![]() |
BDS/Bredolab.fjo +TR/ATRAPS.Gen2' [trojan und viele mehr........ Hallo ihre Lieben, ich hoffe ihr könnt mir weiterhelfen, denn ich bin auf diesen Gebiet absolut unerfahren. :killpc: Seit ungefähr einer Woche zeigt mein Antivir Programm im halben Stunden Taxt Virusmeldungen an: TR/ATRAPS.Gen2' [trojan , TR/Buzus.enth' [trojan], WORM/Palevo.aixw' und so weiter und so fort. Ich hab schon, wie hier empfohlen wurde, Malwarebytes, Randoms System und CCleaner installiert und durchlaufen lassen. Also Ergebnisse von Random System sind: (info.txt) : info.txt logfile of random's system information tool 1.06 2010-07-02 09:56:02 ======Uninstall list====== -->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 -->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER 32 Bit HP CIO Components Installer-->MsiExec.exe /I{2614F54E-A828-49FA-93BA-45A3F756BFAA} Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\FlashUtil10h_Plugin.exe -maintain plugin Adobe Photoshop Lightroom 2.7-->MsiExec.exe /I{B0513493-04B9-4F21-B4AB-83E750D54256} Adobe Reader 9.2 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A92000000001} Akamai NetSession Interface-->C:\Program Files\Common Files\Akamai\uninstall.exe Apple Application Support-->MsiExec.exe /I{553255F3-78FD-40F1-A6F8-6882140265FE} Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033} Atheros Driver Installation Program-->C:\Program Files\InstallShield Installation Information\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}\setup.exe -runfromtemp -l0x0007 Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE Catalyst Control Center - Branding-->MsiExec.exe /I{3FA93E4C-CB3B-4B25-B091-9DB0FCC56A74} CCleaner-->"C:\Program Files\CCleaner\uninst.exe" Cisco EAP-FAST Module-->MsiExec.exe /I{415B2719-AD3A-4944-B404-C472DB6085B3} Cisco LEAP Module-->MsiExec.exe /I{83770D14-21B9-44B3-8689-F7B523F94560} Cisco PEAP Module-->MsiExec.exe /I{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E} DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN DVD Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall eMule-->"C:\Program Files\eMule\Uninstall.exe" Escritorio movistar-->"C:\Program Files\Movistar\Escritorio movistar\Uninstall.exe" GIMP 2.6.5-->"C:\Program Files\GIMP-2.0\setup\unins000.exe" Google Earth-->MsiExec.exe /X{F7B0939E-58DF-11DF-B3A6-005056806466} Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT="" HP Customer Participation Program 10.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat HP Deskjet F4200 All-In-One Driver Software 10.0 Rel .3-->C:\Program Files\HP\Digital Imaging\{AE9A67F9-ADF1-4a44-BAB5-C1DB302B37A2}\setup\hpzscr01.exe -datfile hposcr28.dat -onestop HP Help and Support-->MsiExec.exe /X{31216452-5540-4C96-B754-94890A63D5AB} HP Imaging Device Functions 10.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat HP MULTIPLE MODEM INSTALLER for VISTA-->MsiExec.exe /I{9F238A60-C445-4B81-8EDE-07DC924E98F8} HP Photosmart Essential 2.5-->C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat HP Quick Launch Buttons 6.40 H2-->C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\Setup.exe -runfromtemp -l0x0007 -removeonly uninst HP Smart Web Printing 4.60-->C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpzscr01.exe -datfile hpqbud15.dat HP Solution Center 13.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat -forcereboot HP Update-->MsiExec.exe /X{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE} HUAWEI DataCard Driver 2.93-->C:\Program Files\HUAWEI Modem Driver\uninst.exe ICQ7-->"C:\Program Files\InstallShield Installation Information\{88EB38EF-4D2C-436D-ABD3-56B232674062}\ICQ7.exe" -runfromtemp -l0x0009 -removeonly IDT Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}\setup.exe" -l0x7 -remove -removeonly Java(TM) 6 Update 10-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF} JMicron JMB38X Flash Media Controller-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{26604C7E-A313-4D12-867F-7C6E7820BE4C}\setup.exe" -l0x7 -removeonly Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5} Kosten Express-->MsiExec.exe /I{8CC79171-F62D-4607-B6D4-F5EE0BAEC47C} LG USB Modem driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C3ABE126-2BB2-4246-BFE1-6797679B3579}\setup.exe" -l0x7 LG -removeonly Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Microsoft .NET Framework 3.5 Language Pack SP1 - DEU-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - deu\setup.exe Microsoft .NET Framework 3.5 Language Pack SP1 - deu-->MsiExec.exe /I{052FDD78-A6EA-3187-8386-C82F4CA3A929} Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6} Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570} Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8} Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475} Mozilla Firefox (3.5.10)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94} MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC} neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B} OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18} OpenOffice.org 3.0-->MsiExec.exe /I{04B45310-A5FE-4425-BFCA-1A6D8920DE74} PowerProducer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68} Rainlendar2 (remove only)-->"C:\Program Files\Rainlendar2\uninst.exe" RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 Realtek 8169 8168 8101E 8102E Ethernet Driver-->C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -l0x0007 -removeonly Shop for HP Supplies-->C:\Program Files\HP\Digital Imaging\HPSSupply\hpzscr01.exe -datfile hpqbud16.dat Skype™ 4.2-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36} Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT="" VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421} Windows Live Anmelde-Assistent-->MsiExec.exe /I{52B97218-98CB-4B8B-9283-D213C85E1AA4} Windows Live Call-->MsiExec.exe /I{5FC68772-6D56-41C6-9DF1-24E868198AE6} Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52} Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe Windows Live Essentials-->MsiExec.exe /I{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F} Windows Live Fotogalerie-->MsiExec.exe /X{2BA722D1-48D1-406E-9123-8AE5431D63EF} Windows Live Mail-->MsiExec.exe /I{C4D738F7-996A-4C81-B8FA-C4E26D767E41} Windows Live Messenger-->MsiExec.exe /X{41E654A9-26D0-4EAC-854B-0FA824FFFABB} Windows Live Movie Maker-->MsiExec.exe /X{3EFEF049-23D4-4B46-8903-4592FEA51018} Windows Live Sync-->MsiExec.exe /X{76618402-179D-4699-A66B-D351C59436BC} Windows Live-Uploadtool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238} WinRAR-->C:\Program Files\WinRAR\uninstall.exe ======Security center information====== AS: Windows Defender (disabled) ======System event log====== Computer Name: Pavilion Event Code: 7036 Message: Dienst "Sicherheitskonto-Manager" befindet sich jetzt im Status "Ausgeführt". Record Number: 159305 Source Name: Service Control Manager Time Written: 20100204151807.000000-000 Event Type: Informationen User: Computer Name: Pavilion Event Code: 7036 Message: Dienst "Sitzungs-Manager für Desktopfenster-Manager" befindet sich jetzt im Status "Ausgeführt". Record Number: 159304 Source Name: Service Control Manager Time Written: 20100204151807.000000-000 Event Type: Informationen User: Computer Name: Pavilion Event Code: 7036 Message: Dienst "HP Service" befindet sich jetzt im Status "Ausgeführt". Record Number: 159303 Source Name: Service Control Manager Time Written: 20100204151807.000000-000 Event Type: Informationen User: Computer Name: Pavilion Event Code: 7036 Message: Dienst "Softwarelizenzierung" befindet sich jetzt im Status "Ausgeführt". Record Number: 159302 Source Name: Service Control Manager Time Written: 20100204151807.000000-000 Event Type: Informationen User: Computer Name: Pavilion Event Code: 7036 Message: Dienst "Benachrichtigungsdienst für Systemereignisse" befindet sich jetzt im Status "Ausgeführt". Record Number: 159301 Source Name: Service Control Manager Time Written: 20100204151807.000000-000 Event Type: Informationen User: =====Application event log===== Computer Name: Pavilion Event Code: 0 und log.txt: Logfile of random's system information tool 1.07 (written by random/random) Run by Jennifer at 2010-07-02 09:54:49 Microsoft® Windows Vista™ Home Premium Service Pack 2 System drive C: has 141 GB (48%) free of 296 GB Total RAM: 3069 MB (53% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 09:56:00, on 02.07.2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v7.00 (7.00.6002.18005) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Movistar\Escritorio movistar\EMMSN.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\IDT\WDM\sttray.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Rainlendar2\Rainlendar2.exe C:\Program Files\ICQ7.0\ICQ.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\Windows\ehome\ehmsas.exe C:\Program Files\Movistar\Nori\Nori.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe C:\Windows\system32\conime.exe C:\Windows\system32\NOTEPAD.EXE C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Users\Jennifer\Downloads\RSIT.exe C:\Users\Jennifer\Downloads\RSIT.exe C:\Program Files\trend micro\Jennifer.exe C:\Program Files\Avira\AntiVir Desktop\GUARDGUI.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - - (no file) O1 - Hosts: ::1 localhost O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Ofb1 - {3E1500AC-87A5-416b-A211-82E848649DA9} - (no file) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - (no file) O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [Escritorio movistar] "C:\Program Files\Movistar\Escritorio movistar\EMMSN.exe" -systray O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [filecroc] "C:\Program Files\FileCroc\FileCroc.exe" -h O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h O4 - HKCU\..\Run: [BitComet] C:\Program Files\BitComet\BitComet.exe /tray O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe O4 - HKCU\..\Run: [{E6608647-EADF-5E2B-7EE2-2E9B7578AE1E}] C:\Users\Jennifer\AppData\Roaming\Oxytm\gehit.exe O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7.0\ICQ.exe" silent loginmode=4 O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe O9 - Extra button: HP Smart Web Printing ein- oder ausblenden - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\aestsrv.exe O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing) O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\STacSV.exe -- End of file - 8461 bytes ======Scheduled tasks folder====== C:\Windows\tasks\GoogleUpdateTaskMachineCore.job C:\Windows\tasks\GoogleUpdateTaskMachineUA.job C:\Windows\tasks\User_Feed_Synchronization-{A67B2776-B31A-4D6A-B519-C71A199677C3}.job C:\Windows\tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}] HP Print Enhancer - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22 328248] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}] RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-02-22 304736] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3E1500AC-87A5-416b-A211-82E848649DA9}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-20 320920] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live Anmelde-Hilfsprogramm - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] und der Report von Maleware : Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4266 Windows 6.0.6002 Service Pack 2 Internet Explorer 7.0.6002.18005 02.07.2010 10:37:53 mbam-log-2010-07-02 (10-37-53).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|) Durchsuchte Objekte: 213827 Laufzeit: 1 Stunde(n), 3 Minute(n), 3 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 5 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 1 Infizierte Dateien: 42 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CLASSES_ROOT\CLSID\{e7467507-dd40-4123-be49-7b7df5db80c6} (Trojan.Clicker) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3e1500ac-87a5-416b-a211-82e848649da9} (Trojan.Clicker) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3e1500ac-87a5-416b-a211-82e848649da9} (Trojan.Clicker) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Cognac (Rogue.Multiple) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\shell (Malware.Trace) -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: C:\Program Files\Ofb1 (Adware.OwlForce) -> Quarantined and deleted successfully. Infizierte Dateien: C:\Users\Jennifer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IQCLYBGV\update[1].exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Users\Jennifer\AppData\Local\Temp\~TM7C32.tmp (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Users\Jennifer\AppData\Local\Temp\1844874.exe (Packed.Krap) -> Quarantined and deleted successfully. C:\Users\Jennifer\AppData\Local\Temp\3269.exe (Packed.Krap) -> Quarantined and deleted successfully. C:\Users\Jennifer\AppData\Local\Temp\336390.exe (Packed.Krap) -> Quarantined and deleted successfully. C:\Users\Jennifer\AppData\Local\Temp\7873.exe (Packed.Krap) -> Quarantined and deleted successfully. C:\Users\Jennifer\AppData\Local\Temp\~TM1EA0.tmp (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Users\Jennifer\AppData\Local\Temp\~TM2011.tmp (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Users\Jennifer\AppData\Local\Temp\~TM212A.tmp (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Users\Jennifer\AppData\Local\Temp\~TM23D0.tmp (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Users\Jennifer\AppData\Local\Temp\~TM2700.tmp (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Users\Jennifer\AppData\Local\Temp\~TM277D.tmp (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Users\Jennifer\AppData\Local\Temp\~TM46DA.tmp (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Users\Jennifer\AppData\Local\Temp\~TM5188.tmp (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Users\Jennifer\AppData\Local\Temp\~TM6E5B.tmp (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Users\Jennifer\AppData\Local\Temp\~TM724F.tmp (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Users\Jennifer\AppData\Local\Temp\~TM7B54.tmp (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Users\Jennifer\AppData\Local\Temp\~TM8244.tmp (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Users\Jennifer\AppData\Local\Temp\~TM884C.tmp (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Users\Jennifer\AppData\Local\Temp\~TM893F.tmp (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Users\Jennifer\AppData\Local\Temp\~TM99C1.tmp (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Users\Jennifer\AppData\Local\Temp\~TM9B28.tmp (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Users\Jennifer\AppData\Local\Temp\~TMA57A.tmp (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Users\Jennifer\AppData\Local\Temp\~TMB43A.tmp (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Users\Jennifer\AppData\Local\Temp\~TMB4C6.tmp (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Users\Jennifer\AppData\Local\Temp\~TMB989.tmp (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Users\Jennifer\AppData\Local\Temp\~TMC09F.tmp (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Users\Jennifer\AppData\Local\Temp\~TMC0ED.tmp (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Users\Jennifer\AppData\Local\Temp\~TMC8AC.tmp (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Users\Jennifer\AppData\Local\Temp\~TMCB41.tmp (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Users\Jennifer\AppData\Local\Temp\~TMCC16.tmp (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Users\Jennifer\AppData\Local\Temp\~TMCC3B.tmp (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Users\Jennifer\AppData\Local\Temp\~TMCF22.tmp (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Users\Jennifer\AppData\Local\Temp\~TME49D.tmp (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Users\Jennifer\AppData\Local\Temp\~TMEEB7.tmp (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Users\Jennifer\AppData\Local\Temp\~TMF2F5.tmp (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Users\Jennifer\AppData\Local\Temp\~TMF334.tmp (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Users\Jennifer\AppData\Local\Temp\~TMF7BA.tmp (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Users\Jennifer\AppData\Local\Temp\~TMFD46.tmp (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Users\Jennifer\AppData\Local\Temp\~TMFF2D.tmp (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Users\Jennifer\Downloads\eMule\Incoming\07 - The Maytals - 54-46 Was My Number\setup.exe (Adware.Agent) -> Quarantined and deleted successfully. C:\Windows\Tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job (Trojan.Downloader) -> Quarantined and deleted successfully. Bin mal gespannt, was ihr jetzt dazu sagt........:balla: Danke im Vorraus. Liebe Grüsse Jenny |
Und hier ist noch was. Vielleicht auch wichtig. [11.02.2009|21:34] C:\Program Files\Common Files\Windows Live [22.12.2008|18:54] C:\Program Files\Common Files\WindowsLiveInstaller [22.02.2009|17:20] C:\Program Files\Common Files\xing shared [0|Datei(en),] C:\Program Files\Common Files\Bytes [20|Verzeichnis(se),] C:\Program Files\Common Files\Bytes frei --------------------\\ Process ( 78 Processes ) ... OK ! --------------------\\ Ueberpruefung mit S_Lop Kein Lop Ordner gefunden ! --------------------\\ Suche nach Lop Dateien - Ordnern C:\Users\Jennifer\AppData\Local\Temp\nsxAB01.tmp C:\Users\Jennifer\AppData\Roaming\MICROS~1\Windows\Cookies\jennifer@advertising[2].txt --------------------\\ Suche innerhalb der Registry ..... OK ! --------------------\\ Ueberpruefung der Hosts Datei Hosts Datei SAUBER --------------------\\ Suche nach verborgenen Dateien mit Catchme catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net Rootkit scan 2010-07-02 09:26:29 Windows 6.0.6002 Service Pack 2 NTFS scanning hidden processes ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden files: 0 --------------------\\ Suche nach anderen Infektionen --------------------\\ Cracks & Keygens .. C:\Users\Jennifer\Music\Raffa\Musik\sfsae\MP3\Neuer Ordner\Magda - 48 Hour Crack In Your Bass.mp3 [F:664][D:56]-> C:\Users\Jennifer\AppData\Local\Temp [F:92][D:1]-> C:\Users\Jennifer\AppData\Roaming\MICROS~1\Windows\Cookies [F:4604][D:12]-> C:\Users\Jennifer\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5 [F:18][D:4]-> C:\$Recycle.Bin 1 - "C:\Lop SD\LopR_1.txt" - 02.07.2010| 9:29 - Option : [1] --------------------\\ Scan beendet um 9:29:27 [ UAC => 1 ] Vielen vielen Danke schon im Vorraus. Liebe Grüsse, Jenny |
Alle Zeitangaben in WEZ +1. Es ist jetzt 01:50 Uhr. |
Copyright ©2000-2025, Trojaner-Board