| |
| |||||||
Antiviren-, Firewall- und andere Schutzprogramme: Trojaner DropperWindows 7 Sämtliche Fragen zur Bedienung von Firewalls, Anti-Viren Programmen, Anti Malware und Anti Trojaner Software sind hier richtig. Dies ist ein Diskussionsforum für Sicherheitslösungen für Windows Rechner. Benötigst du Hilfe beim Trojaner entfernen oder weil du dir einen Virus eingefangen hast, erstelle ein Thema in den oberen Bereinigungsforen. |
 |
| |
12.01.2010, 12:31
| #1 |
 |  Trojaner Dropper Malwarebytes' Anti-Malware 1.44 Datenbank Version: 3546 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 12.01.2010 12:29:41 mbam-log-2010-01-12 (12-29-40).txt Scan-Methode: Vollständiger Scan (C:\|D:\|) Durchsuchte Objekte: 152670 Laufzeit: 35 minute(s), 19 second(s) Infizierte Speicherprozesse: 2 Infizierte Speichermodule: 7 Infizierte Registrierungsschlüssel: 43 Infizierte Registrierungswerte: 3 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 22 Infizierte Dateien: 65 Infizierte Speicherprozesse: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QuestService\questservice133.exe (Adware.Agent) -> Unloaded process successfully. C:\Programme\QuestService\questservice.exe (Adware.Agent) -> Unloaded process successfully. Infizierte Speichermodule: C:\Programme\Customized Platform Advancer\3.1.0.1540\CPAIEAddOn.dll (Adware.Agent) -> Delete on reboot. C:\Programme\Web Search Operator\3.1.0.1800\WSOCommon.dll (Adware.Agent) -> Delete on reboot. C:\Programme\Web Search Operator\3.1.0.1800\FF\components\WSOFFAddOn.dll (Adware.Agent) -> Delete on reboot. C:\Programme\Customized Platform Advancer\3.1.0.1540\CPACommon.dll (Adware.Agent) -> Delete on reboot. C:\Programme\Customized Platform Advancer\3.1.0.1540\CPAIEAddOnSubL.dll (Adware.Agent) -> Delete on reboot. C:\Programme\Customized Platform Advancer\3.1.0.1540\FF\components\CPAFFAddOn.dll (Adware.Agent) -> Delete on reboot. C:\WINDOWS\system32\antiwpa.dll (Trojan.I.Stole.Windows) -> Delete on reboot. Infizierte Registrierungsschlüssel: HKEY_CLASSES_ROOT\explorerbar.cmw (Adware.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\explorerbar.cmw.1 (Adware.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\explorerbar.funexplorer (Adware.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{ac5ab953-ed25-4f9c-87f0-b086b0178ffa} (Adware.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{6160f76a-1992-4b17-a32d-0c706d159105} (Adware.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{42c7c39f-3128-4a17-bdb7-91c46032b5b9} (Adware.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{42c7c39f-3128-4a17-bdb7-91c46032b5b9} (Adware.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{42c7c39f-3128-4a17-bdb7-91c46032b5b9} (Adware.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{42c7c39f-3128-4a17-bdb7-91c46032b5b9} (Adware.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\explorerbar.funexplorer.1 (Adware.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\explorerbar.funredirector (Adware.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\explorerbar.funredirector.1 (Adware.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\explorerbar.tcp (Adware.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\explorerbar.tcp.1 (Adware.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{480098c6-f6ad-4c61-9b5c-2bae228a34d1} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{3de88beb-f271-484a-ba71-01d30f439f0c} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{50ad41d2-b1f0-47cc-9ea7-395355eaeebd} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{8ceb185e-81a5-46d3-bc20-c555d605afbd} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{a72522ba-9ff3-4c83-abc6-9b476728a396} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{883dfc00-8a21-411d-956c-73a4e4b7d16f} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Explorer\Bars\{cac89ff9-34a9-4431-8cfe-292a47f843bc} (Adware.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Explorer\Bars\{b72681c0-a222-4b21-a0e2-53a5a5ca3d411} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b72681c0-a222-4b21-a0e2-53a5a5ca3d41} (Adware.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cac89ff9-34a9-4431-8cfe-292a47f843bc} (Adware.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{eb4a577d-bcad-4b1c-8af2-9a74b8dd3431} (Adware.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d45817b8-3ead-4d1d-8fca-ec63a8e35de2} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{b72681c0-a222-4b21-a0e2-53a5a5ca3d41} (Adware.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{cac89ff9-34a9-4431-8cfe-292a47f843bc} (Adware.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{eb4a577d-bcad-4b1c-8af2-9a74b8dd3431} (Adware.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{d45817b8-3ead-4d1d-8fca-ec63a8e35de2} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b72681c0-a222-4b21-a0e2-53a5a5ca3d41} (Adware.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cac89ff9-34a9-4431-8cfe-292a47f843bc} (Adware.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{eb4a577d-bcad-4b1c-8af2-9a74b8dd3431} (Adware.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\questservice (Adware.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\AppDataLow\SOFTWARE\Internet Today (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Automated Content Enhancer (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Customized Platform Advancer (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\QuestService (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Web Search Operator (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\QuestService Service (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Automated Content Enhancer (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Customized Platform Advancer (Adware.DoubleD) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{d45817b8-3ead-4d1d-8fca-ec63a8e35de2} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{e63605fc-d583-4c81-867f-9457bdb3ea1b} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{e889f097-b0be-471b-89ad-b86b6f04b506} (Adware.DoubleD) -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: C:\Programme\premieropinion (Trojan.Agent) -> Quarantined and deleted successfully. C:\Programme\Web Search Operator (Adware.Agent) -> Delete on reboot. C:\Programme\Web Search Operator\3.1.0.1800 (Adware.Agent) -> Delete on reboot. C:\Programme\Web Search Operator\3.1.0.1800\Data (Adware.Agent) -> Quarantined and deleted successfully. C:\Programme\Web Search Operator\3.1.0.1800\FF (Adware.Agent) -> Delete on reboot. C:\Programme\Web Search Operator\3.1.0.1800\FF\chrome (Adware.Agent) -> Quarantined and deleted successfully. C:\Programme\Web Search Operator\3.1.0.1800\FF\chrome\content (Adware.Agent) -> Quarantined and deleted successfully. C:\Programme\Web Search Operator\3.1.0.1800\FF\components (Adware.Agent) -> Delete on reboot. C:\Programme\Textual Content Provider (Adware.Agent) -> Quarantined and deleted successfully. C:\Programme\Textual Content Provider\1.1.0.1380 (Adware.Agent) -> Quarantined and deleted successfully. C:\Programme\Textual Content Provider\1.1.0.1380\data (Adware.Agent) -> Quarantined and deleted successfully. C:\Programme\Content Management Wizard\1.1.0.1820 (Adware.Agent) -> Quarantined and deleted successfully. C:\Programme\Customized Platform Advancer (Adware.Agent) -> Delete on reboot. C:\Programme\Customized Platform Advancer\3.1.0.1540 (Adware.Agent) -> Delete on reboot. C:\Programme\Customized Platform Advancer\3.1.0.1540\Data (Adware.Agent) -> Quarantined and deleted successfully. C:\Programme\Customized Platform Advancer\3.1.0.1540\FF (Adware.Agent) -> Delete on reboot. C:\Programme\Customized Platform Advancer\3.1.0.1540\FF\chrome (Adware.Agent) -> Quarantined and deleted successfully. C:\Programme\Customized Platform Advancer\3.1.0.1540\FF\chrome\content (Adware.Agent) -> Quarantined and deleted successfully. C:\Programme\Customized Platform Advancer\3.1.0.1540\FF\components (Adware.Agent) -> Delete on reboot. C:\Programme\Content Management Wizard (Adware.Agent) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QuestService (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Programme\QuestService (Adware.DoubleD) -> Quarantined and deleted successfully. Infizierte Dateien: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QuestService\questservice133.exe (Adware.Agent) -> Quarantined and deleted successfully. C:\Programme\QuestService\questservice.exe (Adware.Agent) -> Quarantined and deleted successfully. C:\Programme\Customized Platform Advancer\3.1.0.1540\CPAIEAddOn.dll (Adware.Agent) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Veli Yildiz\Anwendungsdaten\Desktopicon\eBayShortcuts.exe (Adware.ADON) -> Quarantined and deleted successfully. C:\Programme\QuestService\uninstall.exe (Adware.Agent) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{1D285728-EA49-4314-ABE5-38734FF4B0F1}\RP148\A0119480.exe (Adware.ADON) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{1D285728-EA49-4314-ABE5-38734FF4B0F1}\RP156\A0120731.rbf (Adware.DoubleD) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{1D285728-EA49-4314-ABE5-38734FF4B0F1}\RP156\A0120743.exe (Adware.Agent) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{1D285728-EA49-4314-ABE5-38734FF4B0F1}\RP157\A0120821.exe (Adware.DoubleD) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{1D285728-EA49-4314-ABE5-38734FF4B0F1}\RP161\A0121099.exe (Adware.Agent) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{1D285728-EA49-4314-ABE5-38734FF4B0F1}\RP161\A0121100.exe (Adware.DoubleD) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{1D285728-EA49-4314-ABE5-38734FF4B0F1}\RP161\A0121105.exe (Adware.DoubleD) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{1D285728-EA49-4314-ABE5-38734FF4B0F1}\RP169\A0122452.exe (Adware.Mongoose) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{1D285728-EA49-4314-ABE5-38734FF4B0F1}\RP180\A0124091.exe (Adware.Agent) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{1D285728-EA49-4314-ABE5-38734FF4B0F1}\RP183\A0124440.exe (Adware.Agent) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{1D285728-EA49-4314-ABE5-38734FF4B0F1}\RP183\A0124441.exe (Adware.Agent) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{1D285728-EA49-4314-ABE5-38734FF4B0F1}\RP183\A0124445.exe (Adware.Agent) -> Quarantined and deleted successfully. C:\Programme\premieropinion\pmls.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\Programme\premieropinion\pmservice.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Programme\Web Search Operator\3.1.0.1800\unins000.dat (Adware.Agent) -> Quarantined and deleted successfully. C:\Programme\Web Search Operator\3.1.0.1800\unins000.exe (Adware.Agent) -> Quarantined and deleted successfully. C:\Programme\Web Search Operator\3.1.0.1800\WSOCommon.dll (Adware.Agent) -> Delete on reboot. C:\Programme\Web Search Operator\3.1.0.1800\wsopx.exe (Adware.Agent) -> Quarantined and deleted successfully. C:\Programme\Web Search Operator\3.1.0.1800\Data\config.md (Adware.Agent) -> Quarantined and deleted successfully. C:\Programme\Web Search Operator\3.1.0.1800\FF\chrome.manifest (Adware.Agent) -> Quarantined and deleted successfully. C:\Programme\Web Search Operator\3.1.0.1800\FF\install.rdf (Adware.Agent) -> Quarantined and deleted successfully. C:\Programme\Web Search Operator\3.1.0.1800\FF\chrome\WSOAddOn.jar (Adware.Agent) -> Quarantined and deleted successfully. C:\Programme\Web Search Operator\3.1.0.1800\FF\chrome\content\WSOAddOn.js (Adware.Agent) -> Quarantined and deleted successfully. C:\Programme\Web Search Operator\3.1.0.1800\FF\chrome\content\WSOAddOn.xul (Adware.Agent) -> Quarantined and deleted successfully. C:\Programme\Web Search Operator\3.1.0.1800\FF\components\WSOFFAddOn.dll (Adware.Agent) -> Delete on reboot. C:\Programme\Web Search Operator\3.1.0.1800\FF\components\WSOFFAddOn.xpt (Adware.Agent) -> Quarantined and deleted successfully. C:\Programme\Web Search Operator\3.1.0.1800\FF\components\WSOFFHelperComponent.js (Adware.Agent) -> Quarantined and deleted successfully. C:\Programme\Textual Content Provider\1.1.0.1380\unins000.dat (Adware.Agent) -> Quarantined and deleted successfully. C:\Programme\Textual Content Provider\1.1.0.1380\unins000.exe (Adware.Agent) -> Quarantined and deleted successfully. C:\Programme\Textual Content Provider\1.1.0.1380\data\pxtmpdata.mx (Adware.Agent) -> Quarantined and deleted successfully. C:\Programme\Textual Content Provider\1.1.0.1380\data\TP_Config.mx (Adware.Agent) -> Quarantined and deleted successfully. C:\Programme\Textual Content Provider\1.1.0.1380\data\TP_Data.mx (Adware.Agent) -> Quarantined and deleted successfully. C:\Programme\Textual Content Provider\1.1.0.1380\data\TP_DomainExcludeList.mx (Adware.Agent) -> Quarantined and deleted successfully. C:\Programme\Content Management Wizard\1.1.0.1820\cmwpx.exe (Adware.Agent) -> Quarantined and deleted successfully. C:\Programme\Content Management Wizard\1.1.0.1820\cmwsh.dll (Adware.Agent) -> Quarantined and deleted successfully. C:\Programme\Content Management Wizard\1.1.0.1820\config.mx (Adware.Agent) -> Quarantined and deleted successfully. C:\Programme\Content Management Wizard\1.1.0.1820\data.mx (Adware.Agent) -> Quarantined and deleted successfully. C:\Programme\Content Management Wizard\1.1.0.1820\exclude.mx (Adware.Agent) -> Quarantined and deleted successfully. C:\Programme\Content Management Wizard\1.1.0.1820\MatchingData.zd5 (Adware.Agent) -> Quarantined and deleted successfully. C:\Programme\Content Management Wizard\1.1.0.1820\pxtmpdata.mx (Adware.Agent) -> Quarantined and deleted successfully. C:\Programme\Content Management Wizard\1.1.0.1820\unins000.dat (Adware.Agent) -> Quarantined and deleted successfully. C:\Programme\Content Management Wizard\1.1.0.1820\unins000.exe (Adware.Agent) -> Quarantined and deleted successfully. C:\Programme\Customized Platform Advancer\3.1.0.1540\CPACommon.dll (Adware.Agent) -> Delete on reboot. C:\Programme\Customized Platform Advancer\3.1.0.1540\CPAHelper.exe (Adware.Agent) -> Quarantined and deleted successfully. C:\Programme\Customized Platform Advancer\3.1.0.1540\CPAIEAddOnSub.dll (Adware.Agent) -> Quarantined and deleted successfully. C:\Programme\Customized Platform Advancer\3.1.0.1540\CPAIEAddOnSubL.dll (Adware.Agent) -> Quarantined and deleted successfully. C:\Programme\Customized Platform Advancer\3.1.0.1540\unins000.dat (Adware.Agent) -> Quarantined and deleted successfully. C:\Programme\Customized Platform Advancer\3.1.0.1540\unins000.exe (Adware.Agent) -> Quarantined and deleted successfully. C:\Programme\Customized Platform Advancer\3.1.0.1540\Data\config.md (Adware.Agent) -> Quarantined and deleted successfully. C:\Programme\Customized Platform Advancer\3.1.0.1540\FF\chrome.manifest (Adware.Agent) -> Quarantined and deleted successfully. C:\Programme\Customized Platform Advancer\3.1.0.1540\FF\install.rdf (Adware.Agent) -> Quarantined and deleted successfully. C:\Programme\Customized Platform Advancer\3.1.0.1540\FF\chrome\CPAAddOn.jar (Adware.Agent) -> Quarantined and deleted successfully. C:\Programme\Customized Platform Advancer\3.1.0.1540\FF\chrome\content\CPAAddOn.js (Adware.Agent) -> Quarantined and deleted successfully. C:\Programme\Customized Platform Advancer\3.1.0.1540\FF\chrome\content\CPAAddOn.xul (Adware.Agent) -> Quarantined and deleted successfully. C:\Programme\Customized Platform Advancer\3.1.0.1540\FF\components\CPAFFAddOn.dll (Adware.Agent) -> Delete on reboot. C:\Programme\Customized Platform Advancer\3.1.0.1540\FF\components\CPAFFAddOn.xpt (Adware.Agent) -> Quarantined and deleted successfully. C:\Programme\Customized Platform Advancer\3.1.0.1540\FF\components\CPAFFHelperComponent.js (Adware.Agent) -> Quarantined and deleted successfully. C:\Programme\Mozilla Firefox\searchPlugins\questservice129.xml (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Programme\Mozilla Firefox\searchPlugins\questservice133.xml (Adware.DoubleD) -> Quarantined and deleted successfully. C:\WINDOWS\system32\antiwpa.dll (Trojan.I.Stole.Windows) -> Delete on reboot.
__________________ BUSSI MARIA  |
|
12.01.2010, 12:38
| #3 |
| | Trojaner Dropper Logfile of random's system information tool 1.06 (written by random/random)
__________________Run by Veli Yildiz at 2010-01-12 12:37:49 Microsoft Windows XP Professional Service Pack 3 System drive C: has 135 GB (89%) free of 153 GB Total RAM: 3070 MB (79% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:37:50, on 12.01.2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\Explorer.EXE C:\Programme\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\RTHDCPL.EXE C:\Programme\Java\jre6\bin\jusched.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Windows Live\Messenger\msnmsgr.exe C:\Programme\Messenger\msmsgs.exe C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe C:\DOKUME~1\VELIYI~1\LOKALE~1\Temp\RtkBtMnt.exe C:\Programme\Avira\AntiVir Desktop\avguard.exe C:\Programme\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wbem\wmiapsrv.exe C:\WINDOWS\system32\wscntfy.exe C:\Programme\Windows Live\Contacts\wlcomm.exe C:\Programme\Windows Live\Messenger\msnmsgr.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Dokumente und Einstellungen\Veli Yildiz\Desktop\RSIT.exe C:\Programme\Trend Micro\HijackThis\Veli Yildiz.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.theprizeday.com/today.php R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: (no name) - {120A8821-2BEE-4C29-BCDA-62C577781992} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [AzMixerSel] C:\Programme\Realtek\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\WINDOWS\PLFSet.dll,PLFDefSetting O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [ Malwarebytes Anti-Malware (reboot)] "C:\Programme\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\RunOnce: [WiseStubReboot] MSIEXEC /quiet SKIP_PPU_DRIVER_INSTALL=1 /I "C:\Programme\Gemeinsame Dateien\Wise Installation Wizard\WISDD1865F0AD7340FBB23E1822E02396FF_9_09_0203.MSI" TRANSFORMS="C:\Programme\Gemeinsame Dateien\Wise Installation Wizard\WISDD1865F0AD7340FBB23E1822E02396FF_9_09_0203.MST" WISE_SETUP_EXE_PATH="c:\nvidia\winxp\185.85\is\display\PhysX_9.09.0203_SystemSoftware.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: BTTray.lnk = ? O8 - Extra context menu item: Save YouTube Video as MP3 - res://C:\Programme\Gemeinsame Dateien\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {34635AA6-B593-4F06-9EDD-5FF60FC13310} (Speaky Chat) - http://download.speakyweb.com/speakyldr.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{D2F6CF34-A47F-4484-AFF4-22A4763C0E59}: NameServer = 213.191.74.11 213.191.92.82 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe -- End of file - 6929 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{120A8821-2BEE-4C29-BCDA-62C577781992}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}] RealPlayer Download and Record Plugin for Internet Explorer - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-11-26 329312] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live Anmelde-Hilfsprogramm - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Programme\Java\jre6\bin\jp2ssv.dll [2009-10-21 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-21 73728] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "avgnt"=C:\Programme\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153] "AzMixerSel"=C:\Programme\Realtek\InstallShield\AzMixerSel.exe [2006-07-17 53248] "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-05-28 16132608] "Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632] "PLFSet"=C:\WINDOWS\PLFSet.dll [2007-04-25 45056] "SunJavaUpdateSched"=C:\Programme\Java\jre6\bin\jusched.exe [2009-10-21 149280] "Adobe Reader Speed Launcher"=C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696] "Adobe ARM"=C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288] "TkBellExe"=C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe [2009-11-26 198160] " Malwarebytes Anti-Malware (reboot)"=C:\Programme\Malwarebytes' Anti-Malware\mbam.exe [2010-01-07 1394000] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Malwarebytes' Anti-Malware"=C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe [2010-01-07 429392] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] "msnmsgr"=C:\Programme\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883840] "MSMSGS"=C:\Programme\Messenger\msmsgs.exe [2008-04-14 1695232] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce] "WiseStubReboot"=MSIEXEC /quiet SKIP_PPU_DRIVER_INSTALL=1 /I C:\Programme\Gemeinsame Dateien\Wise Installation Wizard\WISDD1865F0AD7340FBB23E1822E02396FF_9_09_0203.MSI TRANSFORMS=C:\Programme\Gemeinsame Dateien\Wise Installation Wizard\WISDD1865F0AD7340FBB23E1822E02396FF_9_09_0203.MST WISE_SETUP_EXE_PATH=c:\nvidia\winxp\185.85\is\display\PhysX_9.09.0203_SystemSoftware.exe [] C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart BTTray.lnk - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Antiwpa] C:\WINDOWS\system32\antiwpa.dll [2008-09-15 60416] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test" "C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Eine DLL-Datei als Anwendung ausführen" "C:\Programme\TeamViewer\Version4\TeamViewer.exe"="C:\Programme\TeamViewer\Version4\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\BonCukFm Script\Mirc.exe"="C:\BonCukFm Script\Mirc.exe:*:Enabled:Cehre mIRC" "C:\Programme\SopCast\adv\SopAdver.exe"="C:\Programme\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver" "C:\Programme\SopCast\SopCast.exe"="C:\Programme\SopCast\SopCast.exe:*:Enabled:SopCast Main Application" "C:\Programme\KONAMI\Pro Evolution Soccer 2008\PES2008.exe"="C:\Programme\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:*:Enabled:Pro Evolution Soccer 2008" "C:\Programme\TVUPlayer\TVUPlayer.exe"="C:\Programme\TVUPlayer\TVUPlayer.exe:*:Enabled:TVUPlayer Component" "C:\Programme\Internet Explorer\iexplore.exe"="C:\Programme\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer" "C:\Programme\Mozilla Firefox\firefox.exe"="C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox" "C:\Programme\Windows Live\Messenger\wlcsdk.exe"="C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Programme\Windows Live\Messenger\msnmsgr.exe"="C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Programme\TVAnts\Tvants.exe"="C:\Programme\TVAnts\Tvants.exe:*:Enabled:TVAnts" "C:\Programme\PPMate\ppmate.exe"="C:\Programme\PPMate\ppmate.exe:*:Enabled:PPMate" "C:\Programme\PPMate\ppamnet.exe"="C:\Programme\PPMate\ppamnet.exe:*:Enabled:PPMate" "C:\Dokumente und Einstellungen\Veli Yildiz\Desktop\MSNShell\Bin\engie.exe"="C:\Dokumente und Einstellungen\Veli Yildiz\Desktop\MSNShell\Bin\engie.exe:*:Enabled:MSNShell" "C:\Programme\VideoLAN\VLC\vlc.exe"="C:\Programme\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player" "C:\totalcmd\TOTALCMD.EXE"="C:\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit" "C:\Dokumente und Einstellungen\Veli Yildiz\Desktop\PES2008.exe"="C:\Dokumente und Einstellungen\Veli Yildiz\Desktop\PES2008.exe:*:Enabled:Pro Evolution Soccer 2008" "C:\Programme\Java\jre6\bin\java.exe"="C:\Programme\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary" "C:\Programme\trademanager\AliIM.exe"="C:\Programme\trademanager\AliIM.exe:*:Enabled:AliIM" "C:\Programme\Metin2\metin2.bin"="C:\Programme\Metin2\metin2.bin:*:Enabled:metin2" "C:\Programme\Skype\Plugin Manager\skypePM.exe"="C:\Programme\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager" "C:\Dokumente und Einstellungen\Veli Yildiz\Lokale Einstellungen\Temp\Rar$EX00.375\P. TVUPlayer - Portable Brasil (www.portablebrasil.net).exe"="C:\Dokumente und Einstellungen\Veli Yildiz\Lokale Einstellungen\Temp\Rar$EX00.375\P. TVUPlayer - Portable Brasil (www.portablebrasil.net).exe:*:Enabled:TVUPlayer Component" "C:\Dokumente und Einstellungen\Veli Yildiz\Lokale Einstellungen\Temp\Rar$EX06.078\P. TVUPlayer - Portable Brasil (www.portablebrasil.net).exe"="C:\Dokumente und Einstellungen\Veli Yildiz\Lokale Einstellungen\Temp\Rar$EX06.078\P. TVUPlayer - Portable Brasil (www.portablebrasil.net).exe:*:Enabled:TVUPlayer Component" "C:\Programme\StreamTorrent 1.0\StreamTorrent.exe"="C:\Programme\StreamTorrent 1.0\StreamTorrent.exe:*:Enabled:StreamTorrent P2P Media Player" "C:\Programme\Skype\Phone\Skype.exe"="C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Programme\Windows Live\Messenger\wlcsdk.exe"="C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Programme\Windows Live\Messenger\msnmsgr.exe"="C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7885b697-b80a-11de-a06a-001e682e4752}] shell\AutoRun\command - E:\vlvtdflx.exe shell\open\command - E:\vlvtdflx.exe ======List of files/folders created in the last 1 months====== 2010-01-12 12:36:28 ----D---- C:\rsit 2010-01-12 11:52:29 ----D---- C:\Dokumente und Einstellungen\Veli Yildiz\Anwendungsdaten\Malwarebytes 2010-01-12 11:52:23 ----D---- C:\Programme\Malwarebytes' Anti-Malware 2010-01-12 11:52:23 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes 2010-01-12 11:39:08 ----D---- C:\Programme\Trend Micro 2010-01-04 20:34:11 ----SHD---- C:\Config.Msi 2010-01-04 20:25:54 ----D---- C:\Programme\AVS4YOU 2009-12-29 17:32:41 ----A---- C:\WINDOWS\system32\d3dx9.dll 2009-12-29 17:32:41 ----A---- C:\WINDOWS\system32\D3DX81ab.dll 2009-12-29 17:32:40 ----D---- C:\Programme\Cheat Engine 2009-12-28 13:30:18 ----D---- C:\Programme\Runup 2009-12-23 18:20:49 ----D---- C:\Dokumente und Einstellungen\Veli Yildiz\Anwendungsdaten\StreamTorrent 2009-12-23 18:10:26 ----D---- C:\Dokumente und Einstellungen\Veli Yildiz\Anwendungsdaten\Thinstall 2009-12-21 20:10:41 ----D---- C:\Dokumente und Einstellungen\Veli Yildiz\Anwendungsdaten\Skype 2009-12-21 20:07:49 ----D---- C:\Programme\Gemeinsame Dateien\Skype 2009-12-21 20:07:46 ----RD---- C:\Programme\Skype 2009-12-14 21:13:35 ----N---- C:\WINDOWS\system32\spmsg2.dll 2009-12-14 21:13:29 ----HDC---- C:\WINDOWS\$NtUninstallXPSEPSCLP$ 2009-12-14 20:52:19 ----D---- C:\Programme\Metin2 2009-12-14 20:12:08 ----D---- C:\WINDOWS\Minidump ======List of files/folders modified in the last 1 months====== 2010-01-12 12:37:05 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$ 2010-01-12 12:37:05 ----D---- C:\WINDOWS\system32\drivers 2010-01-12 12:36:35 ----D---- C:\WINDOWS\Prefetch 2010-01-12 12:29:40 ----RD---- C:\Programme 2010-01-12 11:47:16 ----D---- C:\WINDOWS\Temp 2010-01-12 11:47:16 ----D---- C:\WINDOWS 2010-01-12 11:23:26 ----D---- C:\Programme\Mozilla Firefox 2010-01-12 10:46:07 ----D---- C:\WINDOWS\system32\CatRoot2 2010-01-12 10:44:52 ----N---- C:\WINDOWS\SchedLgU.Txt 2010-01-10 21:29:43 ----HD---- C:\WINDOWS\inf 2010-01-10 21:29:43 ----D---- C:\Programme\Windows Live Safety Center 2010-01-10 06:16:00 ----D---- C:\Programme\Athan 2010-01-08 00:06:15 ----D---- C:\Dokumente und Einstellungen\Veli Yildiz\Anwendungsdaten\vlc 2010-01-04 20:34:14 ----SHD---- C:\WINDOWS\Installer 2010-01-04 20:26:01 ----D---- C:\Programme\Gemeinsame Dateien\AVSMedia 2010-01-04 20:17:08 ----D---- C:\WINDOWS\system32 2010-01-04 16:31:40 ----D---- C:\WINDOWS\Debug 2010-01-03 00:26:56 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SpeakyChat 2010-01-03 00:23:46 ----D---- C:\WINDOWS\system32\CatRoot 2010-01-03 00:22:04 ----RSHDC---- C:\WINDOWS\system32\dllcache 2010-01-03 00:21:56 ----D---- C:\WINDOWS\system32\de-DE 2010-01-03 00:21:24 ----D---- C:\Dokumente und Einstellungen\Veli Yildiz\Anwendungsdaten\skypePM 2009-12-23 19:49:47 ----D---- C:\Outlook on the Desktop 2009-12-23 12:49:55 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Messenger Plus! 2009-12-22 10:41:35 ----AD---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP 2009-12-21 20:07:49 ----D---- C:\Programme\Gemeinsame Dateien 2009-12-21 20:07:45 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype 2009-12-15 00:50:00 ----D---- C:\WINDOWS\Microsoft.NET 2009-12-14 21:13:22 ----RSD---- C:\WINDOWS\assembly 2009-12-14 21:13:10 ----D---- C:\WINDOWS\system32\XPSViewer 2009-12-14 21:12:48 ----D---- C:\WINDOWS\system32\mui ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 avgio;avgio; \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104] R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40448] R1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520] R1 WmiAcpi;Microsoft Windows-Verwaltungsschnittstelle für ACPI; C:\WINDOWS\System32\DRIVERS\wmiacpi.sys [2008-04-13 8832] R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2010-01-04 56816] R2 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936] R2 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2007-01-23 42496] R2 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2007-03-21 37376] R3 Arp1394;1394-ARP-Clientprotokoll; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800] R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2007-02-16 160256] R3 btaudio;Bluetooth-Audiogerät; C:\WINDOWS\system32\drivers\btaudio.sys [2007-03-23 539072] R3 BTDriver;Virtueller Bluetooth-Kommunikationstreiber; C:\WINDOWS\system32\DRIVERS\btport.sys [2007-03-23 37424] R3 BTKRNL;Bluetooth-Bus-Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2007-03-31 876384] R3 CmBatt;Microsoft-Netzteiltreiber; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2008-04-13 13952] R3 HDAudBus;Microsoft UAA-Bustreiber für High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384] R3 hidshim;Service for HID-KMDF Shim layer; C:\WINDOWS\system32\DRIVERS\hidshim.sys [2007-05-30 5632] R3 HidUsb;Microsoft HID Class-Treiber; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-05-30 4424192] R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-18 12288] R3 NETw4x32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw4x32.sys [2007-04-27 2203520] R3 NIC1394;1394-Netzwerktreiber; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-04-30 8055584] R3 sdbus;sdbus; C:\WINDOWS\System32\DRIVERS\sdbus.sys [2008-04-13 79232] R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\WINDOWS\system32\DRIVERS\snp2uvc.sys [2007-06-12 1729152] R3 SPLITCAM;Splitcam, WDM Camera Stream Splitter; C:\WINDOWS\system32\DRIVERS\splitcam.sys [2009-09-13 13824] R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;USB2-aktivierter Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608] R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000] R3 winbondhidcir;Winbond HID CIR Receiver; C:\WINDOWS\system32\DRIVERS\winbondhidcir.sys [2007-05-30 21504] S2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [] S3 BTWDNDIS;Bluetooth-LAN-Zugangsserver; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2007-03-23 149123] S3 btwhid;btwhid; C:\WINDOWS\system32\DRIVERS\btwhid.sys [2007-03-31 55352] S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2007-03-23 67960] S3 CCDECODE;Untertiteldecoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [] S3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [] S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver; C:\WINDOWS\system32\DRIVERS\ManyCam.sys [] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 sffdisk;SFF-Speicherklassentreiber; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-13 11904] S3 sffp_sd;SFF-Speicherprotokolltreiber für SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-13 11008] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 streamip;BDA-IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS [2006-06-09 6909] S3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] S3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 usbvideo;USB-Videogerät (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984] S3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [] S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Programme\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289] R2 AntiVirService;Avira AntiVir Guard; C:\Programme\Avira\AntiVir Desktop\avguard.exe [2009-08-05 185089] R2 btwdins;Bluetooth Service; C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2007-04-01 273256] R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2009-10-21 153376] S2 gupdate;Google Update Service (gupdate); C:\Programme\Google\Update\GoogleUpdate.exe [2009-10-06 133104] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 ose;Office Source Engine; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF-----------------
__________________ |
|
12.01.2010, 13:14
| #4 |
  | Trojaner Dropper Hi, fixen: Hijackthis, fixen: öffne das HijackThis -- Button "scan" -- vor den nachfolgenden Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten Beim fixen müssen alle Programme geschlossen sein! Code:
ATTFilter O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: (no name) - {120A8821-2BEE-4C29-BCDA-62C577781992} - (no file)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.theprizeday.com/today.php
Bitte folgende Files prüfen: Dateien Online überprüfen lassen:
Code:
ATTFilter C:\WINDOWS\system32\spmsg2.dll
C:\Programme\TVAnts\Tvants.exe
C:\Programme\PPMate\ppmate.exe
C:\Programme\PPMate\ppamnet.exe
E:\vlvtdflx.exe
Eines der Files kann ein Rookit sein'! (:\vlvtdflx.exe-> http://www.prevx.com/filenames/10334001432587943-X1/VLVTDFLX.EXE.html) "E" ist wahrscheinlich ein USB-Stick? Der ist dann verseucht! Unbedingt den GMER-Report posten... Avira: Stelle Avira wie folgt ein: http://www.trojaner-board.de/54192-anleitung-avira-antivir-agressive-einstellungen.html Läuft der PC ohne ANTIWPA noch? (Dann ist das "nur" ein Trojaner)... chris
__________________  Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden  ) |
|
12.01.2010, 14:00
| #5 |
| | Trojaner Dropper
__________________ BUSSI MARIA |
|
12.01.2010, 14:15
| #6 |
| | Trojaner Dropper Hi, was macht GMER? chris
__________________ --> Trojaner Dropper |
|
13.01.2010, 11:10
| #7 |
| |  Wie lösche ich Security Center? Wie bekomme ich Security Center von meinem Rechner gelöscht ? Ich habe es versucht unter Software wegzulöschen, jedoch ohne Erfolg. Danke für Eure Hilfe.
__________________ BUSSI MARIA Geändert von MARIA78 (13.01.2010 um 11:34 Uhr) |
|
13.01.2010, 14:09
| #8 | |
| | Trojaner DropperZitat:
ICH KRIEGE DAS NICHT MEHR WEG 
__________________ BUSSI MARIA |
|
Trojaner Dropper
Hybrid-Darstellung
