trojan-syp.win32.green screen unter vista |
||
|---|---|---|
| #0
| ||
|
11.09.2008, 16:04
...neu hier
Beiträge: 2 |
||
 
|
|
|
|
11.09.2008, 16:27
Moderator
Beiträge: 7805 |
#2
Hallo doeme1337,
Arbeite bitte die Punkte 1-4 von http://board.protecus.de/t23188.htm ab. __________ MfG Ralf SEO-Spam Hunter |
|
|
|
|
|
|
11.09.2008, 17:27
...neu hier
Themenstarter Beiträge: 2 |
#3
CCleaner habe ich drüberlaufen lassen
Malwarebytes hat was gefunden,d as habe ich gelöscht ComboFix läuft unter Vista nicht Hier ist also der HJT Log Bitte, danke Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:24:42, on 11.09.2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe C:\Program Files (x86)\DAEMON Tools Pro\DTProAgent.exe C:\Program Files (x86)\PowerStrip\PStrip.exe C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe C:\PROGRA~2\ICQ\ICQ.exe C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe C:\Windows\SysWOW64\conime.exe C:\Programme (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = : R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll O4 - HKLM\..\Run: [Mirabilis ICQ] C:\PROGRA~2\ICQ\ICQNet.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Hofer Foto Service] "C:\Users\Doeme\DesktopEsther\FotoSuite.exe" /autorun O4 - HKLM\..\Run: [Hofer_FotoSuite_Download] "C:\Users\Doeme\DesktopEsther\FotoSuite.exe" /autorun O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files (x86)\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTProAgent.exe" O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - Startup: PowerStrip.lnk = C:\Program Files (x86)\PowerStrip\PStrip.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~2\Java\JRE16~2.0_0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~2\Java\JRE16~2.0_0\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~2\ICQ\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~2\ICQ\ICQ.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIC273~1\WEB2~1\Office12\REFIEBAR.DLL O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/german/partner/de/kavwebscan_unicode.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Avira AntiVir Personal – Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Users\Doeme\Common\Database\bin\fbserver.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files (x86)\NOS\bin\getPlus_HelperSvc.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: TeamViewer 3 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer3\TeamViewer_Host.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 9150 bytes ----------------------------------------------------- hier noch der log vom quick scan von malwarebytes hier noch der log malwarebytes Malwarebytes' Anti-Malware 1.28 Datenbank Version: 1140 Windows 6.0.6001 Service Pack 1 11.09.2008 17:29:45 mbam-log-2008-09-11 (17-29-45).txt Scan-Methode: Quick-Scan Durchsuchte Objekte: 40554 Laufzeit: 2 minute(s), 4 second(s) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 5 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 1 Infizierte Dateien: 43 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logons (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\typelib (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\iTunesMusic (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\rdriv (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\mwc (Malware.Trace) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SystemCheck2 (Trojan.Agent) -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: C:\Windows\System32\smp (Fake.Dropped.Malware) -> Quarantined and deleted successfully. Infizierte Dateien: C:\Windows\System32\smp\msrc.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\Windows\System32\akttzn.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Windows\System32\anticipator.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\Windows\System32\awtoolb.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\Windows\System32\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully. C:\Windows\System32\bsva-egihsg52.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Windows\System32\dpcproxy.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Windows\System32\emesx.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\Windows\System32\hoproxy.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\Windows\System32\hxiwlgpm.dat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Windows\System32\hxiwlgpm.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Windows\System32\medup012.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\Windows\System32\msgp.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Windows\System32\msnbho.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\Windows\System32\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Windows\System32\msvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Windows\System32\mtr2.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Windows\System32\mwin32.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Windows\System32\netode.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Windows\System32\newsd32.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Windows\System32\ps1.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Windows\System32\psof1.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Windows\System32\psoft1.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Windows\System32\regc64.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\Windows\System32\regm64.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\Windows\System32\Rundl1.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Windows\System32\sncntr.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Windows\System32\ssurf022.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\Windows\System32\ssvchost.com (Trojan.Agent) -> Quarantined and deleted successfully. C:\Windows\System32\ssvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Windows\System32\sysreq.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Windows\System32\taack.dat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Windows\System32\taack.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Windows\System32\temp#01.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Windows\System32\thun.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\Windows\System32\thun32.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\Windows\System32\VBIEWER.OCX (Trojan.Agent) -> Quarantined and deleted successfully. C:\Windows\System32\vcatchpi.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\Windows\System32\winlogonpc.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Windows\System32\winsystem.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Windows\System32\WINWGPX.EXE (Trojan.Agent) -> Quarantined and deleted successfully. C:\Windows\System32\vbsys2.dll (Trojan.Clicker) -> Quarantined and deleted successfully. C:\Windows\System32\msxml71.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully. Dieser Beitrag wurde am 11.09.2008 um 17:32 Uhr von doeme1337 editiert.
|
|
|
|
|
|
|
11.09.2008, 17:46
Moderator
Beiträge: 7805 |
#4
Combofix funktioniert schon unter Vista, nur nicht bei vista 64(bit)
Nutz mal rsit, das sollte unter 64 funktionieren: http://forum.hijackthis.de/showpost.php?p=222504&postcount=3 __________ MfG Ralf SEO-Spam Hunter |
|
|
|
|
|
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!
bitte erst » hier kostenlos registrieren!!
Folgende Themen könnten Dich auch interessieren:
Seite(n): 1
Copyright © 2024, Protecus.de - Protecus Team - Impressum / Mediadaten
bin leider auf blöde webseiten gekommen und hab mir zeug eingefangen
habe vista ultimate und die firewall meldet folgenden trojaner:
Trojan-spy.win32.greenscreen
komischerweise sind die buttons keep blocking, unblock nicht klickbar, nur der button enable protection
irgendeine idee?