TR/Spy.Banker.Gen2 und TR/Offend.kdv.580984.1 und weitere Viren. Was tun ?

vfbjohn · 01.04.2012, 18:12

Hallo zusammen,
ich habe mir leider einen Trojaner eingefangen. So ein Banker Trojaner glaube ich. Ich habe mit dem Virus noch facebook und hotmail besucht. Die beiden Passwörter habe ich von einem anderen PC geändert. Soll ich auch Passwörter, wie zum beispiel vom online Banking ändern, obwohl ich das seither nicht genutzt habe ?
Außerdem habe ich noch Pokerstars genutzt. Kann der Trojaner darauf zugreifen?

Antivir hat folgende Viren festgestellt:
EXP/Pidief.cvh' [exploit]
EXP/CVE-2010-4452
TR/Crypt.XPACK.Gen2
TR/Crypt.XPACK.Gen
TR/Agent.4937432' [trojan]
'TR/Offend.kdv.580984.1' [trojan
TR/Spy.Banker.Gen2
ADWARE/Adware.Gen

Die beiden XPACK.Gen- Viren haben wohl irgendwas mit avast zu tun. Sie wurden in Temp/_avast_ gefunden und antivir hat das erkannt als ich avast installiert habe.

Der Trojaner hat wohl was mit den Toolbars und acroIEhelpe zu tun. Diese Sachen habe ich gelöscht. Aber ich glaube die tauchen wieder auf.

DSS Logfile und Attach, da es irgendwie nicht gespeichert werden konnte:
(habe avast deaktiviert, weil es DSS nicht ausführen lassen wollte.)
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_26
Run by Johannes Administrat at 19:01:04 on 2012-04-01
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3835.2457 [GMT 2:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Norton Internet Security *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Windows\SysWOW64\ezSharedSvcHost.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\Norton Internet Security\Engine\18.0.0.128\ccSvcHst.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
C:\Program Files\Realtek\RtVOsd\RtVOsd.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://startsear.ch/?aff=1
mStart Page = hxxp://startsear.ch/?aff=1
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO: Turnabout Helper: {87ff76f0-bca9-40dc-b1e5-254062eee8f4} - C:\Program Files (x86)\Reify Software\Turnabout\turnabout.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID-Anmelde-Hilfsprogramm: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO: Sopcast Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Reify Toolbar: {b99f805c-f0b1-48ea-8c8b-753bfcbed912} - C:\Program Files (x86)\Reify Software\Turnabout\turnabout.dll
TB: Sopcast Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - No File
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [<NO NAME>]
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: HideFastUserSwitching = 0 (0x0)
IE: An OneNote s&enden - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html
IE: Nach Microsoft E&xcel exportieren - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe
IE: {1C1CB5F8-D5A3-4FD9-876C-ECD2BDA32716} - {1C1CB5F8-D5A3-4FD9-876C-ECD2BDA32716} - C:\Program Files (x86)\Reify Software\Turnabout\turnabout.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{2A710800-73B9-4351-9498-99FA986DA0E0} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{2A710800-73B9-4351-9498-99FA986DA0E0}\140707C65602E4564777F627B602633603037393 : DhcpNameServer = 10.0.1.1
TCP: Interfaces\{2A710800-73B9-4351-9498-99FA986DA0E0}\4456661657C647 : DhcpNameServer = 194.25.2.129 192.168.0.1
TCP: Interfaces\{EEB8EAC9-FEEE-41BD-8735-FE65E71DF980} : DhcpNameServer = 192.168.2.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: data - {038664DA-5BA5-47FC-88D9-15ADE940ED55} -
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{72853161-30C5-4D22-B7F9-0BBC1D38A37E}
{87FF76F0-BCA9-40DC-B1E5-254062EEE8F4}
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{B4F3A835-0E21-4959-BA22-42B3008E02FF}
{D4027C7F-154A-4066-A1AD-4243D8127440}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
{B99F805C-F0B1-48EA-8C8B-753BFCBED912}
{D4027C7F-154A-4066-A1AD-4243D8127440}
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}
TB-X64: {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - No File
mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun-x64: [(Standard)]
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
IE-X64: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
IE-X64: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe
SEH-X64: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}: Groove GFS Stub Execution Hook
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Johannes Administrat\AppData\Roaming\Mozilla\Firefox\Profiles\s04faafs.default\
FF - prefs.js: browser.startup.homepage - hxxp://startsear.ch/?aff=1
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: keyword.URL - hxxp://startsear.ch/?aff=1&q=FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll
FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-11-5 98208]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AntiVirSchedulerService;Avira AntiVir Planer;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-1-6 136360]
R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-1-6 269480]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-4-1 44768]
R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
R2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe [2010-7-12 514232]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-6-18 103992]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-6-25 92216]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-6-29 27192]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\18.0.0.128\ccSvcHst.exe [2010-11-5 126904]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
R2 RtVOsdService;RtVOsdService Installer;C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [2010-4-19 315392]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atipmdag.sys --> C:\Windows\system32\DRIVERS\atipmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 GPU-Z;GPU-Z;C:\Users\JOHANN~1\AppData\Local\Temp\GPU-Z.sys [2011-11-1 27008]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TASCAM_US122144;TASCAM USB 2.0 Audio Device driver;C:\Windows\system32\Drivers\tascusb2.sys --> C:\Windows\system32\Drivers\tascusb2.sys [?]
S3 TASCAM_US122L_MIDI;TASCAM US-122L WDM MIDI Device;C:\Windows\system32\drivers\tscusb2m.sys --> C:\Windows\system32\drivers\tscusb2m.sys [?]
S3 TASCAM_US122L_WDM;TASCAM US-122L WDM;C:\Windows\system32\drivers\tscusb2a.sys --> C:\Windows\system32\drivers\tscusb2a.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 YMIDUSBW;Yamaha USB-MIDI Driver (WDM);C:\Windows\system32\drivers\ymidusbx64.sys --> C:\Windows\system32\drivers\ymidusbx64.sys [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S4 MSSQLServerADHelper100;SQL Server Hilfsdienst für Active Directory;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-21 61976]
S4 RsFx0103;RsFx0103 Driver;C:\Windows\system32\DRIVERS\RsFx0103.sys --> C:\Windows\system32\DRIVERS\RsFx0103.sys [?]
S4 SQLAgent$SQLEXPRESS;SQL Server-Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 427880]
.
=============== Created Last 30 ================
.
2012-04-01 14:41:58 53080 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2012-04-01 14:41:57 819032 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2012-04-01 14:41:56 69976 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2012-04-01 14:41:06 41184 ----a-w- C:\Windows\avastSS.scr
2012-04-01 14:40:49 -------- d-----w- C:\Program Files\AVAST Software
2012-03-31 15:49:41 750488 ----a-w- C:\Windows\System32\npdeployJava1.dll
2012-03-31 14:42:28 -------- d-----w- C:\Program Files\Unlocker
2012-03-30 12:11:07 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8A4F4B38-15B4-4BDD-A674-0234D15E21DD}\mpengine.dll
2012-03-26 14:30:12 -------- d-----w- C:\ProgramData\AVAST Software
2012-03-24 11:32:59 -------- d-----w- C:\Users\Johannes Administrat\AppData\Local\ElevatedDiagnostics
2012-03-15 22:41:48 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-15 22:41:47 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-15 22:41:47 3913584 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-14 16:10:44 696832 ----a-w- C:\Windows\System32\xvidcore.dll
2012-03-14 16:10:44 645632 ----a-w- C:\Windows\SysWow64\xvidcore.dll
2012-03-14 16:10:44 255488 ----a-w- C:\Windows\System32\xvidvfw.dll
2012-03-14 16:10:44 240640 ----a-w- C:\Windows\SysWow64\xvidvfw.dll
2012-03-14 16:10:44 173568 ----a-w- C:\Windows\System32\xvid.ax
2012-03-14 16:10:44 153088 ----a-w- C:\Windows\SysWow64\xvid.ax
2012-03-14 16:10:43 -------- d-----w- C:\Program Files (x86)\Xvid
2012-03-14 15:16:17 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-03-14 15:16:15 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-14 15:16:15 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-03-14 15:15:28 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-03-14 15:15:28 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-03-14 15:15:28 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-03-14 15:15:16 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-03-14 15:15:16 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-03-14 15:15:16 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-03-14 15:15:16 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-03-13 20:36:57 3610624 ----a-w- C:\Windows\System32\avisynth.dll
2012-03-13 20:36:57 2300928 ----a-w- C:\Windows\System32\DevIL.dll
2012-03-13 16:33:42 -------- d-----w- C:\Users\Johannes Administrat\AppData\Roaming\AVSEdit
2012-03-13 16:33:37 -------- d-----w- C:\Users\Johannes Administrat\AppData\Local\ApplicationHistory
2012-03-13 16:33:33 -------- d-----w- C:\Program Files (x86)\AVSEdit
2012-03-13 11:26:47 -------- d-----w- C:\Program Files (x86)\AviSynth 2.5
2012-03-12 21:38:13 -------- d-----w- C:\Windows\de
2012-03-12 21:15:44 18328 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-03-12 21:14:27 69464 ----a-w- C:\Windows\SysWow64\XAPOFX1_3.dll
2012-03-12 21:14:27 515416 ----a-w- C:\Windows\SysWow64\XAudio2_5.dll
2012-03-12 21:14:26 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll
2012-03-12 21:14:26 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll
2012-03-12 21:13:47 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\321c9981cd009502\DSETUP.dll
2012-03-12 21:13:47 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\321c9981cd009502\DXSETUP.exe
2012-03-12 21:13:47 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\321c9981cd009502\dsetup32.dll
2012-03-12 21:13:24 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\f40109b31cd009401\DSETUP.dll
2012-03-12 21:13:24 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\f40109b31cd009401\DXSETUP.exe
2012-03-12 21:13:24 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\f40109b31cd009401\dsetup32.dll
2012-03-12 21:11:27 -------- d-----w- C:\Users\Johannes Administrat\AppData\Local\Windows Live
.
==================== Find3M ====================
.
2012-03-31 15:49:26 660368 ----a-w- C:\Windows\System32\deployJava1.dll
2012-03-13 12:04:44 33280 ----a-w- C:\Windows\System32\HUFFYUV.DLL
2012-02-23 08:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-01-04 10:44:20 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-01-04 08:58:41 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
.
============= FINISH: 19:01:29,73 ===============

Attach:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 05.01.2011 17:37:57
System Uptime: 01.04.2012 18:45:06 (1 hours ago)
.
Motherboard: Hewlett-Packard | | 1604
Processor: AMD Athlon(tm) II P320 Dual-Core Processor | Socket S1G4 | 2100/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 216 GiB total, 124,128 GiB free.
D: is FIXED (NTFS) - 17 GiB total, 2,434 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP219: 25.03.2012 14:56:21 - Die Service Pack-Sicherungsdateien wurden entfernt.
RP220: 26.03.2012 16:29:48 - avast! Free Antivirus Setup
RP221: 27.03.2012 11:08:12 - Windows Update
RP222: 30.03.2012 14:09:43 - Windows Update
RP223: 31.03.2012 11:19:24 - Removed Adobe Reader 9.3 MUI.
RP224: 31.03.2012 11:23:44 - Removed Acrobat.com
RP225: 31.03.2012 11:31:07 - Windows Modules Installer
RP226: 31.03.2012 11:43:17 - avast! Free Antivirus Setup
RP228: 31.03.2012 17:49:08 - Installed Java(TM) 7 Update 3 (64-bit)
RP229: 01.04.2012 16:40:24 - avast! Free Antivirus Setup
.
==== Installed Programs ======================
.
7-Zip 9.20
Acrobat.com
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Community Help
Adobe Flash Player 10 ActiveX
Adobe Media Player
Adobe Photoshop CS5
Adobe Reader X (10.1.2) - Deutsch
Adobe Shockwave Player 11.5
AMD USB Filter Driver
Ask Toolbar
Audacity 1.2.6
avast! Free Antivirus
Avira AntiVir Personal - Free Antivirus
AviSynth 2.5
AVS Audio Converter version 7
AVS4YOU Software Navigator 1.4
AVSEdit 1.1.1.3
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Compressed Help System (Version 1.0.0.8)
CyberLink YouCam
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
ESU for Microsoft Windows 7
Finale PrintMusic 2006
Google Earth
Governor of Poker 2 Deluxe 1.00
HP Advisor
HP Customer Experience Enhancements
HP Power Manager
HP Quick Launch
HP Setup
HP Software Framework
HP Support Assistant
HPAsset component for HP Active Support Library
Icy Tower v1.5
Java Auto Updater
Java(TM) 6 Update 26
Junk Mail filter update
KoFuMa 25
LabelPrint
LightScribe Applications
LightScribe System Software
Microsoft .NET Framework 1.1
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (German) 2010
Microsoft Office Excel MUI (German) 2010
Microsoft Office Groove MUI (German) 2010
Microsoft Office InfoPath MUI (German) 2010
Microsoft Office OneNote MUI (German) 2010
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (German) 2010
Microsoft Office PowerPoint MUI (German) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (German) 2010
Microsoft Office Proof (Italian) 2010
Microsoft Office Proofing (German) 2010
Microsoft Office Publisher MUI (German) 2010
Microsoft Office Shared MUI (German) 2010
Microsoft Office Word MUI (German) 2010
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server Compact 3.5 SP2 DEU
Microsoft SQL Server System CLR Types
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Mozilla Firefox 7.0.1 (x86 de)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NBA 2K10
Norton Internet Security
Norton Online Backup
PDF Settings CS5
PokerStars
PokerStars.net
Power2Go
PowerDirector
QuickTime
Realtek Ethernet Controller Driver For Windows 7
Realtek High Definition Audio Driver
Recovery Manager
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition
Skype™ 4.2
SopCast 3.3.2
Steinberg Cubase LE
Synthesia (remove only)
TinyCAD 2.60.01
Tunatic
Turnabout IE Plugin
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
Update for Microsoft Outlook Social Connector (KB2583935)
Veetle TV 0.9.18
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU
Windows Live Communications Platform
Windows Live Essentials
Windows Live Fotogalerie
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
XnView 1.97.8
Xvid Video Codec
YouTube Downloader 3.3
.
==== End Of File ===========================

Könnt ihr mir weiterhelfen, wie ich vorgehen soll ? Ich habe keine Ahnung.

Danke.

markusg · 01.04.2012, 20:40

wieso eröffnest du mehrere themen.

vfbjohn · 01.04.2012, 21:07

Sorry, zuerst habe ich ein Thema bei der Logfile-Analyse erstellt. Da gehört das ja aber nicht hin. Dann hab ich es bei Virenbekämpfung reingstellt und wollte das andere löschen. Hab aber nicht herausgefunden wie das geht.
Und dann ist mir aufgefallen, dass ich gar nicht das HijackThis logfile posten soll, deswegen hab ich nochmal eines erstellt. Also die anderen 2 können gelöscht werden.
Wäre trotzdem nett, wenn du mir helfen könntest

01.04.2012, 20:40	#2
markusg /// Malware-holic	TR/Spy.Banker.Gen2 und TR/Offend.kdv.580984.1 und weitere Viren. Was tun ? wieso eröffnest du mehrere themen. __________________ __________________

TR/Spy.Banker.Gen2 und TR/Offend.kdv.580984.1 und weitere Viren. Was tun ?

Mülltonne: TR/Spy.Banker.Gen2 und TR/Offend.kdv.580984.1 und weitere Viren. Was tun ?