Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Laptop verseucht, ZBot verdacht!

Laptop verseucht, ZBot verdacht!


Log-Analyse und Auswertung: Laptop verseucht, ZBot verdacht!

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 20.07.2010, 22:39   #1
triple_x222
 
Laptop verseucht, ZBot verdacht! - Standard

Laptop verseucht, ZBot verdacht!


Hi ich will überprüfen ob mein laptop noch sauber ist, den manchmal öffnet Firefox Seiten die er nicht öffnen sollte z.b. wenn ich in google audi a3 o.ä. eingebe dann kommt jedes mal eine Seite wo ich nen a3 kaufen kann z.b. ebay oder ähnliche seiten obwohl die eigentliche Adresse eine ganz andere ist..nun ja
Ausserdem kamen mir noch folgende Dateien beim Start up verdächtig vor:

- inted.exe
- cleansweep.exe
- suxo.exe

deswegen hab ich die Prozesse erstmal deaktiviert..
und sry aber hab zwei Malware-Berichte drin...



Hier der erste:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4279

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

05.07.2010 22:34:31
malwarebyte log1.txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 126421
Laufzeit: 4 Minute(n), 32 Sekunde(n)

Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 16
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 2
Infizierte Dateien: 10

Infizierte Speicherprozesse:
C:\Program Files\Alcohol Soft\Alcohol 120\Plugins\Helper\AlSrvN.exe (Backdoor.Agent) -> No action taken.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\cscrptxt.cscrptxt (Adware.EZlife) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{e0ec6fba-f009-3535-95d6-b6390db27da1} (Adware.EZlife) -> No action taken.
HKEY_CLASSES_ROOT\cscrptxt.cscrptxt.1.0 (Adware.EZlife) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{84c3c236-f588-4c93-84f4-147b2abbe67b} (Adware.Adrotator) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{38061edc-40bb-4618-a8da-e56353347e6d} (Adware.EZlife) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{7b6a2552-e65b-4a9e-add4-c45577ffd8fd} (Adware.EZLife) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{9d71d88c-c598-4935-c5d1-43aa4db90836} (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\llctkjsegkuxs (Adware.Adrotator) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\$NtUninstallMTF1011$ (Adware.Adrotator) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\$NtUninstallWTF1012$ (Adware.Adrotator) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Sky-Banners (Adware.Adrotator) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Sky-Banners (Adware.Adrotator) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Fci (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\fci (Rootkit.Agent) -> No action taken.
HKEY_CURRENT_USER\Software\Street-Ads (Adware.Adrotator) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Street-Ads (Adware.Adrotator) -> No action taken.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\alsrvn (Backdoor.Agent) -> No action taken.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
C:\Program Files\$NtUninstallWTF1012$ (Adware.EZLife) -> No action taken.
C:\Windows\$NtUninstallMTF1011$ (Adware.Adrotator) -> No action taken.

Infizierte Dateien:
C:\Program Files\Alcohol Soft\Alcohol 120\Plugins\Helper\AlSrvN.exe (Backdoor.Agent) -> No action taken.
C:\Windows\System32\gdpgwhwd.dll (Adware.EZlife) -> No action taken.
C:\Windows\System32\llctkjsegkuxs.exe (Adware.Adrotator) -> No action taken.
C:\Windows\System32\bplmgvuf.exe (Adware.Lifze) -> No action taken.
C:\Windows\System32\mtrajcgs.dll (Adware.Lifze) -> No action taken.
C:\Windows\System32\xvssuikgfvaz.dll (Adware.Adrotator) -> No action taken.
C:\Program Files\$NtUninstallWTF1012$\elUninstall.exe (Adware.EZLife) -> No action taken.
C:\Windows\$NtUninstallMTF1011$\apUninstall.exe (Adware.Adrotator) -> No action taken.
C:\Users\####\AppData\Roaming\addon.dat (Malware.Trace) -> No action taken.
C:\Windows\System32\fci.exe.exe (Worm.Zhelatin) -> No action taken.



Der zweite (ohaa jz kommts):

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4332

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

20.07.2010 22:48:20
mbam-log-2010-07-20 (22-48-20).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 287883
Laufzeit: 57 Minute(n), 44 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 51

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{0fd800de-8f9a-0a20-d284-efe759e688b3} (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\####\AppData\Roaming\Olulmu\suxo.exe (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\Users\####\AppData\Roaming\Adegvu\uxyd.exe (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\Users\####\AppData\Roaming\Adug\atagu.exe (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\Users\####\AppData\Roaming\Atva\lesy.exe (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\Users\####\AppData\Roaming\Atvac\okti.exe (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\Users\####\AppData\Roaming\Axzou\osedp.exe (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\Users\####\AppData\Roaming\Ceow\efrie.exe (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\Users\####\AppData\Roaming\Cile\ereka.exe (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\Users\####\AppData\Roaming\Edko\ofhou.exe (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\Users\####\AppData\Roaming\Olimef\hioq.exe (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\Users\####\AppData\Roaming\Onecy\kuir.exe (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\Users\####\AppData\Roaming\Onli\ygtih.exe (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\Users\####\AppData\Roaming\Osxa\tyol.exe (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\Users\####\AppData\Roaming\Qeluo\orwo.exe (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\Users\####\AppData\Roaming\Riozo\qedyi.exe (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\Users\####\AppData\Roaming\Ryvu\ufsi.exe (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\Users\####\AppData\Roaming\Inykse\luigy.exe (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\Users\####\AppData\Roaming\Isry\moivw.exe (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\Users\####\AppData\Roaming\Katyif\ywso.exe (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\Users\####\AppData\Roaming\Keiw\olnyq.exe (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\Users\####\AppData\Roaming\Tigae\lacay.exe (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\Users\####\AppData\Roaming\Togaep\gatuy.exe (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\Users\####\AppData\Roaming\Upokel\rouxa.exe (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\Users\####\AppData\Roaming\Uqyzho\atvac.exe (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\Users\####\AppData\Roaming\Utgu\mivuu.exe (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\Users\####\AppData\Roaming\Uvup\valod.exe (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\Users\####\AppData\Roaming\Efik\eblii.exe (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\Users\####\AppData\Roaming\Egcy\kukyq.exe (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\Users\####\AppData\Roaming\Enuro\xyty.exe (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\Users\####\AppData\Roaming\Eruvfo\yvvic.exe (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\Users\####\AppData\Roaming\Esynca\cotu.exe (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\Users\####\AppData\Roaming\Fuizse\itliz.exe (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\Users\####\AppData\Roaming\Fukiz\gyer.exe (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\Users\####\AppData\Roaming\Gaave\imdo.exe (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\Users\####\AppData\Roaming\Hicyoc\aduh.exe (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\Users\####\AppData\Roaming\Icpi\xiub.exe (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\Users\####\AppData\Roaming\Idqoo\afqi.exe (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\Users\####\AppData\Roaming\Idve\ibduo.exe (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\Users\####\AppData\Roaming\Ilec\ofuq.exe (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\Users\####\AppData\Roaming\Vywic\onecy.exe (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\Users\####\AppData\Roaming\Wahemy\ypux.exe (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\Users\####\AppData\Roaming\Wohoof\ehiw.exe (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\Users\####\AppData\Roaming\Wowi\taacr.exe (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\Users\####\AppData\Roaming\Wyzofi\agyve.exe (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\Users\####\AppData\Roaming\Xiyt\ynopu.exe (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\Users\####\AppData\Roaming\Xuty\zoer.exe (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\Users\####\AppData\Roaming\Ynte\koyc.exe (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\Users\####\AppData\Roaming\Yqwosu\abpay.exe (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\Users\####\AppData\Roaming\Ysosi\wuwe.exe (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\Users\####\AppData\Roaming\Ziyc\ibgu.exe (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\Windows\pss\inted.exe.Startup (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.


RSIT Log:

RSIT Logfile:
Code:
ATTFilter
Logfile of random's system information tool 1.07 (written by random/random)
Run by Julia at 2010-07-20 23:31:48
Microsoft® Windows Vista™ Home Premium  Service Pack 1
System drive C: has 51 GB (35%) free of 148 GB
Total RAM: 3066 MB (68% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:32:17, on 20.07.2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\Program Files\Razer\Diamondback 3G\razerhid.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Raxco\PerfectDisk2008\PD91AgentS1.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Razer\Diamondback 3G\razertra.exe
C:\Program Files\Razer\Diamondback 3G\razerofa.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Users\Julia\Desktop\^^^^^^\RSIT.exe
C:\Program Files\trend micro\Julia.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://de.rd.yahoo.com/customize/ie/defaults/su/msgr9/*hxxp://de.search.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://de.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*hxxp://de.search.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {C0870115-39DF-3EFC-8886-5157427C8137} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Diamondback] C:\Program Files\Razer\Diamondback 3G\razerhid.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - .DEFAULT User Startup: vuommy.exe (User 'Default user')
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: S3D Service (Win32) - iZ3D Inc. - C:\Program Files\iZ3D Driver\Win32\S3DCService.exe
O23 - Service: Samsung Update Plus - Unknown owner - C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe

--
End of file - 6214 bytes

======Scheduled tasks folder======

C:\Windows\tasks\User_Feed_Synchronization-{0E4EE21F-876B-46C3-8E36-00EE05DF8807}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C0870115-39DF-3EFC-8886-5157427C8137}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Diamondback"=C:\Program Files\Razer\Diamondback 3G\razerhid.exe [2007-08-01 147456]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2008-10-09 981904]
"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-10-26 1029416]
"NeroFilterCheck"=C:\Windows\system32\NeroCheck.exe [2001-07-09 155648]
"Windows Mobile-based device management"=C:\Windows\WindowsMobile\wmdSync.exe [2008-01-21 215552]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2009-08-19 13793824]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-21 1233920]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]
"AlcoholAutomount"=C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe [2009-04-24 203928]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-05-10 40048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cleansweep.exe]
C:\cleansweep.exe\cleansweep.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2008-11-05 4347120]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
C:\Windows\RtHDVCpl.exe [2008-04-17 6111232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
c:\program files\steam\steam.exe [2010-05-14 1238352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{0FD800DE-8F9A-0A20-D284-EFE759E688B3}]
C:\Users\Julia\AppData\Roaming\Olulmu\suxo.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk]
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTTray.exe [2008-02-12 723496]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~2\Office\OSA9.EXE [2000-01-21 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Julia^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^FRITZ!DSL Startcenter.lnk]
C:\PROGRA~1\FRITZ!~1\StCenter.exe [2005-11-15 679936]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Julia^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^inted.exe]
C:\Users\Julia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\inted.exe []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3bb0c06e-7791-11de-978e-001377b225a8}]
shell\AutoRun\command - G:\LaunchU3.exe -a


======List of files/folders created in the last 1 months======

2010-07-20 23:31:51 ----D---- C:\Program Files\trend micro
2010-07-20 23:31:48 ----D---- C:\rsit
2010-07-05 22:20:34 ----D---- C:\Users\####\AppData\Roaming\Malwarebytes
2010-07-05 22:20:20 ----D---- C:\ProgramData\Malwarebytes
2010-07-05 22:20:16 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-07-05 00:02:55 ----A---- C:\Windows\system32\SQLServerManager.msc
2010-07-05 00:02:54 ----A---- C:\Windows\system32\sqlctr90.dll
2010-07-05 00:02:53 ----A---- C:\Windows\system32\iwmssvc.dll
2010-07-05 00:02:52 ----A---- C:\Windows\system32\BCMMS32.DLL
2010-06-27 11:00:35 ----D---- C:\Windows\system32\Adobe
2010-06-26 12:56:56 ----D---- C:\Users\####\AppData\Roaming\Facebook
2010-06-24 09:33:20 ----D---- C:\Users\####\AppData\Roaming\Boek

======List of files/folders modified in the last 1 months======

2010-07-20 23:32:10 ----D---- C:\Windows\Temp
2010-07-20 23:31:53 ----D---- C:\Windows\Prefetch
2010-07-20 23:31:51 ----RD---- C:\Program Files
2010-07-20 23:30:32 ----D---- C:\Windows\Internet Logs
2010-07-20 23:28:59 ----D---- C:\Windows
2010-07-20 23:26:05 ----D---- C:\Windows\system32\drivers
2010-07-20 23:26:05 ----D---- C:\Windows\System32
2010-07-20 22:48:20 ----D---- C:\Users\####\AppData\Roaming\Olulmu
2010-07-20 21:48:04 ----D---- C:\Windows\pss
2010-07-20 21:46:52 ----D---- C:\ProgramData\Spybot - Search & Destroy
2010-07-18 12:18:27 ----D---- C:\Users\####\AppData\Roaming\dvdcss
2010-07-18 12:17:53 ----D---- C:\DVDVideoSoft
2010-07-17 11:50:26 ----D---- C:\Users\####\AppData\Roaming\Skype
2010-07-17 11:35:32 ----D---- C:\Users\####\AppData\Roaming\skypePM
2010-07-16 16:45:34 ----D---- C:\Downloads
2010-07-13 22:05:50 ----D---- C:\Windows\system32\catroot2
2010-07-08 07:30:13 ----D---- C:\Users\####\AppData\Roaming\Esset
2010-07-05 22:44:46 ----D---- C:\Windows\Branding
2010-07-05 22:20:20 ----HD---- C:\ProgramData
2010-07-04 18:53:15 ----D---- C:\Program Files\Steam
2010-06-30 19:16:09 ----D---- C:\Program Files\Mozilla Firefox
2010-06-28 20:45:34 ----D---- C:\Program Files\ICQ6.5
2010-06-27 11:03:54 ----D---- C:\ProgramData\NOS
2010-06-25 17:31:05 ----D---- C:\Windows\Minidump

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys [2007-02-27 11840]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-01-04 75072]
R1 iZ3DInjectionDriver;Driver inject our D3D and OGL wrappers; \??\C:\Program Files\iZ3D Driver\Win32\S3DInjectionDriver.sys [2009-09-22 34968]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2007-11-08 21248]
R1 truecrypt;truecrypt; C:\Windows\System32\drivers\truecrypt.sys [2009-12-18 223440]
R1 Vsdatant;Zone Alarm Firewall Driver; C:\Windows\system32\DRIVERS\vsdatant.sys [2008-10-09 293776]
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2009-10-27 281760]
R2 DefragFS;DefragFS; C:\Windows\system32\drivers\DefragFS.sys [2008-07-23 71184]
R2 KMDFMEMIO;SAMSUNG Kernel Driver; C:\Windows\system32\DRIVERS\kmdfmemio.sys [2008-09-12 13312]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2009-10-27 25888]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2007-09-13 755712]
R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys [2008-05-20 52032]
R3 CmBatt;Treiber für Microsoft-ACPI-Kontrollmethodenkompatible Batterie; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-04-17 2098904]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver; C:\Windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys [2010-04-29 38224]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda32v.sys [2008-08-05 44576]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2009-08-19 9787488]
R3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2009-10-18 47360]
R3 Razerlow;Diamondback 3G USB Filter Driver; C:\Windows\System32\Drivers\DB3G.sys [2005-04-24 13225]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-10-26 193456]
R3 VMC302;Vimicro Camera Service VMC302; C:\Windows\System32\Drivers\VMC302.sys [2008-06-05 242048]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2007-12-28 298496]
S3 aa1lkiwu;aa1lkiwu; C:\Windows\system32\drivers\aa1lkiwu.sys []
S3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2006-11-28 1161888]
S3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\Windows\system32\DRIVERS\bcm4sbxp.sys [2006-11-02 45056]
S3 BthEnum;Bluetooth-Anforderungsblocktreiber; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-01-21 19456]
S3 BthPan;Bluetooth-Gerät (PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160]
S3 BTHPORT;Bluetooth-Porttreiber; C:\Windows\System32\Drivers\BTHport.sys [2008-04-29 220160]
S3 BTHUSB;USB-Treiber für Bluetooth-Funkgerät; C:\Windows\System32\Drivers\BTHUSB.sys [2008-04-29 29184]
S3 btwaudio;Bluetooth-Audiogerät; C:\Windows\system32\drivers\btwaudio.sys [2008-02-14 80424]
S3 btwavdt;Bluetooth AVDT; C:\Windows\system32\drivers\btwavdt.sys [2007-07-16 80936]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2007-07-16 16168]
S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 EagleNT;EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys []
S3 GarenaPEngine;GarenaPEngine; \??\C:\Users\Julia\AppData\Local\Temp\YKK8268.tmp []
S3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-10-19 1380864]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 NETw3v32;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2008-01-21 2225664]
S3 NPF;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2005-08-02 32512]
S3 RFCOMM;Bluetooth-Gerät (RFCOMM-Protokoll-TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2008-02-21 50688]
S3 s115bus;Sony Ericsson Device 115 driver (WDM); C:\Windows\system32\DRIVERS\s115bus.sys [2007-04-23 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\s115mdfl.sys [2007-04-23 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\s115mdm.sys [2007-04-23 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\s115mgmt.sys [2007-04-23 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\s115obex.sys [2007-04-23 98568]
S3 s116bus;Sony Ericsson Device 116 driver (WDM); C:\Windows\system32\DRIVERS\s116bus.sys [2007-04-03 83336]
S3 s116mdfl;Sony Ericsson Device 116 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\s116mdfl.sys [2007-04-03 15112]
S3 s116mdm;Sony Ericsson Device 116 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\s116mdm.sys [2007-04-03 108680]
S3 s116mgmt;Sony Ericsson Device 116  USB WMC Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\s116mgmt.sys [2007-04-03 100488]
S3 s116nd5;Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (NDIS); C:\Windows\system32\DRIVERS\s116nd5.sys [2007-04-03 23176]
S3 s116obex;Sony Ericsson Device 116 USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\s116obex.sys [2007-04-03 98696]
S3 s116unic;Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (WDM); C:\Windows\system32\DRIVERS\s116unic.sys [2007-04-03 99080]
S3 usbaudio;USB-Audiotreiber (WDM); C:\Windows\system32\drivers\usbaudio.sys [2008-01-21 73088]
S3 usbvideo;USB-Videogerät (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
S3 winusb;WinUSB Service; C:\Windows\system32\DRIVERS\winusb.sys [2008-01-21 31616]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
S4 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-21 88576]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2008-01-21 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Planer; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-12-05 935208]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-08-19 211488]
R2 PD91Agent;PD91Agent; C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe [2008-07-23 693512]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2008-05-23 466944]
R2 S3D Service (Win32);S3D Service (Win32); C:\Program Files\iZ3D Driver\Win32\S3DCService.exe [2009-11-04 360960]
R2 vsmon;TrueVector Internet Monitor; C:\Windows\System32\ZoneLabs\vsmon.exe [2008-10-09 2405776]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S2 Samsung Update Plus;Samsung Update Plus; C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe [2008-05-13 77480]
S3 getPlusHelper;@C:\Program Files\NOS\bin\getPlus_Helper.dll,-101; C:\Windows\System32\svchost.exe [2008-01-21 21504]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PD91Engine;PD91Engine; C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe [2008-07-23 910600]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2005-08-02 86016]
S3 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2006-04-14 87840]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2010-02-25 332720]
S4 AVM IGD CTRL Service;AVM IGD CTRL Service; C:\Program Files\FRITZ!DSL\IGDCTRL.EXE [2005-11-21 81920]
S4 de_serv;AVM FRITZ!web Routing Service; C:\Program Files\Common Files\AVM\de_serv.exe [2005-11-21 315392]
S4 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]

-----------------EOF-----------------
--- --- ---


sieht wohl ziemlich heftig aus ^^

Alt 21.07.2010, 05:24   #2
triple_x222
 
Laptop verseucht, ZBot verdacht! - Standard

Laptop verseucht, ZBot verdacht!


HiJackThis Logfile noch:
HiJackthis Logfile:
Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 06:23:42, on 21.07.2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe
C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\Program Files\Raxco\PerfectDisk2008\PD91AgentS1.exe
C:\Program Files\Razer\Diamondback 3G\razerhid.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Razer\Diamondback 3G\razertra.exe
C:\Program Files\Razer\Diamondback 3G\razerofa.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\Julia\Desktop\^^^^^^\HiJackThis204.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\SAMSUNG NOTEBOOK PC
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo! Deutschland
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo! Deutschland
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Yahoo! Suche Websuche & Suchmaschine
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Yahoo! Suche Websuche & Suchmaschine
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo! Deutschland
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {C0870115-39DF-3EFC-8886-5157427C8137} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Diamondback] C:\Program Files\Razer\Diamondback 3G\razerhid.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - .DEFAULT User Startup: vuommy.exe (User 'Default user')
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: S3D Service (Win32) - iZ3D Inc. - C:\Program Files\iZ3D Driver\Win32\S3DCService.exe
O23 - Service: Samsung Update Plus - Unknown owner - C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe

--
End of file - 6197 bytes
--- --- ---
__________________
Antwort

Themen zu Laptop verseucht, ZBot verdacht!
32 bit, adware.adrotator, adware.ezlife, agere systems, antivir, antivirus, avgntflt.sys, avira, backdoor.agent, bho, browser, components, desktop, device driver, dsl, ebay, error, firefox, google, hdaudio.sys, helper, hijack, hijackthis, home, home premium, igdctrl.exe, install.exe, local\temp, mozilla, nicht öffnen, nvlddmkm.sys, plug-in, programdata, proxy, prozesse, realtek, registry, rundll, software, start menu, start up, svchost.exe, system, usb, usbvideo.sys, vista 32, vista 32 bit, wireless lan, worm.zhelatin, zone alarm


« IE Startet immer wieder neu im 2 Rechner | HijackThis Logfile auswerten »


Ähnliche Themen: Laptop verseucht, ZBot verdacht!


  1. Win 7 - Verdacht auf Zeus / ZBot laut Telekom Abuse Team
    Log-Analyse und Auswertung - 17.05.2015 (31)
  2. Plagegeister? Laptop, der scheinbar etwas verseucht ist
    Log-Analyse und Auswertung - 23.10.2014 (16)
  3. Laptop - Spy-Adware - Toolbars verseucht
    Plagegeister aller Art und deren Bekämpfung - 16.08.2014 (3)
  4. erhalte täglich Spammails - ist mein Laptop verseucht?
    Plagegeister aller Art und deren Bekämpfung - 17.06.2014 (25)
  5. 2x Laptop komplett verseucht und kein Internet.
    Mülltonne - 14.06.2014 (1)
  6. TR/PSW.Zbot.405504206 auf dem Laptop
    Plagegeister aller Art und deren Bekämpfung - 25.06.2013 (38)
  7. Verdacht auf ZeuS/ZBot aufgrund von Telekom-Mail
    Plagegeister aller Art und deren Bekämpfung - 24.05.2013 (14)
  8. Verdacht auf Tojaner - ZeuS + ZBot + Incredibar
    Log-Analyse und Auswertung - 10.04.2013 (13)
  9. Trojan zbot auf meinem Laptop
    Plagegeister aller Art und deren Bekämpfung - 08.01.2013 (3)
  10. Computerverhalten; verdacht auf ZBot (Logs anbei)
    Log-Analyse und Auswertung - 13.12.2012 (25)
  11. Mein Laptop ist mit W32/Stanit verseucht
    Plagegeister aller Art und deren Bekämpfung - 09.08.2012 (11)
  12. Malware, verstecke Objekte -> Laptop verseucht
    Log-Analyse und Auswertung - 07.11.2011 (29)
  13. Mein Computer wurde angegriffen. Laptop auch verseucht?
    Plagegeister aller Art und deren Bekämpfung - 28.05.2011 (1)
  14. Laptop Verseucht (ADVSERV.EXE und anderes)
    Plagegeister aller Art und deren Bekämpfung - 07.02.2011 (4)
  15. Total verseucht: Rootkits, Trojaner und Viren auf Laptop, PC und ext. Festplatten
    Log-Analyse und Auswertung - 30.03.2009 (8)
  16. Rechner/Laptop verseucht? Neuinstallation nötig?
    Plagegeister aller Art und deren Bekämpfung - 02.09.2008 (15)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Laptop verseucht, ZBot verdacht! - Hi ich will überprüfen ob mein laptop noch sauber ist, den manchmal öffnet Firefox Seiten die er nicht öffnen sollte z.b. wenn ich in google audi a3 o.ä. eingebe dann - Laptop verseucht, ZBot verdacht!...
Archiv
Du betrachtest: Laptop verseucht, ZBot verdacht! auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131