Mehrere neue Trojaner entdeckt!!! |
||
---|---|---|
#0
| ||
25.01.2009, 17:02
...neu hier
Beiträge: 4 |
||
|
||
25.01.2009, 18:34
Ehrenmitglied
Beiträge: 6028 |
#2
Benutze CCleaner
Download SUPERAntiSpyware Klicke “yes” wenn nach Updates gesucht werden muss Gib deine E-mail addresse ein wenn danach gefragt wird Waehle “yes“ ob du gewarnt werden moechtest wenn die Startseite sich aendert Klicke "scan your computer" Selektiere die Partionen die gescannt werden sollen Hake auf der rechte Seite Perform complete scan an und klicke next Der Rechner wird jetzt gescannt Wenn "harmfull items" gefunden werden, alle anhaaken und klicke OK um weiter zugehen Wenn der scan beendet ist klicke OK um die gefundene infektionen via Quarantäne zu entfernen Klicke scanningpreferences/control centre um zurückzukehren zum Startmenu Klicke reiter statistics/logs und dann view log. Kopiere dessen Inhalt hier im Thread Klick „next“ und „ja“ um dein Rechner neu zu starten Download link 1 MalwareBytes' Anti-Malware Download link 2 MalwareBytes' Anti-Malware Download link 3 MalwareBytes' Anti-Malware Download link 4 MalwareBytes' Anti-Malware Download link 5 MalwareBytes' Anti-Malware Doppelklick mbam-setup und waehle Deutsch ,das Program wird jetzt ge-updatet Wähle bei Reiter: “Scanner”> " Vollständiger Suchlauf ". “Update “> klicke “Suche nache Aktualisierungen“ “Einstellungen“ hake an “Beende Inter Explorer während des Löschvorgangs“ Scan laufen lassen Wenn am Ende infizierungen gefunden werden,anhaken und entfernen lassen Starte dein Rechner neu Unter Scanberichte stet das log (mbam-log-XX-XX-XXXX.txt) Poste dessen inhalt hier ins Forum Note: Wenn MBAM Schwierigkeiten damit hat Daten zu entfernen wird es gemeldet und klicke OK Danach wird gefragt den Rechner neu zu starten,lass es zu Malwarebytes Anti-Malware kann man nachher behalten ! __________ MfG Argus |
|
|
||
25.01.2009, 20:22
...neu hier
Themenstarter Beiträge: 4 |
#3
so hier is erstmal der logfile von superantispyware. werd jetzt den rechner neu starten und das MalwareBytes' Anti-Malware durchführen.
SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 01/25/2009 at 08:15 PM Application Version : 4.25.1012 Core Rules Database Version : 3728 Trace Rules Database Version: 1699 Scan type : Complete Scan Total Scan Time : 01:05:55 Memory items scanned : 510 Memory threats detected : 0 Registry items scanned : 7184 Registry threats detected : 239 File items scanned : 23129 File threats detected : 55 Trojan.Smitfraud Variant/IE Anti-Spyware HKU\S-1-5-21-1461712039-1196971731-1499258373-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9034A523-D068-4BE8-A284-9DF278BE776E} Adware.BookedSpace HKU\S-1-5-21-1461712039-1196971731-1499258373-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A85C4A1B-BD36-44E5-A70F-8EC347D9B24F} HKCR\bookedspace.extension HKCR\bookedspace.extension\CLSID HKCR\bookedspace.extension\CurVer HKLM\software\bookedspace HKCR\AppId\BookedSpace.DLL HKCR\AppId\BookedSpace.DLL#AppID C:\PROGRAMME\TREND MICRO\HIJACKTHIS\BACKUPS\BACKUP-20081231-000303-185.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{6B916A41-8485-4A6A-BC69-669605E696B1}\RP140\A0015324.DLL UrlCatcher Class BHO HKU\S-1-5-21-1461712039-1196971731-1499258373-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1} Adware.Tracking Cookie C:\Dokumente und Einstellungen\baster\Cookies\baster@webmasterplan[2].txt C:\Dokumente und Einstellungen\baster\Cookies\baster@atdmt[2].txt C:\Dokumente und Einstellungen\baster\Cookies\baster@www.virusranger[1].txt C:\Dokumente und Einstellungen\baster\Cookies\baster@288_[3].txt C:\Dokumente und Einstellungen\baster\Cookies\baster@fastclick[1].txt C:\Dokumente und Einstellungen\baster\Cookies\baster@www.windowsmedia[1].txt C:\Dokumente und Einstellungen\baster\Cookies\baster@ad.71i[1].txt C:\Dokumente und Einstellungen\baster\Cookies\baster@www.virusheat[2].txt C:\Dokumente und Einstellungen\baster\Cookies\baster@mediatraffic[1].txt C:\Dokumente und Einstellungen\baster\Cookies\baster@casalemedia[2].txt C:\Dokumente und Einstellungen\baster\Cookies\baster@advertising[2].txt C:\Dokumente und Einstellungen\baster\Cookies\baster@mediaplex[1].txt C:\Dokumente und Einstellungen\baster\Cookies\baster@ad.alldanzradio[2].txt C:\Dokumente und Einstellungen\baster\Cookies\baster@cassava[1].txt C:\Dokumente und Einstellungen\baster\Cookies\baster@adopt.euroclick[1].txt C:\Dokumente und Einstellungen\baster\Cookies\baster@komtrack[2].txt C:\Dokumente und Einstellungen\baster\Cookies\baster@zbox.zanox[1].txt C:\Dokumente und Einstellungen\baster\Cookies\baster@msnportalintlbeetoffice2007.112.2o7[1].txt C:\Dokumente und Einstellungen\baster\Cookies\baster@apmebf[1].txt C:\Dokumente und Einstellungen\baster\Cookies\baster@tradedoubler[1].txt C:\Dokumente und Einstellungen\baster\Cookies\baster@msnportal.112.2o7[1].txt C:\Dokumente und Einstellungen\baster\Cookies\baster@adfarm1.adition[1].txt C:\Dokumente und Einstellungen\baster\Cookies\baster@888[1].txt C:\Dokumente und Einstellungen\baster\Cookies\baster@ad.zanox[1].txt C:\Dokumente und Einstellungen\baster\Cookies\baster@adserver.71i[1].txt C:\Dokumente und Einstellungen\baster\Cookies\baster@sevenoneintermedia.112.2o7[1].txt C:\Dokumente und Einstellungen\baster\Cookies\baster@bs.serving-sys[1].txt C:\Dokumente und Einstellungen\baster\Cookies\baster@ad.yieldmanager[2].txt C:\Dokumente und Einstellungen\baster\Cookies\baster@antispywareguard[1].txt C:\Dokumente und Einstellungen\baster\Cookies\baster@serving-sys[2].txt C:\Dokumente und Einstellungen\baster\Cookies\baster@media.wow-europe[2].txt C:\Dokumente und Einstellungen\baster\Cookies\baster@adsrevenue[2].txt C:\Dokumente und Einstellungen\baster\Cookies\baster@gomyhit[2].txt C:\Dokumente und Einstellungen\baster\Cookies\baster@adtrafficstats[2].txt C:\Dokumente und Einstellungen\baster\Cookies\baster@doubleclick[1].txt C:\Dokumente und Einstellungen\baster\Cookies\baster@pornfish[1].txt C:\Dokumente und Einstellungen\baster\Cookies\baster@www.malwarecore[1].txt C:\Dokumente und Einstellungen\baster\Cookies\baster@partypoker[1].txt Adware.WhenU HKCR\WUSN.1 HKCR\WUSN.1#WUSN_Id HKCR\ACM.ACMFactory HKCR\ACM.ACMFactory\CLSID HKCR\ACM.ACMFactory\CurVer HKCR\ACM.ACMFactory.1 HKCR\ACM.ACMFactory.1\CLSID HKCR\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0} HKCR\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\ProxyStubClsid HKCR\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\ProxyStubClsid32 HKCR\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\TypeLib HKCR\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\TypeLib#Version HKCR\AppId\{127DF9B4-D75D-44A6-AF78-8C3A8CEB03DB} HKCR\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD} HKCR\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}#AppID HKCR\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\InprocServer32 HKCR\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\InprocServer32#ThreadingModel HKCR\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\ProgID HKCR\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\Programmable HKCR\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\TypeLib HKCR\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\VersionIndependentProgID HKCR\AppId\ACM.DLL HKCR\AppId\ACM.DLL#AppID HKCR\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095} HKCR\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0 HKCR\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0\0 HKCR\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0\0\win32 HKCR\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0\FLAGS HKCR\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0\HELPDIR HKCR\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842} HKCR\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}\ProxyStubClsid HKCR\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}\ProxyStubClsid32 HKCR\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}\TypeLib HKCR\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}\TypeLib#Version HKCR\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086} HKCR\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}\ProxyStubClsid HKCR\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}\ProxyStubClsid32 HKCR\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}\TypeLib HKCR\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}\TypeLib#Version HKLM\Software\WhenUSave HKLM\Software\WhenUSave#db_local_update HKLM\Software\WhenUSave#db_script_update HKLM\Software\WhenUSave#InstallDir HKLM\Software\WhenUSave#pats_url HKLM\Software\WhenUSave#pat_chunks_url HKLM\Software\WhenUSave#script_url HKLM\Software\WhenUSave#update_url HKLM\Software\WhenUSave#ver_url HKLM\Software\WhenUSave#InstallTime HKLM\Software\WhenUSave#Partner HKLM\Software\WhenUSave#ccode HKLM\Software\WhenUSave#PartnerDesc HKLM\Software\WhenUSave#HeartbeatTime HKLM\Software\WhenUSave#Version HKLM\Software\WhenUSave#extra_url HKLM\Software\WhenUSave#extraver_url HKLM\Software\WhenUSave#ziptomsa_url HKLM\Software\WhenUSave#UpdateTime HKLM\Software\WhenUSave#TotalPartner HKLM\Software\WhenUSave#PartnerB HKLM\Software\WhenUSave#FullDBTime HKLM\Software\WhenUSave#brandskin_url HKLM\Software\WhenUSave#brandstrip_rs HKLM\Software\WhenUSave#brandstrip_url HKLM\Software\WhenUSave#bstat_rs HKLM\Software\WhenUSave#himp_url HKLM\Software\WhenUSave#iptomsa_url HKLM\Software\WhenUSave#maxPopups_rs HKLM\Software\WhenUSave#redir3p_url HKLM\Software\WhenUSave#timedDBUpdate_rs HKLM\Software\WhenUSave#uninstalltag_rs HKLM\Software\WhenUSave#MSA HKLM\Software\WhenUSave#TotalPopup HKLM\Software\WhenUSave#extraupdate_rs HKLM\Software\WhenUSave#uninst_rs HKLM\Software\WhenUSave#acm_rs HKLM\Software\WhenUSave#HeartbeatCount HKLM\Software\WhenUSave#SystemParam_rs HKLM\Software\WhenUSave#LastPartner HKLM\Software\WhenUSave#zip HKLM\Software\WhenUSave#uninstall_cmd_rs HKLM\Software\WhenUSave#dbc_chunks_rs HKLM\Software\WhenUSave#fword_rs HKLM\Software\WhenUSave#src_url HKLM\Software\WhenUSave#db_stamp_rs HKLM\Software\WhenUSave#db_server_update HKLM\Software\WhenUSave#dbc_maxchunk_rs HKLM\Software\WhenUSave#TotalCube HKLM\Software\WhenUSave#PartnerParam HKLM\Software\WhenUSave#db_ver_update HKLM\Software\WhenUSave#adv_update_url HKLM\Software\WhenUSave#UrlChangeCount HKLM\Software\WhenUSave\Partners HKLM\Software\WhenUSave\Partners\WUSV HKLM\Software\WhenUSave\Partners\WUSV#Partner HKLM\Software\WhenUSave\Partners\WUSV#PartnerDesc HKLM\Software\WhenUSave\Partners\WUSV#PartnerParam HKLM\Software\WhenUSave\Partners\WUSV#InstallTime HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SaveNow HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SaveNow#DisplayIcon HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SaveNow#DisplayName HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SaveNow#DisplayVersion HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SaveNow#HelpLink HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SaveNow#Publisher HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SaveNow#UninstallString HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SaveNow#UrlInfoAbout HKU\S-1-5-21-1461712039-1196971731-1499258373-1006\Software\WhenU C:\Programme\Save\ACM.dll C:\Programme\Save\extra.exe C:\Programme\Save\ffext.mod C:\Programme\Save\save.db C:\Programme\Save\Save.exe C:\Programme\Save\save.htm C:\Programme\Save\SaveUninst.exe C:\Programme\Save\store.db C:\Programme\Save C:\Dokumente und Einstellungen\baster\Startmenü\Programme\WhenU\Customer Support.lnk C:\Dokumente und Einstellungen\baster\Startmenü\Programme\WhenU\Learn More About WhenU Save.url C:\Dokumente und Einstellungen\baster\Startmenü\Programme\WhenU\Learn More About WhenU SaveNow.url C:\Dokumente und Einstellungen\baster\Startmenü\Programme\WhenU\Uninstall Instructions.lnk C:\Dokumente und Einstellungen\baster\Startmenü\Programme\WhenU\WhenU.com Website.url C:\Dokumente und Einstellungen\baster\Startmenü\Programme\WhenU Adware.BargainBuddy/NaviSearch HKLM\SOFTWARE\Bargains HKLM\SOFTWARE\Bargains#MainDir HKLM\SOFTWARE\Bargains#FirstHitUrl HKLM\SOFTWARE\Bargains#ADDataUpdateQueryUrl HKLM\SOFTWARE\Bargains#ConfigUpdateQueryUrl HKLM\SOFTWARE\Bargains#SoftwareUpdateQueryUrl HKLM\SOFTWARE\Bargains#ServerPath HKLM\SOFTWARE\Bargains#ServerName HKLM\SOFTWARE\Bargains#ServerPort HKLM\SOFTWARE\Bargains#BuildNumber HKLM\SOFTWARE\Bargains#PartnerName HKLM\SOFTWARE\Bargains#Binary HKLM\SOFTWARE\Bargains#UpdateQueryDuration HKLM\SOFTWARE\Bargains#UpdateQueryFailedDuration HKLM\SOFTWARE\Bargains#FirstHit HKLM\SOFTWARE\Bargains#ConfigVersion HKLM\SOFTWARE\Bargains#ADDataVersion HKLM\SOFTWARE\Bargains#LastQueryTime HKLM\SOFTWARE\Bargains#Trace HKLM\SOFTWARE\Bargains#MaxDailyCapPerUSer HKLM\SOFTWARE\Bargains#MinMinutesBetweenTwoADs HKLM\SOFTWARE\Bargains#MaxDomainCap HKLM\SOFTWARE\Bargains#IdleMinutesThreshold HKLM\SOFTWARE\Bargains#MinCountOfUrlsBetweenTwoADs Trojan.Media-Codec/V4 HKCR\multimediaControls.chl HKCR\multimediaControls.chl\CLSID Rogue.VirusHeat HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1} HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\fQwerzkharV HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\InprocServer32 HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\InprocServer32#ThreadingModel HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\lcZpkB HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\oInbmtissh HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\TznqULpWLbJ HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\WMZVFyuNebpix HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\Wxfkyx HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\zlxoducnhgj HKCR\TypeLib\{83B0CADC-EA64-4AC6-822A-3ECE95F44DA6} HKCR\TypeLib\{83B0CADC-EA64-4AC6-822A-3ECE95F44DA6}\1.0 HKCR\TypeLib\{83B0CADC-EA64-4AC6-822A-3ECE95F44DA6}\1.0\0 HKCR\TypeLib\{83B0CADC-EA64-4AC6-822A-3ECE95F44DA6}\1.0\0\win32 HKCR\TypeLib\{83B0CADC-EA64-4AC6-822A-3ECE95F44DA6}\1.0\FLAGS HKCR\TypeLib\{83B0CADC-EA64-4AC6-822A-3ECE95F44DA6}\1.0\HELPDIR HKCR\Interface\{14E6D991-DB22-4661-981D-20C168D6847B} HKCR\Interface\{14E6D991-DB22-4661-981D-20C168D6847B}\ProxyStubClsid HKCR\Interface\{14E6D991-DB22-4661-981D-20C168D6847B}\ProxyStubClsid32 HKCR\Interface\{14E6D991-DB22-4661-981D-20C168D6847B}\TypeLib HKCR\Interface\{14E6D991-DB22-4661-981D-20C168D6847B}\TypeLib#Version HKCR\Interface\{2242513C-F5E9-41B3-BC89-4D9DAF487450} HKCR\Interface\{2242513C-F5E9-41B3-BC89-4D9DAF487450}\ProxyStubClsid HKCR\Interface\{2242513C-F5E9-41B3-BC89-4D9DAF487450}\ProxyStubClsid32 HKCR\Interface\{2242513C-F5E9-41B3-BC89-4D9DAF487450}\TypeLib HKCR\Interface\{2242513C-F5E9-41B3-BC89-4D9DAF487450}\TypeLib#Version HKCR\Interface\{3B489B37-FC1B-45C8-B1CE-78D9AEF5B336} HKCR\Interface\{3B489B37-FC1B-45C8-B1CE-78D9AEF5B336}\ProxyStubClsid HKCR\Interface\{3B489B37-FC1B-45C8-B1CE-78D9AEF5B336}\ProxyStubClsid32 HKCR\Interface\{3B489B37-FC1B-45C8-B1CE-78D9AEF5B336}\TypeLib HKCR\Interface\{3B489B37-FC1B-45C8-B1CE-78D9AEF5B336}\TypeLib#Version HKCR\Interface\{3D6A6E24-FDFF-418E-A93D-9FBDCBA377AF} HKCR\Interface\{3D6A6E24-FDFF-418E-A93D-9FBDCBA377AF}\ProxyStubClsid HKCR\Interface\{3D6A6E24-FDFF-418E-A93D-9FBDCBA377AF}\ProxyStubClsid32 HKCR\Interface\{3D6A6E24-FDFF-418E-A93D-9FBDCBA377AF}\TypeLib HKCR\Interface\{3D6A6E24-FDFF-418E-A93D-9FBDCBA377AF}\TypeLib#Version HKCR\Interface\{3E318E44-0C35-4292-AF91-18DD17795636} HKCR\Interface\{3E318E44-0C35-4292-AF91-18DD17795636}\ProxyStubClsid HKCR\Interface\{3E318E44-0C35-4292-AF91-18DD17795636}\ProxyStubClsid32 HKCR\Interface\{3E318E44-0C35-4292-AF91-18DD17795636}\TypeLib HKCR\Interface\{3E318E44-0C35-4292-AF91-18DD17795636}\TypeLib#Version HKCR\Interface\{495349A3-3A35-465F-88DF-6CCFC1348246} HKCR\Interface\{495349A3-3A35-465F-88DF-6CCFC1348246}\ProxyStubClsid HKCR\Interface\{495349A3-3A35-465F-88DF-6CCFC1348246}\ProxyStubClsid32 HKCR\Interface\{495349A3-3A35-465F-88DF-6CCFC1348246}\TypeLib HKCR\Interface\{495349A3-3A35-465F-88DF-6CCFC1348246}\TypeLib#Version HKCR\Interface\{575E8879-D6CF-4992-A7FE-651DA9277BCB} HKCR\Interface\{575E8879-D6CF-4992-A7FE-651DA9277BCB}\ProxyStubClsid HKCR\Interface\{575E8879-D6CF-4992-A7FE-651DA9277BCB}\ProxyStubClsid32 HKCR\Interface\{575E8879-D6CF-4992-A7FE-651DA9277BCB}\TypeLib HKCR\Interface\{575E8879-D6CF-4992-A7FE-651DA9277BCB}\TypeLib#Version HKCR\Interface\{76A15001-FF88-47EE-9E34-9F68E34246AF} HKCR\Interface\{76A15001-FF88-47EE-9E34-9F68E34246AF}\ProxyStubClsid HKCR\Interface\{76A15001-FF88-47EE-9E34-9F68E34246AF}\ProxyStubClsid32 HKCR\Interface\{76A15001-FF88-47EE-9E34-9F68E34246AF}\TypeLib HKCR\Interface\{76A15001-FF88-47EE-9E34-9F68E34246AF}\TypeLib#Version HKCR\Interface\{819A1C55-735F-4696-8727-3772EC87AD26} HKCR\Interface\{819A1C55-735F-4696-8727-3772EC87AD26}\ProxyStubClsid HKCR\Interface\{819A1C55-735F-4696-8727-3772EC87AD26}\ProxyStubClsid32 HKCR\Interface\{819A1C55-735F-4696-8727-3772EC87AD26}\TypeLib HKCR\Interface\{819A1C55-735F-4696-8727-3772EC87AD26}\TypeLib#Version HKCR\Interface\{8DC7E656-FFBC-4BA2-AF81-1C6C4FE04407} HKCR\Interface\{8DC7E656-FFBC-4BA2-AF81-1C6C4FE04407}\ProxyStubClsid HKCR\Interface\{8DC7E656-FFBC-4BA2-AF81-1C6C4FE04407}\ProxyStubClsid32 HKCR\Interface\{8DC7E656-FFBC-4BA2-AF81-1C6C4FE04407}\TypeLib HKCR\Interface\{8DC7E656-FFBC-4BA2-AF81-1C6C4FE04407}\TypeLib#Version HKCR\Interface\{A86BED71-2B56-4778-9C48-829A3D01C687} HKCR\Interface\{A86BED71-2B56-4778-9C48-829A3D01C687}\ProxyStubClsid HKCR\Interface\{A86BED71-2B56-4778-9C48-829A3D01C687}\ProxyStubClsid32 HKCR\Interface\{A86BED71-2B56-4778-9C48-829A3D01C687}\TypeLib HKCR\Interface\{A86BED71-2B56-4778-9C48-829A3D01C687}\TypeLib#Version HKCR\Interface\{AE119E11-CF86-43CB-91AA-1ACF2BBF9EC6} HKCR\Interface\{AE119E11-CF86-43CB-91AA-1ACF2BBF9EC6}\ProxyStubClsid HKCR\Interface\{AE119E11-CF86-43CB-91AA-1ACF2BBF9EC6}\ProxyStubClsid32 HKCR\Interface\{AE119E11-CF86-43CB-91AA-1ACF2BBF9EC6}\TypeLib HKCR\Interface\{AE119E11-CF86-43CB-91AA-1ACF2BBF9EC6}\TypeLib#Version HKCR\Interface\{B5A1CE7F-011D-4475-98DB-076AAF3B1D18} HKCR\Interface\{B5A1CE7F-011D-4475-98DB-076AAF3B1D18}\ProxyStubClsid HKCR\Interface\{B5A1CE7F-011D-4475-98DB-076AAF3B1D18}\ProxyStubClsid32 HKCR\Interface\{B5A1CE7F-011D-4475-98DB-076AAF3B1D18}\TypeLib HKCR\Interface\{B5A1CE7F-011D-4475-98DB-076AAF3B1D18}\TypeLib#Version HKCR\Interface\{B667F141-171C-4AC6-BD2B-8E0C646FB920} HKCR\Interface\{B667F141-171C-4AC6-BD2B-8E0C646FB920}\ProxyStubClsid HKCR\Interface\{B667F141-171C-4AC6-BD2B-8E0C646FB920}\ProxyStubClsid32 HKCR\Interface\{B667F141-171C-4AC6-BD2B-8E0C646FB920}\TypeLib HKCR\Interface\{B667F141-171C-4AC6-BD2B-8E0C646FB920}\TypeLib#Version HKCR\Interface\{DA4F8351-05EF-4956-B9AB-1093B732436F} HKCR\Interface\{DA4F8351-05EF-4956-B9AB-1093B732436F}\ProxyStubClsid HKCR\Interface\{DA4F8351-05EF-4956-B9AB-1093B732436F}\ProxyStubClsid32 HKCR\Interface\{DA4F8351-05EF-4956-B9AB-1093B732436F}\TypeLib HKCR\Interface\{DA4F8351-05EF-4956-B9AB-1093B732436F}\TypeLib#Version HKCR\Interface\{E1E4E46D-53B8-45DC-ABF0-3E7ADEF79012} HKCR\Interface\{E1E4E46D-53B8-45DC-ABF0-3E7ADEF79012}\ProxyStubClsid HKCR\Interface\{E1E4E46D-53B8-45DC-ABF0-3E7ADEF79012}\ProxyStubClsid32 HKCR\Interface\{E1E4E46D-53B8-45DC-ABF0-3E7ADEF79012}\TypeLib HKCR\Interface\{E1E4E46D-53B8-45DC-ABF0-3E7ADEF79012}\TypeLib#Version Trojan.Media-Codec/V5 HKU\S-1-5-21-1461712039-1196971731-1499258373-1006\Software\NetProject und hier nun das logfile von malewarebites' antimaleware Malwarebytes' Anti-Malware 1.33 Datenbank Version: 1693 Windows 5.1.2600 Service Pack 2 25.01.2009 22:34:49 mbam-log-2009-01-25 (22-34-49).txt Scan-Methode: Vollständiger Scan (C:\|) Durchsuchte Objekte: 160808 Laufzeit: 1 hour(s), 58 minute(s), 30 second(s) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 10 Infizierte Registrierungswerte: 5 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 3 Infizierte Dateien: 6 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CLASSES_ROOT\apuc.urlcatcher (Adware.Bargain.Buddy) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\apuc.urlcatcher.1 (Adware.Bargain.Buddy) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{c6906a23-4717-4e1f-b6fd-f06ebed14177} (Adware.Bargain.Buddy) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{4eb7bbe8-2e15-424b-9ddb-2cdb9516a2a3} (Adware.Bargain.Buddy) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{51d81dd5-55b7-497f-95db-d356429bb54e} (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7c109800-a5d5-438f-9640-18d17e168b88} (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bargain buddy (Adware.Bargain.Buddy) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\prunnet (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\xpreapp (Malware.Trace) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{51d81dd5-55b7-497f-95db-d356429bb54e} (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: C:\Programme\Bargain Buddy (Adware.Bargain.Buddy) -> Quarantined and deleted successfully. C:\Programme\Bargain Buddy\bin (Adware.Bargain.Buddy) -> Quarantined and deleted successfully. C:\Programme\Bargain Buddy\bin2 (Adware.Bargain.Buddy) -> Quarantined and deleted successfully. Infizierte Dateien: C:\System Volume Information\_restore{6B916A41-8485-4A6A-BC69-669605E696B1}\RP154\A0017213.dll (Adware.WhenUSave) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{6B916A41-8485-4A6A-BC69-669605E696B1}\RP154\A0017215.exe (Adware.WhenUSave) -> Quarantined and deleted successfully. C:\Programme\Bargain Buddy\ad.dat (Adware.Bargain.Buddy) -> Quarantined and deleted successfully. C:\Programme\Bargain Buddy\bbchk.exe (Adware.Bargain.Buddy) -> Quarantined and deleted successfully. C:\Programme\Bargain Buddy\ub.dat (Adware.Bargain.Buddy) -> Quarantined and deleted successfully. C:\Programme\Bargain Buddy\uninst.exe (Adware.Bargain.Buddy) -> Quarantined and deleted successfully. Dieser Beitrag wurde am 25.01.2009 um 22:41 Uhr von hoobiwoobi editiert.
|
|
|
||
26.01.2009, 22:20
Moderator
Beiträge: 5694 |
#4
>>
Kommen immernoch Meldungen? >> Wende Combofix an und poste das Log: http://www.virus-protect.org/artikel/tools/combofix.html Gruss Swiss |
|
|
||
26.01.2009, 22:36
...neu hier
Themenstarter Beiträge: 4 |
#5
nachdem superantispyware und malewarebytes' antimalware alles ohne probleme löschen konnten hat auch avira antivir nix außer einer warnung gefunden(eine datei konnte nicht geöffnet werden)
auf der seite von combofix steht, dass 1 von 100 rechnern nicht heil durch diesen prozess kommt. ist das daher nich etwas gefährlich diesen scan zu machen?! |
|
|
||
26.01.2009, 22:43
Moderator
Beiträge: 5694 |
#6
Es ist Dir überlassen, diesen durchzuführen. Wenn du jedoch hier im Forum umherstöberst dann siehst du dass noch nie Probleme entstanden.
Gruss Swiss |
|
|
||
26.01.2009, 22:52
...neu hier
Themenstarter Beiträge: 4 |
#7
alles klar werds nachher gleich mal machen
|
|
|
||
vor drei tagen meldete antivir das vorhandensein von folgenden trojanern:
TR/Spy.82432.C
unter C:\System Volume Information\_restore{6B916A41-8485-4A6A-BC69-669605E696B1}\RP152\A0017147.exe
sowie C:\WINDOWS\system32\IEDFix.exe
TR/Punad.A
unter C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temp\xonerwmsca.tmp
TR/Dldr.Agent.axfw
unter C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temp\ocaxwenmsr.tmp
TR/Click.MRW
unter C:\System Volume Information\_restore{6B916A41-8485-4A6A-BC69-669605E696B1}\RP143\A0015470.exe
sowie C:\WINDOWS\system32\prunnet.exe
das löschen über "antivir" sowie "killbox" geht nicht,
das logfile von HJT zeigt in der online-auswertung nichts negatives,
über "google" fand sich auch nichts entsprechendes, daher wende ich mich nun vertrauensvoll an euch!
Daten des systems:
Windows XP home, SP2, internet über firefox
so,hoffe ich hab nix vergessen
Logfile of Trend Micro HiJackThis v2.0.2
Scan saved at 21:08:16, on 24.01.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Gemeinsame Dateien\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\slserv.exe
c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Java\jre6\bin\jusched.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9 CE.EXE
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Mousave\Mousave Daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Programme\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Skype\Phone\Skype.exe
C:\Programme\Skype\Plugin Manager\skypePM.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [urli]h**p://google.icq.com/search/search_frame.php[/url]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [urli]h**p://google.icq.com[/url]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\power\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.0.926. 3450\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugi n.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9 CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9 CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /M "Stylus Photo RX420" /EF "HKCU"
O4 - HKCU\..\Run: [Mousave Daemon] C:\Programme\Mousave\Mousave Daemon.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: wkcalrem.LNK = C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkCalRem.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\power\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\power\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Senden an &Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\power\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\power\Office12\ONBttnIE.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} (WMVHDRatingCtrl Class) - file://D:\components\wmvhdrating.ocx
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - [urli]h**p://acs.pandasoftware.com/activescan/as5free/asinst.cab[/url]
O17 - HKLM\System\CCS\Services\Tcpip\..\{E86DFE3C-4C8E-4FC2-9863-B38B09825404}: NameServer = 192.168.1.0
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\power\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodata Limited License Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programme\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
--
End of file - 8077 bytes