Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: vermutlicher Trojaner automatisch über ICQ verschickt worden

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 15.04.2010, 22:03   #1
Knerdi
 
vermutlicher Trojaner automatisch über ICQ verschickt worden - Standard

vermutlicher Trojaner automatisch über ICQ verschickt worden



Guten Abend,

Ich melde mich, weil ein Freund von mir (eher unerfahrener PC User) dummerweise einen link, den er über den instant messenger ICQ von jemanden aus seiner Kontaktliste erhalten hat, geöffnet hat, und die angebliche Bilddatei (in Wirklichkeit wars eine .scr)

Ich selbst habe auch den link erhalten, bin allerdings bei der dateiendung misstrauisch geworden und hab erst mal unseren Freund google gefragt.

Ich denke, dass es sich dabei um einen Trojaner handelt, da das nette Kerlchen automatisch den Link an Leute aus der Kontaktliste des Betroffenen weiterschickt.
Leider gibt es genügend Leute die solchen links dann auch folgen
der link war übrigens folgender:
*** MALWARE-LINK ENTFERNT ****

ich hab ihm mal geraten ein HJT log zu machen.
das hab ich hier:

Zitat:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:38:56, on 15.04.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal
Running processes:
C:..Program Files..McAfee..Managed VirusScan..Agent..myAgtTry.exe
C:..windows..system32..taskeng.exe
C:..windows..system32..Dwm.exe
C:..windows..Explorer.EXE
c:..Program Files..Hewlett-Packard..IAM..Bin..AsGHost.exe
C:..Program Files..Intel..Intel Matrix Storage Manager..IAAnotif.exe
C:..Program Files..ActivIdentity..ActivClient..accrdsub.exe
C:..Program Files..Hewlett-Packard..HP ProtectTools Security Manager..pthosttr.exe
C:..Program Files..Synaptics..SynTP..SynTPEnh.exe
C:..Program Files..Hewlett-Packard..HP Wireless Assistant..HPWAMain.exe
C:..Program Files..SiteAdvisor..6173..SiteAdv.exe
C:..Program Files..Hewlett-Packard..File Sanitizer..CoreShredder.exe
C:..Program Files..Hewlett-Packard..HP Quick Launch Buttons..QLBCTRL.exe
C:..Program Files..HP..HP Software Update..hpwuSchd2.exe
C:..Program Files..Analog Devices..Core..smax4pnp.exe
C:..Program Files..SweetIM..Messenger..SweetIM.exe
C:..Program Files..Java..jre6..bin..jusched.exe
C:..Program Files..iTunes..iTunesHelper.exe
C:..Program Files..Windows Sidebar..sidebar.exe
C:..Program Files..Common Files..LightScribe..LightScribeControlPanel.exe
C:..Program Files..WIDCOMM..Bluetooth Software..BTTray.exe
C:..Program Files..Hewlett-Packard..HP wireless Assistant..WiFiMsg.EXE
C:..Program Files..OpenOffice.org 2.3..program..soffice.exe
C:..Program Files..Hewlett-Packard..Shared..HpqToaster.exe
C:..Program Files..ATI Technologies..ATI.ACE..Core-Static..MOM.exe
C:..Program Files..OpenOffice.org 2.3..program..soffice.BIN
C:..Program Files..Hewlett-Packard..HP Quick Launch Buttons..VolCtrl.exe
c:..Program Files..ActivIdentity..ActivClient..acevents.exe
C:..Program Files..MSN Messenger..msnmsgr.exe
C:..Program Files..WIDCOMM..Bluetooth Software..BtStackServer.exe
C:..Program Files..ICQ7.0..ICQ.exe
C:..Program Files..ATI Technologies..ATI.ACE..Core-Static..CCC.exe
C:..Program Files..Synaptics..SynTP..SynTPHelper.exe
C:..Program Files..Mozilla Firefox..firefox.exe
C:..Users..Public..dlll.exe
C:..windows..system32..SearchFilterHost.exe
C:..Program Files..Trend Micro..HijackThis..HijackThis.exe
R1 - HKCU..Software..Microsoft..Internet Explorer..Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome
&locale=de_de&c=83&bd=all&pf=cmnb
R1 - HKCU..Software..Microsoft..Internet Explorer..Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU..Software..Microsoft..Internet Explorer..Main,Start Page = hxxp://start.icq.com/
R1 - HKLM..Software..Microsoft..Internet Explorer..Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome
&locale=de_de&c=83&bd=all&pf=cmnb
R1 - HKLM..Software..Microsoft..Internet Explorer..Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM..Software..Microsoft..Internet Explorer..Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM..Software..Microsoft..Internet Explorer..Main,Start Page = hxxp://home.sweetim.com
R0 - HKLM..Software..Microsoft..Internet Explorer..Search,SearchAssistant =
R0 - HKLM..Software..Microsoft..Internet Explorer..Search,CustomizeSearch =
R1 - HKCU..Software..Microsoft..Windows..CurrentVersion
..Internet Settings,ProxyOverride = *.local
R0 - HKCU..Software..Microsoft..Internet Explorer..Toolbar,LinksFolderName =
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:..Program Files..ICQ6Toolbar..ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:..Program Files..SweetIM..Toolbars..Internet Explorer..mgHelper.dll
R3 - URLSearchHook: DVDVideoSoft Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:..Program Files..DVDVideoSoft..tbDVDV.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:..Program Files..Adobe..Acrobat 7.0..ActiveX..AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:..Program Files..SiteAdvisor..6173..SiteAdv.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:..Program Files..AskBarDis..bar..bin..askBar.dll
O2 - BHO: BHO_Startup - {3134413B-49B4-425C-98A5-893C1F195601} - C:..Program Files..Hewlett-Packard..File Sanitizer..IEBHO.dll
O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:..Program Files..AOL..AOL Toolbar 5.0..aoltb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:..Program Files..Google..GoogleToolbarNotifier..5.1.1309.357
2..swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:..Program Files..Java..jre6..bin..jp2ssv.dll
O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:..Program Files..Hewlett-Packard..IAM..Bin..ItIEAddIn.dll
O2 - BHO: DVDVideoSoft Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:..Program Files..DVDVideoSoft..tbDVDV.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:..Program Files..SweetIM..Toolbars..Internet Explorer..mgToolbarIE.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:..Program Files..SiteAdvisor..6173..SiteAdv.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:..Program Files..AOL..AOL Toolbar 5.0..aoltb.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:..Program Files..ICQ6Toolbar..ICQToolBar.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:..Program Files..AskBarDis..bar..bin..askBar.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:..Program Files..SweetIM..Toolbars..Internet Explorer..mgToolbarIE.dll
O3 - Toolbar: DVDVideoSoft Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:..Program Files..DVDVideoSoft..tbDVDV.dll
O4 - HKLM......Run: [Windows Defender] %ProgramFiles%..Windows Defender..MSASCui.exe -hide
O4 - HKLM......Run: [IAAnotif] C:..Program Files..Intel..Intel Matrix Storage Manager..iaanotif.exe
O4 - HKLM......Run: [accrdsub] "c:..Program Files..ActivIdentity..ActivClient..accrdsub.exe"
O4 - HKLM......Run: [PTHOSTTR] c:..Program Files..Hewlett-Packard..HP ProtectTools Security Manager..PTHOSTTR.EXE /Start
O4 - HKLM......Run: [CognizanceTS] rundll32.exe c:..PROGRA~1..HEWLET~1..IAM..Bin..ASTSVCC.dll,Regi
sterModule
O4 - HKLM......Run: [PDF Complete] C:..Program Files..PDF Complete..pdfsty.exe
O4 - HKLM......Run: [SynTPEnh] C:..Program Files..Synaptics..SynTP..SynTPEnh.exe
O4 - HKLM......Run: [hpWirelessAssistant] C:..Program Files..Hewlett-Packard..HP Wireless Assistant..HPWAMain.exe
O4 - HKLM......Run: [HP Health Check Scheduler] c:..Program Files..Hewlett-Packard..HP Health Check..HPHC_Scheduler.exe
O4 - HKLM......Run: [MVS Splash] C:..Program Files..McAfee..Managed VirusScan..Agent..Splash.exe
O4 - HKLM......Run: [McAfee Managed Services Tray] C:..Program Files..McAfee..Managed VirusScan..Agent..StartMyAgtTry.Exe
O4 - HKLM......Run: [SiteAdvisor] C:..Program Files..SiteAdvisor..6173..SiteAdv.exe
O4 - HKLM......Run: [File Sanitizer] C:..Program Files..Hewlett-Packard..File Sanitizer..CoreShredder.exe
O4 - HKLM......Run: [QlbCtrl.exe] C:..Program Files..Hewlett-Packard..HP Quick Launch Buttons..QlbCtrl.exe /Start
O4 - HKLM......Run: [WatchDog] C:..Program Files..InterVideo..DVD Check..DVDCheck.exe
O4 - HKLM......Run: [HP Software Update] c:..Program Files..Hp..HP Software Update..HPWuSchd2.exe
O4 - HKLM......Run: [SoundMAX] C:..Program Files..Analog Devices..SoundMAX..soundmax.exe /tray
O4 - HKLM......Run: [StartCCC] "C:..Program Files..ATI Technologies..ATI.ACE..Core-Static..CLIStart.exe"
O4 - HKLM......Run: [SoundMAXPnP] C:..Program Files..Analog Devices..Core..smax4pnp.exe
O4 - HKLM......Run: [SweetIM] C:..Program Files..SweetIM..Messenger..SweetIM.exe
O4 - HKLM......Run: [AppleSyncNotifier] C:..Program Files..Common Files..Apple..Mobile Device Support..AppleSyncNotifier.exe
O4 - HKLM......Run: [NeroCheck] C:..windows..system32..NeroCheck.exe
O4 - HKLM......Run: [SunJavaUpdateSched] "C:..Program Files..Java..jre6..bin..jusched.exe"
O4 - HKLM......Run: [QuickTime Task] "C:..Program Files..QuickTime..QTTask.exe" -atboottime
O4 - HKLM......Run: [iTunesHelper] "C:..Program Files..iTunes..iTunesHelper.exe"
O4 - HKCU......Run: [Sidebar] C:..Program Files..Windows Sidebar..sidebar.exe /autoRun
O4 - HKCU......Run: [LightScribe Control Panel] C:..Program Files..Common Files..LightScribe..LightScribeControlPanel.exe -hidden
O4 - HKCU......Run: [msnmsgr] ~"C:..Program Files..MSN Messenger..msnmsgr.exe" /background
O4 - HKCU......Run: [EA Core] "C:..Program Files..Electronic Arts..EADM..Core.exe" -silent
O4 - HKCU......Run: [Windows System Guard] C:..Users..Public..dlll.exe
O4 - HKUS..S-1-5-19......Run: [Sidebar] %ProgramFiles%..Windows Sidebar..Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS..S-1-5-19......Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS..S-1-5-20......Run: [Sidebar] %ProgramFiles%..Windows Sidebar..Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Startup: OpenOffice.org 2.3.lnk = C:..Program Files..OpenOffice.org 2.3..program..quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:..Program Files..Adobe..Acrobat 7.0..Reader..reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: DVD Check.lnk = C:..Program Files..InterVideo..DVD Check..DVDCheck.exe
O8 - Extra context menu item: &AOL Toolbar-Suche - C:..ProgramData..AOL..ieToolbar..resources..de-DE.
.local..search.html
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:..Program Files..WIDCOMM..Bluetooth Software..btsendto_ie_ctx.htm
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:..Program Files..WIDCOMM..Bluetooth Software..btsendto_ie.htm
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:..Program Files..ICQ7.0..ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:..Program Files..ICQ7.0..ICQ.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:..Program Files..WIDCOMM..Bluetooth Software..btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:..Program Files..WIDCOMM..Bluetooth Software..btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0
/OberonGameHost.cab
O20 - AppInit_DLLs: APSHook.dll
O23 - Service: ActivClient Middleware Service (accoca) - ActivIdentity - c:..Program Files..ActivIdentity..ActivClient..accoca.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:..windows..system32..AEADISRV.EXE
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:..Windows..system32..agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:..Program Files..Common Files..Apple..Mobile Device Support..AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:..windows..system32..Ati2evxx.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:..Program Files..Bonjour..mDNSResponder.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:..Program Files..Hewlett-Packard..HP Quick Launch Buttons..Com4QLBEx.exe
O23 - Service: EngineServer - McAfee, Inc. - C:..PROGRA~1..McAfee..MANAGE~1..VScan..ENGINE~1.EX
E
O23 - Service: Google Update Service (gupdate1c998dca84d0a10) (gupdate1c998dca84d0a10) - Google Inc. - C:..Program Files..Google..Update..GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:..Program Files..Google..Common..Google Updater..GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:..Program Files..Hewlett-Packard..HP Health Check..hphc_service.exe
O23 - Service: HP ProtectTools Service - Hewlett-Packard Development Company, L.P - c:..Program Files..Hewlett-Packard..HP ProtectTools Security Manager..PTChangeFilterService.exe
O23 - Service: Drive Encryption Service (HpFkCryptService) - SafeBoot International - c:..Program Files..Hewlett-Packard..Drive Encryption..HpFkCrypt.exe
O23 - Service: File Sanitizer for HP ProtectTools (HPFSService) - Hewlett-Packard - C:..Program Files..Hewlett-Packard..File Sanitizer..HPFSService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:..Program Files..Hewlett-Packard..Shared..hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:..windows..system32..Hpservice.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:..Program Files..Intel..Intel Matrix Storage Manager..IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:..Program Files..Common Files..InstallShield..Driver..1050..Intel 32..IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:..Program Files..iPod..bin..iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:..Program Files..Common Files..InterVideo..RegMgr..iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:..Program Files..Common Files..LightScribe..LSSrvc.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:..Program Files..Common Files..McAfee..HackerWatch..HWAPI.exe
O23 - Service: McShield - McAfee, Inc. - C:..PROGRA~1..McAfee..MANAGE~1..VScan..McShield.ex
e
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:..Program Files..McAfee..MPF..MPFSrv.exe
O23 - Service: McAfee Virus and Spyware Protection Service (myAgtSvc) - McAfee, Inc. - C:..Program Files..McAfee..Managed VirusScan..Agent..myAgtSvc.Exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:..Program Files..PDF Complete..pdfsvc.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - c:..Program Files..Common Files..Roxio Shared..10.0..SharedCOM..RoxMediaDB10.exe
O23 - Service: rpcnetp - Unknown owner - C:..windows..System32..rpcnetp.exe (file missing)
O23 - Service: SiteAdvisor Service - Unknown owner - C:..Program Files..SiteAdvisor..6173..SAService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:..Program Files..Common Files..SureThing Shared..stllssvr.exe
--
End of file - 14259 bytes

ich würde mich freuen, wenn mir jemand dabei weiterhelfen könnte.

Danke im vorraus

Knerdi

Alt 16.04.2010, 11:45   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
vermutlicher Trojaner automatisch über ICQ verschickt worden - Standard

vermutlicher Trojaner automatisch über ICQ verschickt worden



Hallo und

bitte nen Vollscan mit Malwarebytes machen und Log posten. Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________

__________________

Alt 16.04.2010, 13:08   #3
Knerdi
 
vermutlicher Trojaner automatisch über ICQ verschickt worden - Standard

vermutlicher Trojaner automatisch über ICQ verschickt worden



Okay, danke schon mal.
Ich werde mich dann nochmal melden, sobald ich den scan gemacht habe und die logs hab.

Könnte aber vermutlich ein oder zwei Tage dauern, da es ja wie gesagt nicht auf meinem PC ist.
__________________

Alt 16.04.2010, 21:44   #4
betabreaker
 
vermutlicher Trojaner automatisch über ICQ verschickt worden - Standard

vermutlicher Trojaner automatisch über ICQ verschickt worden



das ist doch schon die lösung des problems, oder? hxxp://www.file.net/prozess/winvnc.exe.html

Alt 18.04.2010, 10:50   #5
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
vermutlicher Trojaner automatisch über ICQ verschickt worden - Standard

vermutlicher Trojaner automatisch über ICQ verschickt worden



Wo siehst Du da ein VNC im HJT Log, wie kommst Du darauf? Und in wiefern soll VNC eine Lösung sein?

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 21.04.2010, 20:23   #6
Knerdi
 
vermutlicher Trojaner automatisch über ICQ verschickt worden - Standard

vermutlicher Trojaner automatisch über ICQ verschickt worden



Guten Abend mal wieder

Hier nun das log von malwarebytes:
Zitat:
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Datenbank Version: 3930

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18904

21.04.2010 20:20:51
mbam-log-2010-04-21 (20-20-51).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|)
Durchsuchte Objekte: 285931
Laufzeit: 1 Stunde(n), 28 Minute(n), 12 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 3
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\Software\YVIBBBHA8C (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\Alexander\AppData\Local\Temp\sshnas21.dll (Trojan.Downloader) -> Delete on reboot.
C:\Windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

Alt 21.04.2010, 20:30   #7
Knerdi
 
vermutlicher Trojaner automatisch über ICQ verschickt worden - Standard

vermutlicher Trojaner automatisch über ICQ verschickt worden



Hier wäre dann das OTL.txt log von OTL:

Zitat:
OTL logfile created on: 21.04.2010 20:26:15 - Run 1
OTL by OldTimer - Version 3.2.1.3 Folder = C:\Users\Alexander\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 33,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 63,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 288,09 Gb Total Space | 160,20 Gb Free Space | 55,61% Space Free | Partition Type: NTFS
Drive D: | 9,00 Gb Total Space | 1,65 Gb Free Space | 18,30% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 1021,00 Mb Total Space | 1018,75 Mb Free Space | 99,78% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ALEXANDER-PC
Current User Name: Alexander
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Alexander\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Users\ALEXAN~1\AppData\Local\Temp\Pgw.exe ()
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.)
PRC - C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Programme\SiteAdvisor\6173\SAService.exe ()
PRC - c:\Programme\Hewlett-Packard\IAM\Bin\asghost.exe (Bioscrypt Inc.)
PRC - c:\Programme\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe (Hewlett-Packard Development Company, L.P)
PRC - c:\Programme\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe (SafeBoot International)
PRC - C:\Programme\PDF Complete\pdfsvc.exe (PDF Complete Inc)
PRC - C:\Programme\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Programme\McAfee\Managed VirusScan\Agent\myAgtSvc.exe (McAfee, Inc.)
PRC - C:\Programme\McAfee\Managed VirusScan\Agent\myAgtTry.exe (McAfee, Inc.)
PRC - C:\Programme\Hewlett-Packard\File Sanitizer\HPFSService.exe (Hewlett-Packard)
PRC - C:\Programme\Hewlett-Packard\File Sanitizer\CoreShredder.exe (Hewlett-Packard)
PRC - C:\Programme\McAfee\Managed VirusScan\VScan\EngineServer.exe (McAfee, Inc.)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Programme\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
PRC - C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe ( Hewlett-Packard Development Company, L.P.)
PRC - C:\Programme\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.)
PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Programme\OpenOffice.org 2.3\program\soffice.bin (OpenOffice.org)
PRC - C:\Programme\OpenOffice.org 2.3\program\soffice.exe (OpenOffice.org)
PRC - C:\Windows\System32\AEADISRV.EXE (Andrea Electronics Corporation)
PRC - C:\Programme\SiteAdvisor\6173\SiteAdv.exe ()
PRC - C:\Programme\McAfee\MPF\MpfSrv.exe (McAfee, Inc.)
PRC - c:\Programme\ActivIdentity\ActivClient\accoca.exe (ActivIdentity)
PRC - c:\Programme\ActivIdentity\ActivClient\acevents.exe (ActivIdentity)
PRC - C:\Programme\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
PRC - C:\Programme\Common Files\McAfee\HackerWatch\HWAPI.exe (McAfee, Inc.)
PRC - C:\Programme\MSN Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)


========== Modules (SafeList) ==========

MOD - C:\Users\Alexander\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\APSHook.dll (Bioscrypt Inc.)


========== Win32 Services (SafeList) ==========

SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (rpcnetp) -- C:\Windows\System32\rpcnetp.dll ()
SRV - (SiteAdvisor Service) -- C:\Programme\SiteAdvisor\6173\SAService.exe ()
SRV - (ASBroker) -- c:\Programme\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll (Bioscrypt Inc.)
SRV - (ASChannel) -- c:\Programme\Hewlett-Packard\IAM\Bin\ASChnl.dll (Bioscrypt Inc.)
SRV - (HP ProtectTools Service) -- c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe (Hewlett-Packard Development Company, L.P)
SRV - (HpFkCryptService) -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe (SafeBoot International)
SRV - (pdfcDispatcher) -- C:\Program Files\PDF Complete\pdfsvc.exe (PDF Complete Inc)
SRV - (myAgtSvc) -- C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe (McAfee, Inc.)
SRV - (HPFSService) -- C:\Programme\Hewlett-Packard\File Sanitizer\HPFSService.exe (Hewlett-Packard)
SRV - (McShield) -- C:\Programme\McAfee\Managed VirusScan\VScan\McShield.exe (McAfee, Inc.)
SRV - (EngineServer) -- C:\Programme\McAfee\Managed VirusScan\VScan\EngineServer.exe (McAfee, Inc.)
SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (RoxMediaDB10) -- c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe (Sonic Solutions)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (AEADIFilters) -- C:\Windows\System32\AEADISRV.EXE (Andrea Electronics Corporation)
SRV - (MpfService) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SRV - (accoca) -- c:\Program Files\ActivIdentity\ActivClient\accoca.exe (ActivIdentity)
SRV - (McAfee HackerWatch Service) -- C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe (McAfee, Inc.)
SRV - (usnjsvc) -- C:\Program Files\MSN Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (IviRegMgr) -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)


========== Driver Services (SafeList) ==========

DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (SbAlg) -- C:\Windows\System32\drivers\SbAlg.sys (SafeBoot N.V.)
DRV - (SbFsLock) -- C:\Windows\System32\drivers\SbFsLock.sys (SafeBoot International)
DRV - (RsvLock) -- C:\Windows\System32\drivers\rsvlock.sys (SafeBoot International)
DRV - (SafeBoot) -- C:\Windows\System32\drivers\SafeBoot.sys ()
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (mfetdik) -- C:\Windows\System32\drivers\mfetdik.sys (McAfee, Inc.)
DRV - (MfeRKDK) -- C:\Windows\System32\drivers\MfeRKDK.sys (McAfee, Inc.)
DRV - (mfehidk) -- C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (MfeBOPK) -- C:\Windows\System32\drivers\MfeBOPK.sys (McAfee, Inc.)
DRV - (MfeAVFK) -- C:\Windows\System32\drivers\MfeAVFK.sys (McAfee, Inc.)
DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (iaStor) -- C:\windows\system32\drivers\iastor.sys (Intel Corporation)
DRV - (HBtnKey) -- C:\Windows\System32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.)
DRV - (ADIHdAudAddService) -- C:\Windows\System32\drivers\ADIHdAud.sys (Analog Devices, Inc.)
DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
DRV - (hpdskflt) -- C:\windows\system32\DRIVERS\hpdskflt.sys (Hewlett-Packard Corporation)
DRV - (Accelerometer) -- C:\Windows\System32\drivers\Accelerometer.sys (Hewlett-Packard Corporation)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (btwavdt) -- C:\Windows\System32\drivers\btwavdt.sys (Broadcom Corporation.)
DRV - (btwaudio) -- C:\Windows\System32\drivers\btwaudio.sys (Broadcom Corporation.)
DRV - (btwrchid) -- C:\Windows\System32\drivers\btwrchid.sys (Broadcom Corporation.)
DRV - (adpu320) -- C:\windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (MegaSR) -- C:\windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu160m) -- C:\windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (HpCISSs) -- C:\windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_FC) -- C:\windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\windows\system32\drivers\elxstor.sys (Emulex)
DRV - (LSI_SCSI) -- C:\windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (nvraid) -- C:\windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (adp94xx) -- C:\windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (viaide) -- C:\windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (nmwcdsa) -- C:\Windows\System32\drivers\nmwcdsa.sys (Nokia)
DRV - (nmwcdsacm) -- C:\Windows\System32\drivers\nmwcdsacm.sys (Nokia)
DRV - (nmwcdsacj) -- C:\Windows\System32\drivers\nmwcdsacj.sys (Nokia)
DRV - (nmwcdsac) -- C:\Windows\System32\drivers\nmwcdsac.sys (Nokia)
DRV - (MPFP) -- C:\Windows\System32\drivers\Mpfp.sys (McAfee, Inc.)
DRV - (ql40xx) -- C:\windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=all&pf=cmnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com
IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=all&pf=cmnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "www.myspace.com"
FF - prefs.js..extensions.enabledItems: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f}:2.5.6.0
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2
FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.0.0.10
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "chrome://browser-region/locale/region.properties"
FF - prefs.js..browser.startup.homepage: "resource:/browserconfig.properties"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "chrome://browser-region/locale/region.properties"


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.07 17:04:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.07 17:04:03 | 000,000,000 | ---D | M]

[2009.09.09 16:55:52 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\mozilla\Extensions
[2010.04.21 16:30:38 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\d308b5wq.default\extensions
[2009.09.09 16:56:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\d308b5wq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.03.21 00:14:28 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\d308b5wq.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010.02.27 13:41:44 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\d308b5wq.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
[2010.03.09 19:22:49 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\d308b5wq.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2010.02.27 18:37:18 | 000,000,881 | ---- | M] () -- C:\Users\Alexander\AppData\Roaming\Mozilla\FireFox\Profiles\d308b5wq.default\searchplugins\conduit.xml
[2010.04.15 21:23:12 | 000,000,950 | ---- | M] () -- C:\Users\Alexander\AppData\Roaming\Mozilla\FireFox\Profiles\d308b5wq.default\searchplugins\icqplugin-1.xml
[2010.04.03 17:35:46 | 000,000,950 | ---- | M] () -- C:\Users\Alexander\AppData\Roaming\Mozilla\FireFox\Profiles\d308b5wq.default\searchplugins\icqplugin-2.xml
[2008.03.31 13:52:00 | 000,000,168 | ---- | M] () -- C:\Users\Alexander\AppData\Roaming\Mozilla\FireFox\Profiles\d308b5wq.default\searchplugins\icqplugin.gif
[2008.03.31 13:52:00 | 000,000,618 | ---- | M] () -- C:\Users\Alexander\AppData\Roaming\Mozilla\FireFox\Profiles\d308b5wq.default\searchplugins\icqplugin.src
[2010.03.22 16:55:17 | 000,000,944 | ---- | M] () -- C:\Users\Alexander\AppData\Roaming\Mozilla\FireFox\Profiles\d308b5wq.default\searchplugins\icqplugin.xml
[2009.10.18 19:00:41 | 000,003,915 | ---- | M] () -- C:\Users\Alexander\AppData\Roaming\Mozilla\FireFox\Profiles\d308b5wq.default\searchplugins\sweetim.xml
[2010.04.21 20:04:52 | 000,002,057 | ---- | M] () -- C:\Users\Alexander\AppData\Roaming\Mozilla\FireFox\Profiles\d308b5wq.default\searchplugins\youtube-videosuche.xml
[2010.03.17 22:27:35 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.01.20 18:15:30 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.01.16 03:15:29 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.01.16 03:15:29 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.01.16 03:15:29 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.01.16 03:15:29 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.01.16 03:15:29 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Programme\SiteAdvisor\6173\SiteAdv.dll ()
O2 - BHO: (BHO_Startup Class) - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Programme\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Programme\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Programme\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
O2 - BHO: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Programme\SiteAdvisor\6173\SiteAdv.dll ()
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Programme\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Programme\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoft Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [accrdsub] c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Programme\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CognizanceTS] c:\Programme\Hewlett-Packard\IAM\Bin\ASTSVCC.dll (Bioscrypt Inc.)
O4 - HKLM..\Run: [File Sanitizer] C:\Programme\Hewlett-Packard\File Sanitizer\CoreShredder.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Programme\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [McAfee Managed Services Tray] C:\Programme\McAfee\Managed VirusScan\Agent\StartMyAgtTry.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MVS Splash] C:\Programme\McAfee\Managed VirusScan\Agent\Splash.Exe (McAfee, Inc.)
O4 - HKLM..\Run: [NeroCheck] C:\Windows\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [PDF Complete] C:\Programme\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [PTHOSTTR] c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [SiteAdvisor] C:\Programme\SiteAdvisor\6173\SiteAdv.exe ()
O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\soundmax.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SweetIM] C:\Programme\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [WatchDog] C:\Programme\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe (Electronic Arts)
O4 - Startup: C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.3.lnk = C:\Programme\OpenOffice.org 2.3\program\quickstart.exe ()
O8 - Extra context menu item: &AOL Toolbar-Suche - C:\ProgramData\AOL\ieToolbar\resources\de-DE\local\search.html ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\myrm {4D034FC3-013F-4b95-B544-44D49ABE3E76} - C:\Programme\McAfee\Managed VirusScan\Agent\myRmProt4.9.0.295.dll (McAfee, Inc.)
O18 - Protocol\Handler\siteadvisor {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Programme\SiteAdvisor\6173\SiteAdv.dll ()
O20 - AppInit_DLLs: (APSHook.dll) - C:\windows\System32\APSHook.dll (Bioscrypt Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Alexander\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Alexander\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{3bf8c2eb-cfa1-11de-ae04-002186c63376}\Shell\1\Command - "" = G:\.\recycled\info.exe -- File not found
O33 - MountPoints2\{b604580e-723b-11de-bf0b-002186c63376}\Shell - "" = AutoRun
O33 - MountPoints2\{b604580e-723b-11de-bf0b-002186c63376}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\{df5a7d64-beda-11dd-96c6-002186c63376}\Shell - "" = AutoRun
O33 - MountPoints2\{df5a7d64-beda-11dd-96c6-002186c63376}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010.04.21 19:48:14 | 000,000,000 | ---D | C] -- C:\avrescue
[2010.04.21 18:47:25 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\avipbb.sys
[2010.04.21 18:47:25 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\avgntflt.sys
[2010.04.21 18:47:25 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\windows\System32\drivers\avgntdd.sys
[2010.04.21 18:47:25 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\ssmdrv.sys
[2010.04.21 18:47:25 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\windows\System32\drivers\avgntmgr.sys
[2010.04.21 18:47:25 | 000,000,000 | ---D | C] -- C:\Programme\Avira
[2010.04.21 18:47:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010.04.21 18:34:43 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Roaming\Malwarebytes
[2010.04.21 18:34:36 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2010.04.21 18:34:34 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2010.04.21 18:34:34 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.04.21 18:34:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.04.17 00:12:11 | 000,000,000 | ---D | C] -- C:\Users\Alexander\Desktop\Neuer Ordner
[2010.04.16 23:55:50 | 000,000,000 | ---D | C] -- C:\Users\Alexander\Desktop\Top CD
[2010.04.15 22:12:24 | 000,000,000 | ---D | C] -- C:\Users\Alexander\Desktop\Languages
[2010.04.15 22:12:23 | 000,000,000 | ---D | C] -- C:\Users\Alexander\Desktop\Helps
[2010.04.15 21:38:42 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro
[2010.04.14 17:08:02 | 003,600,776 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntkrnlpa.exe
[2010.04.14 17:08:02 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntoskrnl.exe
[2010.04.14 17:07:56 | 000,420,352 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\vbscript.dll
[2010.04.14 17:07:46 | 000,220,672 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\windows\System32\l3codecp.acm
[2010.04.14 17:07:46 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\windows\System32\l3codeca.acm
[2010.04.13 13:14:41 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\browserchoice.exe
[2010.04.07 17:06:27 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2010.04.07 17:06:25 | 000,000,000 | ---D | C] -- C:\Programme\iTunes
[2010.04.07 17:06:25 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010.04.07 17:03:40 | 000,000,000 | ---D | C] -- C:\Programme\QuickTime
[2010.04.07 17:00:04 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour
[2010.04.03 11:56:11 | 000,000,000 | ---D | C] -- C:\Users\Alexander\Desktop\Neuer Ordner (2)
[2010.03.30 20:27:57 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
[2010.03.30 20:27:57 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inetcpl.cpl
[2010.03.30 20:27:57 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mstime.dll
[2010.03.30 20:27:57 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll
[2010.03.30 20:27:57 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iedkcs32.dll
[2010.03.30 20:27:57 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iepeers.dll
[2010.03.30 20:27:57 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ie4uinit.exe
[2010.03.30 20:27:57 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll
[2010.03.30 20:27:57 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieUnatt.exe
[2010.03.30 20:27:57 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iesysprep.dll
[2010.03.30 20:27:57 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iesetup.dll
[2010.03.30 20:27:57 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iernonce.dll
[2010.03.30 20:27:57 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedsbs.dll
[2010.03.30 20:27:57 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
[2010.03.30 20:27:57 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedssync.exe
[2008.11.30 14:13:52 | 000,180,224 | ---- | C] ( ) -- C:\windows\System32\rsnp2uvc.dll
[2008.11.30 14:13:52 | 000,176,128 | ---- | C] ( ) -- C:\windows\System32\csnp2uvc.dll

========== Files - Modified Within 30 Days ==========

[2010.04.21 20:27:37 | 001,835,008 | -HS- | M] () -- C:\Users\Alexander\NTUSER.DAT
[2010.04.21 20:19:27 | 000,003,216 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.04.21 20:19:27 | 000,003,216 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.04.21 20:15:00 | 000,001,096 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.04.21 19:05:51 | 000,000,426 | -H-- | M] () -- C:\windows\tasks\User_Feed_Synchronization-{0E4024AE-AA10-423F-ADFE-1B8F2CA11B62}.job
[2010.04.21 18:47:34 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.04.21 18:34:38 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.04.21 17:55:22 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2010.04.21 16:20:32 | 000,001,092 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.04.21 16:20:32 | 000,001,052 | ---- | M] () -- C:\windows\tasks\Google Software Updater.job
[2010.04.19 22:14:48 | 000,664,282 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2010.04.19 22:14:48 | 000,625,582 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2010.04.19 22:14:48 | 000,117,144 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2010.04.19 22:14:47 | 001,541,724 | ---- | M] () -- C:\windows\System32\PerfStringBackup.INI
[2010.04.19 22:14:47 | 000,142,622 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2010.04.19 22:08:11 | 000,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT
[2010.04.19 22:06:58 | 3216,261,120 | -HS- | M] () -- C:\hiberfil.sys
[2010.04.18 21:01:02 | 000,005,059 | ---- | M] () -- C:\Users\Alexander\Desktop\00018909.gif
[2010.04.18 20:59:11 | 000,008,634 | ---- | M] () -- C:\Users\Alexander\Desktop\saal.gif
[2010.04.16 19:09:45 | 000,002,073 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010.04.15 21:38:42 | 000,001,874 | ---- | M] () -- C:\Users\Alexander\Desktop\HijackThis.lnk
[2010.04.14 22:29:29 | 000,010,657 | ---- | M] () -- C:\windows\System32\Config.MPF
[2010.04.14 22:29:28 | 000,000,012 | ---- | M] () -- C:\windows\bthservsdp.dat
[2010.04.14 22:29:06 | 000,524,288 | -HS- | M] () -- C:\Users\Alexander\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000001.regtrans-ms
[2010.04.14 22:29:06 | 000,065,536 | -HS- | M] () -- C:\Users\Alexander\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TM.blf
[2010.04.14 22:25:29 | 002,274,601 | -H-- | M] () -- C:\Users\Alexander\AppData\Local\IconCache.db
[2010.04.07 17:07:19 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010.04.07 17:03:55 | 000,001,726 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010.04.07 16:52:53 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2010.03.29 15:24:58 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2010.03.29 15:24:46 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2010.04.21 18:47:34 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.04.21 18:34:38 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.04.18 21:01:01 | 000,005,059 | ---- | C] () -- C:\Users\Alexander\Desktop\00018909.gif
[2010.04.18 20:59:10 | 000,008,634 | ---- | C] () -- C:\Users\Alexander\Desktop\saal.gif
[2010.04.16 19:09:45 | 000,002,073 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010.04.15 21:38:42 | 000,001,874 | ---- | C] () -- C:\Users\Alexander\Desktop\HijackThis.lnk
[2010.04.07 17:07:19 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010.04.07 17:03:55 | 000,001,726 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2009.12.31 00:00:04 | 000,000,680 | ---- | C] () -- C:\Users\Alexander\AppData\Local\d3d9caps.dat
[2009.09.20 19:09:01 | 000,000,000 | ---- | C] () -- C:\Users\Alexander\AppData\Local\FnF4.txt
[2009.09.17 21:21:43 | 000,117,248 | ---- | C] () -- C:\windows\System32\EhStorAuthn.dll
[2009.06.02 09:51:21 | 000,017,408 | ---- | C] () -- C:\windows\System32\rpcnetp.dll
[2008.12.24 20:34:41 | 000,278,728 | ---- | C] () -- C:\windows\System32\drivers\atksgt.sys
[2008.12.24 20:34:40 | 000,025,416 | ---- | C] () -- C:\windows\System32\drivers\lirsgt.sys
[2008.12.19 00:02:12 | 000,000,012 | ---- | C] () -- C:\windows\dirsaver.ini
[2008.12.08 20:10:48 | 000,015,360 | ---- | C] () -- C:\Users\Alexander\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.11.30 14:19:18 | 000,000,000 | ---- | C] () -- C:\Users\Alexander\AppData\Local\QSwitch.txt
[2008.11.30 14:19:18 | 000,000,000 | ---- | C] () -- C:\Users\Alexander\AppData\Local\DSwitch.txt
[2008.11.30 14:19:18 | 000,000,000 | ---- | C] () -- C:\Users\Alexander\AppData\Local\AtStart.txt
[2008.11.30 14:13:52 | 001,804,160 | ---- | C] () -- C:\windows\System32\drivers\snp2uvc.sys
[2008.11.30 14:13:52 | 000,028,160 | ---- | C] () -- C:\windows\System32\drivers\sncduvc.sys
[2008.11.30 14:13:52 | 000,015,497 | ---- | C] () -- C:\windows\snp2uvc.ini
[2008.11.30 14:07:08 | 001,835,008 | -HS- | C] () -- C:\Users\Alexander\NTUSER.DAT
[2008.11.30 14:07:08 | 000,524,288 | -HS- | C] () -- C:\Users\Alexander\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000002.regtrans-ms
[2008.11.30 14:07:08 | 000,524,288 | -HS- | C] () -- C:\Users\Alexander\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000001.regtrans-ms
[2008.11.30 14:07:08 | 000,262,144 | -H-- | C] () -- C:\Users\Alexander\ntuser.dat.LOG1
[2008.11.30 14:07:08 | 000,065,536 | -HS- | C] () -- C:\Users\Alexander\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TM.blf
[2008.11.30 14:07:08 | 000,000,020 | -HS- | C] () -- C:\Users\Alexander\ntuser.ini
[2008.11.30 14:07:08 | 000,000,000 | -H-- | C] () -- C:\Users\Alexander\ntuser.dat.LOG2
[2008.06.17 06:07:59 | 000,204,800 | ---- | C] () -- C:\windows\System32\IVIresizeW7.dll
[2008.06.17 06:07:59 | 000,200,704 | ---- | C] () -- C:\windows\System32\IVIresizeA6.dll
[2008.06.17 06:07:59 | 000,192,512 | ---- | C] () -- C:\windows\System32\IVIresizeP6.dll
[2008.06.17 06:07:59 | 000,192,512 | ---- | C] () -- C:\windows\System32\IVIresizeM6.dll
[2008.06.17 06:07:59 | 000,188,416 | ---- | C] () -- C:\windows\System32\IVIresizePX.dll
[2008.06.17 06:07:59 | 000,020,480 | ---- | C] () -- C:\windows\System32\IVIresize.dll
[2008.06.17 05:49:59 | 000,000,000 | ---- | C] () -- C:\windows\HPMProp.INI
[2008.05.14 02:36:18 | 000,108,752 | ---- | C] () -- C:\windows\System32\drivers\SafeBoot.sys
[2008.05.08 11:14:24 | 000,159,744 | ---- | C] () -- C:\windows\System32\atitmmxx.dll
[2008.01.18 09:33:29 | 000,003,584 | ---- | C] () -- C:\windows\System32\wceprv.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\windows\System32\pacerprf.ini
[2006.03.09 11:58:00 | 001,060,424 | ---- | C] () -- C:\windows\System32\WdfCoInstaller01000.dll
[2005.04.04 00:30:00 | 000,110,592 | ---- | C] () -- C:\windows\System32\scardsyn.dll
[2001.11.14 13:56:00 | 001,802,240 | ---- | C] () -- C:\windows\System32\lcppn21.dll
[2000.11.16 02:07:03 | 000,092,660 | ---- | C] () -- C:\windows\System32\bass.dll
[1998.05.07 05:10:00 | 000,069,632 | ---- | C] () -- C:\windows\System32\ODMA32.dll
< End of report >

Alt 21.04.2010, 20:31   #8
Knerdi
 
vermutlicher Trojaner automatisch über ICQ verschickt worden - Standard

vermutlicher Trojaner automatisch über ICQ verschickt worden



hier noch die Extras.txt log von OTL:

Zitat:
OTL Extras logfile created on: 21.04.2010 20:26:15 - Run 1
OTL by OldTimer - Version 3.2.1.3 Folder = C:\Users\Alexander\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 33,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 63,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 288,09 Gb Total Space | 160,20 Gb Free Space | 55,61% Space Free | Partition Type: NTFS
Drive D: | 9,00 Gb Total Space | 1,65 Gb Free Space | 18,30% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 1021,00 Mb Total Space | 1018,75 Mb Free Space | 99,78% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ALEXANDER-PC
Current User Name: Alexander
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{211B9EFE-1D18-4E45-98F6-C5AA933E53A9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{22D1592B-CB8F-40E0-9261-7646150F9506}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E8C444B-A616-4D28-BA2E-2CDC14767936}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{33654236-679F-420C-B272-885499ACC641}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{469BCB1E-0290-45A6-AFB9-4735C6CF23B9}" = protocol=17 | dir=in | app=c:\program files\ubisoft\die siedler - aufstieg eines königreichs\base\bin\settlers6.exe |
"{51C74E71-6839-4F7A-8D56-AF1998387827}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{592229AB-9150-4F33-B6CB-190E54FE2E88}" = protocol=6 | dir=in | app=c:\program files\mcafee\managed virusscan\agent\myagtsvc.exe |
"{5BE0ABA1-32E3-4597-9639-3F8AC45B28EE}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{5D2EB384-75D5-4E1B-92E2-B2EF623C427D}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{61A49514-821A-48E2-8BE0-77014EADD244}" = protocol=17 | dir=in | app=c:\program files\mcafee\managed virusscan\agent\myagtsvc.exe |
"{61AC3EE8-DCAB-4900-AB19-0C836DF27B7A}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{6564C1C5-14D3-4045-AF12-D77E5613DB78}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{6A44BC1A-D50B-4079-B7B5-A55D156515FE}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{82707E49-BB97-4CF5-8E78-D16FED808747}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9D6138E9-BEB7-4D92-8249-28912113648D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A722019D-374A-4256-8AB5-6B3436CE011D}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{BDB5B4D0-0AD2-420B-9771-31840DBD0BEA}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{BEED3EFD-850F-4821-8459-C0472EB24202}" = dir=in | app=c:\program files\msn messenger\livecall.exe |
"{CB1A6EEF-1982-4D87-AC3D-EE43B2E4563A}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{D55A4AE4-49BB-40DA-9310-7389A871B91B}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{DC608AA3-1BD6-4F05-B647-24F8F96889BB}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{DE0BC7AC-8977-45E2-B4F1-BA3292E33978}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{E2A140F1-C84C-4D2E-A63E-1D58E59706C4}" = protocol=6 | dir=in | app=c:\program files\ubisoft\die siedler - aufstieg eines königreichs\base\bin\settlers6.exe |
"{E5DB2875-C2FD-49E4-9CDF-4F0CC10AE844}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{A63DCDE5-5E35-487A-9762-95189C3A78FA}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{59D33039-9481-438F-8662-8C2656E7B107}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{004C5DA2-2051-4D25-94BA-51CF810C91EB}" = LightScribe System Software 1.12.37.1
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = HP Integrated Module with Bluetooth wireless technology 6.0.1.6200
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{06CB77AB-CDE1-EF6B-175D-85FA59C7F0EE}" = Catalyst Control Center Core Implementation
"{07D78C7B-2AA8-5C02-4238-EE3F39279221}" = Catalyst Control Center Localization Thai
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{08C0729E-3E50-11DF-9D81-005056806466}" = Google Earth
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{0AF9C2B7-2E98-8D77-3892-F8512305C6CE}" = CCC Help Turkish
"{0F98662A-EA83-414F-8766-3FCE46A32641}" = Credential Manager for HP ProtectTools
"{154E4F71-DFC0-4B31-8D99-F97615031B02}" = HP Webcam Application
"{164280AB-98C2-FD02-EC0B-5DFBB98E89C1}" = Catalyst Control Center Localization Chinese Standard
"{173317B8-D99E-F58E-CAAE-924D8F26C435}" = CCC Help Czech
"{1779522E-BFC6-738C-E97E-39405E196FA6}" = Catalyst Control Center Localization Spanish
"{1DB44CB7-D68E-9F09-D656-0FBC7D4D9C00}" = Catalyst Control Center Localization Norwegian
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{1FD3DF19-EF58-2A29-222B-A4B6E237D3DD}" = Catalyst Control Center Graphics Previews Vista
"{207A8D54-51C9-48B6-80E6-CBA5403B3ED4}" = Vista Default Settings
"{2086797F-A4BA-4CD3-8104-09B8D39DA5D8}" = HP JavaCard for HP ProtectTools
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 17
"{279DB581-239C-4E13-97F8-0F48E40BE75C}" = Windows Live Messenger
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2BD2FA21-B51D-4F01-94A7-AC16737B2163}" = Adobe Flash Player 10 ActiveX
"{2EC294E6-2E8C-23A7-C174-4E59532B0E06}" = Catalyst Control Center Localization Korean
"{30A2A953-DEB1-466A-B660-F4399C7C6B9D}" = Roxio MyDVD
"{30BF4E6C-D866-46F7-A4F6-81A45E97706E}" = Catalyst Control Center - Branding
"{311BF3BF-6AAB-7859-1E5A-EB46644A6011}" = CCC Help French
"{32063923-8066-18D5-BF07-2B692547AEF5}" = CCC Help Korean
"{323C15C3-6DE1-05E6-B202-6F1D90BB1B06}" = Catalyst Control Center Localization Turkish
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 E1
"{3848DCD1-E356-ACB9-93AF-FB93485E1598}" = CCC Help Thai
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = HP Webcam
"{3A76F96A-637B-9A0E-F65B-AE595A49DEDA}" = ccc-core-static
"{3FCFB6B6-B5DE-C5B8-825F-5998C220C24E}" = Catalyst Control Center Localization Russian
"{420BBA1D-B275-4891-838C-EA88FE87A632}" = HP Customer Experience Enhancements
"{452473D3-1D26-4E61-8060-3B216620D60C}_is1" = Fahren Lernen Offline 1.1
"{45BA0F82-FC61-828B-A188-49A24B7B39F4}" = Catalyst Control Center Localization Swedish
"{4ADB08ED-A385-21BA-3511-00EB170C9CCA}" = Catalyst Control Center Localization Greek
"{4C203E35-B5C7-4E35-9834-619668C0FFEE}" = HP 3D DriveGuard
"{500CAC18-1509-AC6C-3E91-A437F9457D5E}" = CCC Help Japanese
"{51F96AEC-D902-4434-A0DC-B9692A21AE7C}" = MobileMe Control Panel
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Creator Business
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5B5494F7-FD30-AFAB-ACD5-345F26B6AAF4}" = Catalyst Control Center Graphics Full Existing
"{5BF2EC0B-2A01-DDEA-5645-E700BCE9CDA6}" = CCC Help Spanish
"{5D97A4A7-C274-4B63-86D9-07A33435F505}" = InterVideo DVD Check
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5EF644FA-3703-3253-7372-AE46FD862588}" = ccc-utility
"{63BABF5E-B142-02F9-85E1-F0A1DBEC6D5D}" = Catalyst Control Center Localization Chinese Traditional
"{647ED1EC-1D53-9886-B5A1-234CE9D7BE3F}" = Catalyst Control Center Localization Danish
"{64F561F5-17B7-0721-8D08-78777BB91382}" = CCC Help Italian
"{65E63D8F-F763-940E-38FA-1A6B2C30ADB2}" = Catalyst Control Center Graphics Light
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B4591DF-C531-255E-BDE6-25226A5AE115}" = Skins
"{6C4592F5-A803-1740-A708-84F3578DC083}" = Catalyst Control Center Localization German
"{6DF8EB4D-F5E5-369C-38B2-4F7CD0F02AC3}" = Catalyst Control Center Localization Italian
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = Die Sims 2
"{70CEFEBA-F757-4DBE-8A21-027C326137CE}" = HP Software Setup 5.00.A.7
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{75D7BB3A-9AB7-4ad1-AD5E-0059B90C624B}" = HP ProtectTools Security Manager Suite
"{76BC2442-0002-47FA-9617-43BAD82BEF4C}" = Bonjour
"{789C97CE-9E17-4126-BDF4-11FF458BF705}" = File Sanitizer For HP ProtectTools
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{8BB128BE-2670-485D-A221-B00715BCEBCF}" = HP Easy Setup - Frontend
"{8BEA3254-8719-4815-9312-69AF21B8D779}" = CCC Help Chinese Traditional
"{8BF85A3B-C2EE-2A32-DF54-B565062FBEC9}" = Catalyst Control Center Localization Japanese
"{8C13BEE4-E7CE-4E46-BD13-8F41DAD00FEF}" = SweetIM Toolbar for Internet Explorer 3.4
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8DD39028-8B90-88D8-781A-AB82A9AE6662}" = CCC Help English
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{91B26C13-34A4-36FA-E1F0-22664915EED1}" = Catalyst Control Center Localization Dutch
"{926F4D5F-C8FC-4FB7-8E09-BCB8A997D1C7}" = HP ProtectTools Security Manager
"{968933D6-A9FC-891C-6292-F7E68DB2C7EA}" = CCC Help Finnish
"{96DB55D1-E21F-126C-1ADD-35EAAC852C7C}" = Catalyst Control Center Localization Finnish
"{988B865E-CC06-7B3D-FBC0-52093DB75C9A}" = CCC Help Dutch
"{996A2FAA-7514-4628-9D12-A8FC34A0016E}" = iTunes
"{997F39AA-6CDC-2E23-F9C3-D59AACABAB8F}" = Catalyst Control Center Localization French
"{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant
"{9DBD8BEE-B3EC-4D82-A81C-0F6250176DCC}" = Drive Encryption for HP ProtectTools
"{9E2CCD5E-1990-4EF2-9B61-32F0BBACC29B}" = HP Active Support Library
"{A1410161-F615-4B91-A019-FA33833EF00D}" = BIOS Configuration for HP ProtectTools
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}" = Safari
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC194855-F7AC-4D04-B4C9-07BA46FCB697}" = ActivClient 6.1 x86
"{AC76BA86-7AD7-1033-7B44-A70800000002}" = Adobe Reader 7.0.8
"{B0704448-6681-607E-D97F-A148C2E2F763}" = CCC Help Danish
"{B5C3B892-0849-476C-9F46-B12F84819D57}" = Apple Mobile Device Support
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B79DB290-9F72-4B20-9776-848D7832705B}" = HP User Guides 0108
"{BABEDC2E-5718-1D6D-9E76-93C7EC76BBC4}" = CCC Help Greek
"{BC1DC565-8B34-4B29-9DB2-BF281C2FB56E}" = ESU for Microsoft Vista SP1
"{BD5DE09E-3C1C-1DCE-E98D-7B7BBDBE15AD}" = CCC Help Portuguese
"{BFCBCC48-9027-17B7-BD08-5214898494CC}" = CCC Help German
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die*Sims™*3
"{C0698BDA-0D29-40EE-8570-A31106DF9AB1}" = Medieval II Total War
"{C3036710-8564-ECEA-0E19-1B7880111167}" = CCC Help Swedish
"{C7D03B2F-5B3A-A6D8-1C6C-AFCA02DDD3EC}" = Catalyst Control Center Localization Czech
"{C8A33E2B-5DDB-BF2E-24A9-95DFA1CDF56D}" = Catalyst Control Center Localization Polish
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CA144572-CEAD-5A14-A338-D28B35D9C7FF}" = Catalyst Control Center Localization Hungarian
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE3020D2-1742-19F4-EFB4-4D76097C81D0}" = Catalyst Control Center Localization Portuguese
"{CF755AAE-7801-359C-E9D3-FE8572F8C760}" = Catalyst Control Center Graphics Full New
"{D3F80A98-05AB-4D8C-9272-766CCFA6A48D}" = DIE SIEDLER - Aufstieg eines Königreichs
"{DC04644B-C7B3-AF77-610C-7F0AF59AC44D}" = ATI Catalyst Install Manager
"{DD5B65F7-7CA5-4DE4-AEE7-7E8F26BF78F5}" = OpenOffice.org 2.3
"{DE80F89F-6132-42A9-1A47-542F6C60E1A2}" = CCC Help Russian
"{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}" = Die Sims™ 2 Vier Jahreszeiten
"{E333CA5F-00ED-4EEF-90E5-6A33A8FE969F}" = HP Help and Support
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E979B690-80A7-8E8B-1281-C68DBEDDB491}" = CCC Help Norwegian
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{EC87E256-B0A4-4A41-8682-AB57FF21196D}" = SweetIM for Messenger 2.7
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator Business v10
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F173C2B3-296F-458C-98FF-1676A42EBA02}" = HP Wallpaper
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F23DFEB2-A5D1-3B97-FBF3-30DC859411C0}" = CCC Help Hungarian
"{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}" = 32 Bit HP CIO Components Installer
"{FBE38124-B7F0-3EEE-98C5-D8C3AE353FF5}" = CCC Help Chinese Standard
"{FD9FAE60-2BF1-C877-9843-AABA9DA06A2B}" = CCC Help Polish
"3D Windows XP" = 3D Windows XP Screen Saver
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"AirXonix_is1" = AirXonix version 1.45
"AOL Toolbar" = AOL Toolbar 5.0
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Ballistik_1.0.8.0" = Ballistik 1.0.8.0
"BolzPlatz" = BolzPlatz
"DVDVideoSoft Toolbar" = DVDVideoSoft Toolbar
"EADM" = EA Download Manager
"Free Studio_is1" = Free Studio version 4.3
"Free YouTube Download_is1" = Free YouTube Download 2.3
"Free YouTube to iPod Converter_is1" = Free YouTube to iPod Converter version 3.2
"Free YouTube to Mp3 Converter_is1" = Free YouTube to Mp3 Converter version 3.1
"Google Updater" = Google Updater
"HijackThis" = HijackThis 2.0.2
"Lena-Gercke.scr" = Lena-Gercke ScreenSaver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Managed Firewall" = McAfee Firewall Protection Service
"McAfee SiteAdvisor" = McAfee Browser Protection Service
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MVS" = McAfee Virus and Spyware Protection Service
"Nero - Burning Rom!UninstallKey" = Ahead Nero - Burning Rom
"PDF Complete" = PDF Complete
"S2TNG" = Die Siedler II - Die nächste Generation
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"Winter 3D Screensaver_is1" = Winter 3D Screensaver 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 21.04.2010 06:35:39 | Computer Name = Alexander-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 21.04.2010 06:35:39 | Computer Name = Alexander-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 64810178

Error - 21.04.2010 06:35:39 | Computer Name = Alexander-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 64810178

Error - 21.04.2010 10:19:32 | Computer Name = Alexander-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 21.04.2010 10:19:32 | Computer Name = Alexander-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 78243377

Error - 21.04.2010 10:19:32 | Computer Name = Alexander-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 78243377

Error - 21.04.2010 11:55:22 | Computer Name = Alexander-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 21.04.2010 11:55:22 | Computer Name = Alexander-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3960897

Error - 21.04.2010 11:55:22 | Computer Name = Alexander-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3960897

Error - 21.04.2010 12:46:26 | Computer Name = Alexander-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Users\ALEXAN~1\AppData\Local\Temp\RarSFX0\redist.dll".
Die
abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.4148""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".

[ Credential Manager Events ]
Error - 27.03.2010 20:15:37 | Computer Name = Alexander-PC | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials. Benutzer:
Alexander@Alexander-PC Client-GUID: {Password} Fehler: 0xC516020B Client-Host: localhost

Client-Adresse:
127.0.0.1 Authentifizierungsstelle: HP Server-Host: localhost Protokoll: HTTP

Error - 27.03.2010 20:15:37 | Computer Name = Alexander-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. Benutzer: Alexander@Alexander-PC
Anmeldeinformationen:
Kennwort Fehler: (0xC516020B) Anmeldung fehlgeschlagen. Überprüfen Sie, ob Benutzername
und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein. Bei Kennwörtern
wird die Groß- und Kleinschreibung beachtet. Stellen Sie sicher, dass die Feststelltaste
nicht aktiviert ist.

Error - 30.03.2010 14:16:33 | Computer Name = Alexander-PC | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials. Benutzer:
Alexander@Alexander-PC Client-GUID: {Password} Fehler: 0xC516020B Client-Host: localhost

Client-Adresse:
127.0.0.1 Authentifizierungsstelle: HP Server-Host: localhost Protokoll: HTTP

Error - 30.03.2010 14:16:33 | Computer Name = Alexander-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. Benutzer: Alexander@Alexander-PC
Anmeldeinformationen:
Kennwort Fehler: (0xC516020B) Anmeldung fehlgeschlagen. Überprüfen Sie, ob Benutzername
und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein. Bei Kennwörtern
wird die Groß- und Kleinschreibung beachtet. Stellen Sie sicher, dass die Feststelltaste
nicht aktiviert ist.

Error - 30.03.2010 14:16:43 | Computer Name = Alexander-PC | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials. Benutzer:
Alexander@Alexander-PC Client-GUID: {Password} Fehler: 0xC516020B Client-Host: localhost

Client-Adresse:
127.0.0.1 Authentifizierungsstelle: HP Server-Host: localhost Protokoll: HTTP

Error - 30.03.2010 14:16:43 | Computer Name = Alexander-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. Benutzer: Alexander@Alexander-PC
Anmeldeinformationen:
Kennwort Fehler: (0xC516020B) Anmeldung fehlgeschlagen. Überprüfen Sie, ob Benutzername
und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein. Bei Kennwörtern
wird die Groß- und Kleinschreibung beachtet. Stellen Sie sicher, dass die Feststelltaste
nicht aktiviert ist.

Error - 08.04.2010 10:49:30 | Computer Name = Alexander-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. Benutzer: Alexander@Alexander-PC
Anmeldeinformationen:
Kennwort Fehler: (0xC516020B) Anmeldung fehlgeschlagen. Überprüfen Sie, ob Benutzername
und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein. Bei Kennwörtern
wird die Groß- und Kleinschreibung beachtet. Stellen Sie sicher, dass die Feststelltaste
nicht aktiviert ist.

Error - 08.04.2010 10:49:30 | Computer Name = Alexander-PC | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials. Benutzer:
Alexander@Alexander-PC Client-GUID: {Password} Fehler: 0xC516020B Client-Host: localhost

Client-Adresse:
127.0.0.1 Authentifizierungsstelle: HP Server-Host: localhost Protokoll: HTTP

Error - 10.04.2010 07:11:17 | Computer Name = Alexander-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. Benutzer: Alexander@Alexander-PC
Anmeldeinformationen:
Kennwort Fehler: (0xC516020B) Anmeldung fehlgeschlagen. Überprüfen Sie, ob Benutzername
und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein. Bei Kennwörtern
wird die Groß- und Kleinschreibung beachtet. Stellen Sie sicher, dass die Feststelltaste
nicht aktiviert ist.

Error - 10.04.2010 07:11:17 | Computer Name = Alexander-PC | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials. Benutzer:
Alexander@Alexander-PC Client-GUID: {Password} Fehler: 0xC516020B Client-Host: localhost

Client-Adresse:
127.0.0.1 Authentifizierungsstelle: HP Server-Host: localhost Protokoll: HTTP

[ System Events ]
Error - 15.07.2009 07:13:08 | Computer Name = Alexander-PC | Source = BTHUSB | ID = 327697
Description = The local Bluetooth adapter has failed in an undetermined manner and
will not be used. The driver has been unloaded.

Error - 15.07.2009 08:20:54 | Computer Name = Alexander-PC | Source = BTHUSB | ID = 327697
Description = The local Bluetooth adapter has failed in an undetermined manner and
will not be used. The driver has been unloaded.

Error - 15.07.2009 10:26:46 | Computer Name = Alexander-PC | Source = BTHUSB | ID = 327697
Description = The local Bluetooth adapter has failed in an undetermined manner and
will not be used. The driver has been unloaded.

Error - 15.07.2009 11:53:34 | Computer Name = Alexander-PC | Source = BTHUSB | ID = 327697
Description = The local Bluetooth adapter has failed in an undetermined manner and
will not be used. The driver has been unloaded.

Error - 16.07.2009 06:47:14 | Computer Name = Alexander-PC | Source = BTHUSB | ID = 327697
Description = The local Bluetooth adapter has failed in an undetermined manner and
will not be used. The driver has been unloaded.

Error - 16.07.2009 15:07:19 | Computer Name = Alexander-PC | Source = HTTP | ID = 15016
Description =

Error - 16.07.2009 15:08:00 | Computer Name = Alexander-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 16.07.2009 15:08:53 | Computer Name = Alexander-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =

Error - 17.07.2009 00:17:43 | Computer Name = Alexander-PC | Source = BTHUSB | ID = 327697
Description = The local Bluetooth adapter has failed in an undetermined manner and
will not be used. The driver has been unloaded.

Error - 17.07.2009 18:20:57 | Computer Name = Alexander-PC | Source = BTHUSB | ID = 327697
Description = The local Bluetooth adapter has failed in an undetermined manner and
will not be used. The driver has been unloaded.


< End of report >

Alt 21.04.2010, 21:24   #9
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
vermutlicher Trojaner automatisch über ICQ verschickt worden - Standard

vermutlicher Trojaner automatisch über ICQ verschickt worden



Zitat:
Datenbank Version: 3930
Malwarebytes Signaturen wurden nicht aktualisiert. Vergessen? Oder ging das nicht?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 21.04.2010, 21:40   #10
Knerdi
 
vermutlicher Trojaner automatisch über ICQ verschickt worden - Standard

vermutlicher Trojaner automatisch über ICQ verschickt worden



mist, vergessen

soll der scan nochmal durchgeführt werden?
und gibt es so noch keinerlei erkenntnisse?

gruß
Knerdi

Alt 21.04.2010, 21:43   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
vermutlicher Trojaner automatisch über ICQ verschickt worden - Standard

vermutlicher Trojaner automatisch über ICQ verschickt worden



Erstmal bitte den Vollscan mit frischen Signaturen wiederholen
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu vermutlicher Trojaner automatisch über ICQ verschickt worden
.scr datei, adobe, agere systems, ask toolbar, bho, bonjour, defender, document, explorer, firewall, google, gupdate, hijack, hijackthis, icq, internet, internet explorer, launch, log, logfile, mcafee virus, messenger, micro, monitor, pdf, rundll, security, software, spyware, spyware protection, trojaner, vista, windows, windows system, über icq



Ähnliche Themen: vermutlicher Trojaner automatisch über ICQ verschickt worden


  1. Skype Verschickt automatisch Links an Kontakte (wahrscheinlich Trojaner)
    Plagegeister aller Art und deren Bekämpfung - 31.08.2015 (10)
  2. Meine WEB.de-Adresse verschickt automatisch Spam
    Plagegeister aller Art und deren Bekämpfung - 15.12.2014 (118)
  3. Vermutlicher Virus / Trojaner / Malware, langsames System, Popups in div. Browsern
    Plagegeister aller Art und deren Bekämpfung - 06.12.2014 (19)
  4. Alle rechte meines Rechners, für Ordner, Unterordner und Dateien wurden übernohmen worden über eine Unbekanntes konto
    Überwachung, Datenschutz und Spam - 03.07.2013 (9)
  5. Hotmail Account gehackt und verschickt automatisch Mails
    Plagegeister aller Art und deren Bekämpfung - 29.12.2012 (22)
  6. Spam-Mail vom eigenen Account verschickt worden
    Plagegeister aller Art und deren Bekämpfung - 14.12.2012 (5)
  7. Trojaner verschickt Emails über Yahoo-Account
    Plagegeister aller Art und deren Bekämpfung - 10.09.2012 (47)
  8. Trojaner verschickt Bilderlinks über Facebook
    Plagegeister aller Art und deren Bekämpfung - 02.07.2012 (21)
  9. Hotmail verschickt automatisch emails
    Plagegeister aller Art und deren Bekämpfung - 22.06.2012 (1)
  10. Spam E-Mails werden automatisch über GMX-Account verschickt
    Plagegeister aller Art und deren Bekämpfung - 19.06.2012 (1)
  11. Hotmail verschickt automatisch Spam mails
    Plagegeister aller Art und deren Bekämpfung - 17.08.2011 (1)
  12. Msn Hotmail verschickt automatisch spam (virus ?)
    Plagegeister aller Art und deren Bekämpfung - 22.12.2010 (4)
  13. MSN verschickt automatisch Links
    Plagegeister aller Art und deren Bekämpfung - 18.08.2010 (5)
  14. Mailkonto verschickt automatisch Spammails an Kontakte
    Log-Analyse und Auswertung - 31.12.2009 (10)
  15. Mails von meiner IP verschickt worden.
    Plagegeister aller Art und deren Bekämpfung - 28.11.2009 (3)
  16. Vermutlicher Trojaner in Last Minute
    Plagegeister aller Art und deren Bekämpfung - 22.03.2007 (1)
  17. vermutlicher Trojaner
    Plagegeister aller Art und deren Bekämpfung - 11.02.2007 (1)

Zum Thema vermutlicher Trojaner automatisch über ICQ verschickt worden - Guten Abend, Ich melde mich, weil ein Freund von mir (eher unerfahrener PC User) dummerweise einen link, den er über den instant messenger ICQ von jemanden aus seiner Kontaktliste erhalten - vermutlicher Trojaner automatisch über ICQ verschickt worden...
Archiv
Du betrachtest: vermutlicher Trojaner automatisch über ICQ verschickt worden auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.