| |
| |||||||
Log-Analyse und Auswertung: Trojaner alias svchost.Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
21.06.2010, 00:33
| #1 |
 |  Trojaner alias svchost. Hallo Community, Seit paar Tagen befindet sich definitiv ein Trjoaner bei mir auf dem PC, und zwar bekomme ich alle paar min oder alle paar STD von meinen Viren Programm, das es besagten Trojaner blockt. Ich hab schon 2 deep scans gemacht mit verschiedenen Anti-Viren Programmen und auch einen Scan mit Malwarebytes. -> Ohne Erfolg Der Trojaner befindet sich in dem ordner: C:\WINDOWS\Temp\"zufallsordner"\svchost.exe und erstellten "Zufallsordner" betiteln sich z.b.: gerg.tmp ojfj.temp jpok.temp ... Mein viren programm nennt ihn : win32/Spy.Zbot.YW trojan Jeder dieser besagten Ordner ist leer, d.h den "svchost.exe" zeigt nur die Quarantäne im Viren Programm wenn ich die Ordner öffne sind sie immer leer. Mein Antivirenprogramm hat besagten Trojaner aber schon längst in die Quarantäne geschickt oder ihn gelöscht. Bei meinem PC spürt man auch absolut keinen Leistungsverlust, keine Inet Probleme keine Spielprobleme oder sonstiges, aber es ist trotzdem ein ungutes Gefühl einen Virus auf dem PC zu haben.Ich wäre über Hilfe sehr sehr dankbar. In diesem Sinne Mit freundlichen Grüßen mYaa Hijackthis Logfile : Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 01:20:18, on 21.06.2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Dokumente und Einstellungen\Mote\Eigene Dateien\Programme\Comodo\COMODO Internet Security\cmdagent.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\Dokumente und Einstellungen\Mote\Eigene Dateien\Programme\Comodo\COMODO Internet Security\cfp.exe C:\Dokumente und Einstellungen\Mote\Eigene Dateien\Programme\Eset\egui.exe C:\Programme\Bonjour\mDNSResponder.exe C:\Dokumente und Einstellungen\Mote\Eigene Dateien\Programme\Eset\ekrn.exe C:\Programme\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\svchost.exe C:\Dokumente und Einstellungen\Mote\Eigene Dateien\Programme\UMTS\wtgservice.exe C:\WINDOWS\System32\svchost.exe C:\Dokumente und Einstellungen\Mote\Eigene Dateien\Programme\Firefox\firefox.exe C:\Dokumente und Einstellungen\Mote\Desktop\HiJackThis204.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://google.icq.com/search/search_frame.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://google.icq.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file) O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Dokumente und Einstellungen\Mote\Eigene Dateien\Programme\Comodo\COMODO Internet Security\cfp.exe" -h O4 - HKLM\..\Run: [DeathAdder] C:\Dokumente und Einstellungen\Mote\Eigene Dateien\Programme\Razer\razerhid.exe O4 - HKLM\..\Run: [egui] "C:\Dokumente und Einstellungen\Mote\Eigene Dateien\Programme\Eset\egui.exe" /hide /waitservice O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [{2FAD2502-6D10-80EC-D654-A9927BE7A4A2}] "C:\Dokumente und Einstellungen\Mote\Anwendungsdaten\Enud\ocul.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Dokumente und Einstellungen\Mote\Eigene Dateien\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Dokumente und Einstellungen\Mote\Eigene Dateien\Programme\ICQLite\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Dokumente und Einstellungen\Mote\Eigene Dateien\Programme\ICQLite\ICQ6.5\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Dokumente und Einstellungen\Mote\Eigene Dateien\Programme\Comodo\COMODO Internet Security\cmdagent.exe O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Dokumente und Einstellungen\Mote\Eigene Dateien\Programme\Eset\EHttpSrv.exe O23 - Service: ESET Service (ekrn) - ESET - C:\Dokumente und Einstellungen\Mote\Eigene Dateien\Programme\Eset\ekrn.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing) O23 - Service: WTGService - Unknown owner - C:\Dokumente und Einstellungen\Mote\Eigene Dateien\Programme\UMTS\wtgservice.exe -- End of file - 6755 bytes |
|
21.06.2010, 08:23
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Trojaner alias svchost. Hallo und
__________________ bitte nen Vollscan mit Malwarebytes machen und Log posten. Danach OTL: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ |
|
21.06.2010, 15:57
| #3 |
| | Trojaner alias svchost. Vielen dank für die Antwort ich habe die Programme besorgt und hier sind meine
__________________Logs : OTL : OTL Logfile: Code:
ATTFilter OTL logfile created on: 21.06.2010 12:13:56 - Run 1 OTL by OldTimer - Version 3.2.6.1 Folder = C:\Dokumente und Einstellungen\Mote\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 74,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 89,00% Paging File free Paging file location(s): C:\pagefile.sys 2048 4096 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 58,59 Gb Total Space | 13,04 Gb Free Space | 22,26% Space Free | Partition Type: NTFS Drive D: | 53,20 Gb Total Space | 1,34 Gb Free Space | 2,52% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: MOTERASIM Current User Name: Mote Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\Mote\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Dokumente und Einstellungen\Mote\Eigene Dateien\Programme\Eset\ekrn.exe (ESET) PRC - C:\Dokumente und Einstellungen\Mote\Eigene Dateien\Programme\Eset\egui.exe (ESET) PRC - C:\Dokumente und Einstellungen\Mote\Eigene Dateien\Programme\Comodo\COMODO Internet Security\cfp.exe (COMODO) PRC - C:\Dokumente und Einstellungen\Mote\Eigene Dateien\Programme\Comodo\COMODO Internet Security\cmdagent.exe (COMODO) PRC - C:\Dokumente und Einstellungen\Mote\Eigene Dateien\Programme\Razer\razerhid.exe () PRC - C:\Dokumente und Einstellungen\Mote\Eigene Dateien\Programme\UMTS\WTGService.exe () PRC - C:\Dokumente und Einstellungen\Mote\Eigene Dateien\Programme\Firefox\firefox.exe (Mozilla Corporation) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Dokumente und Einstellungen\Mote\Eigene Dateien\Programme\Razer\razerofa.exe (Razer Inc.) PRC - C:\WINDOWS\ATK0100\HControl.exe () ========== Modules (SafeList) ========== MOD - C:\Dokumente und Einstellungen\Mote\Desktop\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (EhttpSrv) -- C:\Dokumente und Einstellungen\Mote\Eigene Dateien\Programme\Eset\EHttpSrv.exe (ESET) SRV - (ekrn) -- C:\Dokumente und Einstellungen\Mote\Eigene Dateien\Programme\Eset\ekrn.exe (ESET) SRV - (cmdAgent) -- C:\Dokumente und Einstellungen\Mote\Eigene Dateien\Programme\Comodo\COMODO Internet Security\cmdagent.exe (COMODO) SRV - (npggsvc) -- C:\WINDOWS\System32\GameMon.des (INCA Internet Co., Ltd.) SRV - (WTGService) -- C:\Dokumente und Einstellungen\Mote\Eigene Dateien\Programme\UMTS\WTGService.exe () SRV - (FLEXnet Licensing Service) -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software GmbH) SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation) ========== Driver Services (SafeList) ========== DRV - (epfwtdir) -- C:\WINDOWS\system32\drivers\epfwtdir.sys (ESET) DRV - (ehdrv) -- C:\WINDOWS\system32\drivers\ehdrv.sys (ESET) DRV - (eamon) -- C:\WINDOWS\system32\drivers\eamon.sys (ESET) DRV - (cmdGuard) -- C:\WINDOWS\system32\drivers\cmdguard.sys (COMODO) DRV - (Inspect) -- C:\WINDOWS\System32\DRIVERS\inspect.sys (COMODO) DRV - (cmdHlp) -- C:\WINDOWS\system32\drivers\cmdhlp.sys (COMODO) DRV - (STEC3) -- C:\WINDOWS\system32\STEC3.sys (AntiCracking) DRV - (SSHDRV85) -- C:\WINDOWS\system32\drivers\SSHDRV85.sys () DRV - (danewFltr) -- C:\WINDOWS\system32\drivers\danew.sys (Razer (Asia-Pacific) Pte Ltd) DRV - (ithsgt) -- C:\WINDOWS\system32\drivers\ithsgt.sys () DRV - (lilsgt) -- C:\WINDOWS\system32\drivers\lilsgt.sys () DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys () DRV - (ggsemc) -- C:\WINDOWS\system32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications) DRV - (ggflt) -- C:\WINDOWS\system32\drivers\ggflt.sys (Sony Ericsson Mobile Communications) DRV - (BtHidBus) -- C:\WINDOWS\System32\Drivers\BtHidBus.sys (IVT Corporation.) DRV - (IvtBtBUs) -- C:\WINDOWS\system32\drivers\IvtBtBus.sys (IVT Corporation.) DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider) DRV - (DAdderFltr) -- C:\WINDOWS\system32\drivers\dadder.sys (Razer (Asia-Pacific) Pte Ltd) DRV - (NETw3x32) Intel(R) -- C:\WINDOWS\system32\drivers\NETw3x32.sys (Intel® Corporation) DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.) DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC) DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation ) DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC) DRV - (Tosrfcom) -- C:\WINDOWS\system32\drivers\tosrfcom.sys (TOSHIBA Corporation) DRV - (ZSMC303) VIMICRO USB PC Camera (ZC0301PLH) -- C:\WINDOWS\system32\drivers\usbVM303.sys (Vimicro Corporation) DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ATKACPI.sys () DRV - (k750obex) -- C:\WINDOWS\system32\drivers\k750obex.sys (MCCI) DRV - (k750mgmt) -- C:\WINDOWS\system32\drivers\k750mgmt.sys (MCCI) DRV - (k750mdm) -- C:\WINDOWS\system32\drivers\k750mdm.sys (MCCI) DRV - (k750mdfl) -- C:\WINDOWS\system32\drivers\k750mdfl.sys (MCCI) DRV - (k750bus) Sony Ericsson 750 driver (WDM) -- C:\WINDOWS\system32\drivers\k750bus.sys (MCCI) DRV - (NPPTNT2) -- C:\WINDOWS\system32\npptNT2.sys (INCA Internet Co., Ltd.) DRV - (A_USBETHMP) -- C:\WINDOWS\system32\drivers\usbethmp.sys (Intellon Corporation) DRV - (MODEMCSA) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Prev Search Page = hxxp://google.icq.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://google.icq.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaulturl: "hxxp://www.google.de/search?q=" FF - prefs.js..browser.search.update: false FF - prefs.js..browser.startup.homepage: "moterasim.de" FF - prefs.js..extensions.enabledItems: {9c51bd27-6ed8-4000-a2bf-36cb95c0c947}:10.1.0 FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20090322 FF - prefs.js..keyword.URL: "hxxp://www.google.de/search?q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Components: C:\Dokumente und Einstellungen\Mote\Eigene Dateien\Programme\Firefox\components [2010.03.10 15:48:46 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Plugins: C:\Dokumente und Einstellungen\Mote\Eigene Dateien\Programme\Firefox\plugins [2010.03.10 15:48:46 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Dokumente und Einstellungen\Mote\Eigene Dateien\Programme\Eset\Mozilla Thunderbird [2010.06.16 02:22:46 | 000,000,000 | ---D | M] [2008.08.15 19:18:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mote\Anwendungsdaten\Mozilla\Extensions [2009.11.19 21:49:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mote\Anwendungsdaten\Mozilla\Firefox\Profiles\s4jtgor6.default\extensions [2009.11.19 21:49:02 | 000,000,000 | ---D | M] (Tamper Data) -- C:\Dokumente und Einstellungen\Mote\Anwendungsdaten\Mozilla\Firefox\Profiles\s4jtgor6.default\extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947} [2009.04.05 21:01:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mote\Anwendungsdaten\Mozilla\Firefox\Profiles\s4jtgor6.default\extensions\nasanightlaunch@example.com O1 HOSTS File: ([2002.08.29 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found. O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [COMODO Internet Security] C:\Dokumente und Einstellungen\Mote\Eigene Dateien\Programme\Comodo\COMODO Internet Security\cfp.exe (COMODO) O4 - HKLM..\Run: [DeathAdder] C:\Dokumente und Einstellungen\Mote\Eigene Dateien\Programme\Razer\razerhid.exe () O4 - HKLM..\Run: [egui] C:\Dokumente und Einstellungen\Mote\Eigene Dateien\Programme\Eset\egui.exe (ESET) O4 - HKLM..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe () O4 - HKCU..\Run: [{2FAD2502-6D10-80EC-D654-A9927BE7A4A2}] C:\Dokumente und Einstellungen\Mote\Anwendungsdaten\Enud\ocul.exe File not found O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Dokumente und Einstellungen\Mote\Eigene Dateien\Programme\ICQLite\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Dokumente und Einstellungen\Mote\Eigene Dateien\Programme\ICQLite\ICQ6.5\ICQ.exe (ICQ, LLC.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12) O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UIHost - (C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe) - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Mote\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Mote\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.08.13 22:55:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{33ac2de4-c789-11de-a014-001a92975ac2}\Shell - "" = AutoRun O33 - MountPoints2\{33ac2de4-c789-11de-a014-001a92975ac2}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{33ac2de4-c789-11de-a014-001a92975ac2}\Shell\AutoRun\command - "" = J:\AutoRun.exe -- File not found O33 - MountPoints2\{33ac2de5-c789-11de-a014-001a92975ac2}\Shell - "" = AutoRun O33 - MountPoints2\{33ac2de5-c789-11de-a014-001a92975ac2}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{33ac2de5-c789-11de-a014-001a92975ac2}\Shell\AutoRun\command - "" = N:\AutoRun.exe -- File not found O33 - MountPoints2\{5620a7d8-a530-11de-9fc5-001a92975ac2}\Shell - "" = AutoRun O33 - MountPoints2\{5620a7d8-a530-11de-9fc5-001a92975ac2}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{5620a7d8-a530-11de-9fc5-001a92975ac2}\Shell\AutoRun\command - "" = J:\AutoRun.exe -- File not found O33 - MountPoints2\{5620a7db-a530-11de-9fc5-001a92975ac2}\Shell - "" = AutoRun O33 - MountPoints2\{5620a7db-a530-11de-9fc5-001a92975ac2}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{5620a7db-a530-11de-9fc5-001a92975ac2}\Shell\AutoRun\command - "" = J:\AutoRun.exe -- File not found O33 - MountPoints2\{671dd2a2-e8d8-11de-a056-c5387a09ff0d}\Shell - "" = AutoRun O33 - MountPoints2\{671dd2a2-e8d8-11de-a056-c5387a09ff0d}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{671dd2a2-e8d8-11de-a056-c5387a09ff0d}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found O33 - MountPoints2\{6fad6603-254c-11df-a0c1-001a92975ac2}\Shell\AutoRun\command - "" = G:\EmDesk.exe -- File not found O33 - MountPoints2\{6fad6603-254c-11df-a0c1-001a92975ac2}\Shell\EmDesk\command - "" = G:\EmDesk.exe -- File not found O33 - MountPoints2\{7c24e7bc-a6de-11de-9fc9-8343029f1291}\Shell - "" = AutoRun O33 - MountPoints2\{7c24e7bc-a6de-11de-9fc9-8343029f1291}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{7c24e7bc-a6de-11de-9fc9-8343029f1291}\Shell\AutoRun\command - "" = J:\AutoRun.exe -- File not found O33 - MountPoints2\{7c24e7bd-a6de-11de-9fc9-8343029f1291}\Shell - "" = AutoRun O33 - MountPoints2\{7c24e7bd-a6de-11de-9fc9-8343029f1291}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{7c24e7bd-a6de-11de-9fc9-8343029f1291}\Shell\AutoRun\command - "" = J:\AutoRun.exe -- File not found O33 - MountPoints2\{823de2c4-c4b9-11de-a00f-958205810ad1}\Shell - "" = AutoRun O33 - MountPoints2\{823de2c4-c4b9-11de-a00f-958205810ad1}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{823de2c4-c4b9-11de-a00f-958205810ad1}\Shell\AutoRun\command - "" = J:\AutoRun.exe -- File not found O33 - MountPoints2\{9d3e2c94-6d71-11dd-9d45-001a92975ac2}\Shell - "" = AutoRun O33 - MountPoints2\{9d3e2c94-6d71-11dd-9d45-001a92975ac2}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{9d3e2c94-6d71-11dd-9d45-001a92975ac2}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe -- File not found O33 - MountPoints2\{9d3e2c95-6d71-11dd-9d45-001a92975ac2}\Shell - "" = AutoRun O33 - MountPoints2\{9d3e2c95-6d71-11dd-9d45-001a92975ac2}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{9d3e2c95-6d71-11dd-9d45-001a92975ac2}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe -- File not found O33 - MountPoints2\{b3270af1-d686-11dd-9e30-0019d2cf3bfb}\Shell\AutoRun\command - "" = H:\wd_windows_tools\setup.exe -- File not found O33 - MountPoints2\{beae5a2e-a2e6-11de-9fbe-0019d2cf3bfb}\Shell - "" = AutoRun O33 - MountPoints2\{beae5a2e-a2e6-11de-9fbe-0019d2cf3bfb}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{beae5a2e-a2e6-11de-9fbe-0019d2cf3bfb}\Shell\AutoRun\command - "" = J:\AutoRun.exe -- File not found O33 - MountPoints2\{beae5a31-a2e6-11de-9fbe-0019d2cf3bfb}\Shell - "" = AutoRun O33 - MountPoints2\{beae5a31-a2e6-11de-9fbe-0019d2cf3bfb}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{beae5a31-a2e6-11de-9fbe-0019d2cf3bfb}\Shell\AutoRun\command - "" = J:\AutoRun.exe -- File not found O33 - MountPoints2\{c9bc6f7e-be47-11de-9ffe-802dd8bd3e01}\Shell - "" = AutoRun O33 - MountPoints2\{c9bc6f7e-be47-11de-9ffe-802dd8bd3e01}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{c9bc6f7e-be47-11de-9ffe-802dd8bd3e01}\Shell\AutoRun\command - "" = J:\AutoRun.exe -- File not found O33 - MountPoints2\{c9bc6f80-be47-11de-9ffe-802dd8bd3e01}\Shell - "" = AutoRun O33 - MountPoints2\{c9bc6f80-be47-11de-9ffe-802dd8bd3e01}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{c9bc6f80-be47-11de-9ffe-802dd8bd3e01}\Shell\AutoRun\command - "" = J:\AutoRun.exe -- File not found O33 - MountPoints2\{c9bc6f83-be47-11de-9ffe-802dd8bd3e01}\Shell - "" = AutoRun O33 - MountPoints2\{c9bc6f83-be47-11de-9ffe-802dd8bd3e01}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{c9bc6f83-be47-11de-9ffe-802dd8bd3e01}\Shell\AutoRun\command - "" = J:\AutoRun.exe -- File not found O33 - MountPoints2\{cf128743-a76f-11de-9fca-a18052e7b5c1}\Shell - "" = AutoRun O33 - MountPoints2\{cf128743-a76f-11de-9fca-a18052e7b5c1}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{cf128743-a76f-11de-9fca-a18052e7b5c1}\Shell\AutoRun\command - "" = J:\AutoRun.exe -- File not found O33 - MountPoints2\{dd6e3076-ea4c-11de-a059-ea3216ac3600}\Shell\AutoRun\command - "" = I:\setupSNK.exe -- File not found O33 - MountPoints2\{e21a5a48-be44-11de-9ffd-cce4b925a86a}\Shell - "" = AutoRun O33 - MountPoints2\{e21a5a48-be44-11de-9ffd-cce4b925a86a}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{e21a5a48-be44-11de-9ffd-cce4b925a86a}\Shell\AutoRun\command - "" = J:\AutoRun.exe -- File not found O33 - MountPoints2\{e73f2618-c0a9-11de-a002-001a92975ac2}\Shell - "" = AutoRun O33 - MountPoints2\{e73f2618-c0a9-11de-a002-001a92975ac2}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{e73f2618-c0a9-11de-a002-001a92975ac2}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.06.21 12:13:01 | 006,153,648 | ---- | C] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\Mote\Desktop\mbam-setup.exe [2010.06.21 12:12:20 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Mote\Desktop\OTL.exe [2010.06.20 19:09:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Mote\Desktop\Zeitgeist [2010.06.19 04:44:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Mote\Lokale Einstellungen\Anwendungsdaten\ESET [2010.06.18 17:05:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Mote\Eigene Dateien\My Aion [2010.06.16 14:06:57 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Mote\Recent [2010.06.16 02:31:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\ESET [2010.06.16 02:22:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ESET [2010.06.15 12:50:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy [2010.06.15 12:22:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Macromedia [2010.06.15 12:22:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Adobe [2010.06.07 21:29:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Mote\Desktop\TheCoKeMovie [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.06.21 12:13:20 | 006,153,648 | ---- | M] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\Mote\Desktop\mbam-setup.exe [2010.06.21 12:12:30 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Mote\Desktop\OTL.exe [2010.06.21 12:09:27 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.06.21 12:09:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.06.21 05:00:25 | 009,437,184 | ---- | M] () -- C:\Dokumente und Einstellungen\Mote\ntuser.dat [2010.06.21 05:00:11 | 006,047,578 | -H-- | M] () -- C:\Dokumente und Einstellungen\Mote\Lokale Einstellungen\Anwendungsdaten\IconCache.db [2010.06.21 03:56:53 | 000,000,121 | ---- | M] () -- C:\Dokumente und Einstellungen\Mote\Eigene Dateien\aionmemo_d0e92de7.dat [2010.06.21 01:06:25 | 000,010,682 | ---- | M] () -- C:\Dokumente und Einstellungen\Mote\Desktop\Neu RTF-Dokument.rtf [2010.06.20 15:05:44 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.06.18 17:16:10 | 000,000,470 | ---- | M] () -- C:\WINDOWS\tasks\1-Klick-Wartung.job [2010.06.16 04:13:36 | 000,001,029 | ---- | M] () -- C:\WINDOWS\win.ini [2010.06.16 04:13:36 | 000,000,389 | RHS- | M] () -- C:\boot.ini [2010.06.16 04:13:36 | 000,000,270 | ---- | M] () -- C:\WINDOWS\system.ini [2010.06.06 13:16:42 | 000,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2010.06.03 19:50:27 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\Mote\ntuser.ini [2010.05.28 02:09:00 | 000,041,872 | ---- | M] () -- C:\WINDOWS\System32\xfcodec.dll [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.06.21 00:55:21 | 000,010,682 | ---- | C] () -- C:\Dokumente und Einstellungen\Mote\Desktop\Neu RTF-Dokument.rtf [2010.06.15 01:57:31 | 000,011,985 | ---- | C] () -- C:\Dokumente und Einstellungen\Mote\hs_err_pid3360.log [2010.05.28 02:09:00 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll [2010.05.24 11:49:55 | 377,530,368 | ---- | C] () -- C:\Dokumente und Einstellungen\Mote\Desktop\20100427-190756.mpg [2010.05.24 11:48:47 | 582,952,960 | ---- | C] () -- C:\Dokumente und Einstellungen\Mote\Desktop\20100427-183605.mpg [2010.03.10 15:48:44 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2010.03.10 15:48:42 | 002,378,752 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll [2010.03.10 15:48:41 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2010.03.10 15:48:41 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2010.03.10 15:48:41 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2010.03.10 15:48:39 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2010.03.10 15:48:39 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2010.03.08 16:18:07 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll [2010.02.12 18:16:53 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI [2009.09.13 23:19:25 | 000,000,011 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.ini [2009.08.25 23:17:13 | 000,000,064 | ---- | C] () -- C:\WINDOWS\MPlayer.INI [2009.08.10 22:54:42 | 000,078,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\SSHDRV85.sys [2009.07.14 14:25:29 | 000,000,216 | ---- | C] () -- C:\WINDOWS\System32\doc2pdf_config.ini [2009.04.17 11:09:02 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2009.02.19 18:40:53 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll [2009.01.31 16:20:04 | 000,162,432 | ---- | C] () -- C:\WINDOWS\System32\drivers\ithsgt.sys [2009.01.31 16:20:03 | 000,012,032 | ---- | C] () -- C:\WINDOWS\System32\drivers\lilsgt.sys [2009.01.01 16:19:13 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll [2008.12.16 18:53:36 | 000,024,576 | ---- | C] () -- C:\WINDOWS\VMPipe.dll [2008.10.08 03:17:35 | 000,000,816 | ---- | C] () -- C:\WINDOWS\TVTEmulator.ini [2008.10.06 21:55:48 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI [2008.09.30 15:31:11 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2008.08.29 11:35:45 | 000,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2008.08.15 20:24:47 | 000,000,121 | ---- | C] () -- C:\WINDOWS\bdagent.INI [2008.08.14 11:02:55 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\ATKACPI.sys [1997.11.17 17:13:16 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 229 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:8FF81EB0 @Alternate Data Stream - 133 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:05EE1EEF @Alternate Data Stream - 110 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:888AFB86 < End of report > |
|
21.06.2010, 15:59
| #4 |
| | Trojaner alias svchost. OTL Extras logfile created on: 21.06.2010 12:13:56 - Run 1 OTL by OldTimer - Version 3.2.6.1 Folder = C:\Dokumente und Einstellungen\Mote\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 74,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 89,00% Paging File free Paging file location(s): C:\pagefile.sys 2048 4096 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 58,59 Gb Total Space | 13,04 Gb Free Space | 22,26% Space Free | Partition Type: NTFS Drive D: | 53,20 Gb Total Space | 1,34 Gb Free Space | 2,52% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: MOTERASIM Current User Name: Mote Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Dokumente und Einstellungen\Mote\Eigene Dateien\Programme\Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. http [open] -- "C:\Dokumente und Einstellungen\Mote\Eigene Dateien\Programme\Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) https [open] -- "C:\Dokumente und Einstellungen\Mote\Eigene Dateien\Programme\Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation) ->>>> |
|
21.06.2010, 16:01
| #5 |
| | Trojaner alias svchost. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Dokumente und Einstellungen\Mote\Eigene Dateien\Programme\Veoh\VeohClient.exe" = C:\Dokumente und Einstellungen\Mote\Eigene Dateien\Programme\Veoh\VeohClient.exe:*:Enabled:Veoh Client -- File not found "C:\Dokumente und Einstellungen\Mote\Desktop\Neuer Ordner\Update Service\Update Service.exe" = C:\Dokumente und Einstellungen\Mote\Desktop\Neuer Ordner\Update Service\Update Service.exe:*:Enabled:Update Service -- File not found "C:\Dokumente und Einstellungen\Mote\Eigene Dateien\Programme\Gamers.IRC\mirc.exe" = C:\Dokumente und Einstellungen\Mote\Eigene Dateien\Programme\Gamers.IRC\mirc.exe:*:Enabled:mIRC -- (mIRC Co. Ltd.) "C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation) "C:\Dokumente und Einstellungen\Mote\Eigene Dateien\Programme\Firefox\firefox.exe" = C:\Dokumente und Einstellungen\Mote\Eigene Dateien\Programme\Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation) "D:\Games\Smash Online\SmashOnline.exe" = D:\Games\Smash Online\SmashOnline.exe:*:Enabled:SmashOnline -- File not found "D:\Games\Steam\steamapps\ratora\counter-strike source\hl2.exe" = D:\Games\Steam\steamapps\ratora\counter-strike source\hl2.exe:*:Enabled:hl2 -- File not found "C:\Programme\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Programme\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player -- File not found "C:\Dokumente und Einstellungen\Mote\Desktop\utorrent.exe" = C:\Dokumente und Einstellungen\Mote\Desktop\utorrent.exe:*:Enabled:µTorrent -- File not found "C:\Dokumente und Einstellungen\Mote\Desktop\neu\utorrent.exe" = C:\Dokumente und Einstellungen\Mote\Desktop\neu\utorrent.exe:*:Enabled:µTorrent -- File not found "C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation) "C:\Dokumente und Einstellungen\Mote\Eigene Dateien\Programme\ICQLite\ICQ6\ICQ.exe" = C:\Dokumente und Einstellungen\Mote\Eigene Dateien\Programme\ICQLite\ICQ6\ICQ.exe:*:Enabled:ICQ6 -- File not found "C:\Dokumente und Einstellungen\Mote\Eigene Dateien\Programme\ICQLite\ICQ6.5\ICQ.exe" = C:\Dokumente und Einstellungen\Mote\Eigene Dateien\Programme\ICQLite\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, LLC.) "C:\Dokumente und Einstellungen\Mote\temp\TeamViewer\Version4\TeamViewer.exe" = C:\Dokumente und Einstellungen\Mote\temp\TeamViewer\Version4\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application -- (TeamViewer GmbH) "C:\Dokumente und Einstellungen\Mote\Eigene Dateien\Programme\Xfire\Xfire.exe" = C:\Dokumente und Einstellungen\Mote\Eigene Dateien\Programme\Xfire\Xfire.exe:*:Enabled:Xfire -- (Xfire Inc.) "C:\Programme\Java\jre6\bin\javaw.exe" = C:\Programme\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.) "C:\Dokumente und Einstellungen\Mote\Desktop\Counter-Strike Source Lan-Party\hl2.exe" = C:\Dokumente und Einstellungen\Mote\Desktop\Counter-Strike Source Lan-Party\hl2.exe:*:Enabled:hl2 -- File not found "C:\Dokumente und Einstellungen\Mote\temp\TeamViewer\Version5\TeamViewer.exe" = C:\Dokumente und Einstellungen\Mote\temp\TeamViewer\Version5\TeamViewer.exe:*:Enabled:TeamViewer -- (TeamViewer GmbH) "C:\Dokumente und Einstellungen\Mote\Desktop\skype recorder\MP3 Skype Recorder.exe" = C:\Dokumente und Einstellungen\Mote\Desktop\skype recorder\MP3 Skype Recorder.exe:*:Enabled:MP3 Skype Recorder -- File not found "C:\Dokumente und Einstellungen\Mote\Desktop\openarena-0.8.1\openarena.exe" = C:\Dokumente und Einstellungen\Mote\Desktop\openarena-0.8.1\openarena.exe:*:Enabled  penarena -- File not found"C:\WINDOWS\system32\dplaysvr.exe" = C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper -- (Microsoft Corporation) "C:\Dokumente und Einstellungen\Mote\Desktop\Re-Volt\REVOLT.EXE" = C:\Dokumente und Einstellungen\Mote\Desktop\Re-Volt\REVOLT.EXE:*:Enabled:REVOLT -- File not found "D:\Games\UT 2004\System\UT2004.exe" = D:\Games\UT 2004\System\UT2004.exe:*:Enabled:UT2004 -- () ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3 "{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3 "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting "{08B857DF-E6F9-4283-853A-4F329CC09A4F}" = ESET NOD32 Antivirus "{0A35B15C-9CCD-4C0C-BD5B-34ABF8C95813}_is1" = ICQ 6.5 Build #1042 Banner Remover 1.2 "{15095BF3-A3D7-4DDF-B193-3A496881E003}" = Microsoft .NET Framework 3.0 "{17E2F183-BAC4-4D01-BD7A-59F781E17EFA}" = REALTEK PCIE NIC Driver "{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 12 "{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3 "{2C294A0B-DF22-4023-B168-8C7645B10019}" = Adobe Setup "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7 "{32A3A4F4-B792-11D6-A78A-00B0D0160120}" = Java(TM) SE Development Kit 6 Update 12 "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder "{394DC0BC-5476-4260-B52C-BDE1BDEFA958}" = Unreal Tournament 2004 "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger "{491DD792-AD81-429C-9EB4-86DD3D22E333}" = Windows Communication Foundation "{4B215C29-1A3E-4736-92AA-10C83FA56EB9}" = Adobe After Effects CS3 Presets "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3 "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5 "{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All "{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3 "{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings "{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}" = Windows Workflow Foundation "{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3 "{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles "{8AF3FB06-BDA3-42A3-995C-308812D2F094}" = Adobe After Effects CS3 "{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3 "{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3 "{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{97E7C086-64CE-4390-A181-189A8612D215}" = Aion "{998D6972-F58E-479D-9248-8F179E55AE38}" = Java DB 10.4.1.3 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3 "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps "{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific "{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings "{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1.2 - Deutsch "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0 "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3 "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation "{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2 "{C457BA5F-35F9-480C-90F8-5C91DB443A15}_is1" = Shutdown Manager "{C8BB4912-12D9-42AE-B571-E580D8CD1B5B}" = TuneUp Utilities 2007 "{C8D7A672-F697-4572-AC62-C856053A8DBC}" = Adobe Illustrator CS3 "{C9FB868B-2086-4EE2-BD4F-BFBA36B131F4}" = NCsoft Launcher "{CE3B8E96-B0AF-4871-9178-1519B58E3A93}" = Vimicro USB PC Camera (ZC0301PLH) "{CEA791BB-6F54-48ED-BC2A-F78157C1D558}" = Adobe Setup "{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1 "{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files "{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings "{DB52432E-3AD8-41A5-A586-0F065FB6A31E}" = Game Cam "{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings "{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}" = jetAudio Basic "{E161E7E7-9875-4F7F-AFC7-72D40B45B5F3}" = ATI Catalyst Control Center "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3 "{EB1B8449-CD8F-485B-ADB6-02FBCFE180D3}" = Razer DeathAdder(TM) Mouse "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe_b7dd24a87e82dcf8af8876fd727b7cf" = Adobe After Effects CS3 "Adobe_c015d5ef39552390a753ee735d16041" = Adobe Illustrator CS3 "Alarmstufe Rot" = Alarmstufe Rot Windows 95 "All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software "ATI Display Driver" = ATI Display Driver "CCleaner" = CCleaner (remove only) "COMODO Internet Security" = COMODO Internet Security "Cool Edit Pro 2.1" = Cool Edit Pro 2.1 "DVD Shrink_is1" = DVD Shrink 3.2 "EPSON Printer and Utilities" = EPSON-Drucker-Software "Fiesta Online" = Fiesta Online 1.01.004 "Gamers.IRC" = Gamers.IRC 5.21 "GoldWave v5.20" = GoldWave v5.20 "HControl" = ATK0100 ACPI UTILITY "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "JDownloader" = JDownloader "KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.7.0 "Messenger Plus! Live" = Messenger Plus! Live "Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0 "Microsoft .NET Framework 3.0" = Microsoft .NET Framework 3.0 "Mozilla Firefox (3.0.5)" = Mozilla Firefox (3.0.5) "MPE" = MyPhoneExplorer "Nero - Burning Rom!UninstallKey" = Nero OEM "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "Redirection Port Monitor" = RedMon - Redirection Port Monitor "rK's DemoWatcher_is1" = rK DemoWatcher 1.8 "Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2 "TeamSpeak 3 Client" = TeamSpeak 3 Client "ToolbarICQToolbar.ICQToolbarObjectIEToolbar" = ICQ Toolbar "Total Video Converter 3.10_is1" = Total Video Converter 3.10 "Verbindungsassistent" = Verbindungsassistent "VLC media player" = VideoLAN VLC media player 0.8.6i "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Xfire" = Xfire (remove only) "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0 |
|
21.06.2010, 16:04
| #6 |
| | Trojaner alias svchost. Maleware: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4219 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.13 21.06.2010 13:20:01 mbam-log-2010-06-21 (13-20-01).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Durchsuchte Objekte: 206175 Laufzeit: 56 Minute(n), 52 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Ich hoffe ihr könnt damit mehr anfangen. (Entschuldigung für diese langen posts  ) |
|
22.06.2010, 17:15
| #7 |
| | Trojaner alias svchost. Kann mir wirklich niemand helfen ? Ich hab von einem Kollegen einen Link bekommen der mich von Kaspersky auf einen sogenannten "Zbot.Killer" verweißt dem man Lokal aber auch über das Interface von Kaspersky verwenden kann. Da ich dieses Programm nich besitze haben ich es Lokal ausgeführt, leider ohne Erfolg. Mein Antivirenprogramm gibt immer noch alle 1std ca dieseselbe Meldung aus wie am Anfang : "win32/Spy.Zbot.YW trojan" In diesem Sinne Mfg |
|
22.06.2010, 20:31
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner alias svchost. Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
O4 - HKCU..\Run: [{2FAD2502-6D10-80EC-D654-A9927BE7A4A2}] C:\Dokumente und Einstellungen\Mote\Anwendungsdaten\Enud\ocul.exe File not found
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Dokumente und Einstellungen\Mote\Eigene Dateien\Programme\ICQLite\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Dokumente und Einstellungen\Mote\Eigene Dateien\Programme\ICQLite\ICQ6.5\ICQ.exe (ICQ, LLC.)
O33 - MountPoints2\{33ac2de4-c789-11de-a014-001a92975ac2}\Shell - "" = AutoRun
O33 - MountPoints2\{33ac2de4-c789-11de-a014-001a92975ac2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{33ac2de4-c789-11de-a014-001a92975ac2}\Shell\AutoRun\command - "" = J:\AutoRun.exe -- File not found
O33 - MountPoints2\{33ac2de5-c789-11de-a014-001a92975ac2}\Shell - "" = AutoRun
O33 - MountPoints2\{33ac2de5-c789-11de-a014-001a92975ac2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{33ac2de5-c789-11de-a014-001a92975ac2}\Shell\AutoRun\command - "" = N:\AutoRun.exe -- File not found
O33 - MountPoints2\{5620a7d8-a530-11de-9fc5-001a92975ac2}\Shell - "" = AutoRun
O33 - MountPoints2\{5620a7d8-a530-11de-9fc5-001a92975ac2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5620a7d8-a530-11de-9fc5-001a92975ac2}\Shell\AutoRun\command - "" = J:\AutoRun.exe -- File not found
O33 - MountPoints2\{5620a7db-a530-11de-9fc5-001a92975ac2}\Shell - "" = AutoRun
O33 - MountPoints2\{5620a7db-a530-11de-9fc5-001a92975ac2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5620a7db-a530-11de-9fc5-001a92975ac2}\Shell\AutoRun\command - "" = J:\AutoRun.exe -- File not found
O33 - MountPoints2\{671dd2a2-e8d8-11de-a056-c5387a09ff0d}\Shell - "" = AutoRun
O33 - MountPoints2\{671dd2a2-e8d8-11de-a056-c5387a09ff0d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{671dd2a2-e8d8-11de-a056-c5387a09ff0d}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found
O33 - MountPoints2\{6fad6603-254c-11df-a0c1-001a92975ac2}\Shell\AutoRun\command - "" = G:\EmDesk.exe -- File not found
O33 - MountPoints2\{6fad6603-254c-11df-a0c1-001a92975ac2}\Shell\EmDesk\command - "" = G:\EmDesk.exe -- File not found
O33 - MountPoints2\{7c24e7bc-a6de-11de-9fc9-8343029f1291}\Shell - "" = AutoRun
O33 - MountPoints2\{7c24e7bc-a6de-11de-9fc9-8343029f1291}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7c24e7bc-a6de-11de-9fc9-8343029f1291}\Shell\AutoRun\command - "" = J:\AutoRun.exe -- File not found
O33 - MountPoints2\{7c24e7bd-a6de-11de-9fc9-8343029f1291}\Shell - "" = AutoRun
O33 - MountPoints2\{7c24e7bd-a6de-11de-9fc9-8343029f1291}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7c24e7bd-a6de-11de-9fc9-8343029f1291}\Shell\AutoRun\command - "" = J:\AutoRun.exe -- File not found
O33 - MountPoints2\{823de2c4-c4b9-11de-a00f-958205810ad1}\Shell - "" = AutoRun
O33 - MountPoints2\{823de2c4-c4b9-11de-a00f-958205810ad1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{823de2c4-c4b9-11de-a00f-958205810ad1}\Shell\AutoRun\command - "" = J:\AutoRun.exe -- File not found
O33 - MountPoints2\{9d3e2c94-6d71-11dd-9d45-001a92975ac2}\Shell - "" = AutoRun
O33 - MountPoints2\{9d3e2c94-6d71-11dd-9d45-001a92975ac2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9d3e2c94-6d71-11dd-9d45-001a92975ac2}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{9d3e2c95-6d71-11dd-9d45-001a92975ac2}\Shell - "" = AutoRun
O33 - MountPoints2\{9d3e2c95-6d71-11dd-9d45-001a92975ac2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9d3e2c95-6d71-11dd-9d45-001a92975ac2}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{b3270af1-d686-11dd-9e30-0019d2cf3bfb}\Shell\AutoRun\command - "" = H:\wd_windows_tools\setup.exe -- File not found
O33 - MountPoints2\{beae5a2e-a2e6-11de-9fbe-0019d2cf3bfb}\Shell - "" = AutoRun
O33 - MountPoints2\{beae5a2e-a2e6-11de-9fbe-0019d2cf3bfb}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{beae5a2e-a2e6-11de-9fbe-0019d2cf3bfb}\Shell\AutoRun\command - "" = J:\AutoRun.exe -- File not found
O33 - MountPoints2\{beae5a31-a2e6-11de-9fbe-0019d2cf3bfb}\Shell - "" = AutoRun
O33 - MountPoints2\{beae5a31-a2e6-11de-9fbe-0019d2cf3bfb}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{beae5a31-a2e6-11de-9fbe-0019d2cf3bfb}\Shell\AutoRun\command - "" = J:\AutoRun.exe -- File not found
O33 - MountPoints2\{c9bc6f7e-be47-11de-9ffe-802dd8bd3e01}\Shell - "" = AutoRun
O33 - MountPoints2\{c9bc6f7e-be47-11de-9ffe-802dd8bd3e01}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c9bc6f7e-be47-11de-9ffe-802dd8bd3e01}\Shell\AutoRun\command - "" = J:\AutoRun.exe -- File not found
O33 - MountPoints2\{c9bc6f80-be47-11de-9ffe-802dd8bd3e01}\Shell - "" = AutoRun
O33 - MountPoints2\{c9bc6f80-be47-11de-9ffe-802dd8bd3e01}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c9bc6f80-be47-11de-9ffe-802dd8bd3e01}\Shell\AutoRun\command - "" = J:\AutoRun.exe -- File not found
O33 - MountPoints2\{c9bc6f83-be47-11de-9ffe-802dd8bd3e01}\Shell - "" = AutoRun
O33 - MountPoints2\{c9bc6f83-be47-11de-9ffe-802dd8bd3e01}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c9bc6f83-be47-11de-9ffe-802dd8bd3e01}\Shell\AutoRun\command - "" = J:\AutoRun.exe -- File not found
O33 - MountPoints2\{cf128743-a76f-11de-9fca-a18052e7b5c1}\Shell - "" = AutoRun
O33 - MountPoints2\{cf128743-a76f-11de-9fca-a18052e7b5c1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{cf128743-a76f-11de-9fca-a18052e7b5c1}\Shell\AutoRun\command - "" = J:\AutoRun.exe -- File not found
O33 - MountPoints2\{dd6e3076-ea4c-11de-a059-ea3216ac3600}\Shell\AutoRun\command - "" = I:\setupSNK.exe -- File not found
O33 - MountPoints2\{e21a5a48-be44-11de-9ffd-cce4b925a86a}\Shell - "" = AutoRun
O33 - MountPoints2\{e21a5a48-be44-11de-9ffd-cce4b925a86a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e21a5a48-be44-11de-9ffd-cce4b925a86a}\Shell\AutoRun\command - "" = J:\AutoRun.exe -- File not found
O33 - MountPoints2\{e73f2618-c0a9-11de-a002-001a92975ac2}\Shell - "" = AutoRun
O33 - MountPoints2\{e73f2618-c0a9-11de-a002-001a92975ac2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e73f2618-c0a9-11de-a002-001a92975ac2}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
@Alternate Data Stream - 229 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:8FF81EB0
@Alternate Data Stream - 133 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:05EE1EEF
@Alternate Data Stream - 110 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:888AFB86
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
25.06.2010, 17:37
| #9 |
| | Trojaner alias svchost. All processes killed ========== OTL ========== Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\{2FAD2502-6D10-80EC-D654-A9927BE7A4A2} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2FAD2502-6D10-80EC-D654-A9927BE7A4A2}\ not found. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{E59EB121-F339-4851-A3BA-FE49C35617C2}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E59EB121-F339-4851-A3BA-FE49C35617C2}\ not found. C:\Dokumente und Einstellungen\Mote\Eigene Dateien\Programme\ICQLite\ICQ6.5\ICQ.exe moved successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{E59EB121-F339-4851-A3BA-FE49C35617C2}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E59EB121-F339-4851-A3BA-FE49C35617C2}\ not found. File C:\Dokumente und Einstellungen\Mote\Eigene Dateien\Programme\ICQLite\ICQ6.5\ICQ.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{33ac2de4-c789-11de-a014-001a92975ac2}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33ac2de4-c789-11de-a014-001a92975ac2}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{33ac2de4-c789-11de-a014-001a92975ac2}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33ac2de4-c789-11de-a014-001a92975ac2}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{33ac2de4-c789-11de-a014-001a92975ac2}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33ac2de4-c789-11de-a014-001a92975ac2}\ not found. File J:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{33ac2de5-c789-11de-a014-001a92975ac2}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33ac2de5-c789-11de-a014-001a92975ac2}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{33ac2de5-c789-11de-a014-001a92975ac2}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33ac2de5-c789-11de-a014-001a92975ac2}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{33ac2de5-c789-11de-a014-001a92975ac2}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33ac2de5-c789-11de-a014-001a92975ac2}\ not found. File N:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5620a7d8-a530-11de-9fc5-001a92975ac2}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5620a7d8-a530-11de-9fc5-001a92975ac2}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5620a7d8-a530-11de-9fc5-001a92975ac2}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5620a7d8-a530-11de-9fc5-001a92975ac2}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5620a7d8-a530-11de-9fc5-001a92975ac2}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5620a7d8-a530-11de-9fc5-001a92975ac2}\ not found. File J:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5620a7db-a530-11de-9fc5-001a92975ac2}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5620a7db-a530-11de-9fc5-001a92975ac2}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5620a7db-a530-11de-9fc5-001a92975ac2}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5620a7db-a530-11de-9fc5-001a92975ac2}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5620a7db-a530-11de-9fc5-001a92975ac2}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5620a7db-a530-11de-9fc5-001a92975ac2}\ not found. File J:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{671dd2a2-e8d8-11de-a056-c5387a09ff0d}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{671dd2a2-e8d8-11de-a056-c5387a09ff0d}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{671dd2a2-e8d8-11de-a056-c5387a09ff0d}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{671dd2a2-e8d8-11de-a056-c5387a09ff0d}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{671dd2a2-e8d8-11de-a056-c5387a09ff0d}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{671dd2a2-e8d8-11de-a056-c5387a09ff0d}\ not found. File I:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6fad6603-254c-11df-a0c1-001a92975ac2}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6fad6603-254c-11df-a0c1-001a92975ac2}\ not found. File G:\EmDesk.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6fad6603-254c-11df-a0c1-001a92975ac2}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6fad6603-254c-11df-a0c1-001a92975ac2}\ not found. File G:\EmDesk.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7c24e7bc-a6de-11de-9fc9-8343029f1291}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7c24e7bc-a6de-11de-9fc9-8343029f1291}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7c24e7bc-a6de-11de-9fc9-8343029f1291}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7c24e7bc-a6de-11de-9fc9-8343029f1291}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7c24e7bc-a6de-11de-9fc9-8343029f1291}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7c24e7bc-a6de-11de-9fc9-8343029f1291}\ not found. File J:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7c24e7bd-a6de-11de-9fc9-8343029f1291}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7c24e7bd-a6de-11de-9fc9-8343029f1291}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7c24e7bd-a6de-11de-9fc9-8343029f1291}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7c24e7bd-a6de-11de-9fc9-8343029f1291}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7c24e7bd-a6de-11de-9fc9-8343029f1291}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7c24e7bd-a6de-11de-9fc9-8343029f1291}\ not found. File J:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{823de2c4-c4b9-11de-a00f-958205810ad1}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{823de2c4-c4b9-11de-a00f-958205810ad1}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{823de2c4-c4b9-11de-a00f-958205810ad1}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{823de2c4-c4b9-11de-a00f-958205810ad1}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{823de2c4-c4b9-11de-a00f-958205810ad1}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{823de2c4-c4b9-11de-a00f-958205810ad1}\ not found. File J:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9d3e2c94-6d71-11dd-9d45-001a92975ac2}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9d3e2c94-6d71-11dd-9d45-001a92975ac2}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9d3e2c94-6d71-11dd-9d45-001a92975ac2}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9d3e2c94-6d71-11dd-9d45-001a92975ac2}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9d3e2c94-6d71-11dd-9d45-001a92975ac2}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9d3e2c94-6d71-11dd-9d45-001a92975ac2}\ not found. File F:\StartVMCLite.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9d3e2c95-6d71-11dd-9d45-001a92975ac2}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9d3e2c95-6d71-11dd-9d45-001a92975ac2}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9d3e2c95-6d71-11dd-9d45-001a92975ac2}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9d3e2c95-6d71-11dd-9d45-001a92975ac2}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9d3e2c95-6d71-11dd-9d45-001a92975ac2}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9d3e2c95-6d71-11dd-9d45-001a92975ac2}\ not found. File F:\StartVMCLite.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b3270af1-d686-11dd-9e30-0019d2cf3bfb}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b3270af1-d686-11dd-9e30-0019d2cf3bfb}\ not found. File H:\wd_windows_tools\setup.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{beae5a2e-a2e6-11de-9fbe-0019d2cf3bfb}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{beae5a2e-a2e6-11de-9fbe-0019d2cf3bfb}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{beae5a2e-a2e6-11de-9fbe-0019d2cf3bfb}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{beae5a2e-a2e6-11de-9fbe-0019d2cf3bfb}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{beae5a2e-a2e6-11de-9fbe-0019d2cf3bfb}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{beae5a2e-a2e6-11de-9fbe-0019d2cf3bfb}\ not found. File J:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{beae5a31-a2e6-11de-9fbe-0019d2cf3bfb}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{beae5a31-a2e6-11de-9fbe-0019d2cf3bfb}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{beae5a31-a2e6-11de-9fbe-0019d2cf3bfb}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{beae5a31-a2e6-11de-9fbe-0019d2cf3bfb}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{beae5a31-a2e6-11de-9fbe-0019d2cf3bfb}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{beae5a31-a2e6-11de-9fbe-0019d2cf3bfb}\ not found. File J:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c9bc6f7e-be47-11de-9ffe-802dd8bd3e01}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c9bc6f7e-be47-11de-9ffe-802dd8bd3e01}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c9bc6f7e-be47-11de-9ffe-802dd8bd3e01}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c9bc6f7e-be47-11de-9ffe-802dd8bd3e01}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c9bc6f7e-be47-11de-9ffe-802dd8bd3e01}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c9bc6f7e-be47-11de-9ffe-802dd8bd3e01}\ not found. File J:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c9bc6f80-be47-11de-9ffe-802dd8bd3e01}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c9bc6f80-be47-11de-9ffe-802dd8bd3e01}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c9bc6f80-be47-11de-9ffe-802dd8bd3e01}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c9bc6f80-be47-11de-9ffe-802dd8bd3e01}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c9bc6f80-be47-11de-9ffe-802dd8bd3e01}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c9bc6f80-be47-11de-9ffe-802dd8bd3e01}\ not found. File J:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c9bc6f83-be47-11de-9ffe-802dd8bd3e01}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c9bc6f83-be47-11de-9ffe-802dd8bd3e01}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c9bc6f83-be47-11de-9ffe-802dd8bd3e01}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c9bc6f83-be47-11de-9ffe-802dd8bd3e01}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c9bc6f83-be47-11de-9ffe-802dd8bd3e01}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c9bc6f83-be47-11de-9ffe-802dd8bd3e01}\ not found. File J:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cf128743-a76f-11de-9fca-a18052e7b5c1}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cf128743-a76f-11de-9fca-a18052e7b5c1}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cf128743-a76f-11de-9fca-a18052e7b5c1}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cf128743-a76f-11de-9fca-a18052e7b5c1}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cf128743-a76f-11de-9fca-a18052e7b5c1}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cf128743-a76f-11de-9fca-a18052e7b5c1}\ not found. File J:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dd6e3076-ea4c-11de-a059-ea3216ac3600}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dd6e3076-ea4c-11de-a059-ea3216ac3600}\ not found. File I:\setupSNK.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e21a5a48-be44-11de-9ffd-cce4b925a86a}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e21a5a48-be44-11de-9ffd-cce4b925a86a}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e21a5a48-be44-11de-9ffd-cce4b925a86a}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e21a5a48-be44-11de-9ffd-cce4b925a86a}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e21a5a48-be44-11de-9ffd-cce4b925a86a}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e21a5a48-be44-11de-9ffd-cce4b925a86a}\ not found. File J:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e73f2618-c0a9-11de-a002-001a92975ac2}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e73f2618-c0a9-11de-a002-001a92975ac2}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e73f2618-c0a9-11de-a002-001a92975ac2}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e73f2618-c0a9-11de-a002-001a92975ac2}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e73f2618-c0a9-11de-a002-001a92975ac2}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e73f2618-c0a9-11de-a002-001a92975ac2}\ not found. File F:\AutoRun.exe not found. ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:8FF81EB0 deleted successfully. ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:05EE1EEF deleted successfully. ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:888AFB86 deleted successfully. ========== COMMANDS ========== C:\WINDOWS\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Mote ->Temp folder emptied: 1379100 bytes ->Temporary Internet Files folder emptied: 1111408 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 64265807 bytes ->Flash cache emptied: 3676 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 29846251 bytes ->Flash cache emptied: 3114 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 1119649 bytes %systemroot%\System32 .tmp files removed: 2951 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 16384 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 93,00 mb OTL by OldTimer - Version 3.2.7.0 log created on 06252010_183137 Files\Folders moved on Reboot... File\Folder C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\Y32KT86P\blank[1].gif not found! C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\Y32KT86P\news-ticker[1].htm moved successfully. File\Folder C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\GJ7OOO2W\home[1].htm not found! File\Folder C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\4IBTR0CM\EMERPEventCollector[1].htm not found! C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\4IBTR0CM\hoverfix[1].htc moved successfully. Registry entries deleted on Reboot... Ich hoffe das hilft nun =) Aber danke für die Antwort |
|
25.06.2010, 19:24
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner alias svchost. Ok. Bitte nun einen Lauf mit CF machen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Trojaner alias svchost. |
| adobe, bho, bonjour, browseui preloader, desktop, einstellungen, explorer, firefox, hkus\s-1-5-18, internet, internet explorer, logfile, plug-in, programm, programme, security, server, software, svchost, system, temp, trjoaner, trojaner, viren, virus, virus auf dem pc, windows, windows xp |
Linear-Darstellung
