| |
| |||||||
Log-Analyse und Auswertung: Trojaner / Malware D9HFA80SEj1YyE.exe und QkMNyhGuJTxqPg.exeWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
19.03.2012, 22:50
| #1 |
| |  Trojaner / Malware D9HFA80SEj1YyE.exe und QkMNyhGuJTxqPg.exe Sehr geehrte Cracks, ich hoffe das ich bei euch hilfe finden kann... Ich muss sagen das ich das erste mal mit so etwas großem zu tun habe. Anscheinend ist dieser Trojaner nicht wirklich schädlich. "Wenn mein Antivirusprogramm nicht wäre der die Malware kickt " Es versteckt wahllos Dateien. Lässt sich nicht schliessen. Schliesst immer wieder den Taskmanager und zaubert mir lauter tolle Dinge auf dem Desktop der mich total panisch machen soll. (Siehe Bilder im Anhang) Ich bin zwar in der Vergangenheit eigentlich nie am eigenen Rechner mit so etwas in Kontakt gekommen. Aber das überfordert mich schon etwas. Auf jeden Fall habe ich die Programme, die für die Party verantwortlich sind gefunden, kann sie aber ums verrecken nicht löschen, oder beenden. Ich habe die Dateien im Anhang unter txt, die laut Anweisung für das Posting wichtig sind. Hinzu habe ich noch einmal die Internetadresse aufgeschrieben von der ich mir den Schnupfen geholt habe. Ich hoffe das jemand Rat hat. hier die dds.txt Hinter den Ausrufezeichen stehen die beiden Programme, die anscheinend verantwortlich sind: .DDS Logfile: Code:
ATTFilter DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by RK at 22:20:16 on 2012-03-19
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.8104.5519 [GMT 1:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\System32\spoolsv.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
C:\ProgramData\QkMNyhGuJTxqPg.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\ProgramData\D9HFA80SEj1YyE.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe
C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
c:\xampp\mysql\bin\mysqld.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\windows\system32\hkcmd.exe
C:\windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\windows\system32\igfxtray.exe
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
C:\windows\system32\igfxpers.exe
C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\windows\system32\igfxext.exe
C:\windows\system32\igfxsrvc.exe
C:\windows\System32\alg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\windows\system32\DllHost.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://start.funmoods.com/?f=1&a=ddrnw
uDefault_Page_URL = hxxp://samsung.msn.com
mStart Page = hxxp://samsung.msn.com
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Samsung BHO Class: {aa609d72-8482-4076-8991-8cdae5b93bcb} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
uRun: [AdobeBridge]
uRun: [QkMNyhGuJTxqPg.exe] C:\ProgramData\QkMNyhGuJTxqPg.exe
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [<NO NAME>]
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
StartupFolder: C:\Users\RK\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: Nach Microsoft &Excel exportieren - C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {328ECD19-C167-40eb-A0C7-16FE7634105E} - {94BB0C4C-B957-479A-85E4-42F53B89F681} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{144F6007-E155-4EF5-9D9C-48C4662A3F7E} : DhcpNameServer = 10.129.32.1 10.111.81.129
TCP: Interfaces\{218725BE-FDF7-4491-BFCE-3CEEEAF8F173} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{218725BE-FDF7-4491-BFCE-3CEEEAF8F173}\2456C6B696E6F5E4F575962756C6563737F5531333366383 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{D94EED4C-C5F9-46A6-8546-A76E3F4A406E} : DhcpNameServer = 139.7.30.126 139.7.30.125
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: C:\windows\SysWOW64\nvinit.dll
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{326E768D-4182-46FD-9C16-1449A49795F4}
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{AA609D72-8482-4076-8991-8CDAE5B93BCB}
{AE7CD045-E861-484f-8273-0445EE161910}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
{F4971EE7-DAA0-4053-9964-665D8EE6A077}
{47833539-D0C5-4125-9FA8-0819E2EAAC93}
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [(Standard)]
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
AppInit_DLLs-X64: C:\windows\SysWOW64\nvinit.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\RK\AppData\Roaming\Mozilla\Firefox\Profiles\2sg4e0pw.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.youtube.com/?gl=DE&hl=de
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\RK\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=100789
FF - user.js: extensions.BabylonToolbar_i.babExt - somoto
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 4eb0c9e900000000000078929c45304c
FF - user.js: extensions.BabylonToolbar_i.hardId - 4eb0c9e900000000000078929c45304c
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15330
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1716:15:41
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb5
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: extensions.funmoods_i.hmpg - true
FF - user.js: extensions.funmoods_i.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=ddrnw
FF - user.js: extensions.funmoods_i.dfltSrch - true
FF - user.js: extensions.funmoods_i.srchPrvdr - Search
FF - user.js: extensions.funmoods_i.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods_i.newTabUrl - hxxp://start.funmoods.com/?f=2&a=ddrnw
FF - user.js: extensions.funmoods_i.tlbrSrchUrl - hxxp://start.funmoods.com/results.php?f=3&a=ddrnw&q=
FF - user.js: extensions.funmoods_i.id - 4eb0c9e900000000000078929c45304c
FF - user.js: extensions.funmoods_i.instlDay - 15374
FF - user.js: extensions.funmoods_i.vrsn - 1.5.11.16
FF - user.js: extensions.funmoods_i.vrsni - 1.5.11.16
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.11.1620:30:18
FF - user.js: extensions.funmoods_i.prtnrId - funmoods
FF - user.js: extensions.funmoods_i.prdct - funmoods
FF - user.js: extensions.funmoods_i.aflt - ddrnw
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods_i.tlbrId - base
FF - user.js: extensions.funmoods_i.instlRef -
FF - user.js: extensions.funmoods_i.dfltLng -
FF - user.js: extensions.funmoods_i.excTlbr - false
.
============= SERVICES / DRIVERS ===============
.
R0 nvpciflt;nvpciflt;C:\windows\system32\DRIVERS\nvpciflt.sys --> C:\windows\system32\DRIVERS\nvpciflt.sys [?]
R0 PxHlpa64;PxHlpa64;C:\windows\system32\Drivers\PxHlpa64.sys --> C:\windows\system32\Drivers\PxHlpa64.sys [?]
R1 aswSnx;aswSnx;C:\windows\system32\drivers\aswSnx.sys --> C:\windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\windows\system32\drivers\aswSP.sys --> C:\windows\system32\drivers\aswSP.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\windows\system32\DRIVERS\dtsoftbus01.sys --> C:\windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 SABI;SAMSUNG Kernel Driver For Windows 7;\??\C:\windows\system32\Drivers\SABI.sys --> C:\windows\system32\Drivers\SABI.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 aswFsBlk;aswFsBlk;C:\windows\system32\drivers\aswFsBlk.sys --> C:\windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\windows\system32\drivers\aswMonFlt.sys --> C:\windows\system32\drivers\aswMonFlt.sys [?]
R2 DragonSvc;Dragon Service;C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe [2011-6-4 296808]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-2-28 2343816]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-11-13 2253120]
R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-10-30 2228008]
R2 TurboB;Turbo Boost UI Monitor driver;C:\windows\system32\DRIVERS\TurboB.sys --> C:\windows\system32\DRIVERS\TurboB.sys [?]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-9-7 2656536]
R2 VMCService;Vodafone Mobile Connect Service;C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2009-4-20 9216]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\windows\system32\DRIVERS\clwvd.sys --> C:\windows\system32\DRIVERS\clwvd.sys [?]
R3 ETD;ELAN PS/2 Port Input Device;C:\windows\system32\DRIVERS\ETD.sys --> C:\windows\system32\DRIVERS\ETD.sys [?]
R3 IntcDAud;Intel(R) Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]
R3 MEIx64;Intel(R) Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]
R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\windows\system32\DRIVERS\NETwNs64.sys --> C:\windows\system32\DRIVERS\NETwNs64.sys [?]
S2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-3-16 44768]
S2 CLKMSVC10_38F51D56;CyberLink Product - 2011/09/07 11:26:52;C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2011-4-20 241648]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]
S3 massfilter;ZTE Mass Storage Filter Driver;C:\windows\system32\DRIVERS\massfilter.sys --> C:\windows\system32\DRIVERS\massfilter.sys [?]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\windows\system32\DRIVERS\netaapl64.sys --> C:\windows\system32\DRIVERS\netaapl64.sys [?]
S3 npggsvc;nProtect GameGuard Service;C:\windows\system32\GameMon.des -service --> C:\windows\system32\GameMon.des -service [?]
S3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
S3 Samsung UPD Service;Samsung UPD Service;"C:\windows\System32\SUPDSvc.exe" --> C:\windows\System32\SUPDSvc.exe [?]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?]
S3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-10-8 150016]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]
S3 ZTEusbnet;ZTE USB-NDIS miniport;C:\windows\system32\DRIVERS\ZTEusbnet.sys --> C:\windows\system32\DRIVERS\ZTEusbnet.sys [?]
S3 ZTEusbvoice;ZTE VoUSB Port;C:\windows\system32\DRIVERS\ZTEusbvoice.sys --> C:\windows\system32\DRIVERS\ZTEusbvoice.sys [?]
S4 MSSQLServerADHelper100;SQL Server Hilfsdienst für Active Directory;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-21 61976]
S4 RsFx0105;RsFx0105 Driver;C:\windows\system32\DRIVERS\RsFx0105.sys --> C:\windows\system32\DRIVERS\RsFx0105.sys [?]
S4 SQLAgent$SQLEXPRESS;SQL Server-Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-9-22 431464]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-03-19 21:13:38 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F193FE5E-D602-439F-85D6-A72DDE9F3B23}\offreg.dll
!!!! 2012-03-19 20:39:55 353792 ---ha-w- C:\ProgramData\D9HFA80SEj1YyE.exe
!!!! 2012-03-19 20:34:46 453120 ---ha-w- C:\ProgramData\QkMNyhGuJTxqPg.exe
2012-03-18 15:25:38 -------- d--h--w- C:\Users\RK\AppData\Roaming\IrfanView
2012-03-18 15:25:38 -------- d-----w- C:\Program Files (x86)\IrfanView
2012-03-18 09:45:49 592824 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-18 09:45:49 44472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
2012-03-17 16:46:18 -------- d--h--w- C:\Users\RK\AppData\Roaming\OpenCube Inc
2012-03-17 16:46:18 -------- d--h--w- C:\Users\RK\AppData\Local\OpenCube Inc
2012-03-17 16:46:11 -------- d-----w- C:\Program Files (x86)\OpenCube
2012-03-17 09:36:08 5559152 ----a-w- C:\windows\System32\ntoskrnl.exe
2012-03-17 09:36:07 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2012-03-17 09:36:07 3913584 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2012-03-16 17:53:42 8643640 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F193FE5E-D602-439F-85D6-A72DDE9F3B23}\mpengine.dll
2012-03-16 17:53:14 3145728 ----a-w- C:\windows\System32\win32k.sys
2012-03-16 17:53:11 1544192 ----a-w- C:\windows\System32\DWrite.dll
2012-03-16 17:53:11 1077248 ----a-w- C:\windows\SysWow64\DWrite.dll
2012-03-16 17:52:52 9216 ----a-w- C:\windows\System32\rdrmemptylst.exe
2012-03-16 17:52:52 77312 ----a-w- C:\windows\System32\rdpwsx.dll
2012-03-16 17:52:52 149504 ----a-w- C:\windows\System32\rdpcorekmts.dll
2012-03-16 17:52:51 826880 ----a-w- C:\windows\SysWow64\rdpcore.dll
2012-03-16 17:52:51 23552 ----a-w- C:\windows\System32\drivers\tdtcp.sys
2012-03-16 17:52:51 210944 ----a-w- C:\windows\System32\drivers\rdpwd.sys
2012-03-16 17:52:51 1031680 ----a-w- C:\windows\System32\rdpcore.dll
2012-03-07 21:48:00 -------- d--h--w- C:\Users\RK\AppData\Local\4A Games
2012-03-07 20:20:42 -------- d-----w- C:\Program Files (x86)\METRO 2033
2012-03-07 18:16:46 162664 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin
2012-03-07 17:52:23 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi
2012-03-07 14:11:28 -------- d-----w- C:\Program Files (x86)\ElcomSoft
2012-03-05 17:38:31 -------- d-----w- C:\Program Files (x86)\Stanza
2012-03-04 12:45:39 -------- d--h--w- C:\java
2012-03-04 12:43:09 -------- d--h--w- C:\Users\RK\workspace
2012-03-04 12:31:52 -------- d--h--w- C:\Users\RK\.eclipse
2012-03-04 11:19:11 -------- d--h--w- C:\Users\RK\Helloworld
2012-03-04 11:18:33 -------- d--h--w- C:\Users\RK\.netbeans
2012-03-04 11:10:10 -------- d--h--w- C:\temp
2012-03-04 11:05:17 -------- d-----w- C:\Program Files (x86)\netbeans-5.5
2012-02-24 20:19:57 53080 ----a-w- C:\windows\System32\drivers\aswRdr2.sys
2012-02-22 19:53:22 -------- d--h--w- C:\Users\RK\AppData\Local\Apps
2012-02-22 19:53:06 8192 ---ha-r- C:\Users\RK\AppData\Roaming\Microsoft\Installer\{4BB8601D-52FF-48BA-B979-53264B2E6EF9}\Icon6C1B9D8F.exe
2012-02-22 19:53:04 -------- d-----w- C:\Program Files (x86)\toolstarFRPRO
2012-02-19 09:12:35 -------- d--h--w- C:\Users\RK\AppData\Local\Aspyr
2012-02-19 07:23:29 -------- d-----w- C:\Program Files (x86)\Activision
.
==================== Find3M ====================
.
2012-03-07 00:15:19 41184 ----a-w- C:\windows\avastSS.scr
2012-03-07 00:04:06 819032 ----a-w- C:\windows\System32\drivers\aswSnx.sys
2012-03-07 00:01:52 69976 ----a-w- C:\windows\System32\drivers\aswMonFlt.sys
2012-02-23 08:18:36 279656 ------w- C:\windows\System32\MpSigStub.exe
2012-02-18 15:06:16 414368 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-27 20:50:26 807832 ----a-w- C:\windows\System32\npDeployJava1.dll
2012-01-27 20:50:26 688016 ----a-w- C:\windows\System32\deployJava1.dll
2012-01-08 12:54:06 120320 ----a-w- C:\windows\SysWow64\drivers\SSHDRV65.sys
2012-01-07 08:44:17 310728 ----a-w- C:\windows\System32\drivers\atksgt.sys
2012-01-07 08:12:41 42696 ----a-w- C:\windows\System32\drivers\lirsgt.sys
2012-01-04 10:44:20 509952 ----a-w- C:\windows\System32\ntshrui.dll
2012-01-04 08:58:41 442880 ----a-w- C:\windows\SysWow64\ntshrui.dll
2011-12-30 06:26:08 515584 ----a-w- C:\windows\System32\timedate.cpl
2011-12-30 05:27:56 478720 ----a-w- C:\windows\SysWow64\timedate.cpl
2011-12-29 11:23:10 279616 ----a-w- C:\windows\System32\drivers\dtsoftbus01.sys
2011-12-28 03:59:24 498688 ----a-w- C:\windows\System32\drivers\afd.sys
.
============= FINISH: 22:20:38,44 ===============
Problem gelöst! Erstens: Die Programme waren ein Rouge.FakedFullHdd und ein Rouge.FakedErrHDD Folgendermaßen bin ich vorgegangen: Malwarebytes runtergeladen. Vollanalyse machen lassen. Schädlinge löschen lassen und einmal alle Systemordner wieder den Haken bei "Versteckt" rausgenommen. Wenn man das Global unter C: macht mit den versteckten Ordnern, dann dauert das ca. 15 minuten. Kenne keine andere lösung. Ich hoffe nur das ich auch anderen helfen kann die in etwa das gleiche Problem haben. |
|
20.03.2012, 18:27
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Trojaner / Malware D9HFA80SEj1YyE.exe und QkMNyhGuJTxqPg.exe So einfach löst man die Probleme nicht! Man muss auch noch viele andere Bereiche abklopfen, mit Malwarebytes allein geht das nicht!
__________________Poste erstmal ALLE Logs von Malwarebytes! Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ |
|
| Themen zu Trojaner / Malware D9HFA80SEj1YyE.exe und QkMNyhGuJTxqPg.exe |
| adobe, avast, defender, desktop, erste mal, explorer, firefox, home, monitor, mozilla, notification, nvidia update, nvpciflt.sys, pando media booster, pdf, plug-in, program data, realtek, rouge.fakederrhdd, rouge.fakedfullhdd, security, server, software, svchost.exe, system, taskmanager, trojaner, trojaner / malware d9hfa80sej1yye.exe und qkmnyhgujtxqpg.exe, verstecken, vodafone, windows, windows 7 home, windows 7 home premium |
Linear-Darstellung
