vom Trojaner TR/Dropper.gen erwischt worden

collygreen19 · 20.11.2009, 18:44

Code:

ATTFilter

OTL Extras logfile created on: 20.11.2009 18:34:47 - Run 5
OTL by OldTimer - Version 3.1.6.1     Folder = C:\Users\***\Desktop
 An unknown product  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,97 Gb Available Physical Memory | 98,35% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 100,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455,56 Gb Total Space | 360,30 Gb Free Space | 79,09% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: LAPTOP
Current User Name: ***
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SystemRoot%\hh.exe" %1 File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
h**p [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
h**ps [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0A1B60E0-F250-BD91-79C9-C29B9C05A5AA}" = Catalyst Control Center InstallProxy
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID-Anmelde-Assistent
"{16BAB4DD-34F6-EBC5-F40B-72146464CDE0}" = Catalyst Control Center Core Implementation
"{1864FD5B-56B2-4EC4-9301-FB26909EC0A8}" = Mindjet MindManager 8
"{2018C019-30D9-4240-8C01-0865C10DCF5A}" = Unterstützung für VAIO-Präsentation
"{3B659FAD-E772-44A3-B7E7-560FF084669F}" = VAIO Smart Network
"{43112A37-7CDD-745A-6EB4-9A9BA982DB2A}" = CCC Help English
"{52D93C83-FDEA-D1B2-5185-D1271DC15C6C}" = Catalyst Control Center Localization All
"{52E51086-747D-AEB9-B440-14B84CC247E0}" = Catalyst Control Center Graphics Light
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{54CC8FFD-0F64-07B4-EFC1-40C0449F4B85}" = ccc-utility
"{5F5867F0-2D23-4338-A206-01A76C823924}" = VAIO Energie Verwaltung
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B2-0407-0000-0000000FF1CE}" = Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{914B46A6-7C4B-3AA2-DFF7-E39EB5F7141E}" = Skins
"{931FE23C-BB40-4C7A-A594-DB35908D8E83}" = VAIO Quick Web Access
"{99A9CE2D-DFB1-3277-D1C7-5C34C21179EF}" = ccc-core-static
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{9EAC0E21-510E-4259-A9C6-F5D5B8969036}" = Catalyst Control Center - Branding
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{A17E786D-ACC6-8D11-8B25-D83AB85B6534}" = CCC Help German
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1031-7B44-A92000000001}" = Adobe Reader 9.2 - Deutsch
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{B12F3362-A328-9499-949A-A95C6EF21CB6}" = Catalyst Control Center Graphics Previews Vista
"{B3668C08-EBB1-40F4-B4F9-4F8E13501A7D}" = VAIO Entertainment Platform
"{C144CB60-EE5D-B625-C672-176AC5B488D2}" = ATI Catalyst Install Manager
"{C4567E61-7997-5F6A-0A4B-F667328D3ED3}" = Catalyst Control Center Graphics Previews Common
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{CD77F1C7-9A53-0883-F660-2FE859B47BAA}" = Catalyst Control Center Graphics Full Existing
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}" = iTunes
"{ED0CFA85-9E9F-67B4-89C4-A07C42D51FB3}" = Catalyst Control Center Graphics Full New
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F570A6CC-53ED-4AA9-8B08-551CD3E38D8B}" = 
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"HijackThis" = HijackThis 2.0.2
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"Mozilla Thunderbird (2.0.0.23)" = Mozilla Thunderbird (2.0.0.23)
"office wörterbuch pro 2" = office wörterbuch pro 2
"PDF-XChange 3_is1" = PDF-XChange 3
"Revo Uninstaller" = Revo Uninstaller 1.83
"splashtop" = VAIO Quick Web Access
"Uninstall_is1" = Uninstall 1.0.0.1
"WinRAR archiver" = WinRAR
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 20.11.2009 07:34:27 | Computer Name = Laptop | Source = VzCdbSvc | ID = 7
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})
 (Fehlercode = 0x80042019)
 
Error - 20.11.2009 07:41:37 | Computer Name = Laptop | Source = VzCdbSvc | ID = 7
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})
 (Fehlercode = 0x80042019)
 
Error - 20.11.2009 08:00:36 | Computer Name = Laptop | Source = VSS | ID = 8194
Description = 
 
Error - 20.11.2009 08:16:00 | Computer Name = Laptop | Source = VzCdbSvc | ID = 7
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})
 (Fehlercode = 0x80042019)
 
Error - 20.11.2009 08:21:27 | Computer Name = Laptop | Source = EventSystem | ID = 4621
Description = 
 
Error - 20.11.2009 08:23:23 | Computer Name = Laptop | Source = VzCdbSvc | ID = 7
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})
 (Fehlercode = 0x80042019)
 
Error - 20.11.2009 09:14:06 | Computer Name = Laptop | Source = VzCdbSvc | ID = 7
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})
 (Fehlercode = 0x80042019)
 
Error - 20.11.2009 09:25:32 | Computer Name = Laptop | Source = VSS | ID = 8194
Description = 
 
Error - 20.11.2009 09:28:46 | Computer Name = Laptop | Source = VzCdbSvc | ID = 7
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})
 (Fehlercode = 0x80042019)
 
Error - 20.11.2009 09:59:38 | Computer Name = Laptop | Source = EventSystem | ID = 4621
Description = 
 
[ System Events ]
Error - 20.11.2009 11:39:58 | Computer Name = Laptop | Source = Microsoft-Windows-Kernel-General | ID = 5
Description = 
 
Error - 20.11.2009 11:40:00 | Computer Name = Laptop | Source = Microsoft-Windows-Kernel-General | ID = 5
Description = 
 
Error - 20.11.2009 11:40:00 | Computer Name = Laptop | Source = Microsoft-Windows-Kernel-General | ID = 5
Description = 
 
Error - 20.11.2009 11:40:06 | Computer Name = Laptop | Source = Microsoft-Windows-Kernel-General | ID = 5
Description = 
 
Error - 20.11.2009 12:13:25 | Computer Name = Laptop | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie auf dem Volume "\Device\HarddiskVolumeShadowCopy60" den Befehl "chkdsk" aus.
 
Error - 20.11.2009 12:13:31 | Computer Name = Laptop | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie auf dem Volume "\Device\HarddiskVolumeShadowCopy60" den Befehl "chkdsk" aus.
 
Error - 20.11.2009 12:13:43 | Computer Name = Laptop | Source = Microsoft-Windows-Kernel-General | ID = 5
Description = 
 
Error - 20.11.2009 12:13:45 | Computer Name = Laptop | Source = Microsoft-Windows-Kernel-General | ID = 5
Description = 
 
Error - 20.11.2009 12:13:45 | Computer Name = Laptop | Source = Microsoft-Windows-Kernel-General | ID = 5
Description = 
 
Error - 20.11.2009 12:13:50 | Computer Name = Laptop | Source = Microsoft-Windows-Kernel-General | ID = 5
Description = 
 
 
< End of report >

Larusso · 20.11.2009, 19:04

Okay das unbekannte Gerät scheint ein Part von Sony zu sein.

win + R- Taste --> services.msc (eingeben) --> OK

Suche Dir nun folgenden Eintrag
VzCdbSvc

Stelle diesen Dienst einmal ab (manuell)

Starte den Rechner neu, berichte bitte.

collygreen19 · 20.11.2009, 19:32

Also gleich kapier ich gar nichts mehr.
Ich konnte dieses VzcdbSvc nicht von automatisch auf manuell umändern. Das war nur grau hinterlegt.

Ich muss dazu sagen, dass ich nachdem du mir gestern diesen brain.exe link geschickt hattest, habe ich ein neues Benutzerkonto für den Administrator eingerichtet und mich selbst als Standardbenutzer festgelegt habe. Da ich die VzcdbSz-Veränderung nicht vornehmen konnte, hab ich mich nochmal zum Admin umgewandelt und habe nochmal neu gestartet.

Nun kam diese Meldung bezüglich Gerätetreiberinstallation plötzlich nicht mehr. Keine Ahnung warum.

Die Firewall ist immernoch deinstalliert. Soll ich sie jetzt neu installieren?

Larusso · 20.11.2009, 20:06

ja versuch mal

collygreen19 · 20.11.2009, 20:40

oh man, langsam kriege ich echt ne Krise.

also bin jetz wieder als admin angemeldet. nachdem ich die firewall installiert hatte, kam die Meldung wieder. Jetzt wieder mit "PC Tool Driver". Hab die Firewall dann wieder deinstalliert und hab dieses VzcdbSvc (Vaio Entertainment Database Service) von automatisch auf manuell umgestellt. Neu gestartet; nun kam die Meldung mit der Gerätetreiberinstallation nicht mehr.

Nochmal die Firewall installiert und da war sie wieder die Meldung

Firewall ist jetzt wieder deinstalliert.

Wie soll ich weiter verfahren?

Larusso · 20.11.2009, 20:40

Ich werde mal meine Kollegen fragen

collygreen19 · 20.11.2009, 21:31

Hab jetzt mal wieder neu gestartet und jetzt kommt auf einmal die Meldung, dass mein Windows keine Originalware wäre. Ich kriege echt gleich die Superkrise

Larusso · 20.11.2009, 21:46

Schauen wir, ob Du eine gültige Produkt-Lizenz hast. Lade das Tool MGADiag.exe von dieser Seite herunter, führe es aus und kopieren den Output per Copy&Paste (den Button Copy drücken) hier in den Thread.

collygreen19 · 22.11.2009, 20:21

Hallo Daniel,

also das mit der Windows- Aktivierung hat ein Kumpel jetzt für mich gelöst. Da ist jetzt alles wieder in Ordnung. Und der Kumpel meinte auch, dass die Windowsfirewall im Normalfall ausreicht. Ich surfe ja auch nicht auf irgendwelchen illegalen Seiten herum.

Der Trojaner war ja nun vollständig beseitigt, oder!?
Muss ich dann jetzt noch irgendwelche Programme oder Dateien löschen, die du zur Bekämpfung gebraucht hast? (HijackThis, OTL, RSIT, MGADiag hab ich jetzt noch auf meinem Desktop)
Und soll ich dieses VzcdbSvc wieder auf automatisch umstellen?

Gruß Collygreen

Larusso · 23.11.2009, 14:47

Jetzt bin ich neugierig

RSIT erneut das System scannen lassen

Schließe alle Fenster und Programme inkl. Browser.
Lösche C:\rsit\info.txt manuell.
Start => ausführen (bei Vista: im Feld "Suche starten")
"%userprofile%\desktop\rsit.exe" /info (reinkopieren),
damit die alten Logdateien von RSIT überschrieben werden.
Bitte poste den Inhalt folgender Logs hier in den Thread:
C:\rsit\log.txt und C:\rsit\info.txt (<= wird minimiert in der Taskleiste dargestellt).

collygreen19 · 23.11.2009, 21:12

Die RSIT.exe lässt sich nicht ausführen bzw. es kommt nur minutenlang die "Eieruhr"...

Larusso · 23.11.2009, 22:52

funzt OTL ?

collygreen19 · 23.11.2009, 23:33

ich teste

collygreen19 · 23.11.2009, 23:43

jab, klappt

hier die logFiles:

Code:

ATTFilter

OTL logfile created on: 23.11.2009 23:36:52 - Run 6
OTL by OldTimer - Version 3.1.6.1     Folder = C:\Users\***\Desktop
 An unknown product  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 100,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 100,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455,56 Gb Total Space | 361,29 Gb Free Space | 79,31% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: LAPTOP
Current User Name: ***
NOT logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Programme\CyberLink\Shared Files\brs.exe (cyberlink)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Programme\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
PRC - C:\Programme\Apoint\Apvfb.exe (ALPS)
PRC - C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\Apoint\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\Apoint\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Programme\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
PRC - C:\Programme\Mindjet\MindManager 8\MmReminderService.exe (Mindjet)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
MOD - C:\Programme\WIDCOMM\Bluetooth Software\BtMmHook.dll (Broadcom Corporation.)
 
 
========== Win32 Services (SafeList) ==========
 
 
========== Driver Services (SafeList) ==========
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = h**p://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5D 93 04 BD 60 69 CA 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "file:///C:/Users/***/***s%20Startseite/***.html"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.45
FF - prefs.js..extensions.enabledItems: {6614d11d-d21d-b211-ae23-815234e1ebb5}:1.0.21
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.5
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009.11.07 16:16:00 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009.11.07 16:16:00 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009.09.23 22:49:11 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2009.09.23 21:21:11 | 00,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2009.09.23 21:21:11 | 00,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009.11.22 20:14:18 | 00,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\m8kqfi86.default\extensions
[2009.11.20 01:30:58 | 00,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\m8kqfi86.default\extensions\{6614d11d-d21d-b211-ae23-815234e1ebb5}
[2009.11.20 01:30:58 | 00,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\m8kqfi86.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009.11.20 01:30:58 | 00,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\m8kqfi86.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009.11.20 01:30:58 | 00,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\m8kqfi86.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2009.10.07 20:48:28 | 00,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\m8kqfi86.default\extensions\fastdial@telega.phpnet.us
[2009.11.22 22:18:25 | 00,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2009.11.07 16:16:00 | 00,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009.10.07 19:50:42 | 00,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
[2009.11.07 16:15:59 | 00,023,512 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\browserdirprovider.dll
[2009.11.07 16:15:59 | 00,137,176 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\brwsrcmp.dll
[2009.11.07 16:15:59 | 00,064,984 | ---- | M] (mozilla.org) -- C:\Programme\Mozilla Firefox\plugins\npnul32.dll
[2009.02.27 12:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Programme\Mozilla Firefox\plugins\nppdf32.dll
[2009.09.23 22:49:11 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Programme\Mozilla Firefox\plugins\npqtplugin.dll
[2009.09.23 22:49:11 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Programme\Mozilla Firefox\plugins\npqtplugin2.dll
[2009.09.23 22:49:11 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Programme\Mozilla Firefox\plugins\npqtplugin3.dll
[2009.09.23 22:49:11 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Programme\Mozilla Firefox\plugins\npqtplugin4.dll
[2009.09.23 22:49:11 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Programme\Mozilla Firefox\plugins\npqtplugin5.dll
[2009.09.23 22:49:11 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Programme\Mozilla Firefox\plugins\npqtplugin6.dll
[2009.09.23 22:49:11 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Programme\Mozilla Firefox\plugins\npqtplugin7.dll
[2009.08.24 20:25:19 | 00,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2009.08.24 20:25:19 | 00,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2009.08.24 20:25:19 | 00,002,371 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\google.xml
[2009.08.24 20:25:19 | 00,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2009.08.24 20:25:19 | 00,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2009.08.24 20:25:19 | 00,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

collygreen19 · 23.11.2009, 23:44

Code:

ATTFilter

O1 HOSTS File: (824 bytes) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (CmjBrowserHelperObject Object) - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Programme\Mindjet\MindManager 8\Mm8InternetExplorer.dll (Mindjet)
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BDRegion] C:\Programme\CyberLink\Shared Files\brs.exe (cyberlink)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [MMReminderService] C:\Programme\Mindjet\MindManager 8\MmReminderService.exe (Mindjet)
O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RemoteControl9] C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKCU..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: An Mindjet MindManager senden - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Programme\Mindjet\MindManager 8\Mm8InternetExplorer.dll (Mindjet)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} h**p://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) -  File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) -  File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found
 
========== Files/Folders - Created Within 30 Days ==========
 
[2009.11.22 11:50:31 | 00,000,000 | ---D | C] -- C:\ProgramData\ATI
[2009.11.22 11:50:31 | 00,000,000 | ---D | C] -- C:\ProgramData\ATI
[2009.11.21 13:46:55 | 00,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2009.11.21 13:46:55 | 00,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2009.11.20 18:34:21 | 00,528,896 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2009.11.20 18:16:14 | 00,000,000 | ---D | C] -- C:\rsit
[2009.11.20 12:59:10 | 00,000,000 | ---D | C] -- C:\Programme\VS Revo Group
[2009.11.20 12:18:15 | 00,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\PCToolsFirewallPlus
[2009.11.20 12:12:03 | 00,000,000 | ---D | C] -- C:\Programme\Common Files\PC Tools
[2009.11.19 23:16:15 | 00,000,000 | ---D | C] -- C:\Programme\Common Files\Windows Live
[2009.11.19 23:12:50 | 00,000,000 | ---D | C] -- C:\Programme\Microsoft Silverlight
[2009.11.19 23:11:35 | 00,000,000 | ---D | C] -- C:\Programme\Microsoft
[2009.11.19 22:40:45 | 00,000,000 | ---D | C] -- C:\Users\***\AppData\Local\WindowsUpdate
[2009.11.19 22:37:27 | 00,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2009.11.19 15:57:20 | 00,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2009.11.19 15:55:35 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009.11.19 15:55:35 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009.11.10 22:51:10 | 00,000,000 | ---D | C] -- C:\Users\***\AppData\Local\ElevatedDiagnostics
[2009.11.09 16:43:35 | 00,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Sony Ericsson
[2009.11.09 16:41:31 | 00,109,992 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s217mdm.sys
[2009.11.09 16:41:31 | 00,105,896 | ---- | C] (MCCI) -- C:\Windows\System32\drivers\s217unic.sys
[2009.11.09 16:41:31 | 00,103,976 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s217mgmt.sys
[2009.11.09 16:41:31 | 00,100,008 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s217obex.sys
[2009.11.09 16:41:31 | 00,083,496 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s217bus.sys
[2009.11.09 16:41:31 | 00,024,872 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s217nd5.sys
[2009.11.09 16:41:31 | 00,015,016 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s217mdfl.sys
[2009.11.09 16:41:31 | 00,012,200 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s217whnt.sys
[2009.11.09 16:41:31 | 00,012,200 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s217wh.sys
[2009.11.09 16:41:31 | 00,012,200 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s217cmnt.sys
[2009.11.09 16:41:31 | 00,012,200 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s217cm.sys
[2009.11.09 16:41:31 | 00,010,792 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s217cr.sys
[2009.11.09 16:41:18 | 00,000,000 | ---D | C] -- C:\ProgramData\Sony Ericsson
[2009.11.09 16:41:18 | 00,000,000 | ---D | C] -- C:\ProgramData\Sony Ericsson
[2009.11.05 20:02:01 | 00,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Cyberlink
[2009.11.05 19:58:52 | 00,000,000 | ---D | C] -- C:\Users\***\AppData\Local\PowerDVDCox
[2009.11.05 19:58:51 | 00,000,000 | ---D | C] -- C:\Users\***\AppData\Local\PowerDVDCinema
[2009.11.05 19:58:49 | 00,000,000 | ---D | C] -- C:\Users\***\Documents\CyberLink
[2009.11.05 19:58:49 | 00,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\CyberLink
[2009.11.05 19:56:42 | 00,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2009.11.05 19:56:42 | 00,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2009.11.05 19:56:09 | 00,000,000 | ---D | C] -- C:\Programme\Common Files\CyberLink
[2009.11.05 19:55:15 | 00,000,000 | ---D | C] -- C:\Programme\CyberLink
[2009.11.05 19:54:49 | 00,505,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcp71.dll
[2009.11.05 19:54:49 | 00,353,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcr71.dll
[2009.11.04 12:57:09 | 05,958,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009.10.26 20:21:31 | 00,000,000 | ---D | C] -- C:\Users\***\Fotos
 
========== Files - Modified Within 30 Days ==========
 
[2009.11.23 23:36:56 | 01,572,864 | -HS- | M] () -- C:\Users\***\NTUSER.DAT
[2009.11.23 23:32:49 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009.11.23 21:09:37 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009.11.23 21:09:20 | 23,899,87328 | -HS- | M] () -- C:\hiberfil.sys
[2009.11.23 21:08:41 | 02,754,242 | -H-- | M] () -- C:\Users\***\AppData\Local\IconCache.db
[2009.11.23 21:05:11 | 00,022,496 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2009.11.23 21:05:11 | 00,022,496 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2009.11.23 13:36:45 | 01,472,002 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009.11.23 13:36:45 | 00,643,866 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2009.11.23 13:36:45 | 00,607,190 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009.11.23 13:36:45 | 00,126,394 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2009.11.23 13:36:45 | 00,103,568 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009.11.23 13:31:44 | 00,001,104 | RHS- | M] () -- C:\Users\***\ntuser.pol
[2009.11.21 16:31:54 | 00,003,304 | ---- | M] () -- C:\bootsqm.dat
[2009.11.20 18:34:25 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2009.11.19 23:29:15 | 00,339,376 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.11.19 23:15:39 | 00,084,120 | ---- | M] () -- C:\Users\***\AppData\Local\GDIPFONTCACHEV1.DAT
[2009.11.09 16:45:08 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2009.11.05 19:59:16 | 00,505,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcp71.dll
[2009.11.05 19:59:16 | 00,353,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcr71.dll
[2009.11.05 19:56:18 | 00,002,058 | ---- | M] () -- C:\Users\***\CyberLink PowerDVD 9.lnk
[2009.11.05 18:36:21 | 26,768,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MRT.exe
[2009.11.03 16:01:32 | 00,001,285 | ---- | M] () -- C:\Users\***\Desktop\digital publishing.lnk
[2009.11.02 20:42:06 | 00,195,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
 
========== Files Created - No Company Name ==========
 
[2009.11.22 22:53:16 | 00,001,104 | RHS- | C] () -- C:\Users\***\ntuser.pol
[2009.11.21 16:31:54 | 00,003,304 | ---- | C] () -- C:\bootsqm.dat
[2009.11.09 16:45:08 | 00,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2009.11.05 19:56:18 | 00,002,058 | ---- | C] () -- C:\Users\***\CyberLink PowerDVD 9.lnk
[2009.10.07 19:54:59 | 00,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.09.23 23:36:54 | 02,754,242 | -H-- | C] () -- C:\Users\***\AppData\Local\IconCache.db
[2009.09.23 22:51:16 | 00,084,120 | ---- | C] () -- C:\Users\***\AppData\Local\GDIPFONTCACHEV1.DAT
[2009.07.14 05:52:31 | 00,043,318 | ---- | C] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
[2009.07.14 05:52:31 | 00,029,779 | ---- | C] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009.07.14 05:52:31 | 00,026,489 | ---- | C] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009.07.14 05:52:31 | 00,026,040 | ---- | C] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009.07.14 05:41:57 | 00,000,174 | -HS- | C] () -- C:\Programme\desktop.ini
[2009.07.14 03:04:23 | 00,000,403 | ---- | C] () -- C:\Windows\win.ini
[2009.07.14 03:04:23 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2009.07.14 00:51:43 | 00,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 00,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.05.15 18:22:52 | 00,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2009.05.15 18:22:52 | 00,011,264 | ---- | C] () -- C:\Windows\System32\atimuixx.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:C31F31E6
< End of report >

20.11.2009, 19:04	#47
Larusso /// Selecta Jahrusso	vom Trojaner TR/Dropper.gen erwischt worden Okay das unbekannte Gerät scheint ein Part von Sony zu sein. win + R- Taste --> services.msc (eingeben) --> OK Suche Dir nun folgenden Eintrag VzCdbSvc Stelle diesen Dienst einmal ab (manuell) Starte den Rechner neu, berichte bitte. __________________ __________________

20.11.2009, 20:06	#49
Larusso /// Selecta Jahrusso	vom Trojaner TR/Dropper.gen erwischt worden ja versuch mal __________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie

20.11.2009, 20:40	#51
Larusso /// Selecta Jahrusso	vom Trojaner TR/Dropper.gen erwischt worden Ich werde mal meine Kollegen fragen __________________ --> vom Trojaner TR/Dropper.gen erwischt worden

23.11.2009, 22:52	#57
Larusso /// Selecta Jahrusso	vom Trojaner TR/Dropper.gen erwischt worden funzt OTL ? __________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie

vom Trojaner TR/Dropper.gen erwischt worden

Log-Analyse und Auswertung: vom Trojaner TR/Dropper.gen erwischt worden