Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Lästige Meldungen: Hostprozess für Windows-Dienste wird geschlossen/Autorun blockiert (https://www.trojaner-board.de/87086-laestige-meldungen-hostprozess-windows-dienste-geschlossen-autorun-blockiert.html)

omts 12.06.2010 19:08
Lästige Meldungen: Hostprozess für Windows-Dienste wird geschlossen/Autorun blockiert
 
Hallo,

seit Gerstern bekomme ich von Windows (Hostprozess für Windows-Dienste wurde beendet und geschlossen.) und Antivir (blockt den Autorun von mir unbekannten Dateien) lästige Meldungen.

Ich habe bisher nur Malwarebytes' Anti-Malware laufen lassen, dass hat aber nicht geholfen.

Wäre echt nett, wenn mir jemand helfen könnte!

mfg

Hijackthis Logfile:

HiJackthis Logfile:
Code:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:04:48, on 12.06.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18928)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\sony\ISB Utility\ISBMgr.exe
C:\Program Files\sony\Marketing Tools\MarketingTools.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\sony\Network Utility\LANUtil.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\taskeng.exe
C:\Users\Saturn\Downloads\HiJackThis204.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [MarketingTools] C:\Program Files\Sony\Marketing Tools\MarketingTools.exe
O4 - HKLM\..\Run: [AML] C:\Program Files\Sony\VAIO Launcher\AML.exe InitApp
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [NSUFloatingUI] "C:\Program Files\Sony\Network Utility\LANUtil.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: CarbonPoker - {e4e8c758-34b4-44bb-8ef9-1f0786e81d2d} - C:\Users\Saturn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CarbonPoker\CarbonPoker.lnk (HKCU)
O15 - Trusted Zone: www.corel.com
O15 - Trusted Zone: hxxp://*.corel.com
O15 - Trusted Zone: www.intervideo.com
O15 - Trusted Zone: hxxp://*.intervideo.com
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} (WRC Class) - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{9A2B3684-2397-4ECF-9398-7443ADCDA1E4}: NameServer = 192.168.0.2
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - c:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: IviRegMgr - InterVideo - c:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: NSUService - Sony Corporation - C:\Program Files\sony\Network Utility\NSUService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: VAIO Media plus Content Importer (SOHCImp) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\SOHLib\SOHCImp.exe
O23 - Service: VAIO Media plus Database Manager (SOHDBSvr) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe
O23 - Service: VAIO Media plus Digital Media Server (SOHDms) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDms.exe
O23 - Service: VAIO Media plus Device Searcher (SOHDs) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDs.exe
O23 - Service: VAIO Media plus Playlist Manager (SOHPlMgr) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe
O23 - Service: CamMonitor (uCamMonitor) - ArcSoft, Inc. - C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Power Management - Sony Corporation - C:\Program Files\Sony\VAIO Power Management\SPMService.exe
O23 - Service: VAIO Content Folder Watcher (VCFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VUAgent - Sony Corporation - C:\Program Files\sony\VAIO Update 5\VUAgent.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

--
End of file - 10029 bytes
--- --- ---

markusg 12.06.2010 20:07
öffne malwarebytes, registerkarte berichte, poste den scan log.
bitte erstelle und poste ein combofix log.
Ein Leitfaden und Tutorium zur Nutzung von ComboFix

omts 12.06.2010 22:23
Ist ja schonmal sehr lobenswert, dass gleich jemand helfen will, danke!

Hier die beiden Berichte:

Combofix Logfile:
Code:
ComboFix 10-06-11.01 - Saturn 12.06.2010  23:01:03.1.2 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.49.1031.18.3038.1579 [GMT 2:00]
ausgeführt von:: c:\users\Saturn\Downloads\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
c:\users\Saturn\AppData\Roaming\.#
c:\users\Saturn\AppData\Roaming\.#\MBX@1394@1C12738.###
c:\users\Saturn\AppData\Roaming\.#\MBX@1394@1C12768.###
c:\users\Saturn\AppData\Roaming\.#\MBX@147C@B02738.###
c:\users\Saturn\AppData\Roaming\.#\MBX@147C@B02768.###
c:\users\Saturn\AppData\Roaming\MSA
c:\windows\system32\Thumbs.db
c:\windows\Zpazia.exe

----- BITS: Eventuell infizierte Webseiten -----

hxxp://ads1.msads.net
Infizierte Kopie von c:\windows\system32\DRIVERS\DMICall.sys wurde gefunden und desinfiziert
Kopie von - Kitty ate it :p wurde wiederhergestellt
.
(((((((((((((((((((((((  Dateien erstellt von 2010-05-12 bis 2010-06-12  ))))))))))))))))))))))))))))))
.

2010-06-12 21:10 . 2010-06-12 21:11        --------        d-----w-        c:\users\Saturn\AppData\Local\temp
2010-06-12 21:10 . 2010-06-12 21:10        --------        d-----w-        c:\users\Default\AppData\Local\temp
2010-06-12 17:04 . 2010-06-12 17:04        0        ----a-w-        c:\windows\nsreg.dat
2010-06-12 13:15 . 2010-06-12 13:15        --------        d-----w-        c:\users\Saturn\AppData\Roaming\StreamTorrent
2010-06-12 13:15 . 2010-06-12 13:15        --------        d-----w-        c:\program files\StreamTorrent 1.0
2010-06-12 11:12 . 2010-06-12 11:23        --------        d-----w-        c:\program files\RegTweaker
2010-06-12 03:32 . 2010-06-12 03:32        --------        d-----w-        c:\users\Saturn\AppData\Roaming\Malwarebytes
2010-06-12 03:32 . 2010-04-29 13:39        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-12 03:32 . 2010-06-12 03:32        --------        d-----w-        c:\programdata\Malwarebytes
2010-06-12 03:32 . 2010-04-29 13:39        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys
2010-06-12 03:32 . 2010-06-12 03:32        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2010-06-11 16:08 . 2010-06-12 03:10        --------        d-----w-        c:\windows\system32\MpEngineStore
2010-06-11 14:55 . 2010-06-11 14:55        --------        d-----w-        c:\program files\Veetle
2010-06-11 14:48 . 2010-06-11 14:48        --------        d-----w-        c:\program files\SopCast
2010-06-09 10:44 . 2010-05-01 14:13        2037248        ----a-w-        c:\windows\system32\win32k.sys
2010-06-09 09:49 . 2010-04-05 17:01        67072        ----a-w-        c:\windows\system32\asycfilt.dll
2010-06-09 09:48 . 2010-05-26 17:06        34304        ----a-w-        c:\windows\system32\atmlib.dll
2010-06-09 09:48 . 2010-05-26 14:47        289792        ----a-w-        c:\windows\system32\atmfd.dll
2010-06-08 22:20 . 2010-06-10 18:39        --------        d-----w-        c:\users\Saturn\AppData\Roaming\Apple Computer
2010-06-08 22:20 . 2010-06-08 22:20        --------        d-----w-        c:\users\Saturn\AppData\Local\Apple Computer
2010-06-08 22:19 . 2010-06-12 13:05        --------        dc----w-        c:\windows\system32\DRVSTORE
2010-06-08 22:17 . 2010-06-08 22:19        --------        d-----w-        c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-06-08 22:13 . 2010-06-08 22:14        --------        d-----w-        c:\program files\QuickTime
2010-06-08 22:12 . 2010-06-08 22:17        --------        d-----w-        c:\programdata\Apple Computer
2010-06-08 22:12 . 2010-06-08 22:12        --------        d-----w-        c:\users\Saturn\AppData\Local\Apple
2010-06-08 22:07 . 2010-06-12 18:11        --------        d-----w-        c:\programdata\Apple
2010-06-08 22:07 . 2010-06-12 13:06        --------        d-----w-        c:\program files\Common Files\Apple
2010-06-05 01:43 . 2010-06-05 01:49        --------        d-----w-        c:\program files\Everest Poker
2010-06-04 04:19 . 2010-06-04 04:19        --------        d-----w-        c:\users\Saturn\AppData\Local\ArcSoft
2010-05-26 22:08 . 2010-05-26 22:08        --------        d-sh--we        c:\windows\system32\config\systemprofile\Lokale Einstellungen
2010-05-26 22:08 . 2010-05-26 22:08        --------        d-sh--we        c:\windows\system32\config\systemprofile\Anwendungsdaten
2010-05-26 21:25 . 2010-05-26 21:29        --------        d-----w-        c:\users\Saturn\AppData\Local\Microsoft Games
2010-05-26 11:03 . 2010-04-23 14:13        2048        ----a-w-        c:\windows\system32\tzres.dll
2010-05-24 13:42 . 2010-05-24 13:42        --------        d-----w-        c:\program files\DotAzilla
2010-05-23 13:27 . 2010-05-26 22:07        --------        d-----w-        c:\programdata\ArcSoft
2010-05-23 13:26 . 2010-05-26 22:07        --------        d-----w-        c:\users\Saturn\AppData\Roaming\ArcSoft
2010-05-20 12:14 . 2010-05-20 12:14        40        ----a-w-        c:\windows\ujf635.bin
2010-05-20 12:14 . 2010-05-20 12:14        --------        d-----w-        c:\program files\Betfair
2010-05-20 12:13 . 2010-05-20 12:13        --------        d-----w-        c:\users\Saturn\AppData\Local\Downloaded Installations
2010-05-18 09:42 . 2010-05-18 09:42        --------        d-----w-        c:\users\Saturn\AppData\Roaming\Command and Conquer 4
2010-05-18 08:44 . 2010-05-18 09:42        --------        d-----w-        c:\program files\Command & Conquer 4 Tiberian Twilight
2010-05-17 18:37 . 2010-05-17 18:37        --------        d-----w-        c:\program files\SubDownloader2

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-12 21:10 . 2009-03-24 09:12        12        ----a-w-        c:\windows\bthservsdp.dat
2010-06-12 21:06 . 2008-01-21 07:15        621942        ----a-w-        c:\windows\system32\perfh007.dat
2010-06-12 21:06 . 2008-01-21 07:15        123860        ----a-w-        c:\windows\system32\perfc007.dat
2010-06-12 20:59 . 2010-04-13 19:06        27934        ----a-w-        c:\programdata\nvModes.dat
2010-06-12 17:15 . 2010-04-17 12:24        --------        d-----w-        c:\program files\Warcraft III
2010-06-12 11:37 . 2010-04-09 13:00        97104        ----a-w-        c:\users\Saturn\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-12 03:30 . 2010-04-12 19:58        1356        ----a-w-        c:\users\Saturn\AppData\Local\d3d9caps.dat
2010-06-11 00:30 . 2010-04-13 10:08        --------        d-----w-        c:\users\Saturn\AppData\Roaming\uTorrent
2010-06-10 21:34 . 2010-04-17 18:36        --------        d-----w-        c:\program files\JDownloader
2010-06-09 18:23 . 2006-11-02 11:18        --------        d-----w-        c:\program files\Windows Mail
2010-06-09 15:23 . 2010-04-12 18:36        --------        d-----w-        c:\users\Saturn\AppData\Roaming\vlc
2010-06-06 14:59 . 2010-04-18 23:36        --------        d-----w-        c:\program files\Microsoft Silverlight
2010-06-05 01:32 . 2010-05-10 19:09        --------        d-----w-        c:\program files\CarbonPoker
2010-06-01 01:51 . 2010-04-12 19:26        --------        d-----w-        c:\users\Saturn\AppData\Roaming\dvdcss
2010-05-27 01:34 . 2010-03-17 13:19        --------        d-----w-        c:\program files\Microsoft
2010-05-26 22:41 . 2010-04-27 23:41        --------        d-----w-        c:\program files\Modern Warfare 2
2010-05-26 22:09 . 2009-03-24 10:12        --------        d--h--w-        c:\program files\InstallShield Installation Information
2010-05-26 22:06 . 2010-03-17 12:51        --------        d-----w-        c:\programdata\McAfee
2010-05-25 12:04 . 2010-04-17 18:37        --------        d-----w-        c:\program files\uTorrent
2010-05-24 13:09 . 2010-03-17 12:50        --------        d-----w-        c:\program files\Google
2010-05-23 13:33 . 2009-03-24 09:28        --------        d-----w-        c:\program files\sony
2010-05-23 13:29 . 2009-03-24 12:36        --------        d-----w-        c:\programdata\Sony Corporation
2010-05-23 10:21 . 2010-04-26 23:51        --------        d-----w-        c:\users\Saturn\AppData\Roaming\BSW
2010-05-17 13:45 . 2010-04-13 10:04        --------        d-----w-        c:\users\Saturn\AppData\Roaming\FileZilla
2010-05-12 09:21 . 2010-04-12 20:28        221568        ------w-        c:\windows\system32\MpSigStub.exe
2010-05-07 01:35 . 2010-04-19 23:41        --------        d-----w-        c:\program files\PokerStars
2010-05-04 05:59 . 2010-06-09 11:21        916480        ----a-w-        c:\windows\system32\wininet.dll
2010-05-04 05:55 . 2010-06-09 11:21        71680        ----a-w-        c:\windows\system32\iesetup.dll
2010-05-04 05:55 . 2010-06-09 11:21        109056        ----a-w-        c:\windows\system32\iesysprep.dll
2010-05-04 04:31 . 2010-06-09 11:21        133632        ----a-w-        c:\windows\system32\ieUnatt.exe
2010-04-28 16:26 . 2010-04-28 16:26        --------        d-----w-        c:\program files\Common Files\Java
2010-04-28 16:25 . 2009-03-24 12:37        --------        d-----w-        c:\program files\Java
2010-04-27 00:06 . 2010-04-26 23:30        --------        d-----w-        c:\users\Saturn\AppData\Roaming\Winamp
2010-04-26 23:51 . 2010-04-26 23:51        --------        d-----w-        c:\program files\BSW
2010-04-26 23:32 . 2010-04-26 23:30        --------        d-----w-        c:\program files\Winamp
2010-04-26 23:30 . 2010-04-26 23:30        --------        d-----w-        c:\program files\Winamp Detect
2010-04-23 14:45 . 2010-04-14 13:09        --------        d-----w-        c:\programdata\Roxio
2010-04-20 10:28 . 2010-04-17 18:40        --------        d-----w-        c:\program files\FileZilla FTP Client
2010-04-18 19:47 . 2010-04-18 19:47        --------        d-----w-        c:\program files\Windows Portable Devices
2010-04-18 19:47 . 2006-11-02 10:25        665600        ----a-w-        c:\windows\inf\drvindex.dat
2010-04-18 19:47 . 2010-04-18 19:47        0        ---ha-w-        c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2010-04-18 19:47 . 2010-04-18 19:47        0        ---ha-w-        c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-04-18 03:02 . 2009-03-24 10:10        --------        d-----w-        c:\programdata\NVIDIA
2010-04-18 02:54 . 2006-11-02 12:37        --------        d-----w-        c:\program files\Windows Calendar
2010-04-18 02:53 . 2006-11-02 12:37        --------        d-----w-        c:\program files\Windows Sidebar
2010-04-18 02:53 . 2006-11-02 12:37        --------        d-----w-        c:\program files\Windows Collaboration
2010-04-18 02:53 . 2006-11-02 12:37        --------        d-----w-        c:\program files\Windows Journal
2010-04-18 02:53 . 2006-11-02 12:37        --------        d-----w-        c:\program files\Windows Photo Gallery
2010-04-18 02:53 . 2006-11-02 12:37        --------        d-----w-        c:\program files\Windows Defender
2010-04-18 02:40 . 2010-03-17 12:58        --------        d-----w-        c:\program files\Microsoft Works
2010-04-18 02:19 . 2010-04-18 02:19        --------        d-----w-        c:\program files\Microsoft.NET
2010-04-18 00:32 . 2010-04-18 00:19        77216        ----a-w-        c:\windows\War3Unin.dat
2010-04-18 00:29 . 2010-04-18 00:27        --------        d-----w-        c:\program files\Warkeys
2010-04-18 00:27 . 2010-04-18 00:19        2829        ----a-w-        c:\windows\War3Unin.pif
2010-04-18 00:27 . 2010-04-18 00:19        139264        ----a-w-        c:\windows\War3Unin.exe
2010-04-17 18:54 . 2010-04-17 18:54        --------        d-----w-        c:\users\Saturn\AppData\Roaming\Template
2010-04-17 18:53 . 2010-04-17 18:53        0        ----a-w-        c:\users\Saturn\AppData\Roaming\wklnhst.dat
2010-04-17 18:48 . 2010-03-17 12:56        --------        d-----w-        c:\programdata\Microsoft Help
2010-04-17 18:38 . 2010-04-16 09:54        --------        d-----w-        c:\program files\Rockstar Games
2010-04-17 12:40 . 2010-04-17 12:40        --------        d-----w-        c:\program files\Blamestar
2010-04-16 11:01 . 2010-04-16 09:41        --------        d-----w-        c:\users\Saturn\AppData\Roaming\DAEMON Tools Lite
2010-04-16 10:55 . 2010-04-16 10:55        --------        d--h--r-        c:\users\Saturn\AppData\Roaming\SecuROM
2010-04-16 10:44 . 2010-04-16 10:44        107888        ----a-w-        c:\windows\system32\CmdLineExt.dll
2010-04-16 10:43 . 2010-04-16 10:43        --------        d-----w-        c:\program files\Microsoft Games for Windows - LIVE
2010-04-16 09:44 . 2010-04-16 09:42        --------        d-----w-        c:\program files\DAEMON Tools Lite
2010-04-16 09:43 . 2010-04-16 09:43        691696        ----a-w-        c:\windows\system32\drivers\sptd.sys
2010-04-16 09:42 . 2010-04-16 09:41        --------        d-----w-        c:\programdata\DAEMON Tools Lite
2010-04-15 20:03 . 2010-04-15 20:03        --------        d-----w-        c:\users\Saturn\AppData\Roaming\Avira
2010-04-14 13:09 . 2010-04-14 13:09        --------        d-----w-        c:\users\Saturn\AppData\Roaming\Roxio
2010-04-12 15:29 . 2010-04-28 16:25        411368        ----a-w-        c:\windows\system32\deployJava1.dll
2010-03-17 12:34 . 2010-03-17 12:34        --------        d-----w-        c:\windows\Fonts\Fonts
.

((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NSUFloatingUI"="c:\program files\Sony\Network Utility\LANUtil.exe" [2008-12-21 274432]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-01-06 6703648]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-10 835584]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-12-03 35184]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-15 178712]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2008-12-18 317288]
"MarketingTools"="c:\program files\Sony\Marketing Tools\MarketingTools.exe" [2010-03-17 26112]
"AML"="c:\program files\Sony\VAIO Launcher\AML.exe" [2009-03-09 1101824]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-06 13548064]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-06 92704]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-1-24 780840]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"qmbrjsmvcloopryofxrcTaskMgr"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2009-01-19 11:49        98304        ----a-w-        c:\windows\System32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):49,2e,6d,54,a3,de,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3461945426-2934123827-3769892102-1000]
"EnableNotificationsRef"=dword:00000001

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-21 136176]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-02-19 29736]
R3 SOHCImp;VAIO Media plus Content Importer;c:\program files\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2009-01-20 120104]
R3 SOHDBSvr;VAIO Media plus Database Manager;c:\program files\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2009-01-20 70952]
R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\Common Files\Sony Shared\SOHLib\SOHDms.exe [2009-01-20 390440]
R3 SOHDs;VAIO Media plus Device Searcher;c:\program files\Common Files\Sony Shared\SOHLib\SOHDs.exe [2009-01-20 75048]
R3 SOHPlMgr;VAIO Media plus Playlist Manager;c:\program files\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2009-01-20 91432]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2009-09-08 83312]
R3 VUAgent;VUAgent;c:\program files\sony\VAIO Update 5\VUAgent.exe [2009-12-08 673136]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-04-16 691696]
S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-12-08 169312]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
S2 NSUService;NSUService;c:\program files\sony\Network Utility\NSUService.exe [2008-12-21 303104]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 11032]
S2 uCamMonitor;CamMonitor;c:\program files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2008-12-19 415592]
S2 VCFw;VAIO Content Folder Watcher;c:\program files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-03-05 5189992]
S2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2009-09-16 480624]
S2 yksvc;Marvell Yukon Service;c:\windows\System32\svchost.exe [2008-01-21 21504]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2008-04-24 17920]
S3 JMCR_CFS;JMCR_CFS;c:\windows\system32\DRIVERS\jmcr_cfs.sys [2008-11-06 55696]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2009-05-28 4233728]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-03-06 44064]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2008-11-19 9344]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs        REG_MULTI_SZ          BthServ
yksvcs        REG_MULTI_SZ          yksvc
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache
.
Inhalt des "geplante Tasks" Ordners

2010-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-21 13:58]

2010-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-21 13:58]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page =
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: corel.com
Trusted Zone: corel.com\www
Trusted Zone: intervideo.com
Trusted Zone: intervideo.com\www
TCP: {9A2B3684-2397-4ECF-9398-7443ADCDA1E4} = 192.168.0.2
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
FF - ProfilePath - c:\users\Saturn\AppData\Roaming\Mozilla\Firefox\Profiles\jq0eno2u.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig/redirectdomain?brand=SNYT&bmod=EU01
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll
FF - plugin: c:\users\Saturn\AppData\Local\RunRev\revWebPlayer\nprevweb.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

SafeBoot-dmboot.sys
SafeBoot-dmio.sys
SafeBoot-dmload.sys
SafeBoot-dmadmin
SafeBoot-dmserver
SafeBoot-SRService



**************************************************************************
Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien:

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-3461945426-2934123827-3769892102-1000\Software\SecuROM\License information*]
"datasecu"=hex:4e,0a,09,13,1c,79,bd,5e,3c,22,d8,04,2d,0d,a3,20,48,0c,36,ae,5a,
  f2,ed,33,eb,a9,24,91,ae,97,54,0b,e0,bc,fa,7d,ec,95,b8,5c,e2,52,0a,e7,02,fe,\
"rkeysecu"=hex:5c,bc,52,de,00,3c,d3,9d,3f,4b,82,3a,a8,8c,89,08
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'Explorer.exe'(1400)
c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\WLANExt.exe
c:\program files\Sony\VAIO Update 5\VAIOUpdt.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\sony\VAIO Event Service\VESMgr.exe
c:\windows\system32\DllHost.exe
c:\program files\sony\VAIO Event Service\VESMgrSub.exe
c:\windows\system32\DllHost.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\WUDFHost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\System32\rundll32.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Sony\VAIO Power Management\SPMgr.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-06-12  23:19:01 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2010-06-12 21:18

Vor Suchlauf: 11 Verzeichnis(se), 194.037.124.096 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 195.631.257.088 Bytes frei

- - End Of File - - 11FAF3C8C10600B3B490F15E5E2AB7E4
--- --- ---


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4190

Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.18928

12.06.2010 13:01:57
mbam-log-2010-06-12 (13-01-57).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 268743
Laufzeit: 51 Minute(n), 20 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 4
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 7

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\V71IQL7HI7 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\M5T8QL3YW3 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\halo2 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\m5t8ql3yw3 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Windows\System32\sshnas21.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\Command & Conquer 4 Tiberian Twilight\CNC4.exe (Hacktool.Gen) -> Quarantined and deleted successfully.
C:\Users\Saturn\AppData\Local\Temp\Zwz.exe (Trojan.Fraudpack) -> Quarantined and deleted successfully.
C:\Users\Saturn\Downloads\Everest Poker.exe (PUP.Casino) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Saturn\AppData\Local\Temp\Zw1.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

markusg 13.06.2010 10:15
Klicke start, programme, zubehör, editor, kopiere rein:

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"qmbrjsmvcloopryofxrcTaskMgr"= 0 (0x0)


Datei speichern unter, typ alle, name
cfscript.txt
speicherort, dort wo sich combofix.exe befindet.
ziehe cfscript auf combofix, programm startet, log posten.


Alle Zeitangaben in WEZ +1. Es ist jetzt 03:41 Uhr.

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28