Home » Viren, Trojaner & Malware Forum » trojan dns.changer + keylogger king home +recipe rewards +search toolbar » Themenansicht
trojan dns.changer + keylogger king home +recipe rewards +search toolbar |
||
|---|---|---|
| #0
| ||
|
12.10.2006, 20:06
Member
Beiträge: 13 |
||
 
|
|
|
|
13.10.2006, 13:01
Ehrenmitglied
 Beiträge: 29434 |
#2
scanne und poste den scanreport
http://virus-protect.org/counterspy.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
13.10.2006, 16:46
Member
Themenstarter Beiträge: 13 |
#3
Spyware Scan Details
Start Date: 13.10.2006 16:07:56 End Date: 13.10.2006 16:39:30 Total Time: 31 mins 34 secs Detected spyware Trojan.Vxgame Trojan more information... Details: Trojan.Vxgame is a trojan program that silently downloads additional malware from the internet and lowers the system's security settings by disabling the Windows firewall. Status: Ignored Infected files detected c:\windows\system32\svcp.csv c:\windows\system32\winsub.xml Browzar Potentially Unwanted Program more information... Status: Ignored Infected files detected C:\Dokumente und Einstellungen\Michael Türk\Eigene Dateien\Sonstiges\Programme\Browzar\BrowzarSilverWin.exe SearchIt Toolbar Toolbar more information... Details: SearchIt Toolbar is a search toolbar that displays popup advertising in Internet Explorer once it is installed. Status: Ignored Infected files detected C:\Programme\Mein PONSline\MeinPONSline.dll Cookie: Advertising.com Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Ignored Infected cookies detected c:\dokumente und einstellungen\elisabeth türk\cookies\elisabeth türk@advertising[1].txt Cookie: ATDMT.com Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Ignored Infected cookies detected c:\dokumente und einstellungen\elisabeth türk\cookies\elisabeth türk@atdmt[1].txt Cookie: DoubleClick Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Ignored Infected cookies detected c:\dokumente und einstellungen\elisabeth türk\cookies\elisabeth türk@doubleclick[1].txt Cookie: Hitbox.com Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Ignored Infected cookies detected c:\dokumente und einstellungen\elisabeth türk\cookies\elisabeth türk@hitbox[1].txt Cookie: IndexTools.com Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Ignored Infected cookies detected c:\dokumente und einstellungen\elisabeth türk\cookies\elisabeth türk@indextools[2].txt Cookie: Mediaplex.com Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Ignored Infected cookies detected c:\dokumente und einstellungen\elisabeth türk\cookies\elisabeth türk@mediaplex[1].txt Cookie: SpyLog.com Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Ignored Infected cookies detected c:\dokumente und einstellungen\elisabeth türk\cookies\elisabeth türk@spylog[1].txt |
|
|
|
|
|
|
13.10.2006, 17:02
Ehrenmitglied
Beiträge: 29434 |
#4
saturn99999
1. Avenger http://virus-protect.org/artikel/tools/avenger.html kopiere rein Zitat Files to delete:Klicke die gruene Ampel das Script wird nun ausgeführt, dann wird der PC automatisch neustarten ** öffne das HijackThis -- Button "scan" -- vor diese Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten Zitat O2 - BHO: XBTP00885 - {B4DDA9EA-F885-4dea-9DDC-4455A858F993} - C:\PROGRA~1\MEINPO~1\tbu3\MEINPO~1.DLL** scane noch mal mit Counterspy, stelle nach dem scan alles auf "remove" __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
13.10.2006, 18:07
Member
Themenstarter Beiträge: 13 |
#5
Spyware Scan Details
Start Date: 13.10.2006 17:36:58 End Date: 13.10.2006 18:00:43 Total Time: 23 mins 45 secs Detected spyware Cookie: Advertising.com Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Ignored Infected cookies detected c:\dokumente und einstellungen\elisabeth türk\cookies\elisabeth türk@advertising[1].txt Cookie: ATDMT.com Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Ignored Infected cookies detected c:\dokumente und einstellungen\elisabeth türk\cookies\elisabeth türk@atdmt[1].txt Cookie: DoubleClick Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Ignored Infected cookies detected c:\dokumente und einstellungen\elisabeth türk\cookies\elisabeth türk@doubleclick[1].txt Cookie: Hitbox.com Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Ignored Infected cookies detected c:\dokumente und einstellungen\elisabeth türk\cookies\elisabeth türk@hitbox[1].txt Cookie: IndexTools.com Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Ignored Infected cookies detected c:\dokumente und einstellungen\elisabeth türk\cookies\elisabeth türk@indextools[2].txt Cookie: Mediaplex.com Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Ignored Infected cookies detected c:\dokumente und einstellungen\elisabeth türk\cookies\elisabeth türk@mediaplex[1].txt Cookie: SpyLog.com Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Ignored Infected cookies detected c:\dokumente und einstellungen\elisabeth türk\cookies\elisabeth türk@spylog[1].txt |
|
|
|
|
|
|
14.10.2006, 00:58
Ehrenmitglied
Beiträge: 29434 |
#6
scanne und poste den report
http://virus-protect.org/a2.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
14.10.2006, 18:12
Member
Themenstarter Beiträge: 13 |
#7
here you are, ist wohl wieder ein trojaner gefunden worden...
a-squared Anti-Malware - Version 2.0 Scan Einstellungen: Objekte: Speicher, Traces, Cookies, C:\ Archiv Scan: An Heuristik: An ADS Scan: An Scan Beginn: 14.10.2006 13:19:49 Key: HKEY_CLASSES_ROOT\keyfile gefunden: Trace.Registry.KGBSpySoftware Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion --> dpid gefunden: Trace.Registry.zCodec C:\Dokumente und Einstellungen\Elisabeth Türk\Cookies\elisabeth türk@247realmedia[2].txt gefunden: Trace.TrackingCookie C:\Dokumente und Einstellungen\Elisabeth Türk\Cookies\elisabeth türk@adserver.trojaner-info[1].txt gefunden: Trace.TrackingCookie C:\Dokumente und Einstellungen\Elisabeth Türk\Cookies\elisabeth türk@as1.falkag[1].txt gefunden: Trace.TrackingCookie C:\Dokumente und Einstellungen\Elisabeth Türk\Cookies\elisabeth türk@atdmt[2].txt gefunden: Trace.TrackingCookie C:\Dokumente und Einstellungen\Elisabeth Türk\Cookies\elisabeth türk@com[1].txt gefunden: Trace.TrackingCookie C:\Dokumente und Einstellungen\Elisabeth Türk\Cookies\elisabeth türk@doubleclick[1].txt gefunden: Trace.TrackingCookie C:\Dokumente und Einstellungen\Elisabeth Türk\Cookies\elisabeth türk@ehg-idg.hitbox[1].txt gefunden: Trace.TrackingCookie C:\Dokumente und Einstellungen\Elisabeth Türk\Cookies\elisabeth türk@mediaplex[1].txt gefunden: Trace.TrackingCookie C:\Dokumente und Einstellungen\Elisabeth Türk\Cookies\elisabeth türk@statse.webtrendslive[1].txt gefunden: Trace.TrackingCookie C:\Dokumente und Einstellungen\Elisabeth Türk\Cookies\elisabeth türk@tribalfusion[1].txt gefunden: Trace.TrackingCookie C:\WINDOWS\system32\mqhmjicf.qik gefunden: Trojan-Clicker.Win32.Small.js Gescannt Dateien: 87703 Traces: 78425 Cookies: 99 Prozesse: 43 Gefunden Dateien: 1 Traces: 2 Cookies: 10 Prozesse: 0 Registry Keys: 0 Scan Ende: 14.10.2006 15:40:37 Scan Zeit: 02:20:48 |
|
|
|
|
|
|
14.10.2006, 18:16
Ehrenmitglied
Beiträge: 29434 |
#8
mit dem Proggie kann man auch loeschen
 falls du es nicht gebacken bekommst mit dem loeschen , dann per Avenger: Zitat Files to delete: __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
14.10.2006, 22:06
Member
Themenstarter Beiträge: 13 |
#9
danke dir!!!! es ist mir unerklärlich, wie du es schaffst, immer wieder eine lösung zu finden !!
ich habe jetzt so ca.10 programme für die trojanerbekämpfung heruntergeladen. mit welchem programm kann ich den am besten prüfen, ob sich ein trojaner auf meinempc befindet? |
|
|
|
|
|
|
14.10.2006, 22:12
Ehrenmitglied
Beiträge: 29434 |
#10
a-squared Anti-Malware hat das letzte rausgeholt...hoffe ich mal
wenn du Zeit hast, mache Onlinescans und poste die scanreporte http://virus-protect.org/onlinescan.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!
bitte erst » hier kostenlos registrieren!!
Folgende Themen könnten Dich auch interessieren:
Seite(n): 1
Copyright © 2024, Protecus.de - Protecus Team - Impressum / Mediadaten
Logfile of HijackThis v1.99.1
Scan saved at 19:19:17, on 12.10.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\FRITZ!DSL\IGDCTRL.EXE
C:\Programme\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Programme\AceBIT\WISE-FTP\WF_Scheduler.exe
C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Programme\Gemeinsame Dateien\PCSuite\DataLayer\DataLayer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\system32\hphmon03.exe
C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
C:\Programme\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Spyware Doctor\swdoctor.exe
C:\PROGRA~1\GEMEIN~1\PCSuite\Services\SERVIC~1.EXE
C:\Programme\FRITZ!DSL\StCenter.exe
C:\Programme\WinZip\WZQKPICK.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Programme\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Dokumente und Einstellungen\Elisabeth Türk\Lokale Einstellungen\Temp\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.news.yahoo.com/index.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.yahoo.com/fsc/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/fuji/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://de.yahoo.com/fsc/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll
O2 - BHO: XBTP00885 - {B4DDA9EA-F885-4dea-9DDC-4455A858F993} - C:\PROGRA~1\MEINPO~1\tbu3\MEINPO~1.DLL
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Programme\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Programme\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O3 - Toolbar: Mein PONSline - {A6F74643-242A-A7A4-8DD5-AB40B9E25345} - C:\Programme\Mein PONSline\tbu3\MeinPONSline.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WiseFTP] C:\Programme\AceBIT\WISE-FTP\WF_Scheduler.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] C:\Programme\Gemeinsame Dateien\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\system32\hphmon03.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Programme\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: FRITZ!DSL Startcenter.lnk = C:\Programme\FRITZ!DSL\StCenter.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programme\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google-Suche - res://C:\Programme\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Ins Deutsche übersetzen - res://C:\Programme\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://C:\Programme\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Verweisseiten - res://C:\Programme\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://C:\Programme\Google\GoogleToolbar1.dll/cmsimilar.html
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-24.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols3/fscax.cab
O16 - DPF: {EDDD6406-4684-410F-A90D-780E8C73D2C4} (aldi-fotoservice-druck_de_bilduebertragung) - http://www.aldi-fotoservice-druck.de/upload/aldi_nord_bilduebertragung.cab
O18 - Protocol: haufereader - {39198710-62F7-42CD-9458-069843FA5D32} - C:\Programme\Haufe\HaufeReader\HRInstmon.dll
O20 - Winlogon Notify: SASWinLogon - C:\Programme\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVM IGD CTRL Service - AVM Berlin - C:\Programme\FRITZ!DSL\IGDCTRL.EXE
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Programme\Spyware Doctor\sdhelp.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe
Fixwareout ver 1.003
Last edited 8/11/2006
Post this report in the forums please
Reg Entries that were deleted
...
Random Runs removed from HKLM
...
PLEASE NOTE, There WILL be LEGITIMATE FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
»»»»» Searching by size/names...
»»»»»
Search five digit cs, dm and jb files.
This WILL/CAN also list Legit Files, Submit them at Virustotal
Other suspects.
Directory of C:\WINDOWS\system32
»»»»» Misc files.
»»»»» Checking for older varients covered by the Rem3 tool.