Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
BDS/Bredolab.fjo +TR/ATRAPS.Gen2' [trojan und viele mehr........

BDS/Bredolab.fjo +TR/ATRAPS.Gen2' [trojan und viele mehr........


Plagegeister aller Art und deren Bekämpfung: BDS/Bredolab.fjo +TR/ATRAPS.Gen2' [trojan und viele mehr........

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 02.07.2010, 10:44   #1
jennifer
 
BDS/Bredolab.fjo +TR/ATRAPS.Gen2' [trojan und viele mehr........ - Ausrufezeichen

BDS/Bredolab.fjo +TR/ATRAPS.Gen2' [trojan und viele mehr........


Hallo ihre Lieben,
ich hoffe ihr könnt mir weiterhelfen, denn ich bin auf diesen Gebiet absolut unerfahren.
Seit ungefähr einer Woche zeigt mein Antivir Programm im halben Stunden Taxt Virusmeldungen an: TR/ATRAPS.Gen2' [trojan , TR/Buzus.enth' [trojan],
WORM/Palevo.aixw' und so weiter und so fort.

Ich hab schon, wie hier empfohlen wurde, Malwarebytes, Randoms System und CCleaner installiert und durchlaufen lassen.

Also Ergebnisse von Random System sind: (info.txt) :

info.txt logfile of random's system information tool 1.06 2010-07-02 09:56:02

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
32 Bit HP CIO Components Installer-->MsiExec.exe /I{2614F54E-A828-49FA-93BA-45A3F756BFAA}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\FlashUtil10h_Plugin.exe -maintain plugin
Adobe Photoshop Lightroom 2.7-->MsiExec.exe /I{B0513493-04B9-4F21-B4AB-83E750D54256}
Adobe Reader 9.2 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A92000000001}
Akamai NetSession Interface-->C:\Program Files\Common Files\Akamai\uninstall.exe
Apple Application Support-->MsiExec.exe /I{553255F3-78FD-40F1-A6F8-6882140265FE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Atheros Driver Installation Program-->C:\Program Files\InstallShield Installation Information\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}\setup.exe -runfromtemp -l0x0007
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
Catalyst Control Center - Branding-->MsiExec.exe /I{3FA93E4C-CB3B-4B25-B091-9DB0FCC56A74}
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
Cisco EAP-FAST Module-->MsiExec.exe /I{415B2719-AD3A-4944-B404-C472DB6085B3}
Cisco LEAP Module-->MsiExec.exe /I{83770D14-21B9-44B3-8689-F7B523F94560}
Cisco PEAP Module-->MsiExec.exe /I{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
eMule-->"C:\Program Files\eMule\Uninstall.exe"
Escritorio movistar-->"C:\Program Files\Movistar\Escritorio movistar\Uninstall.exe"
GIMP 2.6.5-->"C:\Program Files\GIMP-2.0\setup\unins000.exe"
Google Earth-->MsiExec.exe /X{F7B0939E-58DF-11DF-B3A6-005056806466}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
HP Customer Participation Program 10.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Deskjet F4200 All-In-One Driver Software 10.0 Rel .3-->C:\Program Files\HP\Digital Imaging\{AE9A67F9-ADF1-4a44-BAB5-C1DB302B37A2}\setup\hpzscr01.exe -datfile hposcr28.dat -onestop
HP Help and Support-->MsiExec.exe /X{31216452-5540-4C96-B754-94890A63D5AB}
HP Imaging Device Functions 10.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP MULTIPLE MODEM INSTALLER for VISTA-->MsiExec.exe /I{9F238A60-C445-4B81-8EDE-07DC924E98F8}
HP Photosmart Essential 2.5-->C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Quick Launch Buttons 6.40 H2-->C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\Setup.exe -runfromtemp -l0x0007 -removeonly uninst
HP Smart Web Printing 4.60-->C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpzscr01.exe -datfile hpqbud15.dat
HP Solution Center 13.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat -forcereboot
HP Update-->MsiExec.exe /X{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}
HUAWEI DataCard Driver 2.93-->C:\Program Files\HUAWEI Modem Driver\uninst.exe
ICQ7-->"C:\Program Files\InstallShield Installation Information\{88EB38EF-4D2C-436D-ABD3-56B232674062}\ICQ7.exe" -runfromtemp -l0x0009 -removeonly
IDT Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}\setup.exe" -l0x7 -remove -removeonly
Java(TM) 6 Update 10-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
JMicron JMB38X Flash Media Controller-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{26604C7E-A313-4D12-867F-7C6E7820BE4C}\setup.exe" -l0x7 -removeonly
Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5}
Kosten Express-->MsiExec.exe /I{8CC79171-F62D-4607-B6D4-F5EE0BAEC47C}
LG USB Modem driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C3ABE126-2BB2-4246-BFE1-6797679B3579}\setup.exe" -l0x7 LG -removeonly
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - deu\setup.exe
Microsoft .NET Framework 3.5 Language Pack SP1 - deu-->MsiExec.exe /I{052FDD78-A6EA-3187-8386-C82F4CA3A929}
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Mozilla Firefox (3.5.10)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18}
OpenOffice.org 3.0-->MsiExec.exe /I{04B45310-A5FE-4425-BFCA-1A6D8920DE74}
PowerProducer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
Rainlendar2 (remove only)-->"C:\Program Files\Rainlendar2\uninst.exe"
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek 8169 8168 8101E 8102E Ethernet Driver-->C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -l0x0007 -removeonly
Shop for HP Supplies-->C:\Program Files\HP\Digital Imaging\HPSSupply\hpzscr01.exe -datfile hpqbud16.dat
Skype™ 4.2-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421}
Windows Live Anmelde-Assistent-->MsiExec.exe /I{52B97218-98CB-4B8B-9283-D213C85E1AA4}
Windows Live Call-->MsiExec.exe /I{5FC68772-6D56-41C6-9DF1-24E868198AE6}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}
Windows Live Fotogalerie-->MsiExec.exe /X{2BA722D1-48D1-406E-9123-8AE5431D63EF}
Windows Live Mail-->MsiExec.exe /I{C4D738F7-996A-4C81-B8FA-C4E26D767E41}
Windows Live Messenger-->MsiExec.exe /X{41E654A9-26D0-4EAC-854B-0FA824FFFABB}
Windows Live Movie Maker-->MsiExec.exe /X{3EFEF049-23D4-4B46-8903-4592FEA51018}
Windows Live Sync-->MsiExec.exe /X{76618402-179D-4699-A66B-D351C59436BC}
Windows Live-Uploadtool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
WinRAR-->C:\Program Files\WinRAR\uninstall.exe

======Security center information======

AS: Windows Defender (disabled)

======System event log======

Computer Name: Pavilion
Event Code: 7036
Message: Dienst "Sicherheitskonto-Manager" befindet sich jetzt im Status "Ausgeführt".
Record Number: 159305
Source Name: Service Control Manager
Time Written: 20100204151807.000000-000
Event Type: Informationen
User:

Computer Name: Pavilion
Event Code: 7036
Message: Dienst "Sitzungs-Manager für Desktopfenster-Manager" befindet sich jetzt im Status "Ausgeführt".
Record Number: 159304
Source Name: Service Control Manager
Time Written: 20100204151807.000000-000
Event Type: Informationen
User:

Computer Name: Pavilion
Event Code: 7036
Message: Dienst "HP Service" befindet sich jetzt im Status "Ausgeführt".
Record Number: 159303
Source Name: Service Control Manager
Time Written: 20100204151807.000000-000
Event Type: Informationen
User:

Computer Name: Pavilion
Event Code: 7036
Message: Dienst "Softwarelizenzierung" befindet sich jetzt im Status "Ausgeführt".
Record Number: 159302
Source Name: Service Control Manager
Time Written: 20100204151807.000000-000
Event Type: Informationen
User:

Computer Name: Pavilion
Event Code: 7036
Message: Dienst "Benachrichtigungsdienst für Systemereignisse" befindet sich jetzt im Status "Ausgeführt".
Record Number: 159301
Source Name: Service Control Manager
Time Written: 20100204151807.000000-000
Event Type: Informationen
User:

=====Application event log=====

Computer Name: Pavilion
Event Code: 0


und log.txt:

Logfile of random's system information tool 1.07 (written by random/random)
Run by Jennifer at 2010-07-02 09:54:49
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 141 GB (48%) free of 296 GB
Total RAM: 3069 MB (53% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 09:56:00, on 02.07.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Movistar\Escritorio movistar\EMMSN.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\Program Files\ICQ7.0\ICQ.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Movistar\Nori\Nori.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Users\Jennifer\Downloads\RSIT.exe
C:\Users\Jennifer\Downloads\RSIT.exe
C:\Program Files\trend micro\Jennifer.exe
C:\Program Files\Avira\AntiVir Desktop\GUARDGUI.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Ofb1 - {3E1500AC-87A5-416b-A211-82E848649DA9} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Escritorio movistar] "C:\Program Files\Movistar\Escritorio movistar\EMMSN.exe" -systray
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [filecroc] "C:\Program Files\FileCroc\FileCroc.exe" -h
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [BitComet] C:\Program Files\BitComet\BitComet.exe /tray
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [{E6608647-EADF-5E2B-7EE2-2E9B7578AE1E}] C:\Users\Jennifer\AppData\Roaming\Oxytm\gehit.exe
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7.0\ICQ.exe" silent loginmode=4
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra button: HP Smart Web Printing ein- oder ausblenden - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\aestsrv.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\STacSV.exe

--
End of file - 8461 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\User_Feed_Synchronization-{A67B2776-B31A-4D6A-B519-C71A199677C3}.job
C:\Windows\tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22 328248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-02-22 304736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3E1500AC-87A5-416b-A211-82E848649DA9}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-20 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Anmelde-Hilfsprogramm - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

und der Report von Maleware :


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4266

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

02.07.2010 10:37:53
mbam-log-2010-07-02 (10-37-53).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Durchsuchte Objekte: 213827
Laufzeit: 1 Stunde(n), 3 Minute(n), 3 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 5
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 1
Infizierte Dateien: 42

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\CLSID\{e7467507-dd40-4123-be49-7b7df5db80c6} (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3e1500ac-87a5-416b-a211-82e848649da9} (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3e1500ac-87a5-416b-a211-82e848649da9} (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Cognac (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\shell (Malware.Trace) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
C:\Program Files\Ofb1 (Adware.OwlForce) -> Quarantined and deleted successfully.

Infizierte Dateien:
C:\Users\Jennifer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IQCLYBGV\update[1].exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\Jennifer\AppData\Local\Temp\~TM7C32.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\Jennifer\AppData\Local\Temp\1844874.exe (Packed.Krap) -> Quarantined and deleted successfully.
C:\Users\Jennifer\AppData\Local\Temp\3269.exe (Packed.Krap) -> Quarantined and deleted successfully.
C:\Users\Jennifer\AppData\Local\Temp\336390.exe (Packed.Krap) -> Quarantined and deleted successfully.
C:\Users\Jennifer\AppData\Local\Temp\7873.exe (Packed.Krap) -> Quarantined and deleted successfully.
C:\Users\Jennifer\AppData\Local\Temp\~TM1EA0.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\Jennifer\AppData\Local\Temp\~TM2011.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\Jennifer\AppData\Local\Temp\~TM212A.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\Jennifer\AppData\Local\Temp\~TM23D0.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\Jennifer\AppData\Local\Temp\~TM2700.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\Jennifer\AppData\Local\Temp\~TM277D.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\Jennifer\AppData\Local\Temp\~TM46DA.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\Jennifer\AppData\Local\Temp\~TM5188.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\Jennifer\AppData\Local\Temp\~TM6E5B.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\Jennifer\AppData\Local\Temp\~TM724F.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\Jennifer\AppData\Local\Temp\~TM7B54.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\Jennifer\AppData\Local\Temp\~TM8244.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\Jennifer\AppData\Local\Temp\~TM884C.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\Jennifer\AppData\Local\Temp\~TM893F.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\Jennifer\AppData\Local\Temp\~TM99C1.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\Jennifer\AppData\Local\Temp\~TM9B28.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\Jennifer\AppData\Local\Temp\~TMA57A.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\Jennifer\AppData\Local\Temp\~TMB43A.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\Jennifer\AppData\Local\Temp\~TMB4C6.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\Jennifer\AppData\Local\Temp\~TMB989.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\Jennifer\AppData\Local\Temp\~TMC09F.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\Jennifer\AppData\Local\Temp\~TMC0ED.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\Jennifer\AppData\Local\Temp\~TMC8AC.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\Jennifer\AppData\Local\Temp\~TMCB41.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\Jennifer\AppData\Local\Temp\~TMCC16.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\Jennifer\AppData\Local\Temp\~TMCC3B.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\Jennifer\AppData\Local\Temp\~TMCF22.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\Jennifer\AppData\Local\Temp\~TME49D.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\Jennifer\AppData\Local\Temp\~TMEEB7.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\Jennifer\AppData\Local\Temp\~TMF2F5.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\Jennifer\AppData\Local\Temp\~TMF334.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\Jennifer\AppData\Local\Temp\~TMF7BA.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\Jennifer\AppData\Local\Temp\~TMFD46.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\Jennifer\AppData\Local\Temp\~TMFF2D.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\Jennifer\Downloads\eMule\Incoming\07 - The Maytals - 54-46 Was My Number\setup.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.




Bin mal gespannt, was ihr jetzt dazu sagt........

Danke im Vorraus.
Liebe Grüsse Jenny

Alt 02.07.2010, 10:46   #2
jennifer
 
BDS/Bredolab.fjo +TR/ATRAPS.Gen2' [trojan und viele mehr........ - Standard

BDS/Bredolab.fjo +TR/ATRAPS.Gen2' [trojan und viele mehr........


Und hier ist noch was.
Vielleicht auch wichtig.

[11.02.2009|21:34] C:\Program Files\Common Files\Windows Live
[22.12.2008|18:54] C:\Program Files\Common Files\WindowsLiveInstaller
[22.02.2009|17:20] C:\Program Files\Common Files\xing shared
[0|Datei(en),] C:\Program Files\Common Files\Bytes
[20|Verzeichnis(se),] C:\Program Files\Common Files\Bytes frei

--------------------\\ Process

( 78 Processes )

... OK !

--------------------\\ Ueberpruefung mit S_Lop

Kein Lop Ordner gefunden !

--------------------\\ Suche nach Lop Dateien - Ordnern

C:\Users\Jennifer\AppData\Local\Temp\nsxAB01.tmp
C:\Users\Jennifer\AppData\Roaming\MICROS~1\Windows\Cookies\jennifer@advertising[2].txt

--------------------\\ Suche innerhalb der Registry

..... OK !

--------------------\\ Ueberpruefung der Hosts Datei

Hosts Datei SAUBER


--------------------\\ Suche nach verborgenen Dateien mit Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-07-02 09:26:29
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Suche nach anderen Infektionen

--------------------\\ Cracks & Keygens ..

C:\Users\Jennifer\Music\Raffa\Musik\sfsae\MP3\Neuer Ordner\Magda - 48 Hour Crack In Your Bass.mp3


[F:664][D:56]-> C:\Users\Jennifer\AppData\Local\Temp
[F:92][D:1]-> C:\Users\Jennifer\AppData\Roaming\MICROS~1\Windows\Cookies
[F:4604][D:12]-> C:\Users\Jennifer\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:18][D:4]-> C:\$Recycle.Bin

1 - "C:\Lop SD\LopR_1.txt" - 02.07.2010| 9:29 - Option : [1]

--------------------\\ Scan beendet um 9:29:27
[ UAC => 1 ]


Vielen vielen Danke schon im Vorraus.
Liebe Grüsse, Jenny
__________________
Antwort

Themen zu BDS/Bredolab.fjo +TR/ATRAPS.Gen2' [trojan und viele mehr........
(bds/bredolab.fjo)(tr/atraps.gen2)(tr/drop.agent.cgag)(worm/palevo.aixw), adware.agent, adware.owlforce, antivir, antivir guard, avg, benachrichtigungsdienst, bho, components, desktop, firefox, flash player, gupdate, hijack, hijackthis, home, home premium, install.exe, installation, internet, internet explorer, local\temp, logfile, maleware, msiexec.exe, plug-in, programm, registry, rundll, security, server, software, system, systemereignisse, tr/atraps.gen2, trojan, trojan.clicker, trojan.dropper, usb, windows


« TR/Dldr.Java.Agent.CF | buupe und co. in der Registry + AuslagerungsdateiProblem »


Ähnliche Themen: BDS/Bredolab.fjo +TR/ATRAPS.Gen2' [trojan und viele mehr........


  1. Win 7: TR/ATRAPS.Gen2 + PUP.Optional.VShareRedir + Trojan.FakeAlert
    Log-Analyse und Auswertung - 13.04.2014 (9)
  2. Atraps.gen2 und eventuell mehr
    Log-Analyse und Auswertung - 14.11.2013 (2)
  3. Trojaner Befall Atraps.gen2 und eventuell mehr
    Plagegeister aller Art und deren Bekämpfung - 30.10.2013 (17)
  4. Avast zeigt TR/ATRAPS.Gen2, 8000064.@, 8000032.@ und vieleicht mehr.
    Log-Analyse und Auswertung - 28.05.2013 (1)
  5. Trojaner: tr/atraps.gen2, tr/atraps.gen, tr/atraps.gen3, tr/atraps.gen4, tr/atraps.gen5, tr/atraps.gen7 und services.exe virus
    Plagegeister aller Art und deren Bekämpfung - 11.01.2013 (29)
  6. Wohl mehrere Viren: Rootkit.0Access Trojan.Zaccess Trojan.RansomP.Gen Trojan.Agent bzw. TR/ATRAPS.Gen2
    Plagegeister aller Art und deren Bekämpfung - 25.09.2012 (13)
  7. Trojan.Apppatch,Trojan.Agent.BVXGen und Trojan.Midhos in C:\Users\inet-kid\AppData,TR/ATRAPS.Gen2
    Plagegeister aller Art und deren Bekämpfung - 13.09.2012 (35)
  8. Avira: 800000cb.@ TR/ATRAPS.Gen und TR/ATRAPS.Gen2 in C:\Windows\Installer\.. und weitere Pfaden
    Plagegeister aller Art und deren Bekämpfung - 16.08.2012 (25)
  9. TR/ATRAPS.Gen2, RootKit.0Access und Trojan.Phex.THAGen6
    Plagegeister aller Art und deren Bekämpfung - 12.08.2012 (34)
  10. Trojaner TR.Atraps.Gen2 und Win32.Trojan.Agent
    Plagegeister aller Art und deren Bekämpfung - 18.07.2012 (2)
  11. TR/ATRAPS.GEN, TR/ATRAPS.Gen2 6 seit ein paar Minuten auch noch ein Sirefef.P.528
    Plagegeister aller Art und deren Bekämpfung - 13.07.2012 (1)
  12. TR/ATRAPS.Gen2 und Trojan.Dropper.BCMiner
    Plagegeister aller Art und deren Bekämpfung - 11.07.2012 (3)
  13. TR/ATRAPS.Gen und TR/ATRAPS.Gen2 und mehr?
    Plagegeister aller Art und deren Bekämpfung - 30.06.2012 (11)
  14. Hilfe! Trojan.Small; Trojan.Sirefef; Rootkit.0Access; Trojan.Atraps.Gen2 auf meinem Rechner.
    Plagegeister aller Art und deren Bekämpfung - 29.06.2012 (11)
  15. Probleme mit Trojan.Small, Trojan.Sirefef.AG.35, Rootkid.0Access,TR/ATRAPS.Gen2
    Log-Analyse und Auswertung - 28.06.2012 (23)
  16. Trojan.Dropper und TR/ATRAPS.Gen2
    Plagegeister aller Art und deren Bekämpfung - 26.06.2012 (30)
  17. 'TR/ATRAPS.Gen2' [trojan] in 'E:\vecnoda\bolujem.exe'
    Plagegeister aller Art und deren Bekämpfung - 01.09.2011 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema BDS/Bredolab.fjo +TR/ATRAPS.Gen2' [trojan und viele mehr........ - Hallo ihre Lieben, ich hoffe ihr könnt mir weiterhelfen, denn ich bin auf diesen Gebiet absolut unerfahren. Seit ungefähr einer Woche zeigt mein Antivir Programm im halben Stunden Taxt Virusmeldungen - BDS/Bredolab.fjo +TR/ATRAPS.Gen2' [trojan und viele mehr...........
Archiv
Du betrachtest: BDS/Bredolab.fjo +TR/ATRAPS.Gen2' [trojan und viele mehr........ auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55