|
Mülltonne: TR/Spy.Banker.Gen2 und TR/Offend.kdv.580984.1 und weitere Viren. Was tun ?Windows 7 Beiträge, die gegen unsere Regeln verstoßen haben, solche, die die Welt nicht braucht oder sonstiger Müll landet hier in der Mülltonne... |
01.04.2012, 18:12 | #1 |
| TR/Spy.Banker.Gen2 und TR/Offend.kdv.580984.1 und weitere Viren. Was tun ? Hallo zusammen, ich habe mir leider einen Trojaner eingefangen. So ein Banker Trojaner glaube ich. Ich habe mit dem Virus noch facebook und hotmail besucht. Die beiden Passwörter habe ich von einem anderen PC geändert. Soll ich auch Passwörter, wie zum beispiel vom online Banking ändern, obwohl ich das seither nicht genutzt habe ? Außerdem habe ich noch Pokerstars genutzt. Kann der Trojaner darauf zugreifen? Antivir hat folgende Viren festgestellt: EXP/Pidief.cvh' [exploit] EXP/CVE-2010-4452 TR/Crypt.XPACK.Gen2 TR/Crypt.XPACK.Gen TR/Agent.4937432' [trojan] 'TR/Offend.kdv.580984.1' [trojan TR/Spy.Banker.Gen2 ADWARE/Adware.Gen Die beiden XPACK.Gen- Viren haben wohl irgendwas mit avast zu tun. Sie wurden in Temp/_avast_ gefunden und antivir hat das erkannt als ich avast installiert habe. Der Trojaner hat wohl was mit den Toolbars und acroIEhelpe zu tun. Diese Sachen habe ich gelöscht. Aber ich glaube die tauchen wieder auf. DSS Logfile und Attach, da es irgendwie nicht gespeichert werden konnte: (habe avast deaktiviert, weil es DSS nicht ausführen lassen wollte.) . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_26 Run by Johannes Administrat at 19:01:04 on 2012-04-01 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3835.2457 [GMT 2:00] . AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} AV: Norton Internet Security *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855} AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A} SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8} FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\atieclxx.exe C:\Windows\system32\WLANExt.exe C:\Windows\system32\conhost.exe C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Windows\System32\spoolsv.exe C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe C:\Windows\SysWOW64\ezSharedSvcHost.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe C:\Program Files (x86)\Norton Internet Security\Engine\18.0.0.128\ccSvcHst.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe C:\Windows\system32\conhost.exe C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\DllHost.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe C:\Program Files\Realtek\RtVOsd\RtVOsd.exe C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://startsear.ch/?aff=1 mStart Page = hxxp://startsear.ch/?aff=1 uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL BHO: Turnabout Helper: {87ff76f0-bca9-40dc-b1e5-254062eee8f4} - C:\Program Files (x86)\Reify Software\Turnabout\turnabout.dll BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll BHO: Windows Live ID-Anmelde-Hilfsprogramm: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL BHO: Sopcast Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: Reify Toolbar: {b99f805c-f0b1-48ea-8c8b-753bfcbed912} - C:\Program Files (x86)\Reify Software\Turnabout\turnabout.dll TB: Sopcast Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll TB: {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - No File mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min mRun: [<NO NAME>] mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: HideFastUserSwitching = 0 (0x0) IE: An OneNote s&enden - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 IE: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html IE: Nach Microsoft E&xcel exportieren - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe IE: {1C1CB5F8-D5A3-4FD9-876C-ECD2BDA32716} - {1C1CB5F8-D5A3-4FD9-876C-ECD2BDA32716} - C:\Program Files (x86)\Reify Software\Turnabout\turnabout.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{2A710800-73B9-4351-9498-99FA986DA0E0} : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{2A710800-73B9-4351-9498-99FA986DA0E0}\140707C65602E4564777F627B602633603037393 : DhcpNameServer = 10.0.1.1 TCP: Interfaces\{2A710800-73B9-4351-9498-99FA986DA0E0}\4456661657C647 : DhcpNameServer = 194.25.2.129 192.168.0.1 TCP: Interfaces\{EEB8EAC9-FEEE-41BD-8735-FE65E71DF980} : DhcpNameServer = 192.168.2.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL Handler: data - {038664DA-5BA5-47FC-88D9-15ADE940ED55} - Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe" {18DF081C-E8AD-4283-A596-FA578C2EBDC3} {72853161-30C5-4D22-B7F9-0BBC1D38A37E} {87FF76F0-BCA9-40DC-B1E5-254062EEE8F4} {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} {9030D464-4C02-4ABF-8ECC-5164760863C6} {B4F3A835-0E21-4959-BA22-42B3008E02FF} {D4027C7F-154A-4066-A1AD-4243D8127440} {DBC80044-A445-435b-BC74-9C25C1C588A9} {B99F805C-F0B1-48EA-8C8B-753BFCBED912} {D4027C7F-154A-4066-A1AD-4243D8127440} {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} TB-X64: {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - No File mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min mRun-x64: [(Standard)] mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui IE-X64: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe IE-X64: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe SEH-X64: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}: Groove GFS Stub Execution Hook . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Johannes Administrat\AppData\Roaming\Mozilla\Firefox\Profiles\s04faafs.default\ FF - prefs.js: browser.startup.homepage - hxxp://startsear.ch/?aff=1 FF - prefs.js: browser.search.selectedEngine - Web Search FF - prefs.js: keyword.URL - hxxp://startsear.ch/?aff=1&q=FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll . ============= SERVICES / DRIVERS =============== . R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?] R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928] R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-11-5 98208] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?] R2 AntiVirSchedulerService;Avira AntiVir Planer;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-1-6 136360] R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-1-6 269480] R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?] R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?] R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-4-1 44768] R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?] R2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe [2010-7-12 514232] R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-6-18 103992] R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-6-25 92216] R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-6-29 27192] R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\18.0.0.128\ccSvcHst.exe [2010-11-5 126904] R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568] R2 RtVOsdService;RtVOsdService Installer;C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [2010-4-19 315392] R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atipmdag.sys --> C:\Windows\system32\DRIVERS\atipmdag.sys [?] R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 GPU-Z;GPU-Z;C:\Users\JOHANN~1\AppData\Local\Temp\GPU-Z.sys [2011-11-1 27008] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880] S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?] S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?] S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?] S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096] S3 TASCAM_US122144;TASCAM USB 2.0 Audio Device driver;C:\Windows\system32\Drivers\tascusb2.sys --> C:\Windows\system32\Drivers\tascusb2.sys [?] S3 TASCAM_US122L_MIDI;TASCAM US-122L WDM MIDI Device;C:\Windows\system32\drivers\tscusb2m.sys --> C:\Windows\system32\drivers\tscusb2m.sys [?] S3 TASCAM_US122L_WDM;TASCAM US-122L WDM;C:\Windows\system32\drivers\tscusb2a.sys --> C:\Windows\system32\drivers\tscusb2a.sys [?] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 YMIDUSBW;Yamaha USB-MIDI Driver (WDM);C:\Windows\system32\drivers\ymidusbx64.sys --> C:\Windows\system32\drivers\ymidusbx64.sys [?] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?] S4 MSSQLServerADHelper100;SQL Server Hilfsdienst für Active Directory;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-21 61976] S4 RsFx0103;RsFx0103 Driver;C:\Windows\system32\DRIVERS\RsFx0103.sys --> C:\Windows\system32\DRIVERS\RsFx0103.sys [?] S4 SQLAgent$SQLEXPRESS;SQL Server-Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 427880] . =============== Created Last 30 ================ . 2012-04-01 14:41:58 53080 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys 2012-04-01 14:41:57 819032 ----a-w- C:\Windows\System32\drivers\aswSnx.sys 2012-04-01 14:41:56 69976 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys 2012-04-01 14:41:06 41184 ----a-w- C:\Windows\avastSS.scr 2012-04-01 14:40:49 -------- d-----w- C:\Program Files\AVAST Software 2012-03-31 15:49:41 750488 ----a-w- C:\Windows\System32\npdeployJava1.dll 2012-03-31 14:42:28 -------- d-----w- C:\Program Files\Unlocker 2012-03-30 12:11:07 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8A4F4B38-15B4-4BDD-A674-0234D15E21DD}\mpengine.dll 2012-03-26 14:30:12 -------- d-----w- C:\ProgramData\AVAST Software 2012-03-24 11:32:59 -------- d-----w- C:\Users\Johannes Administrat\AppData\Local\ElevatedDiagnostics 2012-03-15 22:41:48 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-03-15 22:41:47 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-03-15 22:41:47 3913584 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-03-14 16:10:44 696832 ----a-w- C:\Windows\System32\xvidcore.dll 2012-03-14 16:10:44 645632 ----a-w- C:\Windows\SysWow64\xvidcore.dll 2012-03-14 16:10:44 255488 ----a-w- C:\Windows\System32\xvidvfw.dll 2012-03-14 16:10:44 240640 ----a-w- C:\Windows\SysWow64\xvidvfw.dll 2012-03-14 16:10:44 173568 ----a-w- C:\Windows\System32\xvid.ax 2012-03-14 16:10:44 153088 ----a-w- C:\Windows\SysWow64\xvid.ax 2012-03-14 16:10:43 -------- d-----w- C:\Program Files (x86)\Xvid 2012-03-14 15:16:17 3145728 ----a-w- C:\Windows\System32\win32k.sys 2012-03-14 15:16:15 1544192 ----a-w- C:\Windows\System32\DWrite.dll 2012-03-14 15:16:15 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll 2012-03-14 15:15:28 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe 2012-03-14 15:15:28 77312 ----a-w- C:\Windows\System32\rdpwsx.dll 2012-03-14 15:15:28 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll 2012-03-14 15:15:16 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll 2012-03-14 15:15:16 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys 2012-03-14 15:15:16 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys 2012-03-14 15:15:16 1031680 ----a-w- C:\Windows\System32\rdpcore.dll 2012-03-13 20:36:57 3610624 ----a-w- C:\Windows\System32\avisynth.dll 2012-03-13 20:36:57 2300928 ----a-w- C:\Windows\System32\DevIL.dll 2012-03-13 16:33:42 -------- d-----w- C:\Users\Johannes Administrat\AppData\Roaming\AVSEdit 2012-03-13 16:33:37 -------- d-----w- C:\Users\Johannes Administrat\AppData\Local\ApplicationHistory 2012-03-13 16:33:33 -------- d-----w- C:\Program Files (x86)\AVSEdit 2012-03-13 11:26:47 -------- d-----w- C:\Program Files (x86)\AviSynth 2.5 2012-03-12 21:38:13 -------- d-----w- C:\Windows\de 2012-03-12 21:15:44 18328 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2012-03-12 21:14:27 69464 ----a-w- C:\Windows\SysWow64\XAPOFX1_3.dll 2012-03-12 21:14:27 515416 ----a-w- C:\Windows\SysWow64\XAudio2_5.dll 2012-03-12 21:14:26 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll 2012-03-12 21:14:26 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll 2012-03-12 21:13:47 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\321c9981cd009502\DSETUP.dll 2012-03-12 21:13:47 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\321c9981cd009502\DXSETUP.exe 2012-03-12 21:13:47 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\321c9981cd009502\dsetup32.dll 2012-03-12 21:13:24 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\f40109b31cd009401\DSETUP.dll 2012-03-12 21:13:24 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\f40109b31cd009401\DXSETUP.exe 2012-03-12 21:13:24 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\f40109b31cd009401\dsetup32.dll 2012-03-12 21:11:27 -------- d-----w- C:\Users\Johannes Administrat\AppData\Local\Windows Live . ==================== Find3M ==================== . 2012-03-31 15:49:26 660368 ----a-w- C:\Windows\System32\deployJava1.dll 2012-03-13 12:04:44 33280 ----a-w- C:\Windows\System32\HUFFYUV.DLL 2012-02-23 08:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe 2012-01-04 10:44:20 509952 ----a-w- C:\Windows\System32\ntshrui.dll 2012-01-04 08:58:41 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll . ============= FINISH: 19:01:29,73 =============== Attach: . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 05.01.2011 17:37:57 System Uptime: 01.04.2012 18:45:06 (1 hours ago) . Motherboard: Hewlett-Packard | | 1604 Processor: AMD Athlon(tm) II P320 Dual-Core Processor | Socket S1G4 | 2100/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 216 GiB total, 124,128 GiB free. D: is FIXED (NTFS) - 17 GiB total, 2,434 GiB free. E: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP219: 25.03.2012 14:56:21 - Die Service Pack-Sicherungsdateien wurden entfernt. RP220: 26.03.2012 16:29:48 - avast! Free Antivirus Setup RP221: 27.03.2012 11:08:12 - Windows Update RP222: 30.03.2012 14:09:43 - Windows Update RP223: 31.03.2012 11:19:24 - Removed Adobe Reader 9.3 MUI. RP224: 31.03.2012 11:23:44 - Removed Acrobat.com RP225: 31.03.2012 11:31:07 - Windows Modules Installer RP226: 31.03.2012 11:43:17 - avast! Free Antivirus Setup RP228: 31.03.2012 17:49:08 - Installed Java(TM) 7 Update 3 (64-bit) RP229: 01.04.2012 16:40:24 - avast! Free Antivirus Setup . ==== Installed Programs ====================== . 7-Zip 9.20 Acrobat.com ActiveCheck component for HP Active Support Library Adobe AIR Adobe Community Help Adobe Flash Player 10 ActiveX Adobe Media Player Adobe Photoshop CS5 Adobe Reader X (10.1.2) - Deutsch Adobe Shockwave Player 11.5 AMD USB Filter Driver Ask Toolbar Audacity 1.2.6 avast! Free Antivirus Avira AntiVir Personal - Free Antivirus AviSynth 2.5 AVS Audio Converter version 7 AVS4YOU Software Navigator 1.4 AVSEdit 1.1.1.3 Catalyst Control Center - Branding Catalyst Control Center Core Implementation Catalyst Control Center Graphics Full Existing Catalyst Control Center Graphics Full New Catalyst Control Center Graphics Light Catalyst Control Center Graphics Previews Common Catalyst Control Center Graphics Previews Vista Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-core-static CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish Compressed Help System (Version 1.0.0.8) CyberLink YouCam D3DX10 Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition ESU for Microsoft Windows 7 Finale PrintMusic 2006 Google Earth Governor of Poker 2 Deluxe 1.00 HP Advisor HP Customer Experience Enhancements HP Power Manager HP Quick Launch HP Setup HP Software Framework HP Support Assistant HPAsset component for HP Active Support Library Icy Tower v1.5 Java Auto Updater Java(TM) 6 Update 26 Junk Mail filter update KoFuMa 25 LabelPrint LightScribe Applications LightScribe System Software Microsoft .NET Framework 1.1 Microsoft .NET Framework 4 Multi-Targeting Pack Microsoft Application Error Reporting Microsoft Office 2010 Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (German) 2010 Microsoft Office Excel MUI (German) 2010 Microsoft Office Groove MUI (German) 2010 Microsoft Office InfoPath MUI (German) 2010 Microsoft Office OneNote MUI (German) 2010 Microsoft Office Outlook Connector Microsoft Office Outlook MUI (German) 2010 Microsoft Office PowerPoint MUI (German) 2010 Microsoft Office Professional Plus 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (German) 2010 Microsoft Office Proof (Italian) 2010 Microsoft Office Proofing (German) 2010 Microsoft Office Publisher MUI (German) 2010 Microsoft Office Shared MUI (German) 2010 Microsoft Office Word MUI (German) 2010 Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft SQL Server 2008 Browser Microsoft SQL Server 2008 R2 Management Objects Microsoft SQL Server Compact 3.5 SP2 DEU Microsoft SQL Server System CLR Types Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools Microsoft_VC80_ATL_x86 Microsoft_VC80_CRT_x86 Microsoft_VC80_MFC_x86 Microsoft_VC80_MFCLOC_x86 Microsoft_VC90_ATL_x86 Microsoft_VC90_CRT_x86 Microsoft_VC90_MFC_x86 Mozilla Firefox 7.0.1 (x86 de) MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) NBA 2K10 Norton Internet Security Norton Online Backup PDF Settings CS5 PokerStars PokerStars.net Power2Go PowerDirector QuickTime Realtek Ethernet Controller Driver For Windows 7 Realtek High Definition Audio Driver Recovery Manager Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Extended (KB2416472) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition Security Update for Microsoft SharePoint Workspace 2010 (KB2566445) Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition Skype™ 4.2 SopCast 3.3.2 Steinberg Cubase LE Synthesia (remove only) TinyCAD 2.60.01 Tunatic Turnabout IE Plugin Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553092) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition Update for Microsoft Outlook Social Connector (KB2583935) Veetle TV 0.9.18 Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU Windows Live Communications Platform Windows Live Essentials Windows Live Fotogalerie Windows Live Installer Windows Live Mail Windows Live Messenger Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live Sync Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Windows Media Player Firefox Plugin XnView 1.97.8 Xvid Video Codec YouTube Downloader 3.3 . ==== End Of File =========================== Könnt ihr mir weiterhelfen, wie ich vorgehen soll ? Ich habe keine Ahnung. Danke. |
01.04.2012, 20:40 | #2 |
/// Malware-holic | TR/Spy.Banker.Gen2 und TR/Offend.kdv.580984.1 und weitere Viren. Was tun ? wieso eröffnest du mehrere themen.
__________________
__________________ |
01.04.2012, 21:07 | #3 |
| TR/Spy.Banker.Gen2 und TR/Offend.kdv.580984.1 und weitere Viren. Was tun ? Sorry, zuerst habe ich ein Thema bei der Logfile-Analyse erstellt. Da gehört das ja aber nicht hin. Dann hab ich es bei Virenbekämpfung reingstellt und wollte das andere löschen. Hab aber nicht herausgefunden wie das geht.
__________________Und dann ist mir aufgefallen, dass ich gar nicht das HijackThis logfile posten soll, deswegen hab ich nochmal eines erstellt. Also die anderen 2 können gelöscht werden. Wäre trotzdem nett, wenn du mir helfen könntest |
Themen zu TR/Spy.Banker.Gen2 und TR/Offend.kdv.580984.1 und weitere Viren. Was tun ? |
acrobat update, acroiehelpe, antivir guard, antivirus, antivirus se, avast deaktiviert, avira, banker, converter, cubase, desktop, device driver, document, downloader, error, firefox, flash player, home, logfile, mozilla, outlook 2010, plug-in, realtek, security, server, software, svchost.exe, symantec, system, tower, tr/offend.kdv.580984.1, tr/spy.banker.gen2, trojaner, updates, usb 2.0, viren, virus, vista, visual studio, windows, windows 7 home, windows 7 home premium, ändern |