Zurück   Trojaner-Board > Malware entfernen > Antiviren-, Firewall- und andere Schutzprogramme

Antiviren-, Firewall- und andere Schutzprogramme: Trojaner Dropper

Windows 7 Sämtliche Fragen zur Bedienung von Firewalls, Anti-Viren Programmen, Anti Malware und Anti Trojaner Software sind hier richtig. Dies ist ein Diskussionsforum für Sicherheitslösungen für Windows Rechner. Benötigst du Hilfe beim Trojaner entfernen oder weil du dir einen Virus eingefangen hast, erstelle ein Thema in den oberen Bereinigungsforen.

Antwort
Alt 12.01.2010, 11:31   #1
MARIA78
 
Trojaner Dropper - Standard

Trojaner Dropper



Malwarebytes' Anti-Malware 1.44
Datenbank Version: 3546
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12.01.2010 12:29:41
mbam-log-2010-01-12 (12-29-40).txt

Scan-Methode: Vollständiger Scan (C:\|D:\|)
Durchsuchte Objekte: 152670
Laufzeit: 35 minute(s), 19 second(s)

Infizierte Speicherprozesse: 2
Infizierte Speichermodule: 7
Infizierte Registrierungsschlüssel: 43
Infizierte Registrierungswerte: 3
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 22
Infizierte Dateien: 65

Infizierte Speicherprozesse:
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QuestService\questservice133.exe (Adware.Agent) -> Unloaded process successfully.
C:\Programme\QuestService\questservice.exe (Adware.Agent) -> Unloaded process successfully.

Infizierte Speichermodule:
C:\Programme\Customized Platform Advancer\3.1.0.1540\CPAIEAddOn.dll (Adware.Agent) -> Delete on reboot.
C:\Programme\Web Search Operator\3.1.0.1800\WSOCommon.dll (Adware.Agent) -> Delete on reboot.
C:\Programme\Web Search Operator\3.1.0.1800\FF\components\WSOFFAddOn.dll (Adware.Agent) -> Delete on reboot.
C:\Programme\Customized Platform Advancer\3.1.0.1540\CPACommon.dll (Adware.Agent) -> Delete on reboot.
C:\Programme\Customized Platform Advancer\3.1.0.1540\CPAIEAddOnSubL.dll (Adware.Agent) -> Delete on reboot.
C:\Programme\Customized Platform Advancer\3.1.0.1540\FF\components\CPAFFAddOn.dll (Adware.Agent) -> Delete on reboot.
C:\WINDOWS\system32\antiwpa.dll (Trojan.I.Stole.Windows) -> Delete on reboot.

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\explorerbar.cmw (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\explorerbar.cmw.1 (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\explorerbar.funexplorer (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{ac5ab953-ed25-4f9c-87f0-b086b0178ffa} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6160f76a-1992-4b17-a32d-0c706d159105} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{42c7c39f-3128-4a17-bdb7-91c46032b5b9} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{42c7c39f-3128-4a17-bdb7-91c46032b5b9} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{42c7c39f-3128-4a17-bdb7-91c46032b5b9} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{42c7c39f-3128-4a17-bdb7-91c46032b5b9} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\explorerbar.funexplorer.1 (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\explorerbar.funredirector (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\explorerbar.funredirector.1 (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\explorerbar.tcp (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\explorerbar.tcp.1 (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{480098c6-f6ad-4c61-9b5c-2bae228a34d1} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3de88beb-f271-484a-ba71-01d30f439f0c} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{50ad41d2-b1f0-47cc-9ea7-395355eaeebd} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8ceb185e-81a5-46d3-bc20-c555d605afbd} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a72522ba-9ff3-4c83-abc6-9b476728a396} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{883dfc00-8a21-411d-956c-73a4e4b7d16f} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Explorer\Bars\{cac89ff9-34a9-4431-8cfe-292a47f843bc} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Explorer\Bars\{b72681c0-a222-4b21-a0e2-53a5a5ca3d411} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b72681c0-a222-4b21-a0e2-53a5a5ca3d41} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cac89ff9-34a9-4431-8cfe-292a47f843bc} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{eb4a577d-bcad-4b1c-8af2-9a74b8dd3431} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d45817b8-3ead-4d1d-8fca-ec63a8e35de2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{b72681c0-a222-4b21-a0e2-53a5a5ca3d41} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{cac89ff9-34a9-4431-8cfe-292a47f843bc} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{eb4a577d-bcad-4b1c-8af2-9a74b8dd3431} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{d45817b8-3ead-4d1d-8fca-ec63a8e35de2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b72681c0-a222-4b21-a0e2-53a5a5ca3d41} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cac89ff9-34a9-4431-8cfe-292a47f843bc} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{eb4a577d-bcad-4b1c-8af2-9a74b8dd3431} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\questservice (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\AppDataLow\SOFTWARE\Internet Today (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Automated Content Enhancer (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Customized Platform Advancer (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\QuestService (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Web Search Operator (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\QuestService Service (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Automated Content Enhancer (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Customized Platform Advancer (Adware.DoubleD) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{d45817b8-3ead-4d1d-8fca-ec63a8e35de2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{e63605fc-d583-4c81-867f-9457bdb3ea1b} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{e889f097-b0be-471b-89ad-b86b6f04b506} (Adware.DoubleD) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
C:\Programme\premieropinion (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Programme\Web Search Operator (Adware.Agent) -> Delete on reboot.
C:\Programme\Web Search Operator\3.1.0.1800 (Adware.Agent) -> Delete on reboot.
C:\Programme\Web Search Operator\3.1.0.1800\Data (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programme\Web Search Operator\3.1.0.1800\FF (Adware.Agent) -> Delete on reboot.
C:\Programme\Web Search Operator\3.1.0.1800\FF\chrome (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programme\Web Search Operator\3.1.0.1800\FF\chrome\content (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programme\Web Search Operator\3.1.0.1800\FF\components (Adware.Agent) -> Delete on reboot.
C:\Programme\Textual Content Provider (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programme\Textual Content Provider\1.1.0.1380 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programme\Textual Content Provider\1.1.0.1380\data (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programme\Content Management Wizard\1.1.0.1820 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programme\Customized Platform Advancer (Adware.Agent) -> Delete on reboot.
C:\Programme\Customized Platform Advancer\3.1.0.1540 (Adware.Agent) -> Delete on reboot.
C:\Programme\Customized Platform Advancer\3.1.0.1540\Data (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programme\Customized Platform Advancer\3.1.0.1540\FF (Adware.Agent) -> Delete on reboot.
C:\Programme\Customized Platform Advancer\3.1.0.1540\FF\chrome (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programme\Customized Platform Advancer\3.1.0.1540\FF\chrome\content (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programme\Customized Platform Advancer\3.1.0.1540\FF\components (Adware.Agent) -> Delete on reboot.
C:\Programme\Content Management Wizard (Adware.Agent) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QuestService (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Programme\QuestService (Adware.DoubleD) -> Quarantined and deleted successfully.

Infizierte Dateien:
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QuestService\questservice133.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programme\QuestService\questservice.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programme\Customized Platform Advancer\3.1.0.1540\CPAIEAddOn.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Veli Yildiz\Anwendungsdaten\Desktopicon\eBayShortcuts.exe (Adware.ADON) -> Quarantined and deleted successfully.
C:\Programme\QuestService\uninstall.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1D285728-EA49-4314-ABE5-38734FF4B0F1}\RP148\A0119480.exe (Adware.ADON) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1D285728-EA49-4314-ABE5-38734FF4B0F1}\RP156\A0120731.rbf (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1D285728-EA49-4314-ABE5-38734FF4B0F1}\RP156\A0120743.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1D285728-EA49-4314-ABE5-38734FF4B0F1}\RP157\A0120821.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1D285728-EA49-4314-ABE5-38734FF4B0F1}\RP161\A0121099.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1D285728-EA49-4314-ABE5-38734FF4B0F1}\RP161\A0121100.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1D285728-EA49-4314-ABE5-38734FF4B0F1}\RP161\A0121105.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1D285728-EA49-4314-ABE5-38734FF4B0F1}\RP169\A0122452.exe (Adware.Mongoose) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1D285728-EA49-4314-ABE5-38734FF4B0F1}\RP180\A0124091.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1D285728-EA49-4314-ABE5-38734FF4B0F1}\RP183\A0124440.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1D285728-EA49-4314-ABE5-38734FF4B0F1}\RP183\A0124441.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1D285728-EA49-4314-ABE5-38734FF4B0F1}\RP183\A0124445.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programme\premieropinion\pmls.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Programme\premieropinion\pmservice.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Programme\Web Search Operator\3.1.0.1800\unins000.dat (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programme\Web Search Operator\3.1.0.1800\unins000.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programme\Web Search Operator\3.1.0.1800\WSOCommon.dll (Adware.Agent) -> Delete on reboot.
C:\Programme\Web Search Operator\3.1.0.1800\wsopx.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programme\Web Search Operator\3.1.0.1800\Data\config.md (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programme\Web Search Operator\3.1.0.1800\FF\chrome.manifest (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programme\Web Search Operator\3.1.0.1800\FF\install.rdf (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programme\Web Search Operator\3.1.0.1800\FF\chrome\WSOAddOn.jar (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programme\Web Search Operator\3.1.0.1800\FF\chrome\content\WSOAddOn.js (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programme\Web Search Operator\3.1.0.1800\FF\chrome\content\WSOAddOn.xul (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programme\Web Search Operator\3.1.0.1800\FF\components\WSOFFAddOn.dll (Adware.Agent) -> Delete on reboot.
C:\Programme\Web Search Operator\3.1.0.1800\FF\components\WSOFFAddOn.xpt (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programme\Web Search Operator\3.1.0.1800\FF\components\WSOFFHelperComponent.js (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programme\Textual Content Provider\1.1.0.1380\unins000.dat (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programme\Textual Content Provider\1.1.0.1380\unins000.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programme\Textual Content Provider\1.1.0.1380\data\pxtmpdata.mx (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programme\Textual Content Provider\1.1.0.1380\data\TP_Config.mx (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programme\Textual Content Provider\1.1.0.1380\data\TP_Data.mx (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programme\Textual Content Provider\1.1.0.1380\data\TP_DomainExcludeList.mx (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programme\Content Management Wizard\1.1.0.1820\cmwpx.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programme\Content Management Wizard\1.1.0.1820\cmwsh.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programme\Content Management Wizard\1.1.0.1820\config.mx (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programme\Content Management Wizard\1.1.0.1820\data.mx (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programme\Content Management Wizard\1.1.0.1820\exclude.mx (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programme\Content Management Wizard\1.1.0.1820\MatchingData.zd5 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programme\Content Management Wizard\1.1.0.1820\pxtmpdata.mx (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programme\Content Management Wizard\1.1.0.1820\unins000.dat (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programme\Content Management Wizard\1.1.0.1820\unins000.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programme\Customized Platform Advancer\3.1.0.1540\CPACommon.dll (Adware.Agent) -> Delete on reboot.
C:\Programme\Customized Platform Advancer\3.1.0.1540\CPAHelper.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programme\Customized Platform Advancer\3.1.0.1540\CPAIEAddOnSub.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programme\Customized Platform Advancer\3.1.0.1540\CPAIEAddOnSubL.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programme\Customized Platform Advancer\3.1.0.1540\unins000.dat (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programme\Customized Platform Advancer\3.1.0.1540\unins000.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programme\Customized Platform Advancer\3.1.0.1540\Data\config.md (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programme\Customized Platform Advancer\3.1.0.1540\FF\chrome.manifest (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programme\Customized Platform Advancer\3.1.0.1540\FF\install.rdf (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programme\Customized Platform Advancer\3.1.0.1540\FF\chrome\CPAAddOn.jar (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programme\Customized Platform Advancer\3.1.0.1540\FF\chrome\content\CPAAddOn.js (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programme\Customized Platform Advancer\3.1.0.1540\FF\chrome\content\CPAAddOn.xul (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programme\Customized Platform Advancer\3.1.0.1540\FF\components\CPAFFAddOn.dll (Adware.Agent) -> Delete on reboot.
C:\Programme\Customized Platform Advancer\3.1.0.1540\FF\components\CPAFFAddOn.xpt (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programme\Customized Platform Advancer\3.1.0.1540\FF\components\CPAFFHelperComponent.js (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programme\Mozilla Firefox\searchPlugins\questservice129.xml (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Programme\Mozilla Firefox\searchPlugins\questservice133.xml (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\antiwpa.dll (Trojan.I.Stole.Windows) -> Delete on reboot.
__________________
BUSSI
MARIA


Alt 12.01.2010, 11:33   #2
Chris4You
 
Trojaner Dropper - Standard

Trojaner Dropper



Hi,

wow!
Bitte noch RSIT und GMER...

chris
Ps.: Es handelt sich um eine nichtlizensiertes Windows (antiwpa!)!
Ist Dir das bekannt?
__________________

__________________

Geändert von Chris4You (12.01.2010 um 11:38 Uhr)

Alt 12.01.2010, 11:38   #3
MARIA78
 
Trojaner Dropper - Standard

Trojaner Dropper



Logfile of random's system information tool 1.06 (written by random/random)
Run by Veli Yildiz at 2010-01-12 12:37:49
Microsoft Windows XP Professional Service Pack 3
System drive C: has 135 GB (89%) free of 153 GB
Total RAM: 3070 MB (79% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:37:50, on 12.01.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programme\Java\jre6\bin\jusched.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Windows Live\Messenger\msnmsgr.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
C:\DOKUME~1\VELIYI~1\LOKALE~1\Temp\RtkBtMnt.exe
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programme\Windows Live\Contacts\wlcomm.exe
C:\Programme\Windows Live\Messenger\msnmsgr.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Dokumente und Einstellungen\Veli Yildiz\Desktop\RSIT.exe
C:\Programme\Trend Micro\HijackThis\Veli Yildiz.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.theprizeday.com/today.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {120A8821-2BEE-4C29-BCDA-62C577781992} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [AzMixerSel] C:\Programme\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\WINDOWS\PLFSet.dll,PLFDefSetting
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ Malwarebytes Anti-Malware (reboot)] "C:\Programme\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunOnce: [WiseStubReboot] MSIEXEC /quiet SKIP_PPU_DRIVER_INSTALL=1 /I "C:\Programme\Gemeinsame Dateien\Wise Installation Wizard\WISDD1865F0AD7340FBB23E1822E02396FF_9_09_0203.MSI" TRANSFORMS="C:\Programme\Gemeinsame Dateien\Wise Installation Wizard\WISDD1865F0AD7340FBB23E1822E02396FF_9_09_0203.MST" WISE_SETUP_EXE_PATH="c:\nvidia\winxp\185.85\is\display\PhysX_9.09.0203_SystemSoftware.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: Save YouTube Video as MP3 - res://C:\Programme\Gemeinsame Dateien\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm
O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {34635AA6-B593-4F06-9EDD-5FF60FC13310} (Speaky Chat) - http://download.speakyweb.com/speakyldr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D2F6CF34-A47F-4484-AFF4-22A4763C0E59}: NameServer = 213.191.74.11 213.191.92.82
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe

--
End of file - 6929 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{120A8821-2BEE-4C29-BCDA-62C577781992}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-11-26 329312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Anmelde-Hilfsprogramm - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Programme\Java\jre6\bin\jp2ssv.dll [2009-10-21 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-21 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avgnt"=C:\Programme\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"AzMixerSel"=C:\Programme\Realtek\InstallShield\AzMixerSel.exe [2006-07-17 53248]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-05-28 16132608]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"PLFSet"=C:\WINDOWS\PLFSet.dll [2007-04-25 45056]
"SunJavaUpdateSched"=C:\Programme\Java\jre6\bin\jusched.exe [2009-10-21 149280]
"Adobe Reader Speed Launcher"=C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
"Adobe ARM"=C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]
"TkBellExe"=C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe [2009-11-26 198160]
" Malwarebytes Anti-Malware (reboot)"=C:\Programme\Malwarebytes' Anti-Malware\mbam.exe [2010-01-07 1394000]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe [2010-01-07 429392]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"msnmsgr"=C:\Programme\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883840]
"MSMSGS"=C:\Programme\Messenger\msmsgs.exe [2008-04-14 1695232]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WiseStubReboot"=MSIEXEC /quiet SKIP_PPU_DRIVER_INSTALL=1 /I C:\Programme\Gemeinsame Dateien\Wise Installation Wizard\WISDD1865F0AD7340FBB23E1822E02396FF_9_09_0203.MSI TRANSFORMS=C:\Programme\Gemeinsame Dateien\Wise Installation Wizard\WISDD1865F0AD7340FBB23E1822E02396FF_9_09_0203.MST WISE_SETUP_EXE_PATH=c:\nvidia\winxp\185.85\is\display\PhysX_9.09.0203_SystemSoftware.exe []

C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
BTTray.lnk - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Antiwpa]
C:\WINDOWS\system32\antiwpa.dll [2008-09-15 60416]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Eine DLL-Datei als Anwendung ausführen"
"C:\Programme\TeamViewer\Version4\TeamViewer.exe"="C:\Programme\TeamViewer\Version4\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\BonCukFm Script\Mirc.exe"="C:\BonCukFm Script\Mirc.exe:*:Enabled:Cehre mIRC"
"C:\Programme\SopCast\adv\SopAdver.exe"="C:\Programme\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\Programme\SopCast\SopCast.exe"="C:\Programme\SopCast\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\Programme\KONAMI\Pro Evolution Soccer 2008\PES2008.exe"="C:\Programme\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:*:Enabled:Pro Evolution Soccer 2008"
"C:\Programme\TVUPlayer\TVUPlayer.exe"="C:\Programme\TVUPlayer\TVUPlayer.exe:*:Enabled:TVUPlayer Component"
"C:\Programme\Internet Explorer\iexplore.exe"="C:\Programme\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Programme\Mozilla Firefox\firefox.exe"="C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Programme\Windows Live\Messenger\wlcsdk.exe"="C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Programme\Windows Live\Messenger\msnmsgr.exe"="C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Programme\TVAnts\Tvants.exe"="C:\Programme\TVAnts\Tvants.exe:*:Enabled:TVAnts"
"C:\Programme\PPMate\ppmate.exe"="C:\Programme\PPMate\ppmate.exe:*:Enabled:PPMate"
"C:\Programme\PPMate\ppamnet.exe"="C:\Programme\PPMate\ppamnet.exe:*:Enabled:PPMate"
"C:\Dokumente und Einstellungen\Veli Yildiz\Desktop\MSNShell\Bin\engie.exe"="C:\Dokumente und Einstellungen\Veli Yildiz\Desktop\MSNShell\Bin\engie.exe:*:Enabled:MSNShell"
"C:\Programme\VideoLAN\VLC\vlc.exe"="C:\Programme\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\totalcmd\TOTALCMD.EXE"="C:\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit"
"C:\Dokumente und Einstellungen\Veli Yildiz\Desktop\PES2008.exe"="C:\Dokumente und Einstellungen\Veli Yildiz\Desktop\PES2008.exe:*:Enabled:Pro Evolution Soccer 2008"
"C:\Programme\Java\jre6\bin\java.exe"="C:\Programme\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Programme\trademanager\AliIM.exe"="C:\Programme\trademanager\AliIM.exe:*:Enabled:AliIM"
"C:\Programme\Metin2\metin2.bin"="C:\Programme\Metin2\metin2.bin:*:Enabled:metin2"
"C:\Programme\Skype\Plugin Manager\skypePM.exe"="C:\Programme\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Dokumente und Einstellungen\Veli Yildiz\Lokale Einstellungen\Temp\Rar$EX00.375\P. TVUPlayer - Portable Brasil (www.portablebrasil.net).exe"="C:\Dokumente und Einstellungen\Veli Yildiz\Lokale Einstellungen\Temp\Rar$EX00.375\P. TVUPlayer - Portable Brasil (www.portablebrasil.net).exe:*:Enabled:TVUPlayer Component"
"C:\Dokumente und Einstellungen\Veli Yildiz\Lokale Einstellungen\Temp\Rar$EX06.078\P. TVUPlayer - Portable Brasil (www.portablebrasil.net).exe"="C:\Dokumente und Einstellungen\Veli Yildiz\Lokale Einstellungen\Temp\Rar$EX06.078\P. TVUPlayer - Portable Brasil (www.portablebrasil.net).exe:*:Enabled:TVUPlayer Component"
"C:\Programme\StreamTorrent 1.0\StreamTorrent.exe"="C:\Programme\StreamTorrent 1.0\StreamTorrent.exe:*:Enabled:StreamTorrent P2P Media Player"
"C:\Programme\Skype\Phone\Skype.exe"="C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Programme\Windows Live\Messenger\wlcsdk.exe"="C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Programme\Windows Live\Messenger\msnmsgr.exe"="C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7885b697-b80a-11de-a06a-001e682e4752}]
shell\AutoRun\command - E:\vlvtdflx.exe
shell\open\command - E:\vlvtdflx.exe


======List of files/folders created in the last 1 months======

2010-01-12 12:36:28 ----D---- C:\rsit
2010-01-12 11:52:29 ----D---- C:\Dokumente und Einstellungen\Veli Yildiz\Anwendungsdaten\Malwarebytes
2010-01-12 11:52:23 ----D---- C:\Programme\Malwarebytes' Anti-Malware
2010-01-12 11:52:23 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2010-01-12 11:39:08 ----D---- C:\Programme\Trend Micro
2010-01-04 20:34:11 ----SHD---- C:\Config.Msi
2010-01-04 20:25:54 ----D---- C:\Programme\AVS4YOU
2009-12-29 17:32:41 ----A---- C:\WINDOWS\system32\d3dx9.dll
2009-12-29 17:32:41 ----A---- C:\WINDOWS\system32\D3DX81ab.dll
2009-12-29 17:32:40 ----D---- C:\Programme\Cheat Engine
2009-12-28 13:30:18 ----D---- C:\Programme\Runup
2009-12-23 18:20:49 ----D---- C:\Dokumente und Einstellungen\Veli Yildiz\Anwendungsdaten\StreamTorrent
2009-12-23 18:10:26 ----D---- C:\Dokumente und Einstellungen\Veli Yildiz\Anwendungsdaten\Thinstall
2009-12-21 20:10:41 ----D---- C:\Dokumente und Einstellungen\Veli Yildiz\Anwendungsdaten\Skype
2009-12-21 20:07:49 ----D---- C:\Programme\Gemeinsame Dateien\Skype
2009-12-21 20:07:46 ----RD---- C:\Programme\Skype
2009-12-14 21:13:35 ----N---- C:\WINDOWS\system32\spmsg2.dll
2009-12-14 21:13:29 ----HDC---- C:\WINDOWS\$NtUninstallXPSEPSCLP$
2009-12-14 20:52:19 ----D---- C:\Programme\Metin2
2009-12-14 20:12:08 ----D---- C:\WINDOWS\Minidump

======List of files/folders modified in the last 1 months======

2010-01-12 12:37:05 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2010-01-12 12:37:05 ----D---- C:\WINDOWS\system32\drivers
2010-01-12 12:36:35 ----D---- C:\WINDOWS\Prefetch
2010-01-12 12:29:40 ----RD---- C:\Programme
2010-01-12 11:47:16 ----D---- C:\WINDOWS\Temp
2010-01-12 11:47:16 ----D---- C:\WINDOWS
2010-01-12 11:23:26 ----D---- C:\Programme\Mozilla Firefox
2010-01-12 10:46:07 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-12 10:44:52 ----N---- C:\WINDOWS\SchedLgU.Txt
2010-01-10 21:29:43 ----HD---- C:\WINDOWS\inf
2010-01-10 21:29:43 ----D---- C:\Programme\Windows Live Safety Center
2010-01-10 06:16:00 ----D---- C:\Programme\Athan
2010-01-08 00:06:15 ----D---- C:\Dokumente und Einstellungen\Veli Yildiz\Anwendungsdaten\vlc
2010-01-04 20:34:14 ----SHD---- C:\WINDOWS\Installer
2010-01-04 20:26:01 ----D---- C:\Programme\Gemeinsame Dateien\AVSMedia
2010-01-04 20:17:08 ----D---- C:\WINDOWS\system32
2010-01-04 16:31:40 ----D---- C:\WINDOWS\Debug
2010-01-03 00:26:56 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SpeakyChat
2010-01-03 00:23:46 ----D---- C:\WINDOWS\system32\CatRoot
2010-01-03 00:22:04 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-01-03 00:21:56 ----D---- C:\WINDOWS\system32\de-DE
2010-01-03 00:21:24 ----D---- C:\Dokumente und Einstellungen\Veli Yildiz\Anwendungsdaten\skypePM
2009-12-23 19:49:47 ----D---- C:\Outlook on the Desktop
2009-12-23 12:49:55 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Messenger Plus!
2009-12-22 10:41:35 ----AD---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
2009-12-21 20:07:49 ----D---- C:\Programme\Gemeinsame Dateien
2009-12-21 20:07:45 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype
2009-12-15 00:50:00 ----D---- C:\WINDOWS\Microsoft.NET
2009-12-14 21:13:22 ----RSD---- C:\WINDOWS\assembly
2009-12-14 21:13:10 ----D---- C:\WINDOWS\system32\XPSViewer
2009-12-14 21:12:48 ----D---- C:\WINDOWS\system32\mui

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40448]
R1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R1 WmiAcpi;Microsoft Windows-Verwaltungsschnittstelle für ACPI; C:\WINDOWS\System32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2010-01-04 56816]
R2 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936]
R2 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2007-01-23 42496]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2007-03-21 37376]
R3 Arp1394;1394-ARP-Clientprotokoll; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2007-02-16 160256]
R3 btaudio;Bluetooth-Audiogerät; C:\WINDOWS\system32\drivers\btaudio.sys [2007-03-23 539072]
R3 BTDriver;Virtueller Bluetooth-Kommunikationstreiber; C:\WINDOWS\system32\DRIVERS\btport.sys [2007-03-23 37424]
R3 BTKRNL;Bluetooth-Bus-Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2007-03-31 876384]
R3 CmBatt;Microsoft-Netzteiltreiber; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 HDAudBus;Microsoft UAA-Bustreiber für High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidshim;Service for HID-KMDF Shim layer; C:\WINDOWS\system32\DRIVERS\hidshim.sys [2007-05-30 5632]
R3 HidUsb;Microsoft HID Class-Treiber; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-05-30 4424192]
R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-18 12288]
R3 NETw4x32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw4x32.sys [2007-04-27 2203520]
R3 NIC1394;1394-Netzwerktreiber; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-04-30 8055584]
R3 sdbus;sdbus; C:\WINDOWS\System32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\WINDOWS\system32\DRIVERS\snp2uvc.sys [2007-06-12 1729152]
R3 SPLITCAM;Splitcam, WDM Camera Stream Splitter; C:\WINDOWS\system32\DRIVERS\splitcam.sys [2009-09-13 13824]
R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2-aktivierter Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
R3 winbondhidcir;Winbond HID CIR Receiver; C:\WINDOWS\system32\DRIVERS\winbondhidcir.sys [2007-05-30 21504]
S2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys []
S3 BTWDNDIS;Bluetooth-LAN-Zugangsserver; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2007-03-23 149123]
S3 btwhid;btwhid; C:\WINDOWS\system32\DRIVERS\btwhid.sys [2007-03-31 55352]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2007-03-23 67960]
S3 CCDECODE;Untertiteldecoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys []
S3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys []
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver; C:\WINDOWS\system32\DRIVERS\ManyCam.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 sffdisk;SFF-Speicherklassentreiber; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-13 11904]
S3 sffp_sd;SFF-Speicherprotokolltreiber für SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-13 11008]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA-IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS [2006-06-09 6909]
S3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 usbvideo;USB-Videogerät (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys []
S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Programme\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Programme\Avira\AntiVir Desktop\avguard.exe [2009-08-05 185089]
R2 btwdins;Bluetooth Service; C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2007-04-01 273256]
R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2009-10-21 153376]
S2 gupdate;Google Update Service (gupdate); C:\Programme\Google\Update\GoogleUpdate.exe [2009-10-06 133104]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
__________________
__________________

Alt 12.01.2010, 12:14   #4
Chris4You
 
Trojaner Dropper - Standard

Trojaner Dropper



Hi,

fixen:
Hijackthis, fixen:
öffne das HijackThis -- Button "scan" -- vor den nachfolgenden Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten
Beim fixen müssen alle Programme geschlossen sein!
Code:
ATTFilter
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: (no name) - {120A8821-2BEE-4C29-BCDA-62C577781992} - (no file)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.theprizeday.com/today.php
         
Untersuchen:
Bitte folgende Files prüfen:

Dateien Online überprüfen lassen:
  • Suche die Seite Virtustotal auf, klicke auf den Button „Durchsuchen“
    und suche folgende Datei/Dateien:
Code:
ATTFilter
C:\WINDOWS\system32\spmsg2.dll
C:\Programme\TVAnts\Tvants.exe
C:\Programme\PPMate\ppmate.exe
C:\Programme\PPMate\ppamnet.exe
E:\vlvtdflx.exe
         
  • Lade nun nacheinander jede/alle Datei/Dateien hoch, und warte bis der Scan vorbei ist. (kann bis zu 2 Minuten dauern.)
  • Poste im Anschluss das Ergebnis der Auswertung, alles abkopieren und in einen Beitrag einfügen.
  • Wichtig: Auch die Größenangabe sowie den HASH mit kopieren!

Eines der Files kann ein Rookit sein'! (:\vlvtdflx.exe-> http://www.prevx.com/filenames/10334001432587943-X1/VLVTDFLX.EXE.html)
"E" ist wahrscheinlich ein USB-Stick? Der ist dann verseucht!

Unbedingt den GMER-Report posten...

Avira:
Stelle Avira wie folgt ein: http://www.trojaner-board.de/54192-anleitung-avira-antivir-agressive-einstellungen.html

Läuft der PC ohne ANTIWPA noch? (Dann ist das "nur" ein Trojaner)...

chris
__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Alt 12.01.2010, 13:00   #5
MARIA78
 
Trojaner Dropper - Standard

Trojaner Dropper



Virustotal. MD5: 37044da1f53a8a6e5c54fca4c974511a

__________________
BUSSI
MARIA


Alt 12.01.2010, 13:15   #6
Chris4You
 
Trojaner Dropper - Standard

Trojaner Dropper



Hi,

was macht GMER?

chris
__________________
--> Trojaner Dropper

Alt 12.01.2010, 13:17   #7
MARIA78
 
Trojaner Dropper - Standard

Trojaner Dropper



Zitat:
Zitat von Chris4You Beitrag anzeigen
Hi,

was macht GMER?

chris
unterwegs aber weiss nicht wie
__________________
BUSSI
MARIA


Alt 12.01.2010, 13:18   #8
Chris4You
 
Trojaner Dropper - Standard

Trojaner Dropper



Äh?
Wo liegt das Problem, scannt er nicht oder weist Du nicht wie Du das Log posten sollst ->GMER(http://www.trojaner-board.de/74908-a...anner.html)..?

chris
__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Alt 12.01.2010, 13:21   #9
MARIA78
 
Trojaner Dropper - Standard

Trojaner Dropper



Zitat:
Zitat von Chris4You Beitrag anzeigen
Äh?
Wo liegt das Problem, scannt er nicht oder weist Du nicht wie Du das Log posten sollst ->GMER(http://www.trojaner-board.de/74908-a...anner.html)..?

chris
soll ich also jetzt nochmal HijackThis scannen und reinposten
oder
Antimaleware ?
__________________
BUSSI
MARIA


Alt 12.01.2010, 13:23   #10
Chris4You
 
Trojaner Dropper - Standard

Trojaner Dropper



Hi,

nein:
Gmer:
http://www.trojaner-board.de/74908-a...t-scanner.html
Den Downloadlink findest Du links oben (http://www.gmer.net/#files), dort dann
auf den Button "Download EXE", dabei wird ein zufälliger Name generiert (den und den Pfad wo Du sie gespeichert hast bitte merken).
Starte GMER und schaue, ob es schon was meldet. Macht es das, bitte alle Fragen mit "nein" beantworten, auf den Reiter "rootkit" gehen, wiederum die Frage mit "nein" beantworten und mit Hilfe von copy den Bericht in den Thread einfügen. Meldet es so nichts, gehe auf den Reiter Rootkit und mache einen Scan. Ist dieser beendet, wähle Copy und füge den Bericht ein.

Es gibt im Forum auch einbe bebilderte Anleitung:
http://www.trojaner-board.de/74908-a...t-scanner.html

chris
__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Alt 12.01.2010, 13:26   #11
MARIA78
 
Trojaner Dropper - Standard

Trojaner Dropper



Danke Chris,

bin dabei, es herunterzuladen
__________________
BUSSI
MARIA


Alt 12.01.2010, 13:35   #12
Chris4You
 
Trojaner Dropper - Standard

Trojaner Dropper



Hi,
ok...
chris
__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Alt 12.01.2010, 14:49   #13
MARIA78
 
Trojaner Dropper - Standard

Trojaner Dropper



GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-12 15:41:07
Windows 5.1.2600 Service Pack 3
Running: 1zz07xlg.exe; Driver: C:\DOKUME~1\VELIYI~1\LOKALE~1\Temp\pxtdypog.sys


---- System - GMER 1.0.15 ----

SSDT B8745ABE ZwCreateKey
SSDT B8745AB4 ZwCreateThread
SSDT B8745AC3 ZwDeleteKey
SSDT B8745ACD ZwDeleteValueKey
SSDT B8745AD2 ZwLoadKey
SSDT B8745AA0 ZwOpenProcess
SSDT B8745AA5 ZwOpenThread
SSDT B8745ADC ZwReplaceKey
SSDT B8745AD7 ZwRestoreKey
SSDT B8745AC8 ZwSetValueKey
SSDT B8745AAF ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB70B7360, 0x3CEED5, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Programme\Windows Live\Messenger\msnmsgr.exe[796] kernel32.dll!LoadResource 7C80A055 7 Bytes JMP 28001E20 C:\Dokumente und Einstellungen\Veli Yildiz\Eigene Dateien\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Programme\Windows Live\Messenger\msnmsgr.exe[796] kernel32.dll!FindResourceExW 7C80AD28 7 Bytes JMP 28001C60 C:\Dokumente und Einstellungen\Veli Yildiz\Eigene Dateien\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Programme\Windows Live\Messenger\msnmsgr.exe[796] kernel32.dll!FindResourceW 7C80BC6E 7 Bytes JMP 28001BE0 C:\Dokumente und Einstellungen\Veli Yildiz\Eigene Dateien\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Programme\Windows Live\Messenger\msnmsgr.exe[796] kernel32.dll!SizeofResource 7C80BD09 7 Bytes JMP 28001EE0 C:\Dokumente und Einstellungen\Veli Yildiz\Eigene Dateien\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Programme\Windows Live\Messenger\msnmsgr.exe[796] kernel32.dll!FindResourceA 7C80BF29 7 Bytes JMP 28001CF0 C:\Dokumente und Einstellungen\Veli Yildiz\Eigene Dateien\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Programme\Windows Live\Messenger\msnmsgr.exe[796] kernel32.dll!LockResource 7C80CD37 5 Bytes JMP 28001F50 C:\Dokumente und Einstellungen\Veli Yildiz\Eigene Dateien\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Programme\Windows Live\Messenger\msnmsgr.exe[796] kernel32.dll!CreateEventA 7C8308B5 5 Bytes JMP 28001840 C:\Dokumente und Einstellungen\Veli Yildiz\Eigene Dateien\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Programme\Windows Live\Messenger\msnmsgr.exe[796] kernel32.dll!FindResourceExA 7C835FA8 7 Bytes JMP 28001D80 C:\Dokumente und Einstellungen\Veli Yildiz\Eigene Dateien\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Programme\Windows Live\Messenger\msnmsgr.exe[796] ADVAPI32.dll!CryptDeriveKey 77DB9FFD 7 Bytes JMP 28001000 C:\Dokumente und Einstellungen\Veli Yildiz\Eigene Dateien\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Programme\Windows Live\Messenger\msnmsgr.exe[796] ADVAPI32.dll!CryptDecrypt 77DBA129 7 Bytes JMP 28001060 C:\Dokumente und Einstellungen\Veli Yildiz\Eigene Dateien\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Programme\Windows Live\Messenger\msnmsgr.exe[796] USER32.dll!GetWindowLongW 7E3688A6 7 Bytes JMP 28006A70 C:\Dokumente und Einstellungen\Veli Yildiz\Eigene Dateien\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Programme\Windows Live\Messenger\msnmsgr.exe[796] USER32.dll!PeekMessageW 7E36929B 5 Bytes JMP 28004630 C:\Dokumente und Einstellungen\Veli Yildiz\Eigene Dateien\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Programme\Windows Live\Messenger\msnmsgr.exe[796] USER32.dll!SetWindowPlacement 7E36DE46 5 Bytes JMP 28005E10 C:\Dokumente und Einstellungen\Veli Yildiz\Eigene Dateien\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Programme\Windows Live\Messenger\msnmsgr.exe[796] USER32.dll!CreateDialogParamW 7E36EA3B 5 Bytes JMP 28006090 C:\Dokumente und Einstellungen\Veli Yildiz\Eigene Dateien\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Programme\Windows Live\Messenger\msnmsgr.exe[796] USER32.dll!LoadImageW 7E377B97 5 Bytes JMP 280066E0 C:\Dokumente und Einstellungen\Veli Yildiz\Eigene Dateien\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Programme\Windows Live\Messenger\msnmsgr.exe[796] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 28003C60 C:\Dokumente und Einstellungen\Veli Yildiz\Eigene Dateien\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Programme\Windows Live\Messenger\msnmsgr.exe[796] USER32.dll!SetWindowRgn 7E37E528 7 Bytes JMP 28005F50 C:\Dokumente und Einstellungen\Veli Yildiz\Eigene Dateien\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Programme\Windows Live\Messenger\msnmsgr.exe[796] USER32.dll!LoadIconW 7E37E8BC 5 Bytes JMP 280068D0 C:\Dokumente und Einstellungen\Veli Yildiz\Eigene Dateien\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Programme\Windows Live\Messenger\msnmsgr.exe[796] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 28006280 C:\Dokumente und Einstellungen\Veli Yildiz\Eigene Dateien\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Programme\Windows Live\Messenger\msnmsgr.exe[796] USER32.dll!TrackPopupMenuEx 7E3BCF62 5 Bytes JMP 28004F10 C:\Dokumente und Einstellungen\Veli Yildiz\Eigene Dateien\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Programme\Windows Live\Messenger\msnmsgr.exe[796] SHELL32.dll!Shell_NotifyIconW 7E6DA5BF 5 Bytes JMP 280033B0 C:\Dokumente und Einstellungen\Veli Yildiz\Eigene Dateien\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Programme\Windows Live\Messenger\msnmsgr.exe[796] ole32.dll!CoInitializeEx 774CEF7B 5 Bytes JMP 28002260 C:\Dokumente und Einstellungen\Veli Yildiz\Eigene Dateien\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Programme\Windows Live\Messenger\msnmsgr.exe[796] ole32.dll!CoCreateInstance 774D057E 5 Bytes JMP 28002600 C:\Dokumente und Einstellungen\Veli Yildiz\Eigene Dateien\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Programme\Windows Live\Messenger\msnmsgr.exe[796] ole32.dll!CoRegisterClassObject 774E7E90 5 Bytes JMP 28002360 C:\Dokumente und Einstellungen\Veli Yildiz\Eigene Dateien\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Programme\Windows Live\Messenger\msnmsgr.exe[796] WININET.dll!InternetReadFile 408C654B 5 Bytes JMP 2800A070 C:\Dokumente und Einstellungen\Veli Yildiz\Eigene Dateien\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Programme\Windows Live\Messenger\msnmsgr.exe[796] WININET.dll!InternetCloseHandle 408C9088 5 Bytes JMP 2800A220 C:\Dokumente und Einstellungen\Veli Yildiz\Eigene Dateien\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Programme\Windows Live\Messenger\msnmsgr.exe[796] WININET.dll!HttpOpenRequestA 408CD508 5 Bytes JMP 28009EE0 C:\Dokumente und Einstellungen\Veli Yildiz\Eigene Dateien\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Programme\Windows Live\Messenger\msnmsgr.exe[796] WININET.dll!HttpSendRequestA 408DEE81 5 Bytes JMP 2800A150 C:\Dokumente und Einstellungen\Veli Yildiz\Eigene Dateien\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)

---- EOF - GMER 1.0.15 ----
__________________
BUSSI
MARIA


Alt 12.01.2010, 15:45   #14
Chris4You
 
Trojaner Dropper - Standard

Trojaner Dropper



Hi,

MessengerPlus würde ich deinstallieren...

Sonst sieht das GMER-Log gut aus...

ESET Online Scanner (http://www.eset.com/onlinescan/)

* Anmerkung für Vista-User: Bitte den Browser unbedingt als Administrator starten.
* Button "ESET Online Scanner" drücken.
* Firefox-User müssen ein zusätzliches Addon (esetsmartinstaller_enu.exe) installieren.
* Das Firefox-Addon auf dem Desktop speichern und dann installieren.
* IE-User müssen das Installieren eines ActiveX Elements erlauben.
* Einen Haken bei "Remove found threads" und "Scan archives" machen.
* Start drücken.
* Der Scan beginnt automatisch.
* Finish drücken.
* Browser schließen.
* Explorer öffnen.
* C:\Programme\Eset\EsetOnlineScanner\log.txt suchen und mit Deinem Editor öffnen.
* Logfile hier posten.

chris
__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Alt 12.01.2010, 21:36   #15
MARIA78
 
Trojaner Dropper - Standard

Trojaner Dropper



Ich hoffe ich habe das soweit richtig gemacht:

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=e438d715a7c94e45bc2b50b781752c91
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-01-12 08:38:27
# local_time=2010-01-12 09:38:27 (+0100, Westeuropäische Normalzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 34806 34806 0 0
# compatibility_mode=1797 16775125 100 100 28284 62815815 30473 0
# compatibility_mode=8192 67108863 100 0 3689 3689 0 0
# scanned=43132
# found=2
# cleaned=2
# scan_time=4753
C:\Dokumente und Einstellungen\Veli Yildiz\Lokale Einstellungen\Temp\msgpl_1ac1.exe Win32/Adware.CiDHelp application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Programme\JLC's Software\Internet TV\eBay_shortcuts.exe a variant of Win32/Adware.ADON application (deleted - quarantined) 00000000000000000000000000000000 C
__________________
BUSSI
MARIA


Antwort

Themen zu Trojaner Dropper
.dll, 1.exe, adware.adon, adware.agent, adware.doubled, anti-malware, appdatalow, browser, center, components, dateien, dropper, ebayshortcuts.exe, einstellungen, explorer, firefox, gelöscht, gen, helper, install.exe, malwarebytes, malwarebytes' anti-malware, microsoft, mozilla, opera, programme, rechner, registrierungsschlüssel, searchplugins, security, service.exe, services, software, system, system volume information, system32, trojan.agent, trojaner, trojaner dropper, uninstall.exe, versuch, versucht



Ähnliche Themen: Trojaner Dropper


  1. (mehrere) Trojanermeldung(en) AVG (Win8.1) : "Trojaner: Dropper.Generic2.ANGG.dropper"
    Log-Analyse und Auswertung - 11.07.2014 (3)
  2. Trojaner - Dropper
    Plagegeister aller Art und deren Bekämpfung - 30.11.2013 (35)
  3. Trojaner: 'TR/Dropper.Gen'
    Plagegeister aller Art und deren Bekämpfung - 07.12.2011 (5)
  4. Trojaner TR/Dropper.Gen
    Log-Analyse und Auswertung - 07.09.2011 (16)
  5. Trojaner auf dem PC. tr.dropper.gen?
    Log-Analyse und Auswertung - 18.05.2011 (4)
  6. Trojaner TR/Dropper.Gen
    Plagegeister aller Art und deren Bekämpfung - 11.03.2011 (8)
  7. Trojaner - tr/dropper.gen
    Plagegeister aller Art und deren Bekämpfung - 08.03.2011 (2)
  8. Trojaner: Generic18.VII,Trojaner: Dropper.Generic2.XRU... k. Windows Update m. ,OTL & Malw Log anbei
    Plagegeister aller Art und deren Bekämpfung - 10.07.2010 (31)
  9. Trojaner TR/ Dropper.Gen u. Trojaner TR/ Dropper.Gen2 entfernt, dennoch überlastung
    Plagegeister aller Art und deren Bekämpfung - 14.05.2010 (9)
  10. Trojaner TR/Dropper.Gen
    Plagegeister aller Art und deren Bekämpfung - 25.04.2010 (3)
  11. [Trojaner] TR/Dropper.Gen
    Plagegeister aller Art und deren Bekämpfung - 06.01.2010 (1)
  12. Trojaner Dropper.Gen
    Plagegeister aller Art und deren Bekämpfung - 25.10.2009 (1)
  13. Trojaner TR/Dropper.Gen
    Plagegeister aller Art und deren Bekämpfung - 04.10.2009 (6)
  14. Trojaner TR/Dropper.gen
    Plagegeister aller Art und deren Bekämpfung - 28.07.2009 (4)
  15. Dropper.gen Trojaner
    Plagegeister aller Art und deren Bekämpfung - 14.07.2009 (0)
  16. Trojaner (Dropper?)
    Plagegeister aller Art und deren Bekämpfung - 21.02.2009 (6)
  17. Trojaner Dropper.gen
    Log-Analyse und Auswertung - 30.08.2008 (5)

Zum Thema Trojaner Dropper - Malwarebytes' Anti-Malware 1.44 Datenbank Version: 3546 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 12.01.2010 12:29:41 mbam-log-2010-01-12 (12-29-40).txt Scan-Methode: Vollständiger Scan (C:\|D:\|) Durchsuchte Objekte: 152670 Laufzeit: 35 minute(s), 19 second(s) - Trojaner Dropper...
Archiv
Du betrachtest: Trojaner Dropper auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.