|
Antiviren-, Firewall- und andere Schutzprogramme: Trojaner DropperWindows 7 Sämtliche Fragen zur Bedienung von Firewalls, Anti-Viren Programmen, Anti Malware und Anti Trojaner Software sind hier richtig. Dies ist ein Diskussionsforum für Sicherheitslösungen für Windows Rechner. Benötigst du Hilfe beim Trojaner entfernen oder weil du dir einen Virus eingefangen hast, erstelle ein Thema in den oberen Bereinigungsforen. |
12.01.2010, 12:31 | #1 |
| Trojaner Dropper Malwarebytes' Anti-Malware 1.44 Datenbank Version: 3546 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 12.01.2010 12:29:41 mbam-log-2010-01-12 (12-29-40).txt Scan-Methode: Vollständiger Scan (C:\|D:\|) Durchsuchte Objekte: 152670 Laufzeit: 35 minute(s), 19 second(s) Infizierte Speicherprozesse: 2 Infizierte Speichermodule: 7 Infizierte Registrierungsschlüssel: 43 Infizierte Registrierungswerte: 3 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 22 Infizierte Dateien: 65 Infizierte Speicherprozesse: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QuestService\questservice133.exe (Adware.Agent) -> Unloaded process successfully. C:\Programme\QuestService\questservice.exe (Adware.Agent) -> Unloaded process successfully. Infizierte Speichermodule: C:\Programme\Customized Platform Advancer\3.1.0.1540\CPAIEAddOn.dll (Adware.Agent) -> Delete on reboot. C:\Programme\Web Search Operator\3.1.0.1800\WSOCommon.dll (Adware.Agent) -> Delete on reboot. C:\Programme\Web Search Operator\3.1.0.1800\FF\components\WSOFFAddOn.dll (Adware.Agent) -> Delete on reboot. C:\Programme\Customized Platform Advancer\3.1.0.1540\CPACommon.dll (Adware.Agent) -> Delete on reboot. C:\Programme\Customized Platform Advancer\3.1.0.1540\CPAIEAddOnSubL.dll (Adware.Agent) -> Delete on reboot. C:\Programme\Customized Platform Advancer\3.1.0.1540\FF\components\CPAFFAddOn.dll (Adware.Agent) -> Delete on reboot. C:\WINDOWS\system32\antiwpa.dll (Trojan.I.Stole.Windows) -> Delete on reboot. Infizierte Registrierungsschlüssel: HKEY_CLASSES_ROOT\explorerbar.cmw (Adware.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\explorerbar.cmw.1 (Adware.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\explorerbar.funexplorer (Adware.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{ac5ab953-ed25-4f9c-87f0-b086b0178ffa} (Adware.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{6160f76a-1992-4b17-a32d-0c706d159105} (Adware.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{42c7c39f-3128-4a17-bdb7-91c46032b5b9} (Adware.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{42c7c39f-3128-4a17-bdb7-91c46032b5b9} (Adware.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{42c7c39f-3128-4a17-bdb7-91c46032b5b9} (Adware.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{42c7c39f-3128-4a17-bdb7-91c46032b5b9} (Adware.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\explorerbar.funexplorer.1 (Adware.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\explorerbar.funredirector (Adware.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\explorerbar.funredirector.1 (Adware.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\explorerbar.tcp (Adware.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\explorerbar.tcp.1 (Adware.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{480098c6-f6ad-4c61-9b5c-2bae228a34d1} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{3de88beb-f271-484a-ba71-01d30f439f0c} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{50ad41d2-b1f0-47cc-9ea7-395355eaeebd} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{8ceb185e-81a5-46d3-bc20-c555d605afbd} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{a72522ba-9ff3-4c83-abc6-9b476728a396} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{883dfc00-8a21-411d-956c-73a4e4b7d16f} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Explorer\Bars\{cac89ff9-34a9-4431-8cfe-292a47f843bc} (Adware.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Explorer\Bars\{b72681c0-a222-4b21-a0e2-53a5a5ca3d411} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b72681c0-a222-4b21-a0e2-53a5a5ca3d41} (Adware.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cac89ff9-34a9-4431-8cfe-292a47f843bc} (Adware.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{eb4a577d-bcad-4b1c-8af2-9a74b8dd3431} (Adware.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d45817b8-3ead-4d1d-8fca-ec63a8e35de2} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{b72681c0-a222-4b21-a0e2-53a5a5ca3d41} (Adware.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{cac89ff9-34a9-4431-8cfe-292a47f843bc} (Adware.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{eb4a577d-bcad-4b1c-8af2-9a74b8dd3431} (Adware.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{d45817b8-3ead-4d1d-8fca-ec63a8e35de2} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b72681c0-a222-4b21-a0e2-53a5a5ca3d41} (Adware.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cac89ff9-34a9-4431-8cfe-292a47f843bc} (Adware.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{eb4a577d-bcad-4b1c-8af2-9a74b8dd3431} (Adware.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\questservice (Adware.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\AppDataLow\SOFTWARE\Internet Today (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Automated Content Enhancer (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Customized Platform Advancer (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\QuestService (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Web Search Operator (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\QuestService Service (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Automated Content Enhancer (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Customized Platform Advancer (Adware.DoubleD) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{d45817b8-3ead-4d1d-8fca-ec63a8e35de2} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{e63605fc-d583-4c81-867f-9457bdb3ea1b} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{e889f097-b0be-471b-89ad-b86b6f04b506} (Adware.DoubleD) -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: C:\Programme\premieropinion (Trojan.Agent) -> Quarantined and deleted successfully. C:\Programme\Web Search Operator (Adware.Agent) -> Delete on reboot. C:\Programme\Web Search Operator\3.1.0.1800 (Adware.Agent) -> Delete on reboot. C:\Programme\Web Search Operator\3.1.0.1800\Data (Adware.Agent) -> Quarantined and deleted successfully. C:\Programme\Web Search Operator\3.1.0.1800\FF (Adware.Agent) -> Delete on reboot. C:\Programme\Web Search Operator\3.1.0.1800\FF\chrome (Adware.Agent) -> Quarantined and deleted successfully. C:\Programme\Web Search Operator\3.1.0.1800\FF\chrome\content (Adware.Agent) -> Quarantined and deleted successfully. C:\Programme\Web Search Operator\3.1.0.1800\FF\components (Adware.Agent) -> Delete on reboot. C:\Programme\Textual Content Provider (Adware.Agent) -> Quarantined and deleted successfully. C:\Programme\Textual Content Provider\1.1.0.1380 (Adware.Agent) -> Quarantined and deleted successfully. C:\Programme\Textual Content Provider\1.1.0.1380\data (Adware.Agent) -> Quarantined and deleted successfully. C:\Programme\Content Management Wizard\1.1.0.1820 (Adware.Agent) -> Quarantined and deleted successfully. C:\Programme\Customized Platform Advancer (Adware.Agent) -> Delete on reboot. C:\Programme\Customized Platform Advancer\3.1.0.1540 (Adware.Agent) -> Delete on reboot. C:\Programme\Customized Platform Advancer\3.1.0.1540\Data (Adware.Agent) -> Quarantined and deleted successfully. C:\Programme\Customized Platform Advancer\3.1.0.1540\FF (Adware.Agent) -> Delete on reboot. C:\Programme\Customized Platform Advancer\3.1.0.1540\FF\chrome (Adware.Agent) -> Quarantined and deleted successfully. C:\Programme\Customized Platform Advancer\3.1.0.1540\FF\chrome\content (Adware.Agent) -> Quarantined and deleted successfully. C:\Programme\Customized Platform Advancer\3.1.0.1540\FF\components (Adware.Agent) -> Delete on reboot. C:\Programme\Content Management Wizard (Adware.Agent) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QuestService (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Programme\QuestService (Adware.DoubleD) -> Quarantined and deleted successfully. Infizierte Dateien: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QuestService\questservice133.exe (Adware.Agent) -> Quarantined and deleted successfully. C:\Programme\QuestService\questservice.exe (Adware.Agent) -> Quarantined and deleted successfully. C:\Programme\Customized Platform Advancer\3.1.0.1540\CPAIEAddOn.dll (Adware.Agent) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Veli Yildiz\Anwendungsdaten\Desktopicon\eBayShortcuts.exe (Adware.ADON) -> Quarantined and deleted successfully. C:\Programme\QuestService\uninstall.exe (Adware.Agent) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{1D285728-EA49-4314-ABE5-38734FF4B0F1}\RP148\A0119480.exe (Adware.ADON) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{1D285728-EA49-4314-ABE5-38734FF4B0F1}\RP156\A0120731.rbf (Adware.DoubleD) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{1D285728-EA49-4314-ABE5-38734FF4B0F1}\RP156\A0120743.exe (Adware.Agent) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{1D285728-EA49-4314-ABE5-38734FF4B0F1}\RP157\A0120821.exe (Adware.DoubleD) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{1D285728-EA49-4314-ABE5-38734FF4B0F1}\RP161\A0121099.exe (Adware.Agent) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{1D285728-EA49-4314-ABE5-38734FF4B0F1}\RP161\A0121100.exe (Adware.DoubleD) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{1D285728-EA49-4314-ABE5-38734FF4B0F1}\RP161\A0121105.exe (Adware.DoubleD) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{1D285728-EA49-4314-ABE5-38734FF4B0F1}\RP169\A0122452.exe (Adware.Mongoose) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{1D285728-EA49-4314-ABE5-38734FF4B0F1}\RP180\A0124091.exe (Adware.Agent) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{1D285728-EA49-4314-ABE5-38734FF4B0F1}\RP183\A0124440.exe (Adware.Agent) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{1D285728-EA49-4314-ABE5-38734FF4B0F1}\RP183\A0124441.exe (Adware.Agent) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{1D285728-EA49-4314-ABE5-38734FF4B0F1}\RP183\A0124445.exe (Adware.Agent) -> Quarantined and deleted successfully. C:\Programme\premieropinion\pmls.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\Programme\premieropinion\pmservice.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Programme\Web Search Operator\3.1.0.1800\unins000.dat (Adware.Agent) -> Quarantined and deleted successfully. C:\Programme\Web Search Operator\3.1.0.1800\unins000.exe (Adware.Agent) -> Quarantined and deleted successfully. C:\Programme\Web Search Operator\3.1.0.1800\WSOCommon.dll (Adware.Agent) -> Delete on reboot. C:\Programme\Web Search Operator\3.1.0.1800\wsopx.exe (Adware.Agent) -> Quarantined and deleted successfully. C:\Programme\Web Search Operator\3.1.0.1800\Data\config.md (Adware.Agent) -> Quarantined and deleted successfully. C:\Programme\Web Search Operator\3.1.0.1800\FF\chrome.manifest (Adware.Agent) -> Quarantined and deleted successfully. C:\Programme\Web Search Operator\3.1.0.1800\FF\install.rdf (Adware.Agent) -> Quarantined and deleted successfully. C:\Programme\Web Search Operator\3.1.0.1800\FF\chrome\WSOAddOn.jar (Adware.Agent) -> Quarantined and deleted successfully. C:\Programme\Web Search Operator\3.1.0.1800\FF\chrome\content\WSOAddOn.js (Adware.Agent) -> Quarantined and deleted successfully. C:\Programme\Web Search Operator\3.1.0.1800\FF\chrome\content\WSOAddOn.xul (Adware.Agent) -> Quarantined and deleted successfully. C:\Programme\Web Search Operator\3.1.0.1800\FF\components\WSOFFAddOn.dll (Adware.Agent) -> Delete on reboot. C:\Programme\Web Search Operator\3.1.0.1800\FF\components\WSOFFAddOn.xpt (Adware.Agent) -> Quarantined and deleted successfully. C:\Programme\Web Search Operator\3.1.0.1800\FF\components\WSOFFHelperComponent.js (Adware.Agent) -> Quarantined and deleted successfully. C:\Programme\Textual Content Provider\1.1.0.1380\unins000.dat (Adware.Agent) -> Quarantined and deleted successfully. C:\Programme\Textual Content Provider\1.1.0.1380\unins000.exe (Adware.Agent) -> Quarantined and deleted successfully. C:\Programme\Textual Content Provider\1.1.0.1380\data\pxtmpdata.mx (Adware.Agent) -> Quarantined and deleted successfully. C:\Programme\Textual Content Provider\1.1.0.1380\data\TP_Config.mx (Adware.Agent) -> Quarantined and deleted successfully. C:\Programme\Textual Content Provider\1.1.0.1380\data\TP_Data.mx (Adware.Agent) -> Quarantined and deleted successfully. C:\Programme\Textual Content Provider\1.1.0.1380\data\TP_DomainExcludeList.mx (Adware.Agent) -> Quarantined and deleted successfully. C:\Programme\Content Management Wizard\1.1.0.1820\cmwpx.exe (Adware.Agent) -> Quarantined and deleted successfully. C:\Programme\Content Management Wizard\1.1.0.1820\cmwsh.dll (Adware.Agent) -> Quarantined and deleted successfully. C:\Programme\Content Management Wizard\1.1.0.1820\config.mx (Adware.Agent) -> Quarantined and deleted successfully. C:\Programme\Content Management Wizard\1.1.0.1820\data.mx (Adware.Agent) -> Quarantined and deleted successfully. C:\Programme\Content Management Wizard\1.1.0.1820\exclude.mx (Adware.Agent) -> Quarantined and deleted successfully. C:\Programme\Content Management Wizard\1.1.0.1820\MatchingData.zd5 (Adware.Agent) -> Quarantined and deleted successfully. C:\Programme\Content Management Wizard\1.1.0.1820\pxtmpdata.mx (Adware.Agent) -> Quarantined and deleted successfully. C:\Programme\Content Management Wizard\1.1.0.1820\unins000.dat (Adware.Agent) -> Quarantined and deleted successfully. C:\Programme\Content Management Wizard\1.1.0.1820\unins000.exe (Adware.Agent) -> Quarantined and deleted successfully. C:\Programme\Customized Platform Advancer\3.1.0.1540\CPACommon.dll (Adware.Agent) -> Delete on reboot. C:\Programme\Customized Platform Advancer\3.1.0.1540\CPAHelper.exe (Adware.Agent) -> Quarantined and deleted successfully. C:\Programme\Customized Platform Advancer\3.1.0.1540\CPAIEAddOnSub.dll (Adware.Agent) -> Quarantined and deleted successfully. C:\Programme\Customized Platform Advancer\3.1.0.1540\CPAIEAddOnSubL.dll (Adware.Agent) -> Quarantined and deleted successfully. C:\Programme\Customized Platform Advancer\3.1.0.1540\unins000.dat (Adware.Agent) -> Quarantined and deleted successfully. C:\Programme\Customized Platform Advancer\3.1.0.1540\unins000.exe (Adware.Agent) -> Quarantined and deleted successfully. C:\Programme\Customized Platform Advancer\3.1.0.1540\Data\config.md (Adware.Agent) -> Quarantined and deleted successfully. C:\Programme\Customized Platform Advancer\3.1.0.1540\FF\chrome.manifest (Adware.Agent) -> Quarantined and deleted successfully. C:\Programme\Customized Platform Advancer\3.1.0.1540\FF\install.rdf (Adware.Agent) -> Quarantined and deleted successfully. C:\Programme\Customized Platform Advancer\3.1.0.1540\FF\chrome\CPAAddOn.jar (Adware.Agent) -> Quarantined and deleted successfully. C:\Programme\Customized Platform Advancer\3.1.0.1540\FF\chrome\content\CPAAddOn.js (Adware.Agent) -> Quarantined and deleted successfully. C:\Programme\Customized Platform Advancer\3.1.0.1540\FF\chrome\content\CPAAddOn.xul (Adware.Agent) -> Quarantined and deleted successfully. C:\Programme\Customized Platform Advancer\3.1.0.1540\FF\components\CPAFFAddOn.dll (Adware.Agent) -> Delete on reboot. C:\Programme\Customized Platform Advancer\3.1.0.1540\FF\components\CPAFFAddOn.xpt (Adware.Agent) -> Quarantined and deleted successfully. C:\Programme\Customized Platform Advancer\3.1.0.1540\FF\components\CPAFFHelperComponent.js (Adware.Agent) -> Quarantined and deleted successfully. C:\Programme\Mozilla Firefox\searchPlugins\questservice129.xml (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Programme\Mozilla Firefox\searchPlugins\questservice133.xml (Adware.DoubleD) -> Quarantined and deleted successfully. C:\WINDOWS\system32\antiwpa.dll (Trojan.I.Stole.Windows) -> Delete on reboot.
__________________ BUSSI MARIA |
12.01.2010, 12:38 | #3 |
| Trojaner Dropper Logfile of random's system information tool 1.06 (written by random/random)
__________________Run by Veli Yildiz at 2010-01-12 12:37:49 Microsoft Windows XP Professional Service Pack 3 System drive C: has 135 GB (89%) free of 153 GB Total RAM: 3070 MB (79% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:37:50, on 12.01.2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\Explorer.EXE C:\Programme\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\RTHDCPL.EXE C:\Programme\Java\jre6\bin\jusched.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Windows Live\Messenger\msnmsgr.exe C:\Programme\Messenger\msmsgs.exe C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe C:\DOKUME~1\VELIYI~1\LOKALE~1\Temp\RtkBtMnt.exe C:\Programme\Avira\AntiVir Desktop\avguard.exe C:\Programme\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wbem\wmiapsrv.exe C:\WINDOWS\system32\wscntfy.exe C:\Programme\Windows Live\Contacts\wlcomm.exe C:\Programme\Windows Live\Messenger\msnmsgr.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Dokumente und Einstellungen\Veli Yildiz\Desktop\RSIT.exe C:\Programme\Trend Micro\HijackThis\Veli Yildiz.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.theprizeday.com/today.php R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: (no name) - {120A8821-2BEE-4C29-BCDA-62C577781992} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [AzMixerSel] C:\Programme\Realtek\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\WINDOWS\PLFSet.dll,PLFDefSetting O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [ Malwarebytes Anti-Malware (reboot)] "C:\Programme\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\RunOnce: [WiseStubReboot] MSIEXEC /quiet SKIP_PPU_DRIVER_INSTALL=1 /I "C:\Programme\Gemeinsame Dateien\Wise Installation Wizard\WISDD1865F0AD7340FBB23E1822E02396FF_9_09_0203.MSI" TRANSFORMS="C:\Programme\Gemeinsame Dateien\Wise Installation Wizard\WISDD1865F0AD7340FBB23E1822E02396FF_9_09_0203.MST" WISE_SETUP_EXE_PATH="c:\nvidia\winxp\185.85\is\display\PhysX_9.09.0203_SystemSoftware.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: BTTray.lnk = ? O8 - Extra context menu item: Save YouTube Video as MP3 - res://C:\Programme\Gemeinsame Dateien\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {34635AA6-B593-4F06-9EDD-5FF60FC13310} (Speaky Chat) - http://download.speakyweb.com/speakyldr.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{D2F6CF34-A47F-4484-AFF4-22A4763C0E59}: NameServer = 213.191.74.11 213.191.92.82 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe -- End of file - 6929 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{120A8821-2BEE-4C29-BCDA-62C577781992}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}] RealPlayer Download and Record Plugin for Internet Explorer - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-11-26 329312] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live Anmelde-Hilfsprogramm - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Programme\Java\jre6\bin\jp2ssv.dll [2009-10-21 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-21 73728] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "avgnt"=C:\Programme\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153] "AzMixerSel"=C:\Programme\Realtek\InstallShield\AzMixerSel.exe [2006-07-17 53248] "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-05-28 16132608] "Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632] "PLFSet"=C:\WINDOWS\PLFSet.dll [2007-04-25 45056] "SunJavaUpdateSched"=C:\Programme\Java\jre6\bin\jusched.exe [2009-10-21 149280] "Adobe Reader Speed Launcher"=C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696] "Adobe ARM"=C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288] "TkBellExe"=C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe [2009-11-26 198160] " Malwarebytes Anti-Malware (reboot)"=C:\Programme\Malwarebytes' Anti-Malware\mbam.exe [2010-01-07 1394000] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Malwarebytes' Anti-Malware"=C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe [2010-01-07 429392] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] "msnmsgr"=C:\Programme\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883840] "MSMSGS"=C:\Programme\Messenger\msmsgs.exe [2008-04-14 1695232] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce] "WiseStubReboot"=MSIEXEC /quiet SKIP_PPU_DRIVER_INSTALL=1 /I C:\Programme\Gemeinsame Dateien\Wise Installation Wizard\WISDD1865F0AD7340FBB23E1822E02396FF_9_09_0203.MSI TRANSFORMS=C:\Programme\Gemeinsame Dateien\Wise Installation Wizard\WISDD1865F0AD7340FBB23E1822E02396FF_9_09_0203.MST WISE_SETUP_EXE_PATH=c:\nvidia\winxp\185.85\is\display\PhysX_9.09.0203_SystemSoftware.exe [] C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart BTTray.lnk - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Antiwpa] C:\WINDOWS\system32\antiwpa.dll [2008-09-15 60416] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test" "C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Eine DLL-Datei als Anwendung ausführen" "C:\Programme\TeamViewer\Version4\TeamViewer.exe"="C:\Programme\TeamViewer\Version4\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\BonCukFm Script\Mirc.exe"="C:\BonCukFm Script\Mirc.exe:*:Enabled:Cehre mIRC" "C:\Programme\SopCast\adv\SopAdver.exe"="C:\Programme\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver" "C:\Programme\SopCast\SopCast.exe"="C:\Programme\SopCast\SopCast.exe:*:Enabled:SopCast Main Application" "C:\Programme\KONAMI\Pro Evolution Soccer 2008\PES2008.exe"="C:\Programme\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:*:Enabled:Pro Evolution Soccer 2008" "C:\Programme\TVUPlayer\TVUPlayer.exe"="C:\Programme\TVUPlayer\TVUPlayer.exe:*:Enabled:TVUPlayer Component" "C:\Programme\Internet Explorer\iexplore.exe"="C:\Programme\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer" "C:\Programme\Mozilla Firefox\firefox.exe"="C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox" "C:\Programme\Windows Live\Messenger\wlcsdk.exe"="C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Programme\Windows Live\Messenger\msnmsgr.exe"="C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Programme\TVAnts\Tvants.exe"="C:\Programme\TVAnts\Tvants.exe:*:Enabled:TVAnts" "C:\Programme\PPMate\ppmate.exe"="C:\Programme\PPMate\ppmate.exe:*:Enabled:PPMate" "C:\Programme\PPMate\ppamnet.exe"="C:\Programme\PPMate\ppamnet.exe:*:Enabled:PPMate" "C:\Dokumente und Einstellungen\Veli Yildiz\Desktop\MSNShell\Bin\engie.exe"="C:\Dokumente und Einstellungen\Veli Yildiz\Desktop\MSNShell\Bin\engie.exe:*:Enabled:MSNShell" "C:\Programme\VideoLAN\VLC\vlc.exe"="C:\Programme\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player" "C:\totalcmd\TOTALCMD.EXE"="C:\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit" "C:\Dokumente und Einstellungen\Veli Yildiz\Desktop\PES2008.exe"="C:\Dokumente und Einstellungen\Veli Yildiz\Desktop\PES2008.exe:*:Enabled:Pro Evolution Soccer 2008" "C:\Programme\Java\jre6\bin\java.exe"="C:\Programme\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary" "C:\Programme\trademanager\AliIM.exe"="C:\Programme\trademanager\AliIM.exe:*:Enabled:AliIM" "C:\Programme\Metin2\metin2.bin"="C:\Programme\Metin2\metin2.bin:*:Enabled:metin2" "C:\Programme\Skype\Plugin Manager\skypePM.exe"="C:\Programme\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager" "C:\Dokumente und Einstellungen\Veli Yildiz\Lokale Einstellungen\Temp\Rar$EX00.375\P. TVUPlayer - Portable Brasil (www.portablebrasil.net).exe"="C:\Dokumente und Einstellungen\Veli Yildiz\Lokale Einstellungen\Temp\Rar$EX00.375\P. TVUPlayer - Portable Brasil (www.portablebrasil.net).exe:*:Enabled:TVUPlayer Component" "C:\Dokumente und Einstellungen\Veli Yildiz\Lokale Einstellungen\Temp\Rar$EX06.078\P. TVUPlayer - Portable Brasil (www.portablebrasil.net).exe"="C:\Dokumente und Einstellungen\Veli Yildiz\Lokale Einstellungen\Temp\Rar$EX06.078\P. TVUPlayer - Portable Brasil (www.portablebrasil.net).exe:*:Enabled:TVUPlayer Component" "C:\Programme\StreamTorrent 1.0\StreamTorrent.exe"="C:\Programme\StreamTorrent 1.0\StreamTorrent.exe:*:Enabled:StreamTorrent P2P Media Player" "C:\Programme\Skype\Phone\Skype.exe"="C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Programme\Windows Live\Messenger\wlcsdk.exe"="C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Programme\Windows Live\Messenger\msnmsgr.exe"="C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7885b697-b80a-11de-a06a-001e682e4752}] shell\AutoRun\command - E:\vlvtdflx.exe shell\open\command - E:\vlvtdflx.exe ======List of files/folders created in the last 1 months====== 2010-01-12 12:36:28 ----D---- C:\rsit 2010-01-12 11:52:29 ----D---- C:\Dokumente und Einstellungen\Veli Yildiz\Anwendungsdaten\Malwarebytes 2010-01-12 11:52:23 ----D---- C:\Programme\Malwarebytes' Anti-Malware 2010-01-12 11:52:23 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes 2010-01-12 11:39:08 ----D---- C:\Programme\Trend Micro 2010-01-04 20:34:11 ----SHD---- C:\Config.Msi 2010-01-04 20:25:54 ----D---- C:\Programme\AVS4YOU 2009-12-29 17:32:41 ----A---- C:\WINDOWS\system32\d3dx9.dll 2009-12-29 17:32:41 ----A---- C:\WINDOWS\system32\D3DX81ab.dll 2009-12-29 17:32:40 ----D---- C:\Programme\Cheat Engine 2009-12-28 13:30:18 ----D---- C:\Programme\Runup 2009-12-23 18:20:49 ----D---- C:\Dokumente und Einstellungen\Veli Yildiz\Anwendungsdaten\StreamTorrent 2009-12-23 18:10:26 ----D---- C:\Dokumente und Einstellungen\Veli Yildiz\Anwendungsdaten\Thinstall 2009-12-21 20:10:41 ----D---- C:\Dokumente und Einstellungen\Veli Yildiz\Anwendungsdaten\Skype 2009-12-21 20:07:49 ----D---- C:\Programme\Gemeinsame Dateien\Skype 2009-12-21 20:07:46 ----RD---- C:\Programme\Skype 2009-12-14 21:13:35 ----N---- C:\WINDOWS\system32\spmsg2.dll 2009-12-14 21:13:29 ----HDC---- C:\WINDOWS\$NtUninstallXPSEPSCLP$ 2009-12-14 20:52:19 ----D---- C:\Programme\Metin2 2009-12-14 20:12:08 ----D---- C:\WINDOWS\Minidump ======List of files/folders modified in the last 1 months====== 2010-01-12 12:37:05 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$ 2010-01-12 12:37:05 ----D---- C:\WINDOWS\system32\drivers 2010-01-12 12:36:35 ----D---- C:\WINDOWS\Prefetch 2010-01-12 12:29:40 ----RD---- C:\Programme 2010-01-12 11:47:16 ----D---- C:\WINDOWS\Temp 2010-01-12 11:47:16 ----D---- C:\WINDOWS 2010-01-12 11:23:26 ----D---- C:\Programme\Mozilla Firefox 2010-01-12 10:46:07 ----D---- C:\WINDOWS\system32\CatRoot2 2010-01-12 10:44:52 ----N---- C:\WINDOWS\SchedLgU.Txt 2010-01-10 21:29:43 ----HD---- C:\WINDOWS\inf 2010-01-10 21:29:43 ----D---- C:\Programme\Windows Live Safety Center 2010-01-10 06:16:00 ----D---- C:\Programme\Athan 2010-01-08 00:06:15 ----D---- C:\Dokumente und Einstellungen\Veli Yildiz\Anwendungsdaten\vlc 2010-01-04 20:34:14 ----SHD---- C:\WINDOWS\Installer 2010-01-04 20:26:01 ----D---- C:\Programme\Gemeinsame Dateien\AVSMedia 2010-01-04 20:17:08 ----D---- C:\WINDOWS\system32 2010-01-04 16:31:40 ----D---- C:\WINDOWS\Debug 2010-01-03 00:26:56 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SpeakyChat 2010-01-03 00:23:46 ----D---- C:\WINDOWS\system32\CatRoot 2010-01-03 00:22:04 ----RSHDC---- C:\WINDOWS\system32\dllcache 2010-01-03 00:21:56 ----D---- C:\WINDOWS\system32\de-DE 2010-01-03 00:21:24 ----D---- C:\Dokumente und Einstellungen\Veli Yildiz\Anwendungsdaten\skypePM 2009-12-23 19:49:47 ----D---- C:\Outlook on the Desktop 2009-12-23 12:49:55 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Messenger Plus! 2009-12-22 10:41:35 ----AD---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP 2009-12-21 20:07:49 ----D---- C:\Programme\Gemeinsame Dateien 2009-12-21 20:07:45 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype 2009-12-15 00:50:00 ----D---- C:\WINDOWS\Microsoft.NET 2009-12-14 21:13:22 ----RSD---- C:\WINDOWS\assembly 2009-12-14 21:13:10 ----D---- C:\WINDOWS\system32\XPSViewer 2009-12-14 21:12:48 ----D---- C:\WINDOWS\system32\mui ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 avgio;avgio; \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104] R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40448] R1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520] R1 WmiAcpi;Microsoft Windows-Verwaltungsschnittstelle für ACPI; C:\WINDOWS\System32\DRIVERS\wmiacpi.sys [2008-04-13 8832] R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2010-01-04 56816] R2 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936] R2 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2007-01-23 42496] R2 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2007-03-21 37376] R3 Arp1394;1394-ARP-Clientprotokoll; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800] R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2007-02-16 160256] R3 btaudio;Bluetooth-Audiogerät; C:\WINDOWS\system32\drivers\btaudio.sys [2007-03-23 539072] R3 BTDriver;Virtueller Bluetooth-Kommunikationstreiber; C:\WINDOWS\system32\DRIVERS\btport.sys [2007-03-23 37424] R3 BTKRNL;Bluetooth-Bus-Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2007-03-31 876384] R3 CmBatt;Microsoft-Netzteiltreiber; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2008-04-13 13952] R3 HDAudBus;Microsoft UAA-Bustreiber für High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384] R3 hidshim;Service for HID-KMDF Shim layer; C:\WINDOWS\system32\DRIVERS\hidshim.sys [2007-05-30 5632] R3 HidUsb;Microsoft HID Class-Treiber; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-05-30 4424192] R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-18 12288] R3 NETw4x32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw4x32.sys [2007-04-27 2203520] R3 NIC1394;1394-Netzwerktreiber; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-04-30 8055584] R3 sdbus;sdbus; C:\WINDOWS\System32\DRIVERS\sdbus.sys [2008-04-13 79232] R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\WINDOWS\system32\DRIVERS\snp2uvc.sys [2007-06-12 1729152] R3 SPLITCAM;Splitcam, WDM Camera Stream Splitter; C:\WINDOWS\system32\DRIVERS\splitcam.sys [2009-09-13 13824] R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;USB2-aktivierter Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608] R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000] R3 winbondhidcir;Winbond HID CIR Receiver; C:\WINDOWS\system32\DRIVERS\winbondhidcir.sys [2007-05-30 21504] S2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [] S3 BTWDNDIS;Bluetooth-LAN-Zugangsserver; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2007-03-23 149123] S3 btwhid;btwhid; C:\WINDOWS\system32\DRIVERS\btwhid.sys [2007-03-31 55352] S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2007-03-23 67960] S3 CCDECODE;Untertiteldecoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [] S3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [] S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver; C:\WINDOWS\system32\DRIVERS\ManyCam.sys [] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 sffdisk;SFF-Speicherklassentreiber; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-13 11904] S3 sffp_sd;SFF-Speicherprotokolltreiber für SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-13 11008] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 streamip;BDA-IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS [2006-06-09 6909] S3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] S3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 usbvideo;USB-Videogerät (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984] S3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [] S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Programme\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289] R2 AntiVirService;Avira AntiVir Guard; C:\Programme\Avira\AntiVir Desktop\avguard.exe [2009-08-05 185089] R2 btwdins;Bluetooth Service; C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2007-04-01 273256] R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2009-10-21 153376] S2 gupdate;Google Update Service (gupdate); C:\Programme\Google\Update\GoogleUpdate.exe [2009-10-06 133104] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 ose;Office Source Engine; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF-----------------
__________________ |
12.01.2010, 13:14 | #4 |
| Trojaner Dropper Hi, fixen: Hijackthis, fixen: öffne das HijackThis -- Button "scan" -- vor den nachfolgenden Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten Beim fixen müssen alle Programme geschlossen sein! Code:
ATTFilter O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: (no name) - {120A8821-2BEE-4C29-BCDA-62C577781992} - (no file) R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.theprizeday.com/today.php Bitte folgende Files prüfen: Dateien Online überprüfen lassen:
Code:
ATTFilter C:\WINDOWS\system32\spmsg2.dll C:\Programme\TVAnts\Tvants.exe C:\Programme\PPMate\ppmate.exe C:\Programme\PPMate\ppamnet.exe E:\vlvtdflx.exe
Eines der Files kann ein Rookit sein'! (:\vlvtdflx.exe-> http://www.prevx.com/filenames/10334001432587943-X1/VLVTDFLX.EXE.html) "E" ist wahrscheinlich ein USB-Stick? Der ist dann verseucht! Unbedingt den GMER-Report posten... Avira: Stelle Avira wie folgt ein: http://www.trojaner-board.de/54192-anleitung-avira-antivir-agressive-einstellungen.html Läuft der PC ohne ANTIWPA noch? (Dann ist das "nur" ein Trojaner)... chris
__________________ Don't bring me down Vor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
12.01.2010, 14:00 | #5 |
| Trojaner Dropper
__________________ BUSSI MARIA |
12.01.2010, 14:15 | #6 |
| Trojaner Dropper Hi, was macht GMER? chris
__________________ --> Trojaner Dropper |
12.01.2010, 14:17 | #7 |
| Trojaner Dropper
__________________ BUSSI MARIA |
12.01.2010, 14:18 | #8 |
| Trojaner Dropper Äh? Wo liegt das Problem, scannt er nicht oder weist Du nicht wie Du das Log posten sollst ->GMER(http://www.trojaner-board.de/74908-a...anner.html)..? chris
__________________ Don't bring me down Vor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
12.01.2010, 14:21 | #9 | |
| Trojaner DropperZitat:
oder Antimaleware ?
__________________ BUSSI MARIA |
12.01.2010, 14:23 | #10 |
| Trojaner Dropper Hi, nein: Gmer: http://www.trojaner-board.de/74908-a...t-scanner.html Den Downloadlink findest Du links oben (http://www.gmer.net/#files), dort dann auf den Button "Download EXE", dabei wird ein zufälliger Name generiert (den und den Pfad wo Du sie gespeichert hast bitte merken). Starte GMER und schaue, ob es schon was meldet. Macht es das, bitte alle Fragen mit "nein" beantworten, auf den Reiter "rootkit" gehen, wiederum die Frage mit "nein" beantworten und mit Hilfe von copy den Bericht in den Thread einfügen. Meldet es so nichts, gehe auf den Reiter Rootkit und mache einen Scan. Ist dieser beendet, wähle Copy und füge den Bericht ein. Es gibt im Forum auch einbe bebilderte Anleitung: http://www.trojaner-board.de/74908-a...t-scanner.html chris
__________________ Don't bring me down Vor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
12.01.2010, 14:26 | #11 |
| Trojaner Dropper Danke Chris, bin dabei, es herunterzuladen
__________________ BUSSI MARIA |
12.01.2010, 14:35 | #12 |
| Trojaner Dropper Hi, ok... chris
__________________ Don't bring me down Vor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
12.01.2010, 15:49 | #13 |
| Trojaner Dropper GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-01-12 15:41:07 Windows 5.1.2600 Service Pack 3 Running: 1zz07xlg.exe; Driver: C:\DOKUME~1\VELIYI~1\LOKALE~1\Temp\pxtdypog.sys ---- System - GMER 1.0.15 ---- SSDT B8745ABE ZwCreateKey SSDT B8745AB4 ZwCreateThread SSDT B8745AC3 ZwDeleteKey SSDT B8745ACD ZwDeleteValueKey SSDT B8745AD2 ZwLoadKey SSDT B8745AA0 ZwOpenProcess SSDT B8745AA5 ZwOpenThread SSDT B8745ADC ZwReplaceKey SSDT B8745AD7 ZwRestoreKey SSDT B8745AC8 ZwSetValueKey SSDT B8745AAF ZwTerminateProcess ---- Kernel code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB70B7360, 0x3CEED5, 0xE8000020] ---- User code sections - GMER 1.0.15 ---- .text C:\Programme\Windows Live\Messenger\msnmsgr.exe[796] kernel32.dll!LoadResource 7C80A055 7 Bytes JMP 28001E20 C:\Dokumente und Einstellungen\Veli Yildiz\Eigene Dateien\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Programme\Windows Live\Messenger\msnmsgr.exe[796] kernel32.dll!FindResourceExW 7C80AD28 7 Bytes JMP 28001C60 C:\Dokumente und Einstellungen\Veli Yildiz\Eigene Dateien\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Programme\Windows Live\Messenger\msnmsgr.exe[796] kernel32.dll!FindResourceW 7C80BC6E 7 Bytes JMP 28001BE0 C:\Dokumente und Einstellungen\Veli Yildiz\Eigene Dateien\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Programme\Windows Live\Messenger\msnmsgr.exe[796] kernel32.dll!SizeofResource 7C80BD09 7 Bytes JMP 28001EE0 C:\Dokumente und Einstellungen\Veli Yildiz\Eigene Dateien\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Programme\Windows Live\Messenger\msnmsgr.exe[796] kernel32.dll!FindResourceA 7C80BF29 7 Bytes JMP 28001CF0 C:\Dokumente und Einstellungen\Veli Yildiz\Eigene Dateien\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Programme\Windows Live\Messenger\msnmsgr.exe[796] kernel32.dll!LockResource 7C80CD37 5 Bytes JMP 28001F50 C:\Dokumente und Einstellungen\Veli Yildiz\Eigene Dateien\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Programme\Windows Live\Messenger\msnmsgr.exe[796] kernel32.dll!CreateEventA 7C8308B5 5 Bytes JMP 28001840 C:\Dokumente und Einstellungen\Veli Yildiz\Eigene Dateien\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Programme\Windows Live\Messenger\msnmsgr.exe[796] kernel32.dll!FindResourceExA 7C835FA8 7 Bytes JMP 28001D80 C:\Dokumente und Einstellungen\Veli Yildiz\Eigene Dateien\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Programme\Windows Live\Messenger\msnmsgr.exe[796] ADVAPI32.dll!CryptDeriveKey 77DB9FFD 7 Bytes JMP 28001000 C:\Dokumente und Einstellungen\Veli Yildiz\Eigene Dateien\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Programme\Windows Live\Messenger\msnmsgr.exe[796] ADVAPI32.dll!CryptDecrypt 77DBA129 7 Bytes JMP 28001060 C:\Dokumente und Einstellungen\Veli Yildiz\Eigene Dateien\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Programme\Windows Live\Messenger\msnmsgr.exe[796] USER32.dll!GetWindowLongW 7E3688A6 7 Bytes JMP 28006A70 C:\Dokumente und Einstellungen\Veli Yildiz\Eigene Dateien\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Programme\Windows Live\Messenger\msnmsgr.exe[796] USER32.dll!PeekMessageW 7E36929B 5 Bytes JMP 28004630 C:\Dokumente und Einstellungen\Veli Yildiz\Eigene Dateien\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Programme\Windows Live\Messenger\msnmsgr.exe[796] USER32.dll!SetWindowPlacement 7E36DE46 5 Bytes JMP 28005E10 C:\Dokumente und Einstellungen\Veli Yildiz\Eigene Dateien\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Programme\Windows Live\Messenger\msnmsgr.exe[796] USER32.dll!CreateDialogParamW 7E36EA3B 5 Bytes JMP 28006090 C:\Dokumente und Einstellungen\Veli Yildiz\Eigene Dateien\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Programme\Windows Live\Messenger\msnmsgr.exe[796] USER32.dll!LoadImageW 7E377B97 5 Bytes JMP 280066E0 C:\Dokumente und Einstellungen\Veli Yildiz\Eigene Dateien\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Programme\Windows Live\Messenger\msnmsgr.exe[796] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 28003C60 C:\Dokumente und Einstellungen\Veli Yildiz\Eigene Dateien\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Programme\Windows Live\Messenger\msnmsgr.exe[796] USER32.dll!SetWindowRgn 7E37E528 7 Bytes JMP 28005F50 C:\Dokumente und Einstellungen\Veli Yildiz\Eigene Dateien\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Programme\Windows Live\Messenger\msnmsgr.exe[796] USER32.dll!LoadIconW 7E37E8BC 5 Bytes JMP 280068D0 C:\Dokumente und Einstellungen\Veli Yildiz\Eigene Dateien\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Programme\Windows Live\Messenger\msnmsgr.exe[796] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 28006280 C:\Dokumente und Einstellungen\Veli Yildiz\Eigene Dateien\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Programme\Windows Live\Messenger\msnmsgr.exe[796] USER32.dll!TrackPopupMenuEx 7E3BCF62 5 Bytes JMP 28004F10 C:\Dokumente und Einstellungen\Veli Yildiz\Eigene Dateien\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Programme\Windows Live\Messenger\msnmsgr.exe[796] SHELL32.dll!Shell_NotifyIconW 7E6DA5BF 5 Bytes JMP 280033B0 C:\Dokumente und Einstellungen\Veli Yildiz\Eigene Dateien\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Programme\Windows Live\Messenger\msnmsgr.exe[796] ole32.dll!CoInitializeEx 774CEF7B 5 Bytes JMP 28002260 C:\Dokumente und Einstellungen\Veli Yildiz\Eigene Dateien\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Programme\Windows Live\Messenger\msnmsgr.exe[796] ole32.dll!CoCreateInstance 774D057E 5 Bytes JMP 28002600 C:\Dokumente und Einstellungen\Veli Yildiz\Eigene Dateien\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Programme\Windows Live\Messenger\msnmsgr.exe[796] ole32.dll!CoRegisterClassObject 774E7E90 5 Bytes JMP 28002360 C:\Dokumente und Einstellungen\Veli Yildiz\Eigene Dateien\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Programme\Windows Live\Messenger\msnmsgr.exe[796] WININET.dll!InternetReadFile 408C654B 5 Bytes JMP 2800A070 C:\Dokumente und Einstellungen\Veli Yildiz\Eigene Dateien\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Programme\Windows Live\Messenger\msnmsgr.exe[796] WININET.dll!InternetCloseHandle 408C9088 5 Bytes JMP 2800A220 C:\Dokumente und Einstellungen\Veli Yildiz\Eigene Dateien\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Programme\Windows Live\Messenger\msnmsgr.exe[796] WININET.dll!HttpOpenRequestA 408CD508 5 Bytes JMP 28009EE0 C:\Dokumente und Einstellungen\Veli Yildiz\Eigene Dateien\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Programme\Windows Live\Messenger\msnmsgr.exe[796] WININET.dll!HttpSendRequestA 408DEE81 5 Bytes JMP 2800A150 C:\Dokumente und Einstellungen\Veli Yildiz\Eigene Dateien\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software) ---- EOF - GMER 1.0.15 ----
__________________ BUSSI MARIA |
12.01.2010, 16:45 | #14 |
| Trojaner Dropper Hi, MessengerPlus würde ich deinstallieren... Sonst sieht das GMER-Log gut aus... ESET Online Scanner (http://www.eset.com/onlinescan/) * Anmerkung für Vista-User: Bitte den Browser unbedingt als Administrator starten. * Button "ESET Online Scanner" drücken. * Firefox-User müssen ein zusätzliches Addon (esetsmartinstaller_enu.exe) installieren. * Das Firefox-Addon auf dem Desktop speichern und dann installieren. * IE-User müssen das Installieren eines ActiveX Elements erlauben. * Einen Haken bei "Remove found threads" und "Scan archives" machen. * Start drücken. * Der Scan beginnt automatisch. * Finish drücken. * Browser schließen. * Explorer öffnen. * C:\Programme\Eset\EsetOnlineScanner\log.txt suchen und mit Deinem Editor öffnen. * Logfile hier posten. chris
__________________ Don't bring me down Vor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
12.01.2010, 22:36 | #15 |
| Trojaner Dropper Ich hoffe ich habe das soweit richtig gemacht: ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6211 # api_version=3.0.2 # EOSSerial=e438d715a7c94e45bc2b50b781752c91 # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2010-01-12 08:38:27 # local_time=2010-01-12 09:38:27 (+0100, Westeuropäische Normalzeit) # country="Germany" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=512 16777215 100 0 34806 34806 0 0 # compatibility_mode=1797 16775125 100 100 28284 62815815 30473 0 # compatibility_mode=8192 67108863 100 0 3689 3689 0 0 # scanned=43132 # found=2 # cleaned=2 # scan_time=4753 C:\Dokumente und Einstellungen\Veli Yildiz\Lokale Einstellungen\Temp\msgpl_1ac1.exe Win32/Adware.CiDHelp application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Programme\JLC's Software\Internet TV\eBay_shortcuts.exe a variant of Win32/Adware.ADON application (deleted - quarantined) 00000000000000000000000000000000 C
__________________ BUSSI MARIA |