| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Viele Viren und Trojaner Funde, Icq Virus...Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
04.05.2010, 18:41
| #1 |
 |  Viele Viren und Trojaner Funde, Icq Virus... Hallo  Antivir hat auf dem Computer eines Kumpels, nach einer System Durchsuchung, sehr viele Trojaner, Viren und andre Schädlinge gefunden. Desweiteren schließt sich sein icq einfach so, geht alle Kontakte durch klickt jeden einzeln an und schließt jedes einzelne icq fenster wieder. Weiter soll er eine Datei ständig zulassen oder verweigern die als Windows update exe getarnt ist aber ein unbekannten herrausgeber hat und in dem Ordner AppData/Local/Temp liegt. Jedes mal wenn er auf verweigern klicke (Vista) fragt er sofort wieder nach. So lange bis er den Ordner mit antivir überprüfe, dann ist er ersteinmal weg aber taucht spätestens nach einem neustart wieder auf. Desweiter kommen öfters Fehlermeldungen. Ob Antivir komplett bis zum Ende durchsucht bin ich mir auch nicht sicher. Anfangs war Antivir auf über 200 Funde gestoßen mittlerweile unter 10. Weiter öffnet sich einfach so Internet Explorer mit Werbung ohne das er anklickt wird. Hijackthis: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:40:25, on 04.05.2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18904) Boot mode: Normal Running processes: C:\Windows\system32\sdra64.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Fujitsu Siemens Computers\Energy Settings\EnergySettings.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Windows\System32\rundll32.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe C:\Program Files\DivX\DivX Update\DivXUpdate.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\Program Files\Windows Media Player\wmpnscfg.exe D:\Spiele\Steam\Steam.exe C:\Windows\System32\rundll32.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\TechSmith\SnagIt 9\SnagIt32.exe C:\Users\***\AppData\Local\Temp\nvdis.exe C:\Users\Public\winvns.exe C:\Program Files\TechSmith\SnagIt 9\TSCHelp.exe C:\Windows\system32\msiexec.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files\TechSmith\SnagIt 9\snagiteditor.exe C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe C:\Windows\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\program files\avira\antivir desktop\avcenter.exe C:\Program Files\ICQ6.5\ICQ.exe C:\Windows\System32\mobsync.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\Users\***\AppData\Local\TeamSpeak 3 Client\ts3client_win32.exe C:\Users\***\AppData\Local\Temp\Wcl.exe D:\Hijackthis\test.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - - (no file) R3 - URLSearchHook: (no name) - {EEE6C35D-6118-11DC-9C72-001320C79847} - (no file) F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,C:\Windows\system32\sdra64.exe, O1 - Hosts: ::1 localhost O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll O2 - BHO: G DATA WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: SmartAds browser enhancer dbuptzjz - {4356ADD9-7562-4442-9D91-88313F7807C7} - C:\Windows\system32\dbuptzjz.dll (file missing) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: (no name) - {8a194578-81ea-4850-9911-13ba2d71efbd} - (no file) O2 - BHO: hotrevenue browser enhancer - {8D9E2564-858C-8E65-4975-40F8891D4444} - C:\Windows\system32\zywbbljkkccfgpdh.dll (file missing) O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - (no file) O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [EnergySettings] C:\Program Files\Fujitsu Siemens Computers\Energy Settings\EnergySettings.exe O4 - HKLM\..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe IE PA O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe O4 - HKLM\..\Run: [Skytel] Skytel.exe O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [WinUpdSrvc] C:\Users\Public\winvns.exe O4 - HKCU\..\Run: [Google Updater] C:\Users\***\AppData\Local\Temp\nvdis.exe O4 - HKCU\..\Run: [WindowsSysGuard] C:\Users\Public\winvcsn.exe O4 - HKCU\..\Run: [StartServiceLBNSSBFP] C:\Users\***\AppData\Local\LBNSSBFP\StartService.exe O4 - HKCU\..\Run: [Steam] "D:\spiele\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [Canaveral] rundll32.exe C:\Windows\system32\sshnas21.dll,BackupReadW O4 - HKCU\..\Run: [M5T8QL3YW3] C:\Users\***\AppData\Local\Temp\Wcl.exe O4 - HKCU\..\Run: [userinit] C:\Users\***\AppData\Roaming\sdra64.exe O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [fsc-reg] c:\fsc-reg\fscreg.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user') O4 - Startup: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: SnagIt 9.lnk = C:\Program Files\TechSmith\SnagIt 9\SnagIt32.exe O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: HP Intelligente Auswahl - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe O13 - Gopher Prefix: O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe -- End of file - 9693 bytes Danke schonmal im Vorraus MFG SiebenSchläfer Geändert von SiebenSchlae (04.05.2010 um 19:17 Uhr) |
|
05.05.2010, 10:50
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Viele Viren und Trojaner Funde, Icq Virus... Hallo und
__________________ Zitat:
__________________ |
|
05.05.2010, 11:29
| #3 |
| | Viele Viren und Trojaner Funde, Icq Virus... Von welchem Prog den das log file?
__________________ |
|
05.05.2010, 11:36
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Viele Viren und Trojaner Funde, Icq Virus... Von AntiVir vielleicht? Hast doch selbst geschrieben, dass AntiVir "sehr viele Trojaner, Viren und andre Schädlinge gefunden" hat. 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
05.05.2010, 11:42
| #5 |
| | Viele Viren und Trojaner Funde, Icq Virus... joa das war am wochende mit 200 funden aber ka obs da noch ein file gibt irgendwo, quarantäne ist gelöscht. Ich guck dann mal wenn nicht ein suchlauf machen und das dann hier posten? |
|
05.05.2010, 15:20
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Viele Viren und Trojaner Funde, Icq Virus... Dann erstmal bitte nen Vollscan mit Malwarebytes machen und Log posten. Danach OTL: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ --> Viele Viren und Trojaner Funde, Icq Virus... |
|
05.05.2010, 22:09
| #7 |
| | Viele Viren und Trojaner Funde, Icq Virus... OTL: Code:
ATTFilter OTL logfile created on: 05.05.2010 23:05:49 - Run 1 OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\Johannes\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18904) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 40,00% Memory free 7,00 Gb Paging File | 5,00 Gb Available in Paging File | 68,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 308,88 Gb Total Space | 219,14 Gb Free Space | 70,95% Space Free | Partition Type: NTFS Drive D: | 613,85 Gb Total Space | 221,16 Gb Free Space | 36,03% Space Free | Partition Type: NTFS Drive E: | 5,10 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: JOHANNES-PC Current User Name: Johannes Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\Johannes\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Windows\Wtihyd.exe () PRC - C:\Users\Johannes\AppData\Local\Temp\Wcl.exe () PRC - C:\Users\Public\winvcsn.exe () PRC - C:\Users\Johannes\AppData\Local\Temp\nvdis.exe ( ) PRC - C:\Users\Johannes\AppData\Local\TeamSpeak 3 Client\ts3client_win32.exe (TeamSpeak Systems GmbH) PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avcenter.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) PRC - C:\Programme\TeamViewer\Version4\TeamViewer.exe (TeamViewer GmbH) PRC - C:\Programme\TeamViewer\Version4\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Fujitsu Siemens Computers\Energy Settings\EnergySettings.exe (Fujitsu Siemens Computers GmbH) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\TechSmith\SnagIt 9\TscHelp.exe (TechSmith Corporation) PRC - C:\Programme\TechSmith\SnagIt 9\SnagItEditor.exe (TechSmith Corporation) PRC - C:\Programme\TechSmith\SnagIt 9\SnagIt32.exe (TechSmith Corporation) PRC - C:\Programme\TechSmith\SnagIt 9\SnagPriv.exe (TechSmith Corporation) PRC - C:\Programme\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers) PRC - C:\Programme\Picasa2\PicasaMediaDetector.exe (Google Inc.) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Windows\System32\consent.exe (Microsoft Corporation) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\Johannes\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Programme\TeamViewer\Version4\TV.dll (TeamViewer GmbH) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (Hamachi2Svc) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (TeamViewer5) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (TeamViewer4) -- C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (TestHandler) -- C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (UPnPService) -- C:\Programme\Common Files\MAGIX Shared\UPnPService\UPnPService.exe (Magix AG) SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®) ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation) DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation) DRV - (ahcix86s) -- C:\Windows\system32\drivers\ahcix86s.sys (AMD Technologies Inc.) DRV - (JRAID) -- C:\Windows\system32\drivers\jraid.sys (JMicron Technology Corp.) DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation) DRV - (RTL85n86) -- C:\Windows\System32\drivers\RTL85n86.sys (Realtek) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaulturl: "hxxp://search.sweetim.com/search.asp?src=2&q=" FF - prefs.js..browser.search.selectedEngine: "SweetIM Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "sport1.de" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2 FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2008.12.26 18:54:50 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.05.03 22:12:48 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.01 17:54:22 | 000,000,000 | ---D | M] [2008.12.31 18:30:21 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\mozilla\Extensions [2010.05.05 22:11:56 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\mozilla\Firefox\Profiles\k68k1rp0.default\extensions [2009.09.02 15:34:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Johannes\AppData\Roaming\mozilla\Firefox\Profiles\k68k1rp0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.05.03 22:15:41 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Johannes\AppData\Roaming\mozilla\Firefox\Profiles\k68k1rp0.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.05.03 22:09:06 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2009.06.24 14:37:42 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2009.06.24 14:37:42 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2009.06.24 14:37:42 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2009.09.13 17:10:36 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2009.06.24 14:37:42 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Programme\TechSmith\SnagIt 9\SnagItBHO.dll (TechSmith Corporation) O2 - BHO: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - No CLSID value found. O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (no name) - {8a194578-81ea-4850-9911-13ba2d71efbd} - No CLSID value found. O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) O3 - HKLM\..\Toolbar: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - No CLSID value found. O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programme\TechSmith\SnagIt 9\SnagItIEAddin.dll (TechSmith Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [EnergySettings] C:\Programme\Fujitsu Siemens Computers\Energy Settings\EnergySettings.exe (Fujitsu Siemens Computers GmbH) O4 - HKLM..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe ( ) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [Google Updater] C:\Users\Johannes\AppData\Local\Temp\nvdis.exe ( ) O4 - HKCU..\Run: [Picasa Media Detector] C:\Programme\Picasa2\PicasaMediaDetector.exe (Google Inc.) O4 - HKCU..\Run: [StartServiceLBNSSBFP] C:\Users\Johannes\AppData\Local\LBNSSBFP\StartService.exe () O4 - HKCU..\Run: [Steam] D:\spiele\Steam\Steam.exe (Valve Corporation) O4 - HKCU..\Run: [WindowsSysGuard] C:\Users\Public\winvcsn.exe () O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: HP Intelligente Auswahl - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06) O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.69.100.198 192.168.0.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Johannes\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Johannes\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2006.10.13 14:50:51 | 003,834,762 | R--- | M] (Macromedia, Inc.) - E:\Autorun.exe -- [ CDFS ] O32 - AutoRun File - [2006.10.17 17:24:41 | 000,000,041 | RH-- | M] () - E:\autorun.inf -- [ CDFS ] O33 - MountPoints2\{1e2baa9c-cfb2-11de-86b7-002185c1db95}\Shell\AutoRun\command - "" = K:\installer.exe -- File not found O33 - MountPoints2\{1e2baa9c-cfb2-11de-86b7-002185c1db95}\Shell\verb\command - "" = K:\installer.exe -- File not found O33 - MountPoints2\{29b3abcf-b288-11dd-9c75-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{29b3abcf-b288-11dd-9c75-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2006.10.13 14:50:51 | 003,834,762 | R--- | M] (Macromedia, Inc.) O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.05.05 21:52:00 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Roaming\Malwarebytes [2010.05.05 21:51:50 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.05.05 21:51:47 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.05.05 21:51:47 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.05.05 21:51:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.05.04 17:40:20 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2010.05.03 15:21:14 | 000,000,000 | RHSD | C] -- C:\RECYCLER [2010.05.02 22:07:18 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Roaming\Avira [2010.05.02 21:53:32 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2010.05.02 21:53:29 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2010.05.02 21:53:29 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2010.05.02 21:53:29 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys [2010.05.02 21:53:29 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys [2010.05.02 21:53:26 | 000,000,000 | ---D | C] -- C:\Programme\Avira [2010.05.02 21:53:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2010.05.02 17:28:23 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Local\LBNSSBFP [2010.04.28 17:03:58 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Local\Windows Server [2010.04.26 22:45:20 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Roaming\501902D68DB8CA7AFA6AFDC173D4967F [2010.04.26 18:29:23 | 000,000,000 | -HSD | C] -- C:\Users\Johannes\AppData\Roaming\lowsec [2010.04.23 23:13:07 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Roaming\TS3Client [2010.04.23 23:12:17 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Local\TeamSpeak 3 Client [2010.04.15 00:00:00 | 000,000,000 | ---D | C] -- C:\Users\Johannes\Documents\Downloads [2010.04.14 23:57:54 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX [2010.04.14 16:59:40 | 003,600,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2010.04.14 16:59:40 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2010.04.14 16:59:36 | 000,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2010.04.14 16:59:33 | 000,220,672 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codecp.acm [2010.04.14 16:59:33 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm [2009.04.09 12:38:00 | 000,126,976 | ---- | C] ( ) -- C:\Windows\System32\Interop.SHDocVw.dll ========== Files - Modified Within 30 Days ========== [2010.05.05 23:07:12 | 012,582,912 | -HS- | M] () -- C:\Users\Johannes\ntuser.dat [2010.05.05 23:06:59 | 000,000,298 | -H-- | M] () -- C:\Windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job [2010.05.05 23:06:00 | 000,000,428 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{A250949A-1191-4172-BE04-ADF5CCC93F80}.job [2010.05.05 23:04:02 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\yvcokn.sys [2010.05.05 21:51:54 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.05.05 21:39:03 | 001,418,806 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.05.05 21:39:03 | 000,618,204 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.05.05 21:39:03 | 000,586,980 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.05.05 21:39:03 | 000,122,636 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.05.05 21:39:03 | 000,101,052 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.05.05 21:32:42 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.05.05 21:32:42 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.05.05 21:32:40 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.05.05 21:32:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.05.05 21:32:36 | 3488,784,384 | -HS- | M] () -- C:\hiberfil.sys [2010.05.05 17:24:45 | 000,524,288 | -HS- | M] () -- C:\Users\Johannes\ntuser.dat{11c1c480-3e63-11df-b49b-002185c1db95}.TMContainer00000000000000000001.regtrans-ms [2010.05.05 17:24:45 | 000,065,536 | -HS- | M] () -- C:\Users\Johannes\ntuser.dat{11c1c480-3e63-11df-b49b-002185c1db95}.TM.blf [2010.05.05 17:24:13 | 003,651,678 | -H-- | M] () -- C:\Users\Johannes\AppData\Local\IconCache.db [2010.05.04 18:58:36 | 000,165,888 | ---- | M] () -- C:\Windows\Wtihyd.exe [2010.05.04 18:31:27 | 000,183,296 | ---- | M] () -- C:\Users\Johannes\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.05.04 18:11:54 | 000,165,888 | ---- | M] () -- C:\Windows\Wtihyc.exe [2010.05.03 23:28:26 | 000,000,574 | ---- | M] () -- C:\Users\Johannes\Desktop\HijackThis.lnk [2010.05.03 22:53:37 | 000,000,589 | ---- | M] () -- C:\Users\Johannes\Desktop\Steam.lnk [2010.05.03 22:33:09 | 000,207,872 | ---- | M] () -- C:\Windows\System32\sshnas21.dll [2010.05.03 19:33:45 | 000,000,000 | ---- | M] () -- C:\Users\Johannes\AppData\Roaming\chrtmp [2010.05.02 21:53:45 | 000,001,853 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2010.04.29 15:36:10 | 000,400,488 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.04.29 12:19:24 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.04.29 12:19:14 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.04.23 23:12:18 | 000,001,029 | ---- | M] () -- C:\Users\Johannes\Desktop\TeamSpeak 3 Client.lnk [2010.04.17 22:29:54 | 000,010,696 | ---- | M] () -- C:\Users\Johannes\Desktop\esl befehle.docx ========== Files Created - No Company Name ========== [2010.05.05 23:06:54 | 000,000,298 | -H-- | C] () -- C:\Windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job [2010.05.05 23:04:02 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\yvcokn.sys [2010.05.05 21:51:54 | 000,000,824 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.05.04 19:51:04 | 000,165,888 | ---- | C] () -- C:\Windows\Wtihyd.exe [2010.05.04 18:47:26 | 000,165,888 | ---- | C] () -- C:\Windows\Wtihyc.exe [2010.05.03 23:28:26 | 000,000,574 | ---- | C] () -- C:\Users\Johannes\Desktop\HijackThis.lnk [2010.05.03 22:33:09 | 000,207,872 | ---- | C] () -- C:\Windows\System32\sshnas21.dll [2010.05.03 19:33:45 | 000,000,000 | ---- | C] () -- C:\Users\Johannes\AppData\Roaming\chrtmp [2010.05.02 21:53:44 | 000,001,853 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2010.04.23 23:12:18 | 000,001,029 | ---- | C] () -- C:\Users\Johannes\Desktop\TeamSpeak 3 Client.lnk [2009.09.17 16:58:24 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.04.09 12:38:00 | 000,053,248 | ---- | C] () -- C:\Windows\System32\SearchRequire.dll [2008.11.10 18:40:02 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2008.11.10 18:40:01 | 000,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini [2008.04.25 15:23:38 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll [2007.06.19 09:59:36 | 000,070,400 | ---- | C] () -- C:\Windows\System32\PhysXLoader.dll [2007.04.20 08:57:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2007.04.20 08:57:28 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2007.04.20 08:57:28 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2007.04.20 08:57:28 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2007.04.20 08:57:28 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2007.04.20 08:57:28 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2007.04.20 08:57:28 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2007.04.20 08:57:28 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2007.04.20 08:57:28 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2001.08.25 16:44:45 | 000,011,616 | R--- | C] () -- C:\Windows\System32\drivers\SECDRV.SYS [1997.06.14 13:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll < End of report > Code:
ATTFilter Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 4070
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18904
05.05.2010 23:03:22
mbam-log-2010-05-05 (23-03-22).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 321091
Laufzeit: 56 Minute(n), 27 Sekunde(n)
Infizierte Speicherprozesse: 2
Infizierte Speichermodule: 1
Infizierte Registrierungsschlüssel: 17
Infizierte Registrierungswerte: 4
Infizierte Dateiobjekte der Registrierung: 4
Infizierte Verzeichnisse: 3
Infizierte Dateien: 32
Infizierte Speicherprozesse:
C:\Windows\System32\sdra64.exe (Trojan.Downloader) -> No action taken.
C:\Users\Public\winvns.exe (Trojan.Downloader) -> No action taken.
Infizierte Speichermodule:
C:\Windows\System32\sshnas21.dll (Trojan.Downloader) -> No action taken.
Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\AppID\{a9722a0d-365f-47d2-b70b-37d046316d99} (Adware.EZlife) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\nkgwuvjiwnwyqbluu (Adware.Adrotator) -> No action taken.
HKEY_CURRENT_USER\Software\M5T8QL3YW3 (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\Software\YVIBBBHA8C (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Smart-Ads-Solutions (Adware.SmartAds) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Smart-Ads-Solutions (Adware.SmartAds) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Smart-Ads-Solutions (Adware.SmartAds) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> No action taken.
HKEY_CLASSES_ROOT\adhlpr.adhlpr (Adware.Adrotator) -> No action taken.
HKEY_CLASSES_ROOT\adhlpr.adhlpr.1.0 (Adware.Adrotator) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\QZAIB7KITK (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4356add9-7562-4442-9d91-88313f7807c7} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{4356add9-7562-4442-9d91-88313f7807c7} (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8d9e2564-858c-8e65-4975-40f8891d4444} (Adware.AdRotator) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{8d9e2564-858c-8e65-4975-40f8891d4444} (Adware.AdRotator) -> No action taken.
Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winupdsrvc (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\userinit (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\shell (Worm.AutoRun) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\m5t8ql3yw3 (Trojan.FakeAlert) -> No action taken.
Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Downloader) -> Data: c:\windows\system32\sdra64.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Downloader) -> Data: system32\sdra64.exe -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (explorer.exe,C:\RECYCLER\S-1-5-21-1634265367-4055158860-846931726-7261\Setupin.exe) Good: (Explorer.exe) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\Windows\system32\userinit.exe,C:\Windows\system32\sdra64.exe,) Good: (Userinit.exe) -> No action taken.
Infizierte Verzeichnisse:
C:\Program Files\Smart-Ads-Solutions (Adware.SmartAds) -> No action taken.
C:\Program Files\Smart-Ads-Solutions\SmartAds (Adware.SmartAds) -> No action taken.
C:\Program Files\Smart-Ads-Solutions\SmartAds\1.5.2.0 (Adware.SmartAds) -> No action taken.
Infizierte Dateien:
C:\Windows\System32\sdra64.exe (Trojan.Downloader) -> No action taken.
C:\Users\Public\winvns.exe (Trojan.Downloader) -> No action taken.
C:\Users\Johannes\AppData\Roaming\sdra64.exe (Trojan.Downloader) -> No action taken.
C:\RECYCLER\S-1-5-21-1634265367-4055158860-846931726-7261\Setupin.exe (Worm.Autorun.B) -> No action taken.
C:\Users\Johannes\AppData\Local\Temp\2802.exe (Trojan.Downloader) -> No action taken.
C:\Users\Johannes\AppData\Local\Temp\6123.exe (Trojan.Downloader) -> No action taken.
C:\Users\Johannes\AppData\Local\Temp\Wcq.exe (Trojan.Fraudpack) -> No action taken.
C:\Users\Johannes\AppData\Local\Temp\install.48596.exe (Trojan.Sshnas) -> No action taken.
C:\Users\Johannes\AppData\Local\Temp\Windows-Update-KB342145-x86-ENU.exe (Trojan.Fraudpack) -> No action taken.
C:\Users\Johannes\AppData\Local\Temp\3159.exe (Trojan.Downloader) -> No action taken.
C:\Users\Johannes\AppData\Local\Temp\3286.exe (Trojan.Downloader) -> No action taken.
C:\Users\Johannes\AppData\Local\Temp\Wcv.exe (Trojan.Fraudpack) -> No action taken.
C:\Users\Johannes\AppData\Local\Temp\khvcol.exe (Trojan.Downloader) -> No action taken.
C:\Users\Johannes\AppData\Local\Temp\COM Security Update Level 1 (Adware.BHO) -> No action taken.
C:\Users\Johannes\AppData\Local\Temp\COM Security Update Level 10 (Adware.BHO) -> No action taken.
C:\Users\Johannes\AppData\Local\Temp\COM Security Update Level 3 (Adware.BHO) -> No action taken.
C:\Users\Johannes\AppData\Local\Temp\COM Security Update Level 5 (Adware.BHO) -> No action taken.
C:\Users\Johannes\AppData\Local\Temp\COM Security Update Level 6 (Adware.BHO) -> No action taken.
C:\Users\Johannes\AppData\Local\Temp\COM Security Update Level 7 (Adware.BHO) -> No action taken.
C:\Users\Johannes\AppData\Local\Temp\COM Security Update Level 8 (Adware.BHO) -> No action taken.
C:\Users\Johannes\AppData\Local\Temp\COM Security Update Level 9 (Adware.BHO) -> No action taken.
C:\Windows\System32\nkgwuvjiwnwyqbluu.exe (Adware.Adrotator) -> No action taken.
C:\Windows\Temp\WinBB9E.tmp (Trojan.Fraudpack) -> No action taken.
C:\Program Files\Smart-Ads-Solutions\SmartAds\1.5.2.0\uninstall.exe (Adware.SmartAds) -> No action taken.
C:\Windows\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job (Trojan.Downloader) -> No action taken.
C:\Users\Johannes\AppData\Local\Temp\Wcl.exe (Trojan.FakeAlert) -> No action taken.
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ntuser_mssec.exe (Trojan.VirTool) -> No action taken.
C:\Windows\System32\sshnas21.dll (Trojan.Downloader) -> No action taken.
C:\Windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> No action taken.
C:\Users\Johannes\AppData\Local\Temp\csrss.exe (Trojan.Agent) -> No action taken.
C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> No action taken.
C:\Users\Johannes\AppData\Local\Temp\0.04576904530300718.exe (Trojan.Dropper) -> No action taken.
|
|
05.05.2010, 22:13
| #8 |
| | Viele Viren und Trojaner Funde, Icq Virus... otl extra Code:
ATTFilter OTL Extras logfile created on: 05.05.2010 23:05:49 - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\Johannes\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 40,00% Memory free
7,00 Gb Paging File | 5,00 Gb Available in Paging File | 68,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 308,88 Gb Total Space | 219,14 Gb Free Space | 70,95% Space Free | Partition Type: NTFS
Drive D: | 613,85 Gb Total Space | 221,16 Gb Free Space | 36,03% Space Free | Partition Type: NTFS
Drive E: | 5,10 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: JOHANNES-PC
Current User Name: Johannes
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" File not found
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{84F59794-7629-4A32-B6B8-F99CFCEA68C2}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{F4A928EA-2904-4BA7-B69F-D8E24DDB30F2}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07E648BC-BA0C-4AC7-80EB-F97A00BE9F5C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{0BD1FAE7-B7CB-4C71-9B7E-B0E24692729D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{200FEB3E-1FE1-480D-97E3-91575FD6809D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{203C5391-1865-419A-8F4A-7860DA97130F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{244F409E-F142-4173-A81D-5400FA709818}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2E6B9B6D-83F0-452F-8C1E-5F50064854BC}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |
"{33AD5E70-67B8-4199-A914-A46BB63895AC}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{41D87C1B-E4E2-42F6-8617-575DE091333D}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version4\teamviewer.exe |
"{46438C51-9148-4C1B-BE9D-464B0075980B}" = protocol=17 | dir=in | app=d:\spiele\steam\steam.exe |
"{728737A4-7750-4C35-8A7D-5412309B1E3A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{77FB02E2-ED6C-4485-B898-91EF0CFA6366}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{781E64D4-FDBB-43AE-BC29-3B59713143AA}" = protocol=6 | dir=in | app=c:\program files\electronic arts\unrealengine3\binaries\moha.exe |
"{782AC38A-F57F-40E3-BFD8-DDACC286EBE4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
"{7DC5881A-DA10-45A9-B3E4-FE264A92A2F8}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{89883749-DF06-4D98-A47F-AF7C27342D83}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{8FA8B820-23B3-4DF6-AD3E-BDB78C9F9355}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{918D7379-A249-470E-A55F-111D04D8E8A2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
"{996468DE-7B99-4428-AA22-1961FEB1732C}" = protocol=6 | dir=in | app=d:\spiele\steam\steam.exe |
"{9A806A3D-EABA-4182-953C-E8882B5D56CB}" = dir=in | app=e:\setup\hpznui01.exe |
"{9BB12149-84E2-4298-8A8C-CDB51EDA75D1}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{B6DFC1E6-6D46-4974-A3ED-8A2865E6DAAD}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{D5F41B31-CA41-4A53-898A-64107FD39CE5}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe |
"{DDC64038-85CE-4CBD-9049-56D9B1E5B526}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe |
"{DF5E22DE-F505-4FCD-9D43-B12C7A8A1A18}" = protocol=17 | dir=in | app=c:\program files\electronic arts\unrealengine3\binaries\moha.exe |
"{F5F6D738-2064-47DD-855B-3605FBD259E9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{F87A88E6-F1F9-4083-9BA5-0D6A04375A25}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version4\teamviewer.exe |
"TCP Query User{53205DFF-006F-452F-BF43-DF1011A1E35D}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{7D612AE1-5C6F-4338-8FDD-69D32167C64E}D:\spiele\steam\steamapps\killer_1392\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\killer_1392\counter-strike source\hl2.exe |
"TCP Query User{FAF6E403-8846-42CC-83C4-D58FE2F6ECC1}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{FD79758E-C411-4481-A933-61964FCECEA3}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{0B55BF90-6CAF-4B80-A582-7C91736A0701}D:\spiele\steam\steamapps\killer_1392\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\killer_1392\counter-strike source\hl2.exe |
"UDP Query User{3AA8BF85-6B1F-477C-94FC-6692536963EA}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{915CC473-1393-4B67-B651-26F92792532D}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{9FC867AE-07C0-4064-94A1-15940EA11BA6}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{09633A5E-3089-41A8-9FF1-382171423C5D}" = PSSWCORE
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{15B8AFD9-92E9-4E86-96D9-83FAC510B82E}" = HPPhotoSmartPhotobookWebPack1
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22F761D1-8063-4170-ADF7-2D2F47834CA9}" = VideoToolkit01
"{25F28E39-FDBB-11DB-8314-0800200C9A66}" = Medal of Honor Airborne
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{27197499-7680-4208-8FD8-5439CDB0FDC1}" = HPProductAssistant
"{2AFEAA03-2DFE-4519-A629-EDAB6541ABE9}" = HPSSupply
"{2F926AE7-9FB7-4B34-906F-9C29A6D146A7}" = SystemDiagnostics
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{43C0C354-A185-4D2D-A057-67C9160460E1}" = PS_AIO_04_C4580_Software_Min
"{4A3D0CF8-60FF-4CEF-91A4-A1F001424602}" = DocProc
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{58BAA8D0-404E-4585-9FD3-ED1BB72AC2EE}" = Adobe Flash Player 9 ActiveX
"{593A6CAF-E114-4e31-884F-74FF349E8E36}" = SolutionCenter
"{59991D18-A988-45AB-B1BF-5ADE6E64CD3F}" = SnagIt 9
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{65F1CF63-31E0-450B-96F3-4A88BE7361A6}" = AGEIA PhysX v7.07.09
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{70E1E357-E57C-4284-B04E-58196DC27BC1}" = PanoStandAlone
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7613592F-B20C-4E1B-B2DD-67F0784D4373}" = Energy Settings
"{7641710F-A4AD-4EAE-889C-4958BE3F169C}" = C4580
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8A74DEFD-A224-49CC-AB80-4E88BC730125}" = LogMeIn Hamachi
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8F32C384-D237-4516-9F2B-223E8963A2FB}" = Lager
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{9580813D-94B1-4C28-9426-A441E2BB29A5}" = Counter-Strike: Source
"{9605D5C2-F545-40F2-B39A-0462E4CD3811}" = Windows Vista Demo Screen Saver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9F4EE72A-C5C9-42ad-ABEF-427690843577}" = MarketResearch
"{A6A195F5-BCAB-4F38-8459-DF693303CD8D}" = PS_AIO_04_C4520_ProductContext
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AA2E8A46-B45E-4aea-8A23-88AB57D04523}" = WebReg
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{BED1705F-7558-40f7-9F52-6C6FBD58EA2E}" = HP Photosmart C4500 All-In-One Driver Software 11.0 Rel .4
"{BF08AB1C-3357-4f20-A200-8EBB8EF27C59}" = BufferChm
"{C89B5E3A-690F-4CEE-909A-BF869E198B0A}" = Scan
"{CC0E1AE3-091D-4969-B151-7AC142062C28}" = SmartWebPrinting
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D16B4BE6-8B10-422f-8034-96D1CA9483B5}" = GPBaseService
"{D23E2520-0EAA-4AC3-A47E-A551C70D4FED}" = C4520_Help
"{D4278897-1541-493E-9D39-59CC6AB0FC09}" = PS_AIO_04_C4580_Software
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{E535C94A-B87F-4182-BEA8-1E9322078D3E}" = Cards_Calendar_OrderGift_DoMorePlugout
"{E8ADC69C-4F11-483B-A3C9-B42E6A451CD2}" = Belkin Wireless Driver
"{E96B0085-6659-486b-A221-5042A042728D}" = Toolbox
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F95F178B-56AD-4fab-87F8-FA81E66C7D68}" = Network
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion
"Applian FLV Player2.0.24" = Applian FLV Player
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 11.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 11.0
"HPExtendedCapabilities" = HP Customer Participation Program 11.0
"HPOCR" = OCR Software by I.R.I.S. 11.0
"LogMeIn Hamachi" = LogMeIn Hamachi
"MAGIX Foto Manager 2008 D" = MAGIX Foto Manager 2008 5.0.3.351 (D)
"MAGIX Fotobuch" = MAGIX Fotobuch 3.6
"MAGIX Media Suite D" = MAGIX Media Suite 1.12.0.89 (D)
"MAGIX Music Manager 2007 D" = MAGIX Music Manager 2007 8.2.0.76 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 2.3.2.0 (D)
"MAGIX Ringtone Maker SE D" = MAGIX Ringtone Maker SE 3.1.0.4 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9)
"NVIDIA Drivers" = NVIDIA Drivers
"Picasa2" = Picasa 2
"Shop for HP Supplies" = Shop for HP Supplies
"Steam App 240" = Counter-Strike: Source
"Steam App 300" = Day of Defeat: Source
"Steam App 320" = Half-Life 2: Deathmatch
"Steam App 340" = Half-Life 2: Lost Coast
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamViewer 4" = TeamViewer 4
"TeamViewer 5" = TeamViewer 5
"VLC media player" = VLC media player 1.0.3
"WinRAR archiver" = WinRAR
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"TeamSpeak 3 Client" = TeamSpeak 3 Client
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
|
|
06.05.2010, 10:56
| #9 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Viele Viren und Trojaner Funde, Icq Virus... Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
PRC - C:\Windows\Wtihyd.exe ()
PRC - C:\Users\Johannes\AppData\Local\Temp\Wcl.exe ()
PRC - C:\Users\Public\winvcsn.exe ()
PRC - C:\Users\Johannes\AppData\Local\Temp\nvdis.exe ( )
FF - prefs.js..browser.search.defaulturl: "http://search.sweetim.com/search.asp?src=2&q="
FF - prefs.js..browser.search.selectedEngine: "SweetIM Search"
O4 - HKCU..\Run: [Google Updater] C:\Users\Johannes\AppData\Local\Temp\nvdis.exe ( )
O4 - HKCU..\Run: [WindowsSysGuard] C:\Users\Public\winvcsn.exe ()
O4 - HKCU..\Run: [Google Updater] C:\Users\Johannes\AppData\Local\Temp\nvdis.exe ( )
O4 - HKCU..\Run: [WindowsSysGuard] C:\Users\Public\winvcsn.exe ()
O32 - AutoRun File - [2006.10.13 14:50:51 | 003,834,762 | R--- | M] (Macromedia, Inc.) - E:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2006.10.17 17:24:41 | 000,000,041 | RH-- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{1e2baa9c-cfb2-11de-86b7-002185c1db95}\Shell\AutoRun\command - "" = K:\installer.exe -- File not found
O33 - MountPoints2\{1e2baa9c-cfb2-11de-86b7-002185c1db95}\Shell\verb\command - "" = K:\installer.exe -- File not found
O33 - MountPoints2\{29b3abcf-b288-11dd-9c75-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{29b3abcf-b288-11dd-9c75-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2006.10.13 14:50:51 | 003,834,762 | R--- | M] (Macromedia, Inc.)
[2010.04.26 22:45:20 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Roaming\501902D68DB8CA7AFA6AFDC173D4967F
[2010.04.26 18:29:23 | 000,000,000 | -HSD | C] -- C:\Users\Johannes\AppData\Roaming\lowsec
[2010.05.05 23:04:02 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\yvcokn.sys
[2010.05.04 18:58:36 | 000,165,888 | ---- | M] () -- C:\Windows\Wtihyd.exe
[2010.05.04 18:31:27 | 000,183,296 | ---- | M] () -- C:\Users\Johannes\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.05.04 18:11:54 | 000,165,888 | ---- | M] () -- C:\Windows\Wtihyc.exe
[2010.05.03 22:33:09 | 000,207,872 | ---- | M] () -- C:\Windows\System32\sshnas21.dll
[2010.05.03 19:33:45 | 000,000,000 | ---- | M] () -- C:\Users\Johannes\AppData\Roaming\chrtmp
[2009.04.09 12:38:00 | 000,053,248 | ---- | C] () -- C:\Windows\System32\SearchRequire.dll
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.05.2010, 20:49
| #10 |
| | Viele Viren und Trojaner Funde, Icq Virus... So ich habe das alles mal so gemacht wie du es mir gesagt hast, dass windows update von einem unbekannten herrausgeber(C:\User\**\AppData\Temp\Windows-Update-KB342145-x86-ENU.exe) hat mich aber direkt wieder begrüßt mit zulassen oder verweigern, hier die log datei: Code:
ATTFilter All processes killed
========== OTL ==========
No active process named Wtihyd.exe was found!
No active process named Wcl.exe was found!
No active process named winvcsn.exe was found!
No active process named nvdis.exe was found!
Prefs.js: "hxxp://search.sweetim.com/search.asp?src=2&q=" removed from browser.search.defaulturl
Prefs.js: "SweetIM Search" removed from browser.search.selectedEngine
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Google Updater not found.
File C:\Users\Johannes\AppData\Local\Temp\nvdis.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\WindowsSysGuard not found.
File C:\Users\Public\winvcsn.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Google Updater not found.
File C:\Users\Johannes\AppData\Local\Temp\nvdis.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\WindowsSysGuard not found.
File C:\Users\Public\winvcsn.exe not found.
File move failed. E:\Autorun.exe scheduled to be moved on reboot.
File move failed. E:\autorun.inf scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1e2baa9c-cfb2-11de-86b7-002185c1db95}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1e2baa9c-cfb2-11de-86b7-002185c1db95}\ not found.
File K:\installer.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1e2baa9c-cfb2-11de-86b7-002185c1db95}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1e2baa9c-cfb2-11de-86b7-002185c1db95}\ not found.
File K:\installer.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{29b3abcf-b288-11dd-9c75-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{29b3abcf-b288-11dd-9c75-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{29b3abcf-b288-11dd-9c75-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{29b3abcf-b288-11dd-9c75-806e6f6e6963}\ not found.
File move failed. E:\Autorun.exe scheduled to be moved on reboot.
C:\Users\Johannes\AppData\Roaming\501902D68DB8CA7AFA6AFDC173D4967F folder moved successfully.
C:\Users\Johannes\AppData\Roaming\lowsec folder moved successfully.
File C:\Windows\System32\drivers\yvcokn.sys not found.
C:\Windows\Wtihyd.exe moved successfully.
C:\Users\Johannes\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully.
C:\Windows\Wtihyc.exe moved successfully.
File C:\Windows\System32\sshnas21.dll not found.
C:\Users\Johannes\AppData\Roaming\chrtmp moved successfully.
C:\Windows\System32\SearchRequire.dll moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: ***
->Temp folder emptied: 2141845158 bytes
->Temporary Internet Files folder emptied: 45635184 bytes
->Java cache emptied: 685872 bytes
->FireFox cache emptied: 71702212 bytes
->Google Chrome cache emptied: 856432 bytes
->Flash cache emptied: 6190 bytes
User: ***
->Temp folder emptied: 6152475 bytes
->Temporary Internet Files folder emptied: 48661980 bytes
->FireFox cache emptied: 30671951 bytes
->Flash cache emptied: 2929 bytes
User: ***
->Temp folder emptied: 1699635 bytes
->Temporary Internet Files folder emptied: 109898 bytes
->FireFox cache emptied: 40953262 bytes
->Flash cache emptied: 604 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 629602 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 2.279,00 mb
OTL by OldTimer - Version 3.2.4.1 log created on 05062010_214111
Files\Folders moved on Reboot...
File move failed. E:\Autorun.exe scheduled to be moved on reboot.
File move failed. E:\autorun.inf scheduled to be moved on reboot.
Registry entries deleted on Reboot...
Geändert von SiebenSchlae (06.05.2010 um 20:58 Uhr) |
|
07.05.2010, 11:36
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Viele Viren und Trojaner Funde, Icq Virus... Ok. Weiter gehts mit CF: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
07.05.2010, 15:55
| #12 |
| | Viele Viren und Trojaner Funde, Icq Virus... Okay habe mir Beide Programme geladen und ausgeführt hier das Log von combofix: Code:
ATTFilter ComboFix 10-05-06.05 - Johannes 07.05.2010 16:44:14.1.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3327.2156 [GMT 2:00]
ausgeführt von:: c:\users\Johannes\Desktop\cofi.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-1981430874-1461379027-507063435-500
c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
c:\recycler\S-1-5-21-1634265367-4055158860-846931726-7261
c:\recycler\S-1-5-21-2371285633-5924054069-967626963-5865
c:\recycler\S-1-5-21-2392517425-9675785191-291163200-2830
c:\recycler\S-1-5-21-2476066020-3156319294-914401234-6823
c:\recycler\S-1-5-21-4361653718-4885406370-135914478-8306
c:\recycler\S-1-5-21-5329191258-0846633533-629004746-4783
c:\recycler\S-1-5-21-5577668531-0322717827-083024200-4759
c:\recycler\S-1-5-21-6824106828-5238599994-095171678-3973
c:\recycler\S-1-5-21-8375497566-7244318555-596617142-9877
c:\recycler\S-1-5-21-8468337546-2401470383-114608456-3179
c:\recycler\S-1-5-21-8543406265-4846407540-276423725-9583
c:\recycler\S-1-5-21-9076899268-4717087827-259976369-0995
c:\recycler\S-1-5-21-9200935278-4043040693-077872233-6379
c:\users\Johannes\AppData\Local\Windows Server
c:\users\Johannes\AppData\Local\Windows Server\flags.ini
c:\users\Johannes\AppData\Local\Windows Server\uses32.dat
----- BITS: Eventuell infizierte Webseiten -----
hxxp://gooddayfilm.com
.
((((((((((((((((((((((( Dateien erstellt von 2010-04-07 bis 2010-05-07 ))))))))))))))))))))))))))))))
.
2010-05-07 14:48 . 2010-05-07 14:48 -------- d-----w- c:\users\Johannes\AppData\Local\temp
2010-05-07 14:25 . 2010-05-07 14:25 -------- d-----w- c:\program files\CCleaner
2010-05-06 18:52 . 2010-05-06 18:52 -------- d-----w- C:\_OTL
2010-05-05 19:52 . 2010-05-05 19:52 -------- d-----w- c:\users\Johannes\AppData\Roaming\Malwarebytes
2010-05-05 19:51 . 2010-04-29 10:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-05 19:51 . 2010-05-05 19:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-05 19:51 . 2010-05-05 19:51 -------- d-----w- c:\programdata\Malwarebytes
2010-05-05 19:51 . 2010-04-29 10:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-04 15:40 . 2010-05-04 15:40 -------- d-----w- c:\windows\Sun
2010-05-02 20:07 . 2010-05-02 20:07 -------- d-----w- c:\users\Johannes\AppData\Roaming\Avira
2010-05-02 19:53 . 2010-03-01 08:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-05-02 19:53 . 2010-02-16 12:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-05-02 19:53 . 2009-05-11 10:49 51992 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-05-02 19:53 . 2009-05-11 10:49 17016 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-05-02 19:53 . 2010-05-02 19:53 -------- d-----w- c:\programdata\Avira
2010-05-02 19:53 . 2010-05-02 19:53 -------- d-----w- c:\program files\Avira
2010-05-02 15:28 . 2010-05-03 19:50 -------- d-----w- c:\users\Johannes\AppData\Local\LBNSSBFP
2010-04-23 21:13 . 2010-04-25 18:25 -------- d-----w- c:\users\Johannes\AppData\Roaming\TS3Client
2010-04-23 21:12 . 2010-04-23 21:12 -------- d-----w- c:\users\Johannes\AppData\Local\TeamSpeak 3 Client
2010-04-14 14:59 . 2010-02-18 14:07 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-14 14:59 . 2010-02-18 14:07 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-14 14:59 . 2010-02-23 11:10 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-14 14:59 . 2010-02-23 11:10 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-14 14:59 . 2010-02-23 11:10 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-14 14:59 . 2010-03-05 14:01 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-04-14 14:59 . 2010-02-18 14:07 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-04-14 14:59 . 2010-02-18 13:30 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-04-14 14:59 . 2010-02-18 11:28 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-04-14 14:58 . 2009-12-23 11:33 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-04-14 14:57 . 2010-01-13 17:34 98304 ----a-w- c:\windows\system32\cabview.dll
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-07 13:20 . 2008-01-21 07:15 618204 ----a-w- c:\windows\system32\perfh007.dat
2010-05-07 13:20 . 2008-01-21 07:15 122636 ----a-w- c:\windows\system32\perfc007.dat
2010-05-06 14:26 . 2008-12-26 17:27 -------- d-----w- c:\users\Johannes\AppData\Roaming\ICQ
2010-05-04 15:26 . 2009-01-13 17:37 -------- d-----w- c:\program files\Common Files\Steam
2010-05-03 20:59 . 2008-12-26 10:13 -------- d-----w- c:\program files\Google
2010-05-03 20:23 . 2008-11-10 16:39 -------- d-----w- c:\programdata\G DATA
2010-05-03 20:09 . 2009-01-26 21:19 -------- d-----r- c:\program files\Skype
2010-05-02 20:06 . 2009-04-08 21:26 -------- d-----w- c:\users\Johannes\AppData\Roaming\TeamViewer
2010-05-02 18:12 . 2010-01-02 11:04 -------- d-----w- c:\users\Johannes\AppData\Roaming\vlc
2010-05-02 11:17 . 2010-03-17 17:46 -------- d-----w- c:\users\Michael Kreß\AppData\Roaming\vlc
2010-05-02 11:16 . 2010-03-17 17:46 -------- d-----w- c:\users\Michael Kreß\AppData\Roaming\dvdcss
2010-05-02 07:52 . 2009-01-21 20:25 -------- d-----w- c:\users\Johannes\AppData\Roaming\teamspeak2
2010-04-18 22:44 . 2009-01-26 21:19 -------- d-----w- c:\users\Johannes\AppData\Roaming\Skype
2010-04-18 22:06 . 2009-01-26 21:22 -------- d-----w- c:\users\Johannes\AppData\Roaming\skypePM
2010-04-15 06:44 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-04-14 21:59 . 2010-04-14 21:59 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-04-14 21:59 . 2009-12-05 21:37 -------- d-----w- c:\program files\DivX
2010-04-14 21:59 . 2010-04-14 21:59 56766 ----a-w- c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-04-14 21:59 . 2010-04-14 21:57 -------- d-----w- c:\programdata\DivX
2010-04-14 21:59 . 2010-04-14 21:59 56978 ----a-w- c:\programdata\DivX\WebPlayer\Uninstaller.exe
2010-04-14 21:59 . 2010-04-14 21:59 57409 ----a-w- c:\programdata\DivX\ControlPanel\Uninstaller.exe
2010-04-14 21:59 . 2010-04-14 21:59 53600 ----a-w- c:\programdata\DivX\Update\Uninstaller.exe
2010-04-14 21:59 . 2010-04-14 21:59 52963 ----a-w- c:\programdata\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-04-14 21:59 . 2010-04-14 21:59 54073 ----a-w- c:\programdata\DivX\Qt4.5\Uninstaller.exe
2010-04-14 21:59 . 2009-12-05 21:37 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-04-14 21:58 . 2010-04-14 21:59 754984 ----a-w- c:\programdata\DivX\Setup\Resource.dll
2010-04-14 21:57 . 2010-04-14 21:59 1180952 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe
2010-04-03 00:20 . 2009-07-22 20:02 -------- d-----w- c:\programdata\HP Product Assistant
2010-04-02 20:25 . 2010-04-02 20:25 -------- d-----w- c:\program files\Common Files\Skype
2010-04-02 20:25 . 2009-01-26 21:18 -------- d-----w- c:\programdata\Skype
2010-04-02 13:00 . 2009-06-09 14:27 114944 ----a-w- c:\users\Jonas Kreß\AppData\Local\GDIPFONTCACHEV1.DAT
2010-04-01 01:20 . 2010-04-01 01:20 -------- d-----w- c:\program files\LogMeIn Hamachi
2010-03-29 21:53 . 2009-01-04 13:12 -------- d-----w- c:\users\Johannes\AppData\Roaming\dvdcss
2010-03-17 17:36 . 2010-03-17 17:36 -------- d-----w- c:\users\Michael Kreß\AppData\Roaming\DivX
2010-03-17 17:23 . 2010-03-17 17:23 114944 ----a-w- c:\users\Michael Kreß\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-08 17:59 . 2010-03-08 17:59 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-02-25 20:42 . 2008-12-26 10:17 114944 ----a-w- c:\users\Johannes\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-24 08:16 . 2009-10-02 18:47 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-23 06:39 . 2010-03-31 09:06 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33 . 2010-03-31 09:06 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 06:33 . 2010-03-31 09:06 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 04:55 . 2010-03-31 09:06 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-20 23:06 . 2010-03-10 13:50 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:05 . 2010-03-10 13:50 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-02-20 20:53 . 2010-03-10 13:50 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-02-13 13:35 . 2010-02-13 13:35 509552 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbB81C.tmp.exe
2010-02-12 10:32 . 2010-03-12 13:47 293376 ----a-w- c:\windows\system32\browserchoice.exe
2008-12-29 09:54 . 2008-12-29 09:54 7728128 ----a-w- c:\program files\FLV PlayerRCATSetup.exe
2008-12-29 09:53 . 2008-12-29 09:52 20938728 ----a-w- c:\program files\FLV PlayerRCSetup.exe
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"StartServiceLBNSSBFP"="c:\users\Johannes\AppData\Local\LBNSSBFP\StartService.exe" [2010-05-03 409600]
"Steam"="d:\spiele\Steam\Steam.exe" [2010-05-07 1238352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2008-08-27 6281760]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"EnergySettings"="c:\program files\Fujitsu Siemens Computers\Energy Settings\EnergySettings.exe" [2008-09-19 113664]
"Google EULA Launcher"="c:\program files\Google\Google EULA\GoogleEULALauncher.exe" [2008-05-28 20480]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-03-25 49152]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13580832]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 92704]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"Skytel"="Skytel.exe" [2008-08-27 1833504]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2010-03-30 1820040]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-04-12 1135912]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
" Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]
c:\users\Johannes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
SnagIt 9.lnk - c:\program files\TechSmith\SnagIt 9\SnagIt32.exe [2008-5-15 6822728]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):d6,8e,2d,f2,98,96,ca,01
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
R4 UPnPService;UPnPService;c:\program files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 544768]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2010-03-30 1107336]
S2 TeamViewer4;TeamViewer 4;c:\program files\TeamViewer\Version4\TeamViewer_Service.exe [2009-10-07 185640]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-01-12 185640]
S3 RTL85n86;Belkin Wireless G Notebook Card Service v8;c:\windows\system32\DRIVERS\RTL85n86.sys [2007-03-12 354816]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners
2010-05-07 c:\windows\Tasks\User_Feed_Synchronization-{A250949A-1191-4172-BE04-ADF5CCC93F80}.job
- c:\windows\system32\msfeedssync.exe [2010-03-31 04:54]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.icq.com/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\k68k1rp0.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - sport1.de
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
URLSearchHooks-{EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
HKU-Default-Run-fsc-reg - c:\fsc-reg\fscreg.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-05-07 16:48
Windows 6.0.6002 Service Pack 2 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
c:\users\Johannes\AppData\Local\Temp\catchme.dll 53248 bytes executable
Scan erfolgreich abgeschlossen
versteckte Dateien: 1
**************************************************************************
.
Zeit der Fertigstellung: 2010-05-07 16:50:31
ComboFix-quarantined-files.txt 2010-05-07 14:50
Vor Suchlauf: 14 Verzeichnis(se), 238.606.979.072 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 238.586.081.280 Bytes frei
- - End Of File - - A2AD880B140A82397C1938EE187EE511
|
|
07.05.2010, 20:20
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Viele Viren und Trojaner Funde, Icq Virus... Sieht gut aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!! Edith schreit HALT! Einen Ordner hätte ich gefunden der weg sollte => c:\users\Johannes\AppData\Local\LBNSSBFP Probiers als OTL-Fix (hast Du ja schonmal gemacht  )Code:
ATTFilter :Files
c:\users\Johannes\AppData\Local\LBNSSBFP
:Commands
[emptytemp]
__________________ Logfiles bitte immer in CODE-Tags posten Geändert von cosinus (07.05.2010 um 20:27 Uhr) |
|
10.05.2010, 17:29
| #14 |
| | Viele Viren und Trojaner Funde, Icq Virus... OTL fix log: Code:
ATTFilter All processes killed
========== FILES ==========
c:\users\Johannes\AppData\Local\LBNSSBFP folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Johannes
->Temp folder emptied: 1375030 bytes
->Temporary Internet Files folder emptied: 6858570 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 73901335 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 2252 bytes
User: Jonas Kreß
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Michael Kreß
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 23302 bytes
RecycleBin emptied: 188416 bytes
Total Files Cleaned = 79,00 mb
OTL by OldTimer - Version 3.2.4.1 log created on 05102010_175906
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
|
|
11.05.2010, 20:52
| #15 |
| | Viele Viren und Trojaner Funde, Icq Virus... mbam: Code:
ATTFilter Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 4086
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18904
10.05.2010 19:54:47
mbam-log-2010-05-10 (19-54-47).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 308871
Laufzeit: 52 Minute(n), 54 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 4
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
C:\Users\Johannes\AppData\LocalLow\Smart-Ads-Solutions\SmartAds\download\bndl_1540.exe (Adware.SmartAds) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05062010_214111\C_Users\Johannes\AppData\Roaming\501902D68DB8CA7AFA6AFDC173D4967F\gotnewupdate000.exe (Trojan.FraudPack) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05062010_214111\C_Windows\Wtihyc.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05062010_214111\C_Windows\Wtihyd.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
|
|
| Themen zu Viele Viren und Trojaner Funde, Icq Virus... |
| alle kontakte, antivir guard, avg, avira, bho, browser, computer, defender, desktop, exe, firefox, g data, google, hkus\s-1-5-18, internet, internet explorer, local\temp, mozilla, neu aufsetzen, picasa, rundll, senden, server, software, system, teamspeak, trojaner, viele viren, viren, vista, werbung, windows |
Linear-Darstellung
