Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Google Links werden auf seiten wie 95p.com umgeleitet. (malware?) (https://www.trojaner-board.de/107146-google-links-seiten-95p-com-umgeleitet-malware.html)

austriana3 29.12.2011 10:09
Google Links werden auf seiten wie 95p.com umgeleitet. (malware?)
 
Hallo ich habe folgendes Problem wenn ich auf google links gehe werde ich automatisch auf andere Links umgeleitet wie schon im Titel gesagt 95p.com.
Ich habe diese Anleitung gefunden hxxp://cgi.zdnet.de/forum/viewtopic.php?t=4722

Ich habe den ccleaner drübergejagt und malwarebytes hier der log von malwarebytes:


Malwarebytes Anti-Malware (Trial) 1.60.0.1800
www.malwarebytes.org
Database version: v2011.12.24.05
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Administrator :: 08PERCHTR [administrator]

Protection: Disabled

29.12.2011 09:47:14
mbam-log-2011-12-29 (09-47-14).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 218495
Time elapsed: 6 minute(s), 20 second(s)

Memory Processes Detected: 2
C:\Dokumente und Einstellungen\Administrator.HSVIEHHAUSEN\Anwendungsdaten\E48B0\5B112.exe (Trojan.Dropper.PE4) -> 1848 -> Delete on reboot.
C:\Programme\LP\12CE\16B.exe (Trojan.Dropper.PE4) -> 2380 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCR\videosoft (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Registry Values Detected: 3
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|16B.exe (Trojan.Dropper.PE4) -> Data: C:\Programme\LP\12CE\16B.exe -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Backdoor.CycBot) -> Data: C:\Programme\B0C52\lvvm.exe -> Quarantined and deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings|ProxyServer (PUM.Bad.Proxy) -> Data: http=127.0.0.1:62545 -> Quarantined and deleted successfully.

Registry Data Items Detected: 3
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 5
C:\Dokumente und Einstellungen\Administrator.HSVIEHHAUSEN\Anwendungsdaten\E48B0\5B112.exe (Trojan.Dropper.PE4) -> Delete on reboot.
C:\Programme\LP\12CE\16B.exe (Trojan.Dropper.PE4) -> Delete on reboot.
C:\Dokumente und Einstellungen\ropercht\Anwendungsdaten\firefox.exe (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\ropercht\Anwendungsdaten\java.exe (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\ropercht\Anwendungsdaten\WINWORD.EXE (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.

(end)

austriana3 29.12.2011 10:14
WindowsScan Log:
Die 30 neuesten Dateien im Ordner Windows:

***** ***** ***** ***** *****
***** Scanning C:\WINDOWS *****
***** ***** ***** ***** *****

29.12.2011 WindowsUpdate.log 09 58:1.312.916
29.12.2011 setupapi.log 09 58:24.184
29.12.2011 0.log 09 56:0
29.12.2011 wiadebug.log 09 56:157
29.12.2011 wiaservc.log 09 56:50
29.12.2011 bootstat.dat 09 56:2.048
29.12.2011 SchedLgU.Txt 09 56:31.978
11.12.2011 NeroDigital.ini 10 50:116
09.11.2011 setupapi.log.4.old 06 47:1.210.944
11.10.2011 win.ini 07 40:3.020
Mobile 24.09.2011 ModemLog_HUAWEI 11 22:9.686
25.08.2011 MB4.INI 16 52:1.197
07.05.2011 setupapi.log.3.old 17 06:1.031.027
12.03.2011 wininit.ini 11 13:226
17.01.2011 Thumbs.db 14 10:12.800
13.12.2010 awshkwv.ini 15 58:133
Modem 30.11.2010 ModemLog_ThinkPad 18 55:36.908
03.11.2010 cncscore.ini 15 52:221
14.10.2010 setupapi.log.2.old 06 37:1.039.265
15.06.2010 diagwrn.xml 13 39:1.887
15.06.2010 diagerr.xml 13 39:1.887
18.09.2009 setupapi.log.1.old 14 20:1.781.234
30.12.2008 recht.ini 10 09:69
30.12.2008 CrocChem.INI 09 56:72
30.12.2008 CrocPhys.INI 09 54:165
30.12.2008 Cronos.cfg 09 48:54
30.12.2008 cbt_meta.ini 09 39:2.048


Die 50 neuesten Dateien im Ordner Windows\system32:

***** ***** ***** ***** *****
***** Scanning C:\WINDOWS\system32 *****
***** ***** ***** ***** *****

29.12.2011 wpa.dbl 09 56:2.278
29.12.2011 TPHDLOG0.LOG 09 56:388.736
29.12.2011 log.txt 09 56:44
29.12.2011 ICAutoUpdate.log.bak 09 56:1.040
29.12.2011 TPAPSLOG.LOG 09 41:659.072
29.12.2011 d3d9caps.dat 01 07:1.324
01.12.2011 PnkBstrB.exe 12 36:189.248
01.12.2011 PnkBstrA.exe 12 36:90.112
30.11.2011 tmbvcm32.dll 07 40:70.656
26.11.2011 PnkBstrB.xtr 08 38:271.200
25.11.2011 jupdate-1.6.0_29-b11.log 21 31:6.552
25.11.2011 perfh007.dat 21 30:532.652
25.11.2011 perfh009.dat 21 30:506.736
25.11.2011 perfc009.dat 21 30:90.008
25.11.2011 perfc007.dat 21 30:107.662
25.11.2011 PerfStringBackup.INI 21 30:1.254.520
21.11.2011 MRT.exe 19 08:50.295.240
04.11.2011 TubeFinder.exe 12 17:311.296
24.10.2011 RemoteControl.dll 12 51:158.208
23.10.2011 PnkBstrB.ex0 19 05:271.200
18.10.2011 FNTCACHE.DAT 10 12:348.200
17.10.2011 FlashPlayerCPLApp.cpl 15 49:414.368
10.10.2011 inetcomm.dll 15 22:692.736
08.10.2011 PwdServ.cmd 20 23:152
03.10.2011 mshtml.dll 09 34:5.971.456
03.10.2011 javaws.exe 05 06:157.472
03.10.2011 javaw.exe 05 06:145.184
03.10.2011 java.exe 05 06:145.184
03.10.2011 deployJava1.dll 05 06:472.808
03.10.2011 javacpl.cpl 02 37:73.728
28.09.2011 VB6FR.DLL 09 18:119.568
28.09.2011 MSCMCFR.DLL 09 18:141.312
28.09.2011 ReyXpBasics.tlb 09 18:208.500
28.09.2011 ControlSubX.ocx 09 18:24.576
28.09.2011 PCCLPFR.DLL 09 18:9.728
28.09.2011 COMDLG32.OCX 09 18:152.848
28.09.2011 VB6STKIT.DLL 09 18:101.888
28.09.2011 CMDLGFR.DLL 09 18:32.768
28.09.2011 PropertyGrid.ocx 09 18:364.544
28.09.2011 PICCLP32.OCX 09 18:84.512
28.09.2011 crypt32.dll 08 06:604.160
26.09.2011 uiautomationcore.dll 10 41:614.912
26.09.2011 oleaccrc.dll 10 41:23.040
26.09.2011 oleacc.dll 10 41:220.160
20.09.2011 TZLog.log 19 37:127.504
19.09.2011 bdmjpeg.dll 08 07:15.360
19.09.2011 bdmpega.acm 08 07:58.368


***** ***** ***** ***** *****
***** Scanning C:\WINDOWS\system32\drivers\etc\hosts *****
***** ***** ***** ***** *****

# Copyright (c) 1993-1999 Microsoft Corp.
#
# Dies ist eine HOSTS-Beispieldatei, die von Microsoft TCP/IP
# für Windows 2000 verwendet wird.
#
# Diese Datei enthält die Zuordnungen der IP-Adressen zu Hostnamen.
# Jeder Eintrag muss in einer eigenen Zeile stehen. Die IP-
# Adresse sollte in der ersten Spalte gefolgt vom zugehörigen
# Hostnamen stehen.
# Die IP-Adresse und der Hostname müssen durch mindestens ein
# Leerzeichen getrennt sein.
#
# Zusätzliche Kommentare (so wie in dieser Datei) können in
# einzelnen Zeilen oder hinter dem Computernamen eingefügt werden,
# aber müssen mit dem Zeichen '#' eingegeben werden.
#
# Zum Beispiel:
#
# 102.54.94.97 rhino.acme.com # Quellserver
# 38.25.63.10 x.acme.com # x-Clienthost

127.0.0.1 localhost



***** ***** ***** ***** *****
***** Scanning Processe *****
***** ***** ***** ***** *****


Abbildname PID Sitzungsname Sitz.-Nr. Speichernutzung
========================= ===== ================ ========== ===============
System Idle Process 0 Console 0 28 K
System 4 Console 0 240 K
smss.exe 1200 Console 0 436 K
csrss.exe 1256 Console 0 5.224 K
winlogon.exe 1292 Console 0 7.808 K
services.exe 1336 Console 0 5.604 K
lsass.exe 1348 Console 0 3.220 K
DTS.exe 1584 Console 0 1.712 K
ibmpmsvc.exe 1596 Console 0 1.468 K
AtService.exe 1624 Console 0 21.152 K
ati2evxx.exe 1652 Console 0 3.696 K
svchost.exe 1684 Console 0 5.340 K
svchost.exe 1764 Console 0 4.960 K
svchost.exe 1904 Console 0 32.908 K
btwdins.exe 1932 Console 0 2.628 K
S24EvMon.exe 1976 Console 0 15.096 K
svchost.exe 340 Console 0 5.228 K
svchost.exe 464 Console 0 7.588 K
spoolsv.exe 772 Console 0 9.412 K
sched.exe 816 Console 0 1.800 K
ati2evxx.exe 832 Console 0 4.652 K
svchost.exe 968 Console 0 6.600 K
AcPrfMgrSvc.exe 292 Console 0 5.760 K
AppleMobileDeviceService. 580 Console 0 14.264 K
mDNSResponder.exe 668 Console 0 4.680 K
EvtEng.exe 1864 Console 0 14.284 K
hamachi-2.exe 2056 Console 0 7.408 K
ica.exe 2096 Console 0 12.780 K
iviRegMgr.exe 2564 Console 0 2.340 K
jqs.exe 2576 Console 0 1.452 K
LMS.exe 2656 Console 0 6.556 K
mbamservice.exe 2736 Console 0 6.888 K
mdm.exe 3040 Console 0 3.024 K
PnkBstrA.exe 3156 Console 0 2.276 K
RegSrvc.exe 3252 Console 0 3.200 K
svchost.exe 3396 Console 0 4.400 K
tvt_reg_monitor_svc.exe 3420 Console 0 3.508 K
TPHDEXLG.exe 3440 Console 0 1.720 K
rrpservice.exe 3456 Console 0 3.892 K
rrservice.exe 3484 Console 0 7.756 K
tvtsched.exe 3500 Console 0 6.172 K
UpdateMonitor.exe 3524 Console 0 8.328 K
UNS.exe 3560 Console 0 7.744 K
PWMDBSVC.exe 3740 Console 0 3.576 K
AcSvc.exe 4036 Console 0 20.296 K
SUService.exe 1980 Console 0 13.368 K
wmiprvse.exe 2292 Console 0 8.800 K
explorer.exe 2312 Console 0 41.760 K
wmiprvse.exe 2344 Console 0 5.556 K
SvcGuiHlpr.exe 2800 Console 0 6.752 K
wmiapsrv.exe 3608 Console 0 4.712 K
alg.exe 4052 Console 0 4.600 K
SynTPLpr.exe 2848 Console 0 2.272 K
SynTPEnh.exe 3856 Console 0 5.024 K
svchost.exe 1712 Console 0 3.600 K
PrivacyIconClient.exe 1808 Console 0 24.204 K
TpShocks.exe 3624 Console 0 2.732 K
EZEJMNAP.EXE 3248 Console 0 3.424 K
jusched.exe 3064 Console 0 3.128 K
LPMGR.EXE 3112 Console 0 7.588 K
MOM.exe 3152 Console 0 3.676 K
rundll32.exe 3200 Console 0 7.256 K
ACTray.exe 3276 Console 0 5.368 K
ACWLIcon.exe 1048 Console 0 5.372 K
scheduler_proxy.exe 2456 Console 0 5.176 K
avgnt.exe 4392 Console 0 3.220 K
Updater.exe 4676 Console 0 4.724 K
DivXUpdate.exe 5072 Console 0 10.444 K
datamngrUI.exe 5296 Console 0 5.656 K
hamachi-2-ui.exe 5320 Console 0 4.928 K
ctfmon.exe 5352 Console 0 3.604 K
Skype.exe 5528 Console 0 79.660 K
GoogleToolbarNotifier.exe 5820 Console 0 1.732 K
PMB.exe 6012 Console 0 19.284 K
ManyCam.exe 4208 Console 0 19.296 K
rvfktc.exe 4504 Console 0 6.424 K
CCC.exe 4904 Console 0 6.200 K
Steam.exe 5916 Console 0 10.964 K
SSScheduler.exe 4104 Console 0 2.196 K
orbitdm.exe 4892 Console 0 1.128 K
orbitnet.exe 1248 Console 0 6.692 K
wuauclt.exe 100 Console 0 4.248 K
firefox.exe 3828 Console 0 111.704 K
rhnbs.exe 5280 Console 0 6.404 K
plugin-container.exe 5692 Console 0 23.456 K
notepad.exe 4644 Console 0 540 K
rbvnpq.exe 2360 Console 0 10.328 K
5B112.exe 5796 Console 0 7.316 K
lvvm.exe 232 Console 0 6.768 K
WinRAR.exe 5624 Console 0 11.028 K
cmd.exe 3576 Console 0 2.008 K
tasklist.exe 5936 Console

austriana3 29.12.2011 10:15
HijackthisHiJackthis Logfile:
Code:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:10:06, on 29.12.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\DTS.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\AtService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Programme\Intel\WiFi\bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\Intel\WiFi\bin\EvtEng.exe
C:\Programme\LogMeIn Hamachi\hamachi-2.exe
C:\Programme\iTALC\ica.exe
C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\Intel\AMT\LMS.exe
C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
c:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\Programme\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Programme\Lenovo\Rescue and Recovery\rrservice.exe
c:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe
C:\Programme\Lenovo\Rescue and Recovery\UpdateMonitor.exe
C:\Programme\Gemeinsame Dateien\Intel\Privacy Icon\UNS\UNS.exe
C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe
C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe
c:\programme\lenovo\system update\suservice.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Intel\Privacy Icon\PrivacyIconClient.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe
C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\Programme\Ask.com\Updater\Updater.exe
C:\Programme\DivX\DivX Update\DivXUpdate.exe
C:\PROGRA~1\SearchCore for Browsers\SearchCore for Browsers\datamngrUI.exe
C:\Programme\LogMeIn Hamachi\hamachi-2-ui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Skype\Phone\Skype.exe
C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programme\Pando Networks\Media Booster\PMB.exe
C:\Programme\ManyCam\Bin\ManyCam.exe
C:\DOKUME~1\ADMINI~1.HSV\LOKALE~1\Temp\rvfktc.exe
C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
E:\Privat\Steam\Steam.exe
C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Programme\Orbitdownloader\orbitdm.exe
C:\Programme\Orbitdownloader\orbitnet.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\DOKUME~1\ADMINI~1.HSV\LOKALE~1\Temp\rhnbs.exe
C:\Programme\Mozilla Firefox\plugin-container.exe
C:\DOKUME~1\ADMINI~1.HSV\LOKALE~1\Temp\rbvnpq.exe
C:\Dokumente und Einstellungen\Administrator.HSVIEHHAUSEN\Anwendungsdaten\E48B0\5B112.exe
C:\Programme\B0C52\lvvm.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Orbit Downloader Start
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN, Hotmail und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN, Hotmail und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:62545
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = daten-srv.szwf.local;hs-vh-cd01;<local>
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll
F3 - REG:win.ini: load=C:\Programme\B0C52\lvvm.exe
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: facemoods Helper - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Programme\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll (file missing)
O2 - BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: facemoods Toolbar - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Programme\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [picon] "C:\Programme\Gemeinsame Dateien\Intel\Privacy Icon\PrivacyIconClient.exe" -startup
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [StartCCC] "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [ACTray] C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [FingerPrintSoftware] "C:\Programme\Lenovo Fingerprint Software\fpapp.exe" \s
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ApnUpdater] "C:\Programme\Ask.com\Updater\Updater.exe"
O4 - HKLM\..\Run: [Recordpad] "C:\Programme\NCH Swift Sound\Recordpad\recordpad.exe" -logon
O4 - HKLM\..\Run: [facemoods] "C:\Programme\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe" /md I
O4 - HKLM\..\Run: [eDonkey2000] C:\Programme\eDonkey2000\eDonkey2000.exe -t
O4 - HKLM\..\Run: [APSDaemon] "C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Programme\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~1\SearchCore for Browsers\SearchCore for Browsers\datamngrUI.exe
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Programme\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [16B.exe] C:\Programme\LP\12CE\16B.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] "C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Pando Media Booster] C:\Programme\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [ManyCam] "C:\Programme\ManyCam\Bin\ManyCam.exe" /silent
O4 - HKCU\..\Run: [dnb system restore] %TEMP%\sgvtbs.exe
O4 - HKCU\..\Run: [divxupdater] %TEMP%\rvfktc.exe
O4 - HKCU\..\Run: [Media Streamer] %TEMP%\tgbssm.exe
O4 - HKCU\..\Run: [Steam] "E:\Privat\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: AutorunsDisabled
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O4 - Global Startup: Orbit.lnk = C:\Programme\Orbitdownloader\orbitdm.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Programme\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Programme\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Programme\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Programme\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Senden an Bluetooth - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL (file missing)
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = hsviehhausen.local
O17 - HKLM\Software\..\Telephony: DomainName = hsviehhausen.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = hsviehhausen.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = hsviehhausen.local
O20 - AppInit_DLLs: C:\PROGRA~1\SearchCore for Browsers\SearchCore for Browsers\datamngr.dll C:\PROGRA~1\SearchCore for Browsers\SearchCore for Browsers\IEBHO.dll
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O20 - Winlogon Notify: ATFUS - C:\WINDOWS\system32\FpWinLogonNp.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo  - C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo  - C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: AD Monitor (ADMonitor) - Unknown owner - C:\WINDOWS\system32\ADMonitor.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AuthenTec Fingerprint Service (ATService) - AuthenTec, Inc. - C:\WINDOWS\system32\AtService.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: CyberGhost VPN Client (CGVPNCliSrvc) - mobile concepts GmbH - C:\Programme\CyberGhost VPN\CGVPNCliService.exe
O23 - Service: Data Transfer Service (dtsvc) - Unknown owner - C:\WINDOWS\system32\DTS.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Programme\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Fingerprint Server (FingerprintServer) - AuthenTec,Inc - C:\WINDOWS\system32\FpLogonServ.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Programme\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Unknown owner - C:\Programme\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Programme\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: iTALC Client (icas) - Unknown owner - C:\Programme\iTALC\ica.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: Intel(R) Active Management Technology Local Management Service (LMS) - Intel Corporation - C:\Programme\Intel\AMT\LMS.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Power Manager DBC Service - Unknown owner - C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Programme\Gemeinsame Dateien\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Intel® PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Programme\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: SessionLauncher - Unknown owner - C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\DX9\SessionLauncher.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Programme\Gemeinsame Dateien\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Programme\Gemeinsame Dateien\SureThing Shared\stllssvr.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\programme\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - c:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Programme\Lenovo\Rescue and Recovery\rrpservice.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Programme\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe
O23 - Service: TVT Windows Update Monitor (TVT_UpdateMonitor) - Lenovo Group Limited - C:\Programme\Lenovo\Rescue and Recovery\UpdateMonitor.exe
O23 - Service: Intel(R) Active Management Technology User Notification Service (UNS) - Intel Corporation - C:\Programme\Gemeinsame Dateien\Intel\Privacy Icon\UNS\UNS.exe

--
End of file - 18117 bytes
--- --- ---


Alle Zeitangaben in WEZ +1. Es ist jetzt 17:04 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131