies.txt ] adserver.71i.de [ C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\ny25hamf.default\cookies.txt ] .overture.com [ C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\ny25hamf.default\cookies.txt ] .mediavantage.de [ C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\ny25hamf.default\cookies.txt ] .tradedoubler.com [ C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\ny25hamf.default\cookies.txt ] .tradedoubler.com [ C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\ny25hamf.default\cookies.txt ] .e-2dj6wjlowhcpkho.stats.esomniture.com [ C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\ny25hamf.default\cookies.txt ] .e-2dj6whkiskazghq.stats.esomniture.com [ C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\ny25hamf.default\cookies.txt ] .e-2dj6whkiamcjebp.stats.esomniture.com [ C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\ny25hamf.default\cookies.txt ] .e-2dj6wfkowocpcko.stats.esomniture.com [ C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\ny25hamf.default\cookies.txt ] .e-2dj6wfkiqhdjaeo.stats.esomniture.com [ C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\ny25hamf.default\cookies.txt ] .e-2dj6wfliekdzocp.stats.esomniture.com [ C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\ny25hamf.default\cookies.txt ] .adfarm1.adition.com [ C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\ny25hamf.default\cookies.txt ] .e-2dj6wfloggdzwap.stats.esomniture.com [ C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\ny25hamf.default\cookies.txt ] ad.yieldmanager.com [ C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\ny25hamf.default\cookies.txt ] ad.yieldmanager.com [ C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\ny25hamf.default\cookies.txt ] ad.yieldmanager.com [ C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\ny25hamf.default\cookies.txt ] adserving.cpxinteractive.com [ C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\ny25hamf.default\cookies.txt ] adserving.cpxinteractive.com [ C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\ny25hamf.default\cookies.txt ] de.sitestat.com [ C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\ny25hamf.default\cookies.txt ] w*w.etracker.de [ C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\ny25hamf.default\cookies.txt ] w*w.etracker.de [ C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\ny25hamf.default\cookies.txt ] .atdmt.com [ C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\ny25hamf.default\cookies.txt ] .w*w.windowsmedia.com [ C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\ny25hamf.default\cookies.txt ] .w*w.windowsmedia.com [ C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\ny25hamf.default\cookies.txt ] .xiti.com [ C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\ny25hamf.default\cookies.txt ] .list.ru [ C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\ny25hamf.default\cookies.txt ] .fastclick.net [ C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\ny25hamf.default\cookies.txt ] .fastclick.net [ C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\ny25hamf.default\cookies.txt ] .fastclick.net [ C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\ny25hamf.default\cookies.txt ] .fastclick.net [ C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\ny25hamf.default\cookies.txt ] .fastclick.net [ C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\ny25hamf.default\cookies.txt ] .fastclick.net [ C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\ny25hamf.default\cookies.txt ] .fastclick.net [ C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\ny25hamf.default\cookies.txt ] .247realmedia.com [ C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\ny25hamf.default\cookies.txt ] .smartadserver.com [ C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\ny25hamf.default\cookies.txt ] .smartadserver.com [ C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\ny25hamf.default\cookies.txt ] .smartadserver.com [ C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\ny25hamf.default\cookies.txt ] .hbxtracking.sueddeutsche.de [ C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\ny25hamf.default\cookies.txt ] .hbxtracking.sueddeutsche.de [ C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\ny25hamf.default\cookies.txt ] .hbxtracking.sueddeutsche.de [ C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\ny25hamf.default\cookies.txt ] .sevenloadgmbh.112.2o7.net [ C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\ny25hamf.default\cookies.txt ] .yadro.ru [ C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\ny25hamf.default\cookies.txt ] .estat.com [ C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\ny25hamf.default\cookies.txt ] .bfast.com [ C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\ny25hamf.default\cookies.txt ] .bfast.com [ C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\ny25hamf.default\cookies.txt ] .screensavers.com [ C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\ny25hamf.default\cookies.txt ] .screensavers.com [ C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\ny25hamf.default\cookies.txt ] w*w.screensavers.com [ C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\ny25hamf.default\cookies.txt ] .perf.overture.com [ C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\ny25hamf.default\cookies.txt ] .adbrite.com [ C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\ny25hamf.default\cookies.txt ] .adbrite.com [ C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\ny25hamf.default\cookies.txt ] .burstnet.com [ C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\ny25hamf.default\cookies.txt ] .burstnet.com [ C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\ny25hamf.default\cookies.txt ] w*w.burstnet.com [ C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\ny25hamf.default\cookies.txt ] w*w.burstbeacon.com [ C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\ny25hamf.default\cookies.txt ] .e-2dj6wgkoujczahp.stats.esomniture.com [ C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\ny25hamf.default\cookies.txt ] track.webtrekk.de [ C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\ny25hamf.default\cookies.txt ] .advertising.com [ C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\ny25hamf.default\cookies.txt ] .advertising.com [ C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\ny25hamf.default\cookies.txt ] .revsci.net [ C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\ny25hamf.default\cookies.txt ] .revsci.net [ C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\ny25hamf.default\cookies.txt ] .revsci.net [ C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\ny25hamf.default\cookies.txt ] .revsci.net [ C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\ny25hamf.default\cookies.txt ] .atwola.com [ C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\ny25hamf.default\cookies.txt ] .hitbox.com [ C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\ny25hamf.default\cookies.txt ] .hitbox.com [ C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\ny25hamf.default\cookies.txt ] .ehg-nokiafin.hitbox.com [ C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\ny25hamf.default\cookies.txt ] .msnportal.112.2o7.net [ C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\ny25hamf.default\cookies.txt ] .serving-sys.com [ C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\ny25hamf.default\cookies.txt ] .serving-sys.com [ C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\ny25hamf.default\cookies.txt ] .serving-sys.com [ C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\ny25hamf.default\cookies.txt ] .serving-sys.com [ C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\ny25hamf.default\cookies.txt ] .serving-sys.com [ C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\ny25hamf.default\cookies.txt ] .microsoftwga.112.2o7.net [ C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\ny25hamf.default\cookies.txt ] .bs.serving-sys.com [ C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\ny25hamf.default\cookies.txt ] C:\Documents and Settings\***\Cookies\***@atdmt[2].txt C:\Documents and Settings\***\Cookies\***@bs.serving-sys[1].txt C:\Documents and Settings\***\Cookies\***@doubleclick[2].txt C:\Documents and Settings\***\Cookies\***@mediaplex[1].txt C:\Documents and Settings\***\Cookies\***@microsoftwga.112.2o7[1].txt C:\Documents and Settings\***\Cookies\***@msnportal.112.2o7[1].txt C:\Documents and Settings\***\Cookies\***@serving-sys[1].txt C:\Documents and Settings\***\Cookies\***@w*w.windowsmedia[1].txt C:\Documents and Settings\***\Cookies\***@2o7[1].txt C:\Documents and Settings\***\Cookies\***@adfarm1.adition[1].txt C:\Documents and Settings\***\Cookies\***@adtech[2].txt C:\Documents and Settings\***\Cookies\***@advertising[1].txt C:\Documents and Settings\***\Cookies\***@as-eu.falkag[1].txt C:\Documents and Settings\***\Cookies\***@atwola[1].txt C:\Documents and Settings\***\Cookies\***@komtrack[2].txt C:\Documents and Settings\***\Cookies\***@overture[2].txt C:\Documents and Settings\***\Cookies\***@sevenoneintermedia.112.2o7[1].txt C:\Documents and Settings\***\Cookies\***@tradedoubler[2].txt C:\Documents and Settings\***\Cookies\***@w*w.googleadservices[1].txt C:\Dokumente und Einstellungen\***\Cookies\***@2o7[2].txt C:\Dokumente und Einstellungen\***\Cookies\***@atdmt[2].txt C:\Dokumente und Einstellungen\***\Cookies\***@bs.serving-sys[2].txt C:\Dokumente und Einstellungen\***\Cookies\***@doubleclick[1].txt C:\Dokumente und Einstellungen\***\Cookies\***@mediaplex[1].txt C:\Dokumente und Einstellungen\***\Cookies\***@msnportal.112.2o7[1].txt C:\Dokumente und Einstellungen\***\Cookies\***@serving-sys[2].txt C:\Dokumente und Einstellungen\***\Cookies\***@overture[2].txt C:\Dokumente und Einstellungen\***\Cookies\***@w*w.googleadservices[1].txt Adware.Vundo/Variant-MSFake C:\PROGRAM FILES\NAVILOG1\REG.EXE |
18.10.2009, 16:31 | #9 |
| Trojaner gefunden! - TR/NaviPromo.C Hallo, ich hab jetz den Bericht vom letzten Suchlauf von AntiVir: Code:
ATTFilter Avira AntiVir Personal Erstellungsdatum der Reportdatei: Freitag, 16. Oktober 2009 16:10 Es wird nach 1796380 Virenstämmen gesucht. Lizenznehmer: Avira AntiVir Personal - FREE Antivirus Seriennummer: 0000149996-ADJIE-0000001 Plattform: Windows XP Windowsversion: (Service Pack 3) [5.1.2600] Boot Modus: Normal gebootet Benutzername: SYSTEM Computername: ***-A63D2A32 Versionsinformationen: BUILD.DAT : 8.2.0.353 17048 Bytes 5/15/2009 12:02:00 AVSCAN.EXE : 8.1.4.10 315649 Bytes 11/25/2008 16:13:26 AVSCAN.DLL : 8.1.4.0 48897 Bytes 7/19/2008 17:06:16 LUKE.DLL : 8.1.4.5 164097 Bytes 7/19/2008 17:06:16 LUKERES.DLL : 8.1.4.0 12545 Bytes 7/19/2008 17:06:16 ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/2008 22:16:06 ANTIVIR1.VDF : 7.1.4.132 5707264 Bytes 6/24/2009 09:58:51 ANTIVIR2.VDF : 7.1.6.50 4333568 Bytes 9/29/2009 21:39:16 ANTIVIR3.VDF : 7.1.6.110 525824 Bytes 10/14/2009 16:19:23 Engineversion : 8.2.1.35 AEVDF.DLL : 8.1.1.2 106867 Bytes 9/15/2009 21:18:06 AESCRIPT.DLL : 8.1.2.35 483707 Bytes 10/4/2009 21:39:21 AESCN.DLL : 8.1.2.5 127346 Bytes 9/6/2009 16:43:40 AERDL.DLL : 8.1.3.2 479604 Bytes 10/4/2009 21:39:21 AEPACK.DLL : 8.2.0.0 422261 Bytes 9/15/2009 21:18:04 AEOFFICE.DLL : 8.1.0.38 196987 Bytes 6/17/2009 20:03:37 AEHEUR.DLL : 8.1.0.167 2011511 Bytes 10/8/2009 15:37:13 AEHELP.DLL : 8.1.7.0 237940 Bytes 9/6/2009 16:43:39 AEGEN.DLL : 8.1.1.67 364916 Bytes 10/4/2009 21:39:18 AEEMU.DLL : 8.1.1.0 393587 Bytes 10/4/2009 21:39:18 AECORE.DLL : 8.1.8.1 184693 Bytes 9/15/2009 21:18:04 AEBB.DLL : 8.1.0.3 53618 Bytes 10/16/2008 10:56:13 AVWINLL.DLL : 1.0.0.12 15105 Bytes 7/19/2008 17:06:16 AVPREF.DLL : 8.0.2.0 38657 Bytes 7/19/2008 17:06:15 AVREP.DLL : 8.0.0.3 155688 Bytes 4/20/2009 18:38:49 AVREG.DLL : 8.0.0.1 33537 Bytes 7/19/2008 17:06:16 AVARKT.DLL : 1.0.0.23 307457 Bytes 4/21/2008 12:08:07 AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 7/19/2008 17:06:15 SQLITE3.DLL : 3.3.17.1 339968 Bytes 4/21/2008 12:08:08 SMTPLIB.DLL : 1.2.0.23 28929 Bytes 7/19/2008 17:06:16 NETNT.DLL : 8.0.0.1 7937 Bytes 4/21/2008 12:08:08 RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 7/19/2008 17:06:11 RCTEXT.DLL : 8.0.52.0 86273 Bytes 7/19/2008 17:06:11 Konfiguration für den aktuellen Suchlauf: Job Name.........................: Vollständige Systemprüfung Konfigurationsdatei..............: c:\program files\antivir personaledition classic\sysscan.avp Protokollierung..................: niedrig Primäre Aktion...................: interaktiv Sekundäre Aktion.................: ignorieren Durchsuche Masterbootsektoren....: aus Durchsuche Bootsektoren..........: ein Bootsektoren.....................: C:, Durchsuche aktive Programme......: ein Durchsuche Registrierung.........: ein Suche nach Rootkits..............: aus Datei Suchmodus..................: Alle Dateien Durchsuche Archive...............: ein Rekursionstiefe einschränken.....: 20 Archiv Smart Extensions..........: ein Makrovirenheuristik..............: ein Dateiheuristik...................: mittel Beginn des Suchlaufs: Freitag, 16. Oktober 2009 16:10 Der Suchlauf über gestartete Prozesse wird begonnen: Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'avcenter.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'imapi.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'LastFM.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'wmplayer.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'Adobe_Updater.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'firefox.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'alg.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'vialogsv.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'lxdwcoms.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'jqs.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'lxdwmsdmon.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'WLanNetService.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'jusched.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'lxdwmon.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'ADeck.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'FRITZWLanMini.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'mixer.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'explorer.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'spoolsv.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'lsass.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'services.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'winlogon.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'csrss.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'smss.exe' - '1' Modul(e) wurden durchsucht Es wurden '35' Prozesse mit '35' Modulen durchsucht Der Suchlauf über die Bootsektoren wird begonnen: Bootsektor 'C:\' [INFO] Es wurde kein Virus gefunden! Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen. Die Registry wurde durchsucht ( '50' Dateien ). Der Suchlauf über die ausgewählten Dateien wird begonnen: Beginne mit der Suche in 'C:\' C:\pagefile.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! Ende des Suchlaufs: Freitag, 16. Oktober 2009 18:16 Benötigte Zeit: 2:06:40 Stunde(n) Der Suchlauf wurde vollständig durchgeführt. 7483 Verzeichnisse wurden überprüft 181907 Dateien wurden geprüft 0 Viren bzw. unerwünschte Programme wurden gefunden 0 Dateien wurden als verdächtig eingestuft 0 Dateien wurden gelöscht 0 Viren bzw. unerwünschte Programme wurden repariert 0 Dateien wurden in die Quarantäne verschoben 0 Dateien wurden umbenannt 1 Dateien konnten nicht durchsucht werden 181906 Dateien ohne Befall 1984 Archive wurden durchsucht 1 Warnungen 0 Hinweise |
18.10.2009, 16:49 | #10 |
/// Helfer-Team | Trojaner gefunden! - TR/NaviPromo.C Moin Bam-Bam, sieht schon ganz gut aus! Gibt es denn noch irgendwelche Probleme mit dem Rechner? Gruß Handball10
__________________ Lustige Rechtschreibfehler des Trojanischen Pferdes "Trojan.Win32.FraudPack.ajn" Lustige Rechtschreibfehler von "XP Deluxe Protector" - Neu !! |
18.10.2009, 18:05 | #11 |
| Trojaner gefunden! - TR/NaviPromo.C Hey! Naja, Probleme hab ich ohnehin eigentlich nicht bemerkt, ich hatte nur zweimal eine Meldung, dass ich nen Trojaner hab. Sowas kam bisher nicht nochmal, von daher... =) Soll ich denn die Objekte in der Quarantäne bei SUPERAntiSpyware jetzt löschen oder wiederherstellen? Und muss ich das nochmal im abgesicherten Modus prüfen lassen wie's in der Anleitung steht? lg Bam-Bam |
26.10.2009, 18:55 | #12 |
| Trojaner gefunden! - TR/NaviPromo.C Hallo! Was mach ich denn jetz mit dem Programm?! Des brauch ich doch nimmer, oder...? Und noch was. Irgendwie is mein PC zur Zeit totaal lahm, firefox vor allem...das hängt sich manchmal auch auf. An was kann das liegen? Hab ich vllt. einfach schon zu wenig Platz auf der Festplatte? lg |
28.10.2009, 22:13 | #13 | ||
/// Helfer-Team | Trojaner gefunden! - TR/NaviPromo.C Moin Bam-Bam, tut mir Leid, dass ich so spät antworte! Bin mittlerweile wieder über die ganze Woche beschäftigt, weil ja leider keine Ferien mehr sind... Zitat:
"Adware.Vundo/Variant-MSFake C:\PROGRAM FILES\NAVILOG1\REG.EXE" ist ein Fehlalarm; Navilog und SUPERAntiSpyware kannst du deinstallieren. Zitat:
Lade dir mal den CCleaner runter. http://www.trojaner-board.de/51464-a...-ccleaner.html Gruß Handball10
__________________ Lustige Rechtschreibfehler des Trojanischen Pferdes "Trojan.Win32.FraudPack.ajn" Lustige Rechtschreibfehler von "XP Deluxe Protector" - Neu !! |
Themen zu Trojaner gefunden! - TR/NaviPromo.C |
adobe, avira, bho, explorer, firefox, google, gupdate, hijack, hijackthis, internet, internet explorer, logfile, messenger, micro, microsoft, mozilla, plug-in, rojaner gefunden, software, sp3, stick, system, system32, tr/navipromo.c, trojaner, trojaner gefunden, windows, windows media player, windows xp |