|
Log-Analyse und Auswertung: vom Trojaner TR/Dropper.gen erwischt wordenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
20.11.2009, 02:45 | #31 |
| vom Trojaner TR/Dropper.gen erwischt worden Eine Frage hab ich noch: Hab jetzt ein paar mal neu gestartet, um zu sehen, ob der laptop wieder so schnell läuft wie vorher. soweit alles super. nur kommt immer die meldung, dass die gerätetreibersofware-installation fehlgeschlagen ist. und zwar von PC Tools Driver #179 und PC Tools Driver #183. kannst du damit was anfangen bzw. hat das mit dem trojaner-problem was zu tun? Hab eigentlich keine Ahnung für welches Gerät das ein Treiber sein soll. |
20.11.2009, 10:49 | #32 |
/// Selecta Jahrusso | vom Trojaner TR/Dropper.gen erwischt worden PC tools ist Deine Firewall.
__________________Versuche diese neu zu installieren
__________________ |
20.11.2009, 12:27 | #33 |
| vom Trojaner TR/Dropper.gen erwischt worden ok, hab sie neu installiert. aber die meldung kommt nach dem neustart immer noch. jetz allerdings für PC tools driver #208 und #209. sehr komisch, oder?
__________________ |
20.11.2009, 12:55 | #34 |
/// Selecta Jahrusso | vom Trojaner TR/Dropper.gen erwischt worden Deinstalliere sie bitte erneut. Verwende dazu Software mit Revo Uninstaller deinstallieren Downloade Dir bitte den Revo Uninstaller
Starte den Rechner neu auf. Versuchen wir es erneut. Downloadlink
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
20.11.2009, 13:27 | #35 |
| vom Trojaner TR/Dropper.gen erwischt worden Die Meldung kommt immer noch Gerätetreibersoftware-installation fehlgeschlagen PC Tool Driver #210 PC Tool Driver #211 |
20.11.2009, 13:42 | #36 |
/// Selecta Jahrusso | vom Trojaner TR/Dropper.gen erwischt worden startest du das setup mit Rechtsklick "als Admin starten" ?
__________________ --> vom Trojaner TR/Dropper.gen erwischt worden |
20.11.2009, 13:48 | #37 |
| vom Trojaner TR/Dropper.gen erwischt worden mist, das hab ich vergessen. nochmal deinstallieren und neu installieren wie in deiner letzten instruktion? |
20.11.2009, 14:34 | #38 |
| vom Trojaner TR/Dropper.gen erwischt worden Hab mich jetzt als Admin angemeldet und es nochmal deinstalliert gemäß deiner Anleitung. Nach dem Neustart kommt die Meldung auch. Dieses mal mit "unbekanntes Gerät" |
20.11.2009, 14:58 | #39 |
/// Selecta Jahrusso | vom Trojaner TR/Dropper.gen erwischt worden steht nur da unbekanntes gerät ? schick mal eine neue HJT Logfile
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
20.11.2009, 15:04 | #40 |
| vom Trojaner TR/Dropper.gen erwischt worden Es kommt die gleiche Meldung wie als die firewall noch installiert war, nur dass jetzt statt "PC Tool Driver" "unbekanntes Gerät" dasteht. und statt "installation fehlgeschlagen" steht "keine Treiber gefunden" die neue HJT: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:03:57, on 20.11.2009 Platform: Unknown Windows (WinNT 6.01.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Sony\VAIO Power Management\SPMgr.exe C:\Program Files\Mindjet\MindManager 8\MmReminderService.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Apoint\Apoint.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe C:\Program Files\CyberLink\Shared Files\brs.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Apoint\ApMsgFwd.exe C:\Program Files\Apoint\Apvfb.exe C:\Program Files\Apoint\Apntex.exe C:\Windows\system32\conhost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Users\***\Downloads\HiJackThis.exe C:\Windows\system32\SearchFilterHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: CmjBrowserHelperObject Object - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files\Mindjet\MindManager 8\Mm8InternetExplorer.dll O2 - BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [MMReminderService] C:\Program Files\Mindjet\MindManager 8\MMReminderService.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe O4 - HKLM\..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe" O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe" O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe O4 - HKCU\..\Run: [NSUFloatingUI] "C:\Program Files\Sony\Network Utility\LANUtil.exe" O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-21-3072239943-4215913350-3028816377-1000\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon (User '***') O4 - Global Startup: Bluetooth.lnk = ? O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: An Mindjet MindManager senden - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Program Files\Mindjet\MindManager 8\Mm8InternetExplorer.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O13 - Gopher Prefix: O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - h**p://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NSUService - Sony Corporation - C:\Program Files\Sony\Network Utility\NSUService.exe O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe O23 - Service: VAIO Power Management - Sony Corporation - C:\Program Files\Sony\VAIO Power Management\SPMService.exe O23 - Service: VAIO Content Folder Watcher (VCFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- End of file - 8017 bytes |
20.11.2009, 18:11 | #41 |
/// Selecta Jahrusso | vom Trojaner TR/Dropper.gen erwischt worden Schauen wir mal in die Eventlogs.
Die Info.txt reicht mir.
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
20.11.2009, 18:24 | #42 |
| vom Trojaner TR/Dropper.gen erwischt worden Hab es als Admin ausgeführt. Nachdem ich "continue" geklickt habe, öffnet sich ein Fenster bei dem ich die Ausführung der Datei: C:/Users/***/Downloads/***_2.exe bestätigen soll. und dann kommt die Fehlermeldung: AutoIt Error Line-1: Error: Variable used without being declared. |
20.11.2009, 18:30 | #43 | |
/// Selecta Jahrusso | vom Trojaner TR/Dropper.gen erwischt wordenZitat:
sonst. Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Extra.txt reicht mir ebenfalls
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
20.11.2009, 18:42 | #44 |
| vom Trojaner TR/Dropper.gen erwischt worden Hab es auf dem Desktop gespeichert, aber es ging trotzdem nicht. Deshalb hier die OTL´s: Code:
ATTFilter OTL logfile created on: 20.11.2009 18:34:47 - Run 5 OTL by OldTimer - Version 3.1.6.1 Folder = C:\Users\***\Desktop An unknown product (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,97 Gb Available Physical Memory | 98,35% Memory free 4,00 Gb Paging File | 4,00 Gb Available in Paging File | 100,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 455,56 Gb Total Space | 360,30 Gb Free Space | 79,09% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: LAPTOP Current User Name: *** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\iTunes\iTunesHelper.exe (Apple Inc.) PRC - C:\Programme\iPod\bin\iPodService.exe (Apple Inc.) PRC - C:\Programme\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Programme\CyberLink\Shared Files\brs.exe (cyberlink) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Windows\System32\wbem\WmiPrvSE.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Programme\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Apoint\Apvfb.exe (ALPS) PRC - C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.) PRC - C:\Programme\Apoint\ApntEx.exe (Alps Electric Co., Ltd.) PRC - C:\Programme\Apoint\ApMsgFwd.exe (Alps Electric Co., Ltd.) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) PRC - C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation) PRC - C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation) PRC - C:\Programme\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation) PRC - C:\Windows\System32\Ati2evxx.exe (ATI Technologies Inc.) PRC - C:\Windows\System32\Ati2evxx.exe (ATI Technologies Inc.) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) PRC - C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.) PRC - C:\Programme\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation) PRC - C:\Programme\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation) PRC - C:\Programme\Realtek\Audio\HDA\RtkAudioService.exe (Realtek Semiconductor) PRC - C:\Programme\Sony\Network Utility\NSUService.exe (Sony Corporation) PRC - C:\Programme\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation) PRC - C:\Programme\Sony\VAIO Power Management\SPMService.exe (Sony Corporation) PRC - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Advanced Micro Devices Inc.) PRC - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (ATI Technologies Inc.) PRC - C:\Programme\Mindjet\MindManager 8\MmReminderService.exe (Mindjet) ========== Modules (SafeList) ========== MOD - C:\Users\***\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation) MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation) MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation) MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation) MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation) MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.) SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation) SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation) SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation) SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation) SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation) SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation) SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation) SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation) SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation) SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation) SRV - (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation) SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation) SRV - (WMPNetworkSvc) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation) SRV - (ehRecvr) -- C:\Windows\ehome\ehrecvr.exe (Microsoft Corporation) SRV - (ehSched) -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (FontCache3.0.0.0) -- C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) SRV - (NetTcpPortSharing) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation) SRV - (idsvc) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) SRV - (Vcsw) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation) SRV - (VzCdbSvc) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation) SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation) SRV - (VCFw) -- C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation) SRV - (Ati External Event Utility) -- C:\Windows\System32\Ati2evxx.exe (ATI Technologies Inc.) SRV - (btwdins) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.) SRV - (VAIO Event Service) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation) SRV - (RtkAudioService) -- C:\Programme\Realtek\Audio\HDA\RtkAudioService.exe (Realtek Semiconductor) SRV - (NSUService) -- C:\Program Files\Sony\Network Utility\NSUService.exe (Sony Corporation) SRV - (VAIO Power Management) -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe (Sony Corporation) SRV - (odserv) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - ({B154377D-700F-42cc-9474-23858FBDF4BD}) -- C:\Programme\CyberLink\PowerDVD9\000.fcl (CyberLink Corp.) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.) DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.) DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.) DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.) DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices) DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.) DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices) DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation) DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation) DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation) DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation) DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.) DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation) DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation) DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation) DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation) DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation) DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation) DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex) DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.) DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company) DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation) DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation) DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation) DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation) DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation) DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.) DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation) DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation) DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation) DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems) DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation) DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.) DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology) DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation) DRV - (Brserid) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.) DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation) DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation) DRV - (RasAgileVpn) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation) DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation) DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation) DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation) DRV - (1394ohci) -- C:\Windows\System32\drivers\1394ohci.sys (Microsoft Corporation) DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation) DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation) DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation) DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation) DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation) DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation) DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation) DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation) DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation) DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.) DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.) DRV - (SrvHsfV92) -- C:\Windows\System32\drivers\VSTDPV3.SYS (Conexant Systems, Inc.) DRV - (SrvHsfWinac) -- C:\Windows\System32\drivers\VSTCNXT3.SYS (Conexant Systems, Inc.) DRV - (SrvHsfHDA) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.) DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys (Marvell) DRV - (netw5v32) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation) DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation) DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation) DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation) DRV - (secdrv) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) DRV - (GEARAspiWDM) -- C:\Windows\System32\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (btwavdt) -- C:\Windows\System32\drivers\btwavdt.sys (Broadcom Corporation.) DRV - (btwrchid) -- C:\Windows\System32\drivers\btwrchid.sys (Broadcom Corporation.) DRV - (btwaudio) -- C:\Windows\System32\drivers\btwaudio.sys (Broadcom Corporation.) DRV - (btwl2cap) -- C:\Windows\System32\drivers\btwl2cap.sys (Broadcom Corporation.) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (RTHDMIAzAudService) -- C:\Windows\System32\drivers\RtHDMIV.sys (Realtek Semiconductor Corp.) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (IntcAzAudAddService) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (DMICall) -- C:\Windows\System32\drivers\DMICall.sys (Sony Corporation) DRV - (s217unic) -- C:\Windows\System32\drivers\s217unic.sys (MCCI) DRV - (s217mgmt) -- C:\Windows\System32\drivers\s217mgmt.sys (MCCI Corporation) DRV - (s217obex) -- C:\Windows\System32\drivers\s217obex.sys (MCCI Corporation) DRV - (s217nd5) -- C:\Windows\System32\drivers\s217nd5.sys (MCCI Corporation) DRV - (s217mdm) -- C:\Windows\System32\drivers\s217mdm.sys (MCCI Corporation) DRV - (s217bus) -- C:\Windows\System32\drivers\s217bus.sys (MCCI Corporation) DRV - (s217mdfl) -- C:\Windows\System32\drivers\s217mdfl.sys (MCCI Corporation) DRV - (SFEP) -- C:\Windows\System32\drivers\SFEP.sys (Sony Corporation) DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC) ========== Standard Registry (SafeList) ========== |
20.11.2009, 18:43 | #45 |
| vom Trojaner TR/Dropper.gen erwischt wordenCode:
ATTFilter ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = h**p://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5D 93 04 BD 60 69 CA 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "file:///C:/Users/***/***s%20Startseite/***.html" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1 FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.45 FF - prefs.js..extensions.enabledItems: {6614d11d-d21d-b211-ae23-815234e1ebb5}:1.0.21 FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.5 FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009.11.07 16:16:00 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009.11.07 16:16:00 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009.09.23 22:49:11 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2009.09.23 21:21:11 | 00,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2009.09.23 21:21:11 | 00,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2009.11.20 01:31:01 | 00,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\m8kqfi86.default\extensions [2009.11.20 01:30:58 | 00,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\m8kqfi86.default\extensions\{6614d11d-d21d-b211-ae23-815234e1ebb5} [2009.11.20 01:30:58 | 00,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\m8kqfi86.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} [2009.11.20 01:30:58 | 00,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\m8kqfi86.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2009.11.20 01:30:58 | 00,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\m8kqfi86.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3} [2009.10.07 20:48:28 | 00,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\m8kqfi86.default\extensions\fastdial@telega.phpnet.us [2009.10.07 19:50:42 | 00,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2009.11.07 16:16:00 | 00,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009.10.07 19:50:42 | 00,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED} [2009.11.07 16:15:59 | 00,023,512 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\browserdirprovider.dll [2009.11.07 16:15:59 | 00,137,176 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\brwsrcmp.dll [2009.11.07 16:15:59 | 00,064,984 | ---- | M] (mozilla.org) -- C:\Programme\Mozilla Firefox\plugins\npnul32.dll [2009.02.27 12:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Programme\Mozilla Firefox\plugins\nppdf32.dll [2009.09.23 22:49:11 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Programme\Mozilla Firefox\plugins\npqtplugin.dll [2009.09.23 22:49:11 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Programme\Mozilla Firefox\plugins\npqtplugin2.dll [2009.09.23 22:49:11 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Programme\Mozilla Firefox\plugins\npqtplugin3.dll [2009.09.23 22:49:11 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Programme\Mozilla Firefox\plugins\npqtplugin4.dll [2009.09.23 22:49:11 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Programme\Mozilla Firefox\plugins\npqtplugin5.dll [2009.09.23 22:49:11 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Programme\Mozilla Firefox\plugins\npqtplugin6.dll [2009.09.23 22:49:11 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Programme\Mozilla Firefox\plugins\npqtplugin7.dll [2009.08.24 20:25:19 | 00,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2009.08.24 20:25:19 | 00,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2009.08.24 20:25:19 | 00,002,371 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\google.xml [2009.08.24 20:25:19 | 00,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2009.08.24 20:25:19 | 00,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2009.08.24 20:25:19 | 00,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: (824 bytes) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (CmjBrowserHelperObject Object) - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Programme\Mindjet\MindManager 8\Mm8InternetExplorer.dll (Mindjet) O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [BDRegion] C:\Programme\CyberLink\Shared Files\brs.exe (cyberlink) O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) O4 - HKLM..\Run: [MMReminderService] C:\Programme\Mindjet\MindManager 8\MmReminderService.exe (Mindjet) O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.) O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) O4 - HKLM..\Run: [RemoteControl9] C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) O4 - HKCU..\Run: [Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17 O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: An Mindjet MindManager senden - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Programme\Mindjet\MindManager 8\Mm8InternetExplorer.dll (Mindjet) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} h**p://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\System32\VESWinlogon.dll (Sony Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation) O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (*) - File not found O35 - comfile [open] -- "%1" %* File not found O35 - exefile [open] -- "%1" %* File not found ========== Files/Folders - Created Within 30 Days ========== [2009.11.20 18:34:21 | 00,528,896 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2009.11.20 18:16:14 | 00,000,000 | ---D | C] -- C:\rsit [2009.11.20 12:59:10 | 00,000,000 | ---D | C] -- C:\Programme\VS Revo Group [2009.11.20 12:18:15 | 00,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\PCToolsFirewallPlus [2009.11.20 12:12:03 | 00,000,000 | ---D | C] -- C:\Programme\Common Files\PC Tools [2009.11.19 23:16:15 | 00,000,000 | ---D | C] -- C:\Programme\Common Files\Windows Live [2009.11.19 23:12:50 | 00,000,000 | ---D | C] -- C:\Programme\Microsoft Silverlight [2009.11.19 23:11:35 | 00,000,000 | ---D | C] -- C:\Programme\Microsoft [2009.11.19 22:40:45 | 00,000,000 | ---D | C] -- C:\Users\***\AppData\Local\WindowsUpdate [2009.11.19 22:37:27 | 00,000,000 | ---D | C] -- C:\Windows\System32\appmgmt [2009.11.19 15:57:20 | 00,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2009.11.19 15:55:37 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2009.11.19 15:55:35 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2009.11.19 15:55:35 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2009.11.19 15:55:35 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2009.11.19 15:55:35 | 00,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2009.11.10 22:51:10 | 00,000,000 | ---D | C] -- C:\Users\***\AppData\Local\ElevatedDiagnostics [2009.11.09 16:43:35 | 00,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Sony Ericsson [2009.11.09 16:41:31 | 00,109,992 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s217mdm.sys [2009.11.09 16:41:31 | 00,105,896 | ---- | C] (MCCI) -- C:\Windows\System32\drivers\s217unic.sys [2009.11.09 16:41:31 | 00,103,976 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s217mgmt.sys [2009.11.09 16:41:31 | 00,100,008 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s217obex.sys [2009.11.09 16:41:31 | 00,083,496 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s217bus.sys [2009.11.09 16:41:31 | 00,024,872 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s217nd5.sys [2009.11.09 16:41:31 | 00,015,016 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s217mdfl.sys [2009.11.09 16:41:31 | 00,012,200 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s217whnt.sys [2009.11.09 16:41:31 | 00,012,200 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s217wh.sys [2009.11.09 16:41:31 | 00,012,200 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s217cmnt.sys [2009.11.09 16:41:31 | 00,012,200 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s217cm.sys [2009.11.09 16:41:31 | 00,010,792 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s217cr.sys [2009.11.09 16:41:18 | 00,000,000 | ---D | C] -- C:\ProgramData\Sony Ericsson [2009.11.09 16:41:18 | 00,000,000 | ---D | C] -- C:\ProgramData\Sony Ericsson [2009.11.05 20:02:01 | 00,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Cyberlink [2009.11.05 19:58:52 | 00,000,000 | ---D | C] -- C:\Users\***\AppData\Local\PowerDVDCox [2009.11.05 19:58:51 | 00,000,000 | ---D | C] -- C:\Users\***\AppData\Local\PowerDVDCinema [2009.11.05 19:58:49 | 00,000,000 | ---D | C] -- C:\Users\***\Documents\CyberLink [2009.11.05 19:58:49 | 00,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\CyberLink [2009.11.05 19:56:42 | 00,000,000 | ---D | C] -- C:\ProgramData\CyberLink [2009.11.05 19:56:42 | 00,000,000 | ---D | C] -- C:\ProgramData\CyberLink [2009.11.05 19:56:09 | 00,000,000 | ---D | C] -- C:\Programme\Common Files\CyberLink [2009.11.05 19:55:15 | 00,000,000 | ---D | C] -- C:\Programme\CyberLink [2009.11.05 19:54:49 | 00,505,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcp71.dll [2009.11.05 19:54:49 | 00,353,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcr71.dll [2009.11.04 12:57:09 | 05,958,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll [2009.10.26 20:43:32 | 00,000,000 | ---D | C] -- C:\Users\***\Greys Anatomy 16 und 17 [2009.10.26 20:21:31 | 00,000,000 | ---D | C] -- C:\Users\***\Fotos [2009.10.24 19:57:44 | 00,000,000 | ---D | C] -- C:\Users\***\Documents\ICQ [2009.10.23 17:12:55 | 00,000,000 | ---D | C] -- C:\Programme\Adobe [2009.10.22 20:20:18 | 00,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll ========== Files - Modified Within 30 Days ========== [2009.11.20 18:35:20 | 01,572,864 | -HS- | M] () -- C:\Users\***\NTUSER.DAT [2009.11.20 18:34:25 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2009.11.20 18:33:25 | 00,781,909 | ---- | M] () -- C:\Users\***\Desktop\RSIT.exe [2009.11.20 17:52:36 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2009.11.20 15:04:26 | 00,013,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2009.11.20 15:04:26 | 00,013,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2009.11.20 14:28:10 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2009.11.20 14:27:54 | 23,899,87328 | -HS- | M] () -- C:\hiberfil.sys [2009.11.20 14:24:04 | 02,770,468 | -H-- | M] () -- C:\Users\***\AppData\Local\IconCache.db [2009.11.19 23:29:15 | 00,339,376 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2009.11.19 23:15:39 | 00,084,120 | ---- | M] () -- C:\Users\***\AppData\Local\GDIPFONTCACHEV1.DAT [2009.11.19 15:55:52 | 00,000,983 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2009.11.09 16:45:08 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2009.11.08 15:28:37 | 01,472,002 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2009.11.08 15:28:37 | 00,643,866 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2009.11.08 15:28:37 | 00,607,190 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2009.11.08 15:28:37 | 00,126,394 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2009.11.08 15:28:37 | 00,103,568 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2009.11.05 19:59:16 | 00,505,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcp71.dll [2009.11.05 19:59:16 | 00,353,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcr71.dll [2009.11.05 19:56:18 | 00,002,058 | ---- | M] () -- C:\Users\***\CyberLink PowerDVD 9.lnk [2009.11.05 18:36:21 | 26,768,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MRT.exe [2009.11.03 16:01:32 | 00,001,285 | ---- | M] () -- C:\Users\***\Desktop\digital publishing.lnk [2009.11.02 20:42:06 | 00,195,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [2009.10.28 15:46:23 | 00,009,664 | ---- | M] () -- C:\Users\***\Desktop\Bestätigung.pdf ========== Files Created - No Company Name ========== [2009.11.20 18:33:18 | 00,781,909 | ---- | C] () -- C:\Users\***\Desktop\RSIT.exe [2009.11.19 15:55:52 | 00,000,983 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2009.11.09 16:45:08 | 00,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2009.11.05 19:56:18 | 00,002,058 | ---- | C] () -- C:\Users\***\CyberLink PowerDVD 9.lnk [2009.10.28 15:46:23 | 00,009,664 | ---- | C] () -- C:\Users\***\Desktop\Bestätigung.pdf [2009.10.07 19:54:59 | 00,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.09.23 23:36:54 | 02,770,468 | -H-- | C] () -- C:\Users\***\AppData\Local\IconCache.db [2009.09.23 22:51:16 | 00,084,120 | ---- | C] () -- C:\Users\***\AppData\Local\GDIPFONTCACHEV1.DAT [2009.07.14 05:52:31 | 00,043,318 | ---- | C] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont [2009.07.14 05:52:31 | 00,029,779 | ---- | C] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont [2009.07.14 05:52:31 | 00,026,489 | ---- | C] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont [2009.07.14 05:52:31 | 00,026,040 | ---- | C] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont [2009.07.14 05:41:57 | 00,000,174 | -HS- | C] () -- C:\Programme\desktop.ini [2009.07.14 03:04:23 | 00,000,403 | ---- | C] () -- C:\Windows\win.ini [2009.07.14 03:04:23 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini [2009.07.14 00:51:43 | 00,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 00:42:10 | 00,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009.05.15 18:22:52 | 00,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2009.05.15 18:22:52 | 00,011,264 | ---- | C] () -- C:\Windows\System32\atimuixx.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:DFC5A2B2 @Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:A8ADE5D8 @Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:C31F31E6 < End of report > |
Themen zu vom Trojaner TR/Dropper.gen erwischt worden |
adobe, antivir, antivir guard, avg, avira, bho, desktop, explorer, firefox, firewall, hijack, hijackthis, icq, internet, internet explorer, logfile, löschen, microsoft, mozilla, mozilla thunderbird, realtek, sicherheit, software, tr/dropper.gen, trojaner, trojaner tr/dropper.gen, windows |