hilfe!trojan.win32.monder.cqbi

RedDevil · 08.07.2009, 20:38

habe den oben erwähnten trojaner m windows temp ordner. Trojan.Win32.Monder.cqbi C:\Windows\Temp\hjgruiumpvngedrr.tmp
solche dateinamen sind das immer weder die mir kasper bringt und auch löscht aber nach ner zeit kommt nen neuer. weiß nicht ob das damit im zusammenhang st aber seit heute ist auch auf einmal kein ton mehr da bis zum pcneustart ohne ne meldung oder so audiogerät wird auch angezeigt.

hab schon was gelesen von nem script oder so bin aber nicht sicher wie wo was und so daher frag ich nochmal nach

danke im vorraus schonmal

Swisstreasure · 08.07.2009, 22:24

Hallo RedDevil

Arbeite bitte den Punkt2 dieser Anleitung ab und poste die Reporte

Gruss Swiss

RedDevil · 09.07.2009, 08:17

so hier mal bericht 1:

Malwarebytes' Anti-Malware 1.38
Datenbank Version: 2397
Windows 6.0.6001 Service Pack 1

09.07.2009 09:15:49
mbam-log-2009-07-09 (09-15-49).txt

Scan-Methode: Vollständiger Scan (C:\|D:\|E:\|F:\|)
Durchsuchte Objekte: 287222
Laufzeit: 46 minute(s), 7 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 2
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 4
Infizierte Dateien: 5

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\WebMediaPlayer (Rogue.Webmediaplayer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rsaci (Rootkit.Gen) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rsaci (Rootkit.Gen) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
C:\Program Files\WebMediaPlayer (Adware.EGDAccess) -> Quarantined and deleted successfully.
c:\program files\webmediaplayer\resources (Adware.EGDAccess) -> Quarantined and deleted successfully.
c:\program files\webmediaplayer\skins (Adware.EGDAccess) -> Quarantined and deleted successfully.
c:\program files\webmediaplayer\updates (Adware.EGDAccess) -> Quarantined and deleted successfully.

Infizierte Dateien:
C:\Windows\System32\rsaci.exe (Rootkit.Gen) -> Quarantined and deleted successfully.
c:\program files\webmediaplayer\sqlite3.dll (Adware.EGDAccess) -> Quarantined and deleted successfully.
c:\program files\webmediaplayer\WebMediaPlayer.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
c:\program files\webmediaplayer\resources\wmp_translation_file.xml (Adware.EGDAccess) -> Quarantined and deleted successfully.
c:\program files\webmediaplayer\skins\classic.skn (Adware.EGDAccess) -> Quarantined and deleted successfully.

Log HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:25:41, on 09.07.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
E:\Fraps\fraps.exe
C:\Windows\RtHDVCpl.exe
E:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE\avp.exe
C:\Windows\vsnp2std.exe
C:\Windows\System32\CtHelper.exe
E:\Program Files\zoneLINK\MultiCore Optimizer\MultiCoreOptimizer.exe
E:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\unsecapp.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://dsl-start.computerbild.de/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - E:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - E:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - E:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [AVP] "E:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE\avp.exe"
O4 - HKLM\..\Run: [snp2std] C:\Windows\vsnp2std.exe
O4 - HKLM\..\Run: [AsioReg] REGSVR32 /S CTASIO.DLL
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "E:\Program Files\RivaTuner v2.24\RivaTunerWrapper.exe" /S
O4 - HKLM\..\Run: [zoneLINK MultiCore Optimizer] "E:\Program Files\zoneLINK\MultiCore Optimizer\MultiCoreOptimizer.exe" -TRAY
O4 - HKLM\..\Run: [BtTray] "E:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Hinzufügen zu Kaspersky Anti-Banner - E:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE\ie_banner_deny.htm
O9 - Extra button: Statistik für Web-Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - E:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE\SCIEPlgn.dll
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - h**p://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: E:\PROGRA~1\KASPER~1\KASPER~1\r3hook.dll,E:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll
O23 - Service: Kaspersky Security Suite CBE (AVP) - Kaspersky Lab - E:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE\avp.exe
O23 - Service: BlueSoleilCS - Unknown owner - E:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
O23 - Service: BsHelpCS - Unknown owner - E:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c9c7f6b1d49f94) (gupdate1c9c7f6b1d49f94) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: lxbk_device - - C:\Windows\system32\lxbkcoms.exe
O23 - Service: MySQL - Unknown owner - E:\mysql\bin\mysqld-nt.exe (file missing)
O23 - Service: MySQL51 - Unknown owner - E:\Program.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: TeamViewer 3 (TeamViewer) - Unknown owner - E:\Program Files\TeamViewer3\TeamViewer_Host.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe

--
End of file - 8112 bytes

RedDevil · 09.07.2009, 08:37

Hier noch die Liste der installierten Programmen:

7 Artifacts
7 Wonders II
7-Zip 4.62
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Recommended Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Extra Settings CS4
Adobe Color Video Profiles CS CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Drive CS4
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Linguistics CS4
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Reader 9.1 - Deutsch
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
AIM
Ashampoo Burning Studio 6 FREE
Bluesoleil 5.0.5.178
Burnout(TM) Paradise The Ultimate Box
CCleaner (remove only)
Choice Guard
Connect
DEUTSCHLAND SPIELT GAME CENTER
Die verrückte Strandparty
Dr. Hardware 2009 9.9.2d
EA Download Manager
EasyTune5Pro
EVEREST Ultimate Edition v4.20
Favorit
Fraps
FreeCommander 2008.06c
Futuremark SystemInfo
Google Earth
Google Update Helper
Google Updater
Hercules WiFi Station
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
ICQ6.5
In 80 Rätseln um die Welt
Java(TM) 6 Update 11
Junk Mail filter update
Kaspersky Security Suite CBE
Kaspersky Security Suite CBE
kuler
Lexmark X1100 Series
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 Language Pack SP1 - deu
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Silverlight
Microsoft Virtual PC 2007 SP1
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Mozilla Firefox (3.0.11)
Mp3tag v2.40
MSVCRT
MSXML 4.0 SP2 (KB954430)
My Video Downloader
MySQL Server 5.0
Need for Speed™ Undercover
Nero 7 Premium
neroxml
NVIDIA Drivers
NVIDIA PhysX
O&O Defrag Professional Edition
Ocean Ball
OpenAL
OpenOffice.org 2.3
Orban/Coding Technologies AAC/aacPlus Player Plugin™ 1.0
PDF Settings CS4
phonostar-Player Version 2.01.4
Photoshop Camera Raw
Picasa 3
Puzzle Quest Galactrix
QuickTime
Race Driver 3
RealPlayer
Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
Realtek High Definition Audio Driver
RivaTuner v2.24
Rockstar Games Social Club
Runes of Magic
Safari
Schatzinsel
SimpleScreenshot 1.30
SIW version 2009-03-17
SnagIt 9
Spirit of Wandering
Spybot - Search & Destroy
Suite Shared Configuration CS4
System Requirements Lab
SYSTEM_INFO B07.1219.01
TeamSpeak 2 RC2
TeamViewer 3
Techno4ever Player
teXXas
Trust Webcam 14830
TuneUp Utilities 2009
Ultimate Extras sounds from Microsoft® Tinker™
VideoLAN VLC media player 0.8.6d
Viewpoint Media Player
Windows 7 Upgrade Advisor Beta
Windows Live Anmelde-Assistent
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Fotogalerie
Windows Live Mail
Windows Live Messenger
Windows Live Sync
Windows Live Writer
Windows Live-Uploadtool
Windows-Soundschemas
WinRAR
XMedia Recode 2.1.1.1
Yahoo! Install Manager
Yahoo! Messenger
zoneLINK MultiCore Optimizer 1.00
Zuma Deluxe

john.doe · 17.07.2009, 18:35

Hallo und

1.) Deinstalliere:

Favorit
Google Update Helper
Google Updater
Spybot - Search & Destroy
TuneUp Utilities 2009

2.) Lade dir bitte das Programm SysProt.

3.) Klicke auf die Karte Log.

4.) Markiere:

Process
Kernel Module
Hidden Files

5.) Klick auf Create Log.

6.) Wähle: Scan root drive only.

7.) Klicke auf Start.

8.) Poste den Inhalt von SysProtLog.txt, dass du auf dem Desktop findest.

ciao, andreas

RedDevil · 20.07.2009, 08:26

so hier der log von SysProt:

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

Process:
Name: [System Idle Process]
PID: 0
Hidden: No
Window Visible: No

Name: System
PID: 4
Hidden: No
Window Visible: No

Name: C:\Windows\System32\smss.exe
PID: 508
Hidden: No
Window Visible: No

Name: C:\Windows\System32\csrss.exe
PID: 584
Hidden: No
Window Visible: No

Name: C:\Windows\System32\wininit.exe
PID: 636
Hidden: No
Window Visible: No

Name: C:\Windows\System32\csrss.exe
PID: 648
Hidden: No
Window Visible: No

Name: C:\Windows\System32\services.exe
PID: 680
Hidden: No
Window Visible: No

Name: C:\Windows\System32\lsass.exe
PID: 692
Hidden: No
Window Visible: No

Name: C:\Windows\System32\lsm.exe
PID: 700
Hidden: No
Window Visible: No

Name: C:\Windows\System32\winlogon.exe
PID: 736
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 884
Hidden: No
Window Visible: No

Name: C:\Windows\System32\nvvsvc.exe
PID: 952
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 980
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 1044
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 1132
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 1208
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 1248
Hidden: No
Window Visible: No

Name: C:\Windows\System32\audiodg.exe
PID: 1300
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 1368
Hidden: No
Window Visible: No

Name: C:\Windows\System32\SLsvc.exe
PID: 1468
Hidden: No
Window Visible: No

Name: C:\Windows\System32\nvvsvc.exe
PID: 1516
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 1540
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 1676
Hidden: No
Window Visible: No

Name: C:\Windows\System32\spoolsv.exe
PID: 1924
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 1948
Hidden: No
Window Visible: No

Name: C:\Windows\System32\dwm.exe
PID: 444
Hidden: No
Window Visible: No

Name: C:\Windows\System32\taskeng.exe
PID: 536
Hidden: No
Window Visible: No

Name: C:\Windows\explorer.exe
PID: 592
Hidden: No
Window Visible: No

Name: C:\Windows\System32\taskeng.exe
PID: 1460
Hidden: No
Window Visible: No

Name: E:\Fraps\fraps.exe
PID: 1796
Hidden: No
Window Visible: No

Name: C:\Windows\System32\mobsync.exe
PID: 1984
Hidden: No
Window Visible: No

Name: C:\Windows\RtHDVCpl.exe
PID: 1112
Hidden: No
Window Visible: No

Name: E:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE\avp.exe
PID: 2088
Hidden: No
Window Visible: No

Name: C:\Windows\vsnp2std.exe
PID: 2120
Hidden: No
Window Visible: No

Name: E:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE\avp.exe
PID: 2160
Hidden: No
Window Visible: No

Name: C:\Windows\System32\CtHelper.exe
PID: 2212
Hidden: No
Window Visible: No

Name: E:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
PID: 2284
Hidden: No
Window Visible: No

Name: E:\Program Files\zoneLINK\MultiCore Optimizer\MultiCoreOptimizer.exe
PID: 2336
Hidden: No
Window Visible: No

Name: E:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe
PID: 2348
Hidden: No
Window Visible: No

Name: C:\Program Files\Windows Sidebar\sidebar.exe
PID: 2392
Hidden: No
Window Visible: Yes

Name: C:\Windows\System32\lxbkcoms.exe
PID: 2480
Hidden: No
Window Visible: No

Name: C:\Windows\ehome\ehtray.exe
PID: 2600
Hidden: No
Window Visible: No

Name: C:\Program Files\Windows Media Player\wmpnscfg.exe
PID: 2624
Hidden: No
Window Visible: No

Name: E:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
PID: 2712
Hidden: No
Window Visible: No

Name: C:\Windows\System32\oodag.exe
PID: 2804
Hidden: No
Window Visible: No

Name: C:\Windows\System32\PnkBstrA.exe
PID: 2892
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 2920
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 2980
Hidden: No
Window Visible: No

Name: E:\Program Files\TeamViewer3\TeamViewer_Host.exe
PID: 3044
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 3092
Hidden: No
Window Visible: No

Name: C:\Windows\ehome\ehmsas.exe
PID: 3268
Hidden: No
Window Visible: No

Name: C:\Program Files\Windows Sidebar\sidebar.exe
PID: 3504
Hidden: No
Window Visible: Yes

Name: C:\Windows\System32\wbem\WmiPrvSE.exe
PID: 3688
Hidden: No
Window Visible: No

Name: E:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
PID: 3900
Hidden: No
Window Visible: No

Name: C:\Program Files\Windows Media Player\wmpnetwk.exe
PID: 4084
Hidden: No
Window Visible: No

Name: C:\Windows\System32\wbem\unsecapp.exe
PID: 3852
Hidden: No
Window Visible: No

Name: C:\Windows\System32\wbem\WmiPrvSE.exe
PID: 3804
Hidden: No
Window Visible: No

Name: E:\Program Files\Mozilla Firefox\firefox.exe
PID: 2644
Hidden: No
Window Visible: No

Name: C:\Users\Saar Devil\Desktop\SysProt.exe
PID: 4608
Hidden: No
Window Visible: Yes

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \systemroot\system32\drivers\hjgruiffveixrw.sys
Service Name: hjgruinmbbxorh
Module Base: ---
Module End: ---
Hidden: Yes

Module Name: \??\C:\Users\Saar Devil\Desktop\SysProtDrv.sys
Service Name: SysProtDrv.sys
Module Base: A2A7B000
Module End: A2A86000
Hidden: No

Module Name: C:\Windows\system32\ntkrnlpa.exe
Service Name: ---
Module Base: 8304E000
Module End: 83407000
Hidden: No

Module Name: C:\Windows\system32\hal.dll
Service Name: ---
Module Base: 8301B000
Module End: 8304E000
Hidden: No

Module Name: C:\Windows\system32\kdcom.dll
Service Name: ---
Module Base: 8040A000
Module End: 80412000
Hidden: No

Module Name: C:\Windows\system32\mcupdate_GenuineIntel.dll
Service Name: ---
Module Base: 80412000
Module End: 80472000
Hidden: No

Module Name: C:\Windows\system32\PSHED.dll
Service Name: ---
Module Base: 80472000
Module End: 80483000
Hidden: No

Module Name: C:\Windows\system32\BOOTVID.dll
Service Name: ---
Module Base: 80483000
Module End: 8048B000
Hidden: No

Module Name: C:\Windows\system32\CLFS.SYS
Service Name: CLFS
Module Base: 8048B000
Module End: 804CC000
Hidden: No

Module Name: C:\Windows\system32\CI.dll
Service Name: ---
Module Base: 804CC000
Module End: 805AC000
Hidden: No

Module Name: C:\Windows\system32\drivers\Wdf01000.sys
Service Name: Wdf01000
Module Base: 8060A000
Module End: 80686000
Hidden: No

Module Name: C:\Windows\system32\drivers\WDFLDR.SYS
Service Name: ---
Module Base: 80686000
Module End: 80693000
Hidden: No

Module Name: \SystemRoot\System32\Drivers\spxg.sys
Service Name: ---
Module Base: 80693000
Module End: 80793000
Hidden: Yes

Module Name: C:\Windows\System32\Drivers\WMILIB.SYS
Service Name: ---
Module Base: 80793000
Module End: 8079C000
Hidden: No

Module Name: C:\Windows\System32\Drivers\SCSIPORT.SYS
Service Name: ---
Module Base: 8079C000
Module End: 807C2000
Hidden: No

Module Name: C:\Windows\system32\drivers\acpi.sys
Service Name: ACPI
Module Base: 805AC000
Module End: 805F2000
Hidden: No

Module Name: C:\Windows\system32\drivers\msisadrv.sys
Service Name: msisadrv
Module Base: 807C2000
Module End: 807CA000
Hidden: No

Module Name: C:\Windows\system32\drivers\pci.sys
Service Name: pci
Module Base: 807CA000
Module End: 807F1000
Hidden: No

Module Name: C:\Windows\System32\drivers\partmgr.sys
Service Name: partmgr
Module Base: 807F1000
Module End: 80800000
Hidden: No

Module Name: C:\Windows\System32\drivers\sfsync04.sys
Service Name: sfsync04
Module Base: 83603000
Module End: 83616000
Hidden: No

Module Name: C:\Windows\system32\drivers\volmgr.sys
Service Name: volmgr
Module Base: 83616000
Module End: 83625000
Hidden: No

Module Name: C:\Windows\System32\drivers\volmgrx.sys
Service Name: volmgrx
Module Base: 83625000
Module End: 8366F000
Hidden: No

Module Name: C:\Windows\system32\drivers\intelide.sys
Service Name: intelide
Module Base: 8366F000
Module End: 83676000
Hidden: No

Module Name: C:\Windows\system32\drivers\PCIIDEX.SYS
Service Name: ---
Module Base: 83676000
Module End: 83684000
Hidden: No

Module Name: C:\Windows\System32\drivers\mountmgr.sys
Service Name: MountMgr
Module Base: 83684000
Module End: 83694000
Hidden: No

Module Name: C:\Windows\System32\drivers\sfsync02.sys
Service Name: sfsync02
Module Base: 83694000
Module End: 83699000
Hidden: No

Module Name: C:\Windows\system32\drivers\atapi.sys
Service Name: atapi
Module Base: 83699000
Module End: 836A1000
Hidden: No

Module Name: C:\Windows\system32\drivers\ataport.SYS
Service Name: ---
Module Base: 836A1000
Module End: 836BF000
Hidden: No

Module Name: C:\Windows\system32\drivers\fltmgr.sys
Service Name: FltMgr
Module Base: 836BF000
Module End: 836F1000
Hidden: No

Module Name: C:\Windows\system32\drivers\fileinfo.sys
Service Name: FileInfo
Module Base: 836F1000
Module End: 83701000
Hidden: No

Module Name: C:\Windows\System32\Drivers\PxHelp20.sys
Service Name: PxHelp20
Module Base: 83701000
Module End: 8370A000
Hidden: No

Module Name: C:\Windows\System32\Drivers\ksecdd.sys
Service Name: KSecDD
Module Base: 8370A000
Module End: 8377B000
Hidden: No

Module Name: C:\Windows\system32\drivers\ndis.sys
Service Name: NDIS
Module Base: 83C0F000
Module End: 83D1A000
Hidden: No

Module Name: C:\Windows\system32\drivers\msrpc.sys
Service Name: MsRPC
Module Base: 83D1A000
Module End: 83D45000
Hidden: No

Module Name: C:\Windows\system32\drivers\NETIO.SYS
Service Name: ---
Module Base: 83D45000
Module End: 83D7F000
Hidden: No

Module Name: C:\Windows\System32\drivers\tcpip.sys
Service Name: Tcpip
Module Base: 83E0A000
Module End: 83EF1000
Hidden: No

Module Name: C:\Windows\System32\drivers\fwpkclnt.sys
Service Name: ---
Module Base: 83EF1000
Module End: 83F0C000
Hidden: No

Module Name: C:\Windows\System32\Drivers\vbtenum.sys
Service Name: BTHidEnum
Module Base: 83F0C000
Module End: 83F10000
Hidden: No

Module Name: C:\Windows\System32\Drivers\Ntfs.sys
Service Name: Ntfs
Module Base: 8A401000
Module End: 8A510000
Hidden: No

Module Name: C:\Windows\system32\drivers\volsnap.sys
Service Name: volsnap
Module Base: 8A510000
Module End: 8A549000
Hidden: No

Module Name: C:\Windows\System32\Drivers\spldr.sys
Service Name: spldr
Module Base: 8A549000
Module End: 8A551000
Hidden: No

Module Name: C:\Windows\System32\drivers\sfhlp02.sys
Service Name: sfhlp02
Module Base: 8A551000
Module End: 8A559000
Hidden: No

Module Name: C:\Windows\System32\drivers\sfdrv01.sys
Service Name: sfdrv01
Module Base: 8A559000
Module End: 8A56C000
Hidden: No

Module Name: C:\Windows\System32\Drivers\mup.sys
Service Name: Mup
Module Base: 8A56C000
Module End: 8A57B000
Hidden: No

Module Name: C:\Windows\System32\drivers\ecache.sys
Service Name: Ecache
Module Base: 8A57B000
Module End: 8A5A2000
Hidden: No

Module Name: C:\Windows\System32\DRIVERS\fvevol.sys
Service Name: fvevol
Module Base: 8A5A2000
Module End: 8A5C6000
Hidden: No

Module Name: C:\Windows\system32\drivers\disk.sys
Service Name: disk
Module Base: 8A5C6000
Module End: 8A5D7000
Hidden: No

Module Name: C:\Windows\system32\drivers\CLASSPNP.SYS
Service Name: ---
Module Base: 8A5D7000
Module End: 8A5F8000
Hidden: No

Module Name: C:\Windows\system32\drivers\crcdisk.sys
Service Name: crcdisk
Module Base: 83F10000
Module End: 83F19000
Hidden: No

Module Name: C:\Windows\System32\Drivers\BTHidMgr.sys
Service Name: BTHidMgr
Module Base: 8A5F8000
Module End: 8A5FF000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\tunnel.sys
Service Name: tunnel
Module Base: 83F26000
Module End: 83F31000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\tunmp.sys
Service Name: tunmp
Module Base: 83F31000
Module End: 83F3A000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\intelppm.sys
Service Name: intelppm
Module Base: 83F3A000
Module End: 83F49000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\nvlddmkm.sys
Service Name: nvlddmkm
Module Base: 8E806000
Module End: 8F160000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\nvBridge.kmd
Service Name: ---
Module Base: 8F160000
Module End: 8F162000
Hidden: No

Module Name: C:\Windows\System32\drivers\dxgkrnl.sys
Service Name: DXGKrnl
Module Base: 83F49000
Module End: 83FE8000
Hidden: No

Module Name: C:\Windows\System32\drivers\watchdog.sys
Service Name: ---
Module Base: 8F162000
Module End: 8F16F000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\HDAudBus.sys
Service Name: HDAudBus
Module Base: 8F16F000
Module End: 8F181000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\Rtlh86.sys
Service Name: RTL8169
Module Base: 8F181000
Module End: 8F19F000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\usbuhci.sys
Service Name: usbuhci
Module Base: 8F19F000
Module End: 8F1AA000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\USBPORT.SYS
Service Name: ---
Module Base: 8F1AA000
Module End: 8F1E8000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\usbehci.sys
Service Name: usbehci
Module Base: 8F1E8000
Module End: 8F1F7000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\usbohci.sys
Service Name: usbohci
Module Base: 83FE8000
Module End: 83FF2000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\serial.sys
Service Name: Serial
Module Base: 83D7F000
Module End: 83D99000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\serenum.sys
Service Name: Serenum
Module Base: 83FF2000
Module End: 83FFC000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\cdrom.sys
Service Name: cdrom
Module Base: 83D99000
Module End: 83DB1000
Hidden: No

Module Name: \SystemRoot\System32\Drivers\a79vqtkk.SYS
Service Name: ---
Module Base: 83DB1000
Module End: 83DE8000
Hidden: Yes

Module Name: C:\Windows\System32\Drivers\VcommMgr.sys
Service Name: VcommMgr
Module Base: 83E00000
Module End: 83E0A000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\VMNetSrv.sys
Service Name: srv
Module Base: 83DE8000
Module End: 83DF9000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\msiscsi.sys
Service Name: iScsiPrt
Module Base: 8377B000
Module End: 837A9000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\storport.sys
Service Name: ---
Module Base: 837A9000
Module End: 837EA000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\TDI.SYS
Service Name: ---
Module Base: 83F19000
Module End: 83F24000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\rasl2tp.sys
Service Name: Rasl2tp
Module Base: 8F805000
Module End: 8F81C000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\ndistapi.sys
Service Name: NdisTapi
Module Base: 8F81C000
Module End: 8F827000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\ndiswan.sys
Service Name: NdisWan
Module Base: 8F827000
Module End: 8F84A000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\raspppoe.sys
Service Name: RasPppoe
Module Base: 8F84A000
Module End: 8F859000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\raspptp.sys
Service Name: PptpMiniport
Module Base: 8F859000
Module End: 8F86D000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\rassstp.sys
Service Name: RasSstp
Module Base: 8F86D000
Module End: 8F882000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\btnetdrv.sys
Service Name: BT
Module Base: 8F882000
Module End: 8F885000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\VComm.sys
Service Name: VComm
Module Base: 8F885000
Module End: 8F88C000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\rdpdr.sys
Service Name: rdpdr
Module Base: 8F88C000
Module End: 8F915000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\termdd.sys
Service Name: TermDD
Module Base: 8F915000
Module End: 8F925000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\kbdclass.sys
Service Name: kbdclass
Module Base: 8F925000
Module End: 8F930000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\mouclass.sys
Service Name: mouclass
Module Base: 8F930000
Module End: 8F93B000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\swenum.sys
Service Name: swenum
Module Base: 8F93B000
Module End: 8F93D000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\ks.sys
Service Name: ---
Module Base: 8F93D000
Module End: 8F967000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\mssmbios.sys
Service Name: mssmbios
Module Base: 8F967000
Module End: 8F971000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\umbus.sys
Service Name: umbus
Module Base: 8F971000
Module End: 8F97E000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\usbhub.sys
Service Name: usbhub
Module Base: 8F97E000
Module End: 8F9B2000
Hidden: No

Module Name: C:\Windows\System32\Drivers\NDProxy.SYS
Service Name: NDProxy
Module Base: 8F9B2000
Module End: 8F9C3000
Hidden: No

Module Name: C:\Windows\system32\drivers\RTKVHDA.sys
Service Name: IntcAzAudAddService
Module Base: 8FA00000
Module End: 8FBF6000
Hidden: No

Module Name: C:\Windows\system32\drivers\portcls.sys
Service Name: ---
Module Base: 8F9C3000
Module End: 8F9F0000
Hidden: No

Module Name: C:\Windows\system32\drivers\drmk.sys
Service Name: ---
Module Base: 8FC04000
Module End: 8FC29000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\klif.sys
Service Name: KLIF
Module Base: 8FC29000
Module End: 8FC51000
Hidden: No

Module Name: C:\Windows\System32\Drivers\Fs_Rec.SYS
Service Name: Fs_Rec
Module Base: 8FC51000
Module End: 8FC5A000
Hidden: No

Module Name: C:\Windows\System32\Drivers\Null.SYS
Service Name: Null
Module Base: 8FC5A000
Module End: 8FC61000
Hidden: No

Module Name: C:\Windows\System32\Drivers\Beep.SYS
Service Name: Beep
Module Base: 8FC61000
Module End: 8FC68000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\usbccgp.sys
Service Name: usbccgp
Module Base: 8FC68000
Module End: 8FC7F000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\USBD.SYS
Service Name: ---
Module Base: 8FC7F000
Module End: 8FC81000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\HIDPARSE.SYS
Service Name: ---
Module Base: 8FC8A000
Module End: 8FC91000
Hidden: No

Module Name: C:\Windows\system32\drivers\usbaudio.sys
Service Name: usbaudio
Module Base: 8FC91000
Module End: 8FCA3000
Hidden: No

08.07.2009, 22:24	#2
Swisstreasure /// Malwareteam	hilfe!trojan.win32.monder.cqbi Hallo RedDevil Arbeite bitte den Punkt2 dieser Anleitung ab und poste die Reporte Gruss Swiss __________________

hilfe!trojan.win32.monder.cqbi

Plagegeister aller Art und deren Bekämpfung: hilfe!trojan.win32.monder.cqbi