Hi Leute,
dieses Problem mit dem ICQ Virus plagt mich auch.
http://www.trojaner-board.de/84855-u...ner-virus.html
Ich habe einiges ausprobiert um ihn zu entfernen zum Teil auch Problembehandlungen aus diesem Theread.
- AntiVir scan
- Ad-aware scan
- Malwarebytes scan
- CCleaner
- Windows im abgesichtertem Modus gestartet
- Heute dasselbe erneut mit neuen Updates
Malwarebytes:
PHP-Code:
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org
Datenbank Version: 3988
Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000
14.04.2010 22:25:19
mbam-log-2010-04-14 (22-25-19).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|)
Durchsuchte Objekte: 473154
Laufzeit: 1 Stunde(n), 35 Minute(n), 0 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 1
Infizierte Registrierungsschlüssel: 3
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 11
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
C:\Users\Hamsta\AppData\Local\Temp\sshnas21.dll (Trojan.Downloader) -> Delete on reboot.
Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\Software\YVIBBBHA8C (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yvibbbha8c (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\canaveral (Trojan.Downloader) -> Quarantined and deleted successfully.
Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
C:\Users\Hamsta\AppData\Local\Temp\Sd2.exe (Trojan.Fraudpack) -> Quarantined and deleted successfully.
C:\Users\Hamsta\AppData\Local\Temp\Sd5.exe (Trojan.Fraudpack) -> Quarantined and deleted successfully.
C:\Users\Hamsta\AppData\Local\Temp\Sdz.exe (Trojan.Fraudpack) -> Quarantined and deleted successfully.
C:\Users\Hamsta\Sonstiges\crypload\ocr\netload.in\asmCaptcha\test.exe (Malware.Packer) -> Quarantined and deleted successfully.
C:\Users\Hamsta\Sonstiges\crypload\router\FRITZ!Box\nc.exe (PUP.KeyLogger) -> Quarantined and deleted successfully.
E:\Program Files (x86)\Adobe_Photoshop_CS3\Adobe_Photoshop_CS3\Adobe_Photoshop_CS3_Extended_v10.0_Deutsch_Portable\Files\Msvcrt.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.
E:\Program Files (x86)\Adobe_Photoshop_CS3\Adobe_Photoshop_CS3\Adobe_Photoshop_CS3_Extended_v10.0_Deutsch_Portable\Files\Shfolder.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Hamsta\AppData\Local\Temp\Sd1.exe (Trojan.FakeAlert) -> Delete on reboot.
C:\Users\Hamsta\AppData\Local\Temp\sshnas21.dll (Trojan.Downloader) -> Delete on reboot.
C:\Windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
Hijack:
PHP-Code:
Logfile of random's system information tool 1.06 (written by random/random)
Run by Hamsta at 2010-04-15 18:56:13
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 285 GB (62%) free of 463 GB
Total RAM: 4094 MB (51% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:56:14, on 15.04.2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18294)
Boot mode: Normal
Running processes:
C:\Users\Hamsta\AppData\Local\Temp\Sd8.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
E:\Program Files (x86)\Games\Steam\Steam.exe
C:\Users\Public\dlll.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
D:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\G15_TeamSpeak\G15_TeamSpeak.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
C:\Program Files (x86)\vghd\VirtuaGirl_downloader.exe
E:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\hp\kbd\kbd.exe
E:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\SysWOW64\conime.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\Users\Hamsta\AppData\Local\Temp\Sd1.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Users\Hamsta\Downloads\RSIT.exe
C:\Program Files (x86)\trend micro\Hamsta.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=84&bd=Pavilion&pf=cndt
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=66016
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=84&bd=Pavilion&pf=cndt
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=84&bd=Pavilion&pf=cndt
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files (x86)\Winamp\winampa.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKCU\..\Run: [Steam] "e:\program files (x86)\games\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ICQ] ~"E:\Program Files (x86)\ICQ7.0\ICQ.exe" silent loginmode=4
O4 - HKCU\..\Run: [Windows System Guard] C:\Users\Public\dlll.exe
O4 - HKCU\..\Run: [YVIBBBHA8C] C:\Users\Hamsta\AppData\Local\Temp\Sd1.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Startup: DesktopVideoPlayer.LNK = C:\Program Files (x86)\vghd\vghd.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - E:\Program Files (x86)\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - E:\Program Files (x86)\ICQ7.0\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Personal - Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Chasis Button Service (HPBtnSrv) - Unknown owner - c:\hp\HPEZBTN\HPBtnSrv.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Unknown owner - C:\Windows\system32\sfrem01.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version4\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 10346 bytes
======Scheduled tasks folder======
C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
C:\Windows\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll [2007-03-20 803864]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2009-10-08 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll [2008-06-12 958712]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll [2007-03-20 803864]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HP Health Check Scheduler"=c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-06-02 75008]
"SunJavaUpdateSched"=C:\Program Files (x86)\Java\jre6\bin\jusched.exe [2009-10-08 149280]
"HP Software Update"=c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"WinampAgent"=D:\Program Files (x86)\Winamp\winampa.exe [2009-03-09 37888]
"avgnt"=C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]
"LogMeIn Hamachi Ui"=C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2010-03-30 1820040]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Steam"=e:\program files (x86)\games\steam\steam.exe [2010-03-23 1238352]
"AdobeBridge"= []
"ICQ"=~E:\Program Files (x86)\ICQ7.0\ICQ.exe silent loginmode=4 []
"Windows System Guard"=C:\Users\Public\dlll.exe [2010-04-14 65024]
"YVIBBBHA8C"=C:\Users\Hamsta\AppData\Local\Temp\Sd1.exe [2010-04-15 165888]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Logitech SetPoint.lnk - E:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Users\Hamsta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
DesktopVideoPlayer.LNK - C:\Program Files (x86)\vghd\vghd.exe
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=
"ForceActiveDesktopOn"=
"NoActiveDesktopChanges"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{82edb068-e7d9-11de-a86e-002215588741}]
shell\AutoRun\command - M:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c9b4a76b-d524-11de-a7f5-002215588741}]
shell\AutoRun\command - K:\autoplay.exe
======List of files/folders created in the last 1 months======
2010-04-15 18:15:08 ----AH---- C:\aaw7boot.cmd
2010-04-15 15:29:45 ----HDC---- C:\ProgramData\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-04-15 15:29:31 ----D---- C:\ProgramData\Lavasoft
2010-04-15 15:29:31 ----D---- C:\Program Files (x86)\Lavasoft
2010-04-14 20:46:16 ----D---- C:\rsit
2010-04-14 20:46:16 ----D---- C:\Program Files (x86)\trend micro
2010-04-14 20:42:59 ----D---- C:\Users\Hamsta\AppData\Roaming\Malwarebytes
2010-04-14 20:42:45 ----D---- C:\ProgramData\Malwarebytes
2010-04-12 14:53:33 ----D---- C:\Users\Hamsta\AppData\Roaming\Ubisoft
2010-04-12 14:32:15 ----D---- C:\Program Files (x86)\Ubisoft
2010-04-08 20:51:00 ----D---- C:\Windows\system32\mgrlist
2010-04-08 19:07:12 ----D---- C:\Windows\1C4551A64743409391E41477CD655043.TMP
2010-04-06 23:02:01 ----D---- C:\Users\Hamsta\AppData\Roaming\U3
2010-04-06 21:36:01 ----D---- C:\ProgramData\Google
2010-04-06 18:03:56 ----D---- C:\ProgramData\{B3C2C1CD-6B77-4A96-B670-F734AC2A1CBC}
2010-04-06 18:03:44 ----D---- C:\Program Files (x86)\Activation Assistant for the 2007 Microsoft Office suites
2010-04-06 18:02:33 ----D---- C:\Program Files (x86)\Common Files\DESIGNER
2010-04-06 18:02:24 ----D---- C:\Windows\PCHEALTH
2010-04-06 18:02:24 ----D---- C:\Program Files (x86)\Microsoft.NET
2010-04-06 18:01:04 ----D---- C:\ProgramData\Microsoft Help
2010-04-06 18:00:14 ----RHD---- C:\MSOCache
2010-04-05 17:16:01 ----D---- C:\ProgramData\PMB Files
2010-04-05 17:14:57 ----D---- C:\Program Files (x86)\Pando Networks
2010-04-01 17:07:25 ----D---- C:\ProgramData\Solidshield
2010-03-30 17:31:24 ----D---- C:\Program Files (x86)\LogMeIn Hamachi
2010-03-24 17:38:29 ----A---- C:\Windows\system32\XAudio2_5.dll
2010-03-24 17:38:29 ----A---- C:\Windows\system32\xactengine3_5.dll
2010-03-24 17:38:28 ----A---- C:\Windows\system32\D3DCompiler_42.dll
2010-03-24 17:38:26 ----A---- C:\Windows\system32\d3dx11_42.dll
2010-03-24 17:38:26 ----A---- C:\Windows\system32\d3dcsx_42.dll
2010-03-24 17:38:25 ----A---- C:\Windows\system32\d3dx10_42.dll
2010-03-24 17:38:24 ----A---- C:\Windows\system32\D3DX9_42.dll
2010-03-24 17:38:21 ----A---- C:\Windows\system32\XAPOFX1_3.dll
2010-03-24 17:38:18 ----A---- C:\Windows\system32\XAudio2_3.dll
2010-03-24 17:38:18 ----A---- C:\Windows\system32\XAPOFX1_2.dll
2010-03-24 17:38:18 ----A---- C:\Windows\system32\xactengine3_3.dll
2010-03-24 17:38:17 ----A---- C:\Windows\system32\X3DAudio1_5.dll
2010-03-24 17:38:16 ----A---- C:\Windows\system32\XAudio2_2.dll
2010-03-24 17:38:16 ----A---- C:\Windows\system32\XAPOFX1_1.dll
2010-03-24 17:38:16 ----A---- C:\Windows\system32\xactengine3_2.dll
======List of files/folders modified in the last 1 months======
2010-04-15 18:56:09 ----D---- C:\Windows\Temp
2010-04-15 18:43:55 ----D---- C:\Windows\Tasks
2010-04-15 18:41:22 ----D---- C:\Users\Hamsta\AppData\Roaming\ICQ
2010-04-15 18:15:15 ----D---- C:\Windows
2010-04-15 17:55:43 ----SHD---- C:\System Volume Information
2010-04-15 17:48:25 ----D---- C:\Windows\System32
2010-04-15 17:48:25 ----D---- C:\Windows\inf
2010-04-15 17:39:48 ----RD---- C:\Program Files (x86)
2010-04-15 16:57:58 ----D---- C:\Windows\Prefetch
2010-04-15 16:24:26 ----D---- C:\Windows\SysWOW64
2010-04-15 15:48:44 ----D---- C:\Program Files (x86)\Common Files\Steam
2010-04-15 15:29:49 ----SHD---- C:\Windows\Installer
2010-04-15 15:29:45 ----HD---- C:\ProgramData
2010-04-15 15:29:29 ----D---- C:\Windows\winsxs
2010-04-14 20:43:26 ----D---- C:\Windows\Debug
2010-04-14 20:42:47 ----D---- C:\Windows\system32\drivers
2010-04-14 17:38:25 ----D---- C:\Users\Hamsta\AppData\Roaming\Winamp
2010-04-14 14:03:57 ----D---- C:\Downloads
2010-04-12 14:53:33 ----D---- C:\ProgramData\Ubisoft
2010-04-12 14:32:14 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2010-04-12 14:31:12 ----RSD---- C:\Windows\assembly
2010-04-08 19:07:12 ----D---- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2010-04-06 21:36:01 ----D---- C:\Program Files (x86)\Google
2010-04-06 21:06:35 ----D---- C:\Users\Hamsta\AppData\Roaming\Real
2010-04-06 21:06:35 ----D---- C:\Program Files (x86)\Common Files\Real
2010-04-06 21:06:30 ----D---- C:\Program Files (x86)\Common Files
2010-04-06 20:52:42 ----D---- C:\Users\Hamsta\AppData\Roaming\McLoad
2010-04-06 20:46:49 ----D---- C:\Program Files (x86)\CyberLink
2010-04-06 20:44:54 ----D---- C:\Program Files (x86)\Microsoft Games
2010-04-06 20:31:12 ----D---- C:\Users\Hamsta\AppData\Roaming\uTorrent
2010-04-06 18:08:38 ----SD---- C:\Users\Hamsta\AppData\Roaming\Microsoft
2010-04-06 18:02:42 ----D---- C:\Program Files (x86)\Microsoft Works
2010-04-06 18:02:40 ----D---- C:\Program Files (x86)\Common Files\microsoft shared
2010-04-06 18:02:34 ----D---- C:\Program Files (x86)\Microsoft Office
2010-04-06 18:02:27 ----RSD---- C:\Windows\Fonts
2010-04-06 18:02:24 ----SD---- C:\ProgramData\Microsoft
2010-04-06 18:01:33 ----RD---- C:\Program Files
2010-04-06 18:01:30 ----D---- C:\Windows\ShellNew
2010-04-04 20:47:17 ----D---- C:\Users\Hamsta\AppData\Roaming\Adobe
2010-03-23 16:21:44 ----A---- C:\Windows\system32\ezsvc7x.dll
2010-03-23 13:27:10 ----D---- C:\ProgramData\Real
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys []
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys []
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys []
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys []
R3 HCW85BDA;Hauppauge WinTV 885 Video Capture; C:\Windows\system32\drivers\HCW85BDA.sys []
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys []
R3 ksthunk;Kernel Streaming Thunks; C:\Windows\system32\drivers\ksthunk.sys []
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys []
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys []
R3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys []
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys []
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh64.sys []
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys []
S3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys []
S3 avrmingy;avrmingy; C:\Windows\system32\drivers\avrmingy.sys []
S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys []
S3 dump_wmimmc;dump_wmimmc; \??\E:\Program Files\games\gPotato.eu\Rappelz\GameGuard\dump_wmimmc.sys []
S3 L8042Kbd;SetPoint Keyboard Driver; C:\Windows\system32\DRIVERS\L8042Kbd.sys []
S3 L8042mou;SetPoint PS/2 Mouse Filter Driver; C:\Windows\system32\DRIVERS\L8042mou.Sys []
S3 LMouKE;SetPoint Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouKE.Sys []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys []
S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys []
S3 NPF;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys []
S3 NPPTNT2;NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [2004-12-30 4682]
S3 Ph3xIB64;Philips 713x Inbox PCI TV Card; C:\Windows\system32\DRIVERS\Ph3xIB64.sys []
S3 Ps2;PS2; C:\Windows\system32\DRIVERS\PS2.sys []
S3 usbaudio;USB-Audiotreiber (WDM); C:\Windows\system32\drivers\usbaudio.sys []
S3 USBMULCD;USB Multi-Channel Audio Device Interface; C:\Windows\system32\drivers\CM10664.sys []
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys []
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys []
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys []
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Planer; C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297]
R2 ezSharedSvc;Easybits Shared Services for Windows; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine; C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2010-03-30 1823112]
R2 HP Health Check Service;HP Health Check Service; c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [2008-06-02 94208]
R2 HPBtnSrv;HP Chasis Button Service; c:\hp\HPEZBTN\HPBtnSrv.exe [2007-05-29 198240]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2008-06-11 354840]
R2 ICQ Service;ICQ Service; C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe [2008-06-10 222456]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2010-04-15 1265264]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [2008-06-09 73728]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe []
R2 TeamViewer4;TeamViewer 4; C:\Program Files (x86)\TeamViewer\Version4\TeamViewer_Service.exe [2009-01-28 185640]
R3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2010-04-15 390952]
S2 sfrem01;SF FrontLine Drivers Auto Removal (v1); C:\Windows\system32\sfrem01.exe svc []
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2008-07-27 93184]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-08-03 655624]
S3 GameConsoleService;GameConsoleService; C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe [2009-03-31 250616]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2008-01-21 19968]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files (x86)\WinPcap\rpcapd.exe [2007-11-06 92792]
S3 usprserv;User Privilege Service; C:\Windows\System32\svchost.exe [2008-01-21 21504]
-----------------EOF-----------------
Ich hab schon mit dem Gedanken gespiet eine Systemwiederherstellung durchzuführen doch ich bin mir nicht sicher ob es das Problem beheben würde.
Ein Kollege hat den Trojaner(oder was auch immer es ist) entfernt nachdem er mit Ad-aware seine Festplatte gescannt hat und den Temp Ordner gelöscht hat, doch bei mir hat es leider nicht gewirkt.
Hoffe Ihr könnt mir weiterhelfen.
lg
Edit: Mein Sicherheitscenter zeigt an, dass ich kein Virenprogramm installiert habe obwohl Antivir aktiv ist. Vor dem Virus hatte ich diese Meldung nicht.