Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Trojaner legt mein Internet lahm

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 07.10.2012, 01:19   #1
Fobba
 
Trojaner legt mein Internet lahm - Standard

Trojaner legt mein Internet lahm



Hallo Forum,


habe mir glaub ich einen doofen Trojaner eingefangen. Seit kurzem ist nämlich mein Internet sehr langsam. Daraufhin habe ich einen Malewarebytes schnell Scan durchgeführt und 2 Trojaner gefunden (habe sie leider zu löschen versucht, bin erst nachhher auf Eurer Forum gestoßen.) Die beiden angeblichen Trojaner Dateien wurden mír irgentwo im Steam Ordner angezeigt. Nachdem löschen hat sich natürlich nix verändert, außer das Malewarebytes jetzt nichts mehr findet.

Mfg Fobba

OTL Logfile:

OTL logfile created on: 07.10.2012 01:54:22 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Sebi\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 2,77 Gb Available Physical Memory | 69,23% Memory free
8,00 Gb Paging File | 6,39 Gb Available in Paging File | 79,94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 206,19 Gb Free Space | 44,28% Space Free | Partition Type: NTFS

Computer Name: SEBI-PC | User Name: Sebi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.10.07 01:50:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sebi\Desktop\OTL.exe
PRC - [2012.08.18 13:21:54 | 001,193,176 | ---- | M] () -- C:\Users\Sebi\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2012.08.13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012.08.08 21:21:47 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.05.08 19:02:31 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.08 19:02:31 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2009.08.24 15:38:06 | 000,068,136 | ---- | M] () -- C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE
PRC - [2009.05.15 23:01:38 | 000,380,928 | ---- | M] (AMD) -- C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe


========== Modules (No Company Name) ==========

MOD - [2012.08.18 13:21:54 | 001,193,176 | ---- | M] () -- C:\Users\Sebi\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe


========== Services (SafeList) ==========

SRV:64bit: - [2012.08.06 12:24:22 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2012.04.06 04:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012.10.07 01:05:27 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.09.21 17:35:03 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.09.07 21:57:59 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.08.13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.08 19:02:31 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.08 19:02:31 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.10.22 14:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.08.24 15:38:06 | 000,068,136 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE -- (ES lite Service)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012.05.08 19:02:31 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.08 19:02:31 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.04.06 07:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2012.04.06 07:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.04.06 03:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.12.15 16:00:00 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.07.15 04:15:02 | 000,023,552 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UHSfiltv.sys -- (UHSfiltv)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.02.18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009.08.13 23:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009.07.30 13:58:42 | 000,236,544 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.07.17 20:52:00 | 000,201,472 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2012.10.07 01:15:42 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2012.03.05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E5 2B D3 09 59 C3 CC 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&AF=109505&babsrc=SP_ss&mntrId=f21806a10000000000006cf04900f7e2
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de"
FF - prefs.js..extensions.enabledAddons: {4BBDD651-70CF-4821-84F8-2B918CF89CA3}:7.0.3.5
FF - prefs.js..extensions.enabledAddons: ich@maltegoetz.de:1.4.3
FF - prefs.js..extensions.enabledAddons: artur.dubovoy@gmail.com:3.7.1


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.01.30 18:07:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.07 21:57:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.01.30 18:07:28 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.07 21:57:59 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011.12.26 01:03:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sebi\AppData\Roaming\mozilla\Extensions
[2012.10.05 19:38:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sebi\AppData\Roaming\mozilla\Firefox\Profiles\6332e5yz.default\extensions
[2012.06.28 14:20:23 | 000,000,000 | ---D | M] (FEBE) -- C:\Users\Sebi\AppData\Roaming\mozilla\Firefox\Profiles\6332e5yz.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2012.09.15 11:42:25 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Sebi\AppData\Roaming\mozilla\Firefox\Profiles\6332e5yz.default\extensions\ich@maltegoetz.de
[2012.10.05 19:38:12 | 000,221,242 | ---- | M] () (No name found) -- C:\Users\Sebi\AppData\Roaming\mozilla\firefox\profiles\6332e5yz.default\extensions\artur.dubovoy@gmail.com.xpi
[2012.07.25 14:14:37 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Sebi\AppData\Roaming\mozilla\firefox\profiles\6332e5yz.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.09.07 21:57:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.09.07 21:57:56 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.09.07 21:57:55 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Program Files (x86)\mozilla firefox\extensions\quickstores@quickstores.de
[2012.09.07 21:57:59 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.29 23:40:44 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.24 17:30:09 | 000,002,310 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012.08.30 18:58:23 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.29 23:40:44 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.29 23:40:44 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.29 23:40:44 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.29 23:40:44 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe (Simply Super Software)
O4 - HKCU..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Sebi\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Client auf Monitor & öffnen1 - C:\Windows\web\AOpenClient.htm File not found
O8:64bit: - Extra context menu item: Client auf Monitor & öffnen2 - C:\Windows\web\AOpenClient.htm File not found
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Sebi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm File not found
O8 - Extra context menu item: Client auf Monitor & öffnen1 - C:\Windows\web\AOpenClient.htm File not found
O8 - Extra context menu item: Client auf Monitor & öffnen2 - C:\Windows\web\AOpenClient.htm File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\Sebi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm File not found
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4BD5CDC6-EF98-4625-A160-3162F6594CA5}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012.10.07 01:50:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Sebi\Desktop\OTL.exe
[2012.10.07 01:00:53 | 000,000,000 | ---D | C] -- C:\Users\Sebi\Documents\Simply Super Software
[2012.10.07 01:00:53 | 000,000,000 | ---D | C] -- C:\Users\Sebi\AppData\Roaming\Simply Super Software
[2012.10.07 01:00:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
[2012.10.07 01:00:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trojan Remover
[2012.10.07 01:00:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2012.09.07 21:57:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.10.07 01:53:10 | 000,000,000 | ---- | M] () -- C:\Users\Sebi\defogger_reenable
[2012.10.07 01:50:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sebi\Desktop\OTL.exe
[2012.10.07 01:49:46 | 000,050,477 | ---- | M] () -- C:\Users\Sebi\Desktop\Defogger.exe
[2012.10.07 01:47:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.07 01:22:57 | 000,022,368 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.07 01:22:57 | 000,022,368 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.07 01:21:27 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.10.07 01:21:27 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.10.07 01:21:27 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.10.07 01:21:27 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.10.07 01:21:27 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.10.07 01:15:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.07 01:15:34 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.22 21:38:17 | 000,000,936 | ---- | M] () -- C:\Users\Sebi\Desktop\BlueScreenView.cfg
[2012.09.12 16:23:42 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.10.07 01:53:10 | 000,000,000 | ---- | C] () -- C:\Users\Sebi\defogger_reenable
[2012.10.07 01:49:45 | 000,050,477 | ---- | C] () -- C:\Users\Sebi\Desktop\Defogger.exe
[2012.05.12 02:29:51 | 000,000,017 | ---- | C] () -- C:\Users\Sebi\AppData\Local\resmon.resmoncfg
[2012.04.06 03:29:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.04.06 03:29:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.03.09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012.02.24 20:55:33 | 000,000,127 | ---- | C] () -- C:\Users\Sebi\wxDownloadFast.ini
[2012.01.30 18:04:01 | 000,226,547 | ---- | C] () -- C:\Windows\hpoins18.dat
[2012.01.30 18:04:01 | 000,005,355 | ---- | C] () -- C:\Windows\hpomdl18.dat
[2011.12.26 02:13:37 | 000,088,875 | ---- | C] () -- C:\Windows\War3Unin.dat
[2011.12.26 00:38:07 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.12.26 00:34:06 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.07.20 12:11:54 | 000,000,200 | ---- | C] () -- C:\Windows\UHSConfig.ini
[2011.07.04 07:36:38 | 000,002,169 | ---- | C] () -- C:\Windows\FatWcfg.ini
[2011.07.04 07:36:38 | 000,000,388 | ---- | C] () -- C:\Windows\FatWMCcfg.ini

========== ZeroAccess Check ==========

[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012.08.17 20:27:51 | 000,000,000 | ---D | M] -- C:\Users\Sebi\AppData\Roaming\.minecraft
[2012.05.24 15:27:12 | 000,000,000 | ---D | M] -- C:\Users\Sebi\AppData\Roaming\10 Finger Test
[2012.02.24 17:30:06 | 000,000,000 | ---D | M] -- C:\Users\Sebi\AppData\Roaming\Babylon
[2012.04.09 22:28:35 | 000,000,000 | ---D | M] -- C:\Users\Sebi\AppData\Roaming\Dropbox
[2012.09.22 21:41:23 | 000,000,000 | ---D | M] -- C:\Users\Sebi\AppData\Roaming\DVDVideoSoft
[2012.08.12 22:34:13 | 000,000,000 | ---D | M] -- C:\Users\Sebi\AppData\Roaming\FileZilla
[2012.03.08 00:44:52 | 000,000,000 | ---D | M] -- C:\Users\Sebi\AppData\Roaming\Mumble
[2012.04.14 18:00:00 | 000,000,000 | ---D | M] -- C:\Users\Sebi\AppData\Roaming\OpenOffice.org
[2012.09.05 14:50:31 | 000,000,000 | ---D | M] -- C:\Users\Sebi\AppData\Roaming\Origin
[2012.02.28 21:10:45 | 000,000,000 | ---D | M] -- C:\Users\Sebi\AppData\Roaming\QuickStoresToolbar
[2012.10.07 01:00:53 | 000,000,000 | ---D | M] -- C:\Users\Sebi\AppData\Roaming\Simply Super Software
[2012.10.06 22:33:57 | 000,000,000 | ---D | M] -- C:\Users\Sebi\AppData\Roaming\Spotify
[2012.09.17 17:32:15 | 000,000,000 | ---D | M] -- C:\Users\Sebi\AppData\Roaming\TS3Client

========== Purity Check ==========



< End of report >

Alt 07.10.2012, 09:12   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner legt mein Internet lahm - Standard

Trojaner legt mein Internet lahm



Ohne die Logs von Malwarebytes und Co wird das hier nichts.
Alles von Malwarebytes (und evtl. anderen Scannern) muss hier gepostet werden.

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________

__________________

Alt 07.10.2012, 09:20   #3
Fobba
 
Trojaner legt mein Internet lahm - Standard

Trojaner legt mein Internet lahm



Ok, anbei sende ich dann noch meinen Malewarebytes Log.
Die anderen Logs die ich noch habe, habe ich oben als RAR- Dateianhang gesendet, hast du diese übersehen?

MfG


Code:
ATTFilter
 Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.10.06.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Sebi :: SEBI-PC [Administrator]

07.10.2012 10:15:47
mbam-log-2012-10-07 (10-15-47).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 199805
Laufzeit: 3 Minute(n), 45 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
__________________

Alt 07.10.2012, 09:24   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner legt mein Internet lahm - Standard

Trojaner legt mein Internet lahm



Zitat:
habe ich oben als RAR- Dateianhang gesendet, hast du diese übersehen?
Nein ich will die Logs aber hier wenns geht direkt gepostet sehen!

Ist das alles an Logs von Malwarebytes? Warum präsentierst du mir ein Log ohne Funde?
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu Trojaner legt mein Internet lahm
.dll, adobe, antivir, autorun, avg, avira, bho, explorer, firefox, flash player, format, google, home, internet, internet langsam, logfile, monitor, mozilla, opera, plug-in, realtek, registry, rojaner gefunden, scan, search the web, server, software, spotify web helper, super, trojaner, windows




Ähnliche Themen: Trojaner legt mein Internet lahm


  1. irgendwas legt mein antivierensystem lahm
    Plagegeister aller Art und deren Bekämpfung - 22.07.2014 (3)
  2. Awesomehp.com Virus legt Internet lahm
    Plagegeister aller Art und deren Bekämpfung - 27.01.2014 (6)
  3. abuse@t-online legt mein outlock lahm
    Log-Analyse und Auswertung - 17.11.2013 (6)
  4. Mein Avastvirenscan legt nach ca 30 Minuten Rechner immer wieder lahm
    Plagegeister aller Art und deren Bekämpfung - 12.05.2013 (5)
  5. Was legt meinen PC und das Internet so lahm?
    Log-Analyse und Auswertung - 07.05.2012 (13)
  6. UKash legt mein Netbook lahm, ich weiß nicht weiter!
    Plagegeister aller Art und deren Bekämpfung - 09.03.2012 (9)
  7. Internet Security Scan legt Rechner lahm
    Plagegeister aller Art und deren Bekämpfung - 23.02.2012 (14)
  8. TR/ArchSMS.pxmkm legt Internet lahm
    Log-Analyse und Auswertung - 22.12.2011 (28)
  9. Gozi legt mein Onlinebanking lahm!
    Plagegeister aller Art und deren Bekämpfung - 06.11.2010 (19)
  10. Virus legt Antivir-Programme und Internet lahm
    Plagegeister aller Art und deren Bekämpfung - 15.07.2010 (1)
  11. Legt Firefox mein System lahm?
    Log-Analyse und Auswertung - 18.05.2009 (0)
  12. Trojaner legen mein Internet fast lahm
    Log-Analyse und Auswertung - 25.01.2009 (0)
  13. wmiprvse.exe legt Internet lahm!! Virus?
    Plagegeister aller Art und deren Bekämpfung - 10.08.2008 (6)
  14. mljgd.exe/Trojan.Virtumonde legt mein System lahm...
    Log-Analyse und Auswertung - 25.12.2007 (1)
  15. virus legt internet lahm
    Log-Analyse und Auswertung - 18.08.2007 (7)
  16. Trojan.Mespam legt internet lahm
    Plagegeister aller Art und deren Bekämpfung - 26.04.2007 (13)
  17. Virus legt mein System lahm
    Plagegeister aller Art und deren Bekämpfung - 29.08.2006 (5)

Zum Thema Trojaner legt mein Internet lahm - Hallo Forum, habe mir glaub ich einen doofen Trojaner eingefangen. Seit kurzem ist nämlich mein Internet sehr langsam. Daraufhin habe ich einen Malewarebytes schnell Scan durchgeführt und 2 Trojaner gefunden - Trojaner legt mein Internet lahm...
Archiv
Du betrachtest: Trojaner legt mein Internet lahm auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.