| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: 1und1 Mail und Backdoor DarkmoonWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
11.01.2007, 20:38
| #1 |
| |  1und1 Mail und Backdoor Darkmoon Hallo, bin ich auch auf die 1 und 1 Mail reingefallen, zwar blöd aber eben passiert. Hab mit Antivir durchsucht und nichts gefunden. Spyware Doctor Report meldet über 121 Infizierungen, meist niedrig eingestuft. Aber eine als hoch eingestuft: Backdoor.Darkmoon. Hab hier mal den hijackthis.log, vielleicht kann mir jemand sagen ob da was gefährliches zu sehen ist. Danke im voraus! leider ist der Logfile zu lang, selbst ohne meinen eigenen Beschreibungstext. muss ich jetzt leider aufteilen und zweimal posten, sorry Logfile of HijackThis v1.99.1 Scan saved at 20:20:32, on 11.01.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Ahead\InCD\InCDsrv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\SCardSvr.exe C:\Programme\AntiVir PersonalEdition Classic\sched.exe C:\Programme\AntiVir PersonalEdition Classic\avguard.exe C:\xammp\xampp\apache\bin\Apache.exe C:\Programme\FRITZ!DSL\IGDCTRL.EXE C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Programme\Logitech\Easy Synchronization\servicestub.exe C:\Programme\Logitech\Easy Synchronization\LogitechEasySync.exe C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe C:\Programme\Spyware Doctor\sdhelp.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\svchost.exe C:\xammp\xampp\apache\bin\Apache.exe C:\WINDOWS\System32\alg.exe C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\system32\RunDll32.exe C:\WINDOWS\Dit.exe C:\WINDOWS\CNYHKey.exe C:\WINDOWS\system32\Prismsta.exe C:\Programme\Logitech\MediaLife\MediaLifeService.exe C:\Programme\eBay\eBay Toolbar2\eBayTBDaemon.exe C:\Programme\Ahead\InCD\InCD.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\Programme\Logitech\Easy Synchronization\LogitechEasySync.exe C:\Programme\Logitech\Easy Messaging\MobilePhoneSuite.exe C:\Programme\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\Programme\Scansoft\PaperPort\pptd40nt.exe C:\Programme\SlySoft\CloneCD\CloneCDTray.exe C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe C:\Programme\SlySoft\AnyDVD\AnyDVD.exe C:\Programme\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe C:\Programme\Gemeinsame Dateien\ACD Systems\DE\DevDetect.exe C:\Programme\Cherry\KeyMan\KeyMan.exe C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Tools&More\GhostWriter\GhostWriter.exe C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE C:\Programme\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe C:\Programme\Spyware Doctor\swdoctor.exe C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe C:\Programme\FRITZ!DSL\StCenter.exe C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\Programme\Cherry\CDI\cdi.exe C:\Programme\Logitech\SetPoint\SetPoint.exe C:\Programme\Hewlett-Packard\Digital Imaging\bin\hposol08.exe C:\Programme\Gemeinsame Dateien\Logitech\KHAL\KHALMNPR.EXE C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\WINDOWS\system32\HPZipm12.exe C:\Programme\Scansoft\PaperPort\SmartUI\SmartUI.exe C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\Programme\Internet Explorer\iexplore.exe C:\PROGRA~1\MICROS~4\Office10\OUTLOOK.EXE C:\Programme\Internet Explorer\iexplore.exe C:\DOKUME~1\Standard\LOKALE~1\Temp\Temporäres Verzeichnis 4 für hijackthis_199[1].zip\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.compuserve.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Programme\eBay\eBay Toolbar2\eBayTB.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Programme\eBay\eBay Toolbar2\eBayTB.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [Dit] Dit.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [CHotkey] mHotkey.exe O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe O4 - HKLM\..\Run: [Prism_Utility] Prismsta.exe O4 - HKLM\..\Run: [PCMService] "C:\Programme\Logitech\MediaLife\MediaLifeService.exe" O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [eBayToolbar] C:\Programme\eBay\eBay Toolbar2\eBayTBDaemon.exe O4 - HKLM\..\Run: [InCD] C:\Programme\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [Easy Synchronization] C:\Programme\Logitech\Easy Synchronization\LogitechEasySync.exe O4 - HKLM\..\Run: [Easy Messaging] C:\Programme\Logitech\Easy Messaging\MobilePhoneSuite.exe --nogui O4 - HKLM\..\Run: [MMTray] "C:\Programme\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [PaperPort PTD] C:\Programme\Scansoft\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [IndexSearch] C:\Programme\Scansoft\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [CloneCDTray] "C:\Programme\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [zinit32] C:\WINDOWS\ZInit32.exe O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [ElbyCheckAnyDVD] "C:\Programme\SlySoft\AnyDVD\ElbyCheck.exe" /L AnyDVD O4 - HKLM\..\Run: [AnyDVD] C:\Programme\SlySoft\AnyDVD\AnyDVD.exe O4 - HKLM\..\Run: [mmtask] "C:\Programme\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun O4 - HKLM\..\Run: [CherryKeyMan] "C:\Programme\Cherry\KeyMan\KeyMan.exe" O4 - HKLM\..\RunOnce: [Easy Synchronization] C:\Programme\Logitech\Easy Synchronization\LogitechEasySync.exe --ports O4 - HKCU\..\Run: [AOLMIcon] C:\WINDOWS\AOLMIcon.exe O4 - HKCU\..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [GhostWriter] C:\Programme\Tools&More\GhostWriter\GhostWriter.exe /AUTOSTART O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Spyware Doctor] "C:\Programme\Spyware Doctor\swdoctor.exe" /Q O4 - Global Startup: Adobe Gamma Loader.lnk = ? O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: FRITZ!DSL Startcenter.lnk = C:\Programme\FRITZ!DSL\StCenter.exe O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: officejet 6100.lnk = ? O4 - Global Startup: SmartUI.lnk = ? O8 - Extra context menu item: &eBay Search - res://C:\Programme\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html O8 - Extra context menu item: Senden an &Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll O9 - Extra button: eBay Startseite - {8B69DB2E-015D-4c4f-B97E-95EF5326BDA8} - http://adfarm.mediaplex.com/ad/ck/707-1170-5704-22?mpre=http://www.ebay.de (file missing) O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra button: MedionShop - {07E3F115-C445-480D-94CB-ECA914A353CE} - http://www.medionshop.de/ (file missing) (HKCU) O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/DE/install.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/04a30f04300bfbf27206/netzip/RdxIE601_de.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1124203843046 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1139587577015 O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab O18 - Protocol: bw+0 - {184986F6-4793-4F4C-B6DC-11C34AA18025} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {184986F6-4793-4F4C-B6DC-11C34AA18025} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {184986F6-4793-4F4C-B6DC-11C34AA18025} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {184986F6-4793-4F4C-B6DC-11C34AA18025} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {184986F6-4793-4F4C-B6DC-11C34AA18025} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {184986F6-4793-4F4C-B6DC-11C34AA18025} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {184986F6-4793-4F4C-B6DC-11C34AA18025} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {184986F6-4793-4F4C-B6DC-11C34AA18025} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {184986F6-4793-4F4C-B6DC-11C34AA18025} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {184986F6-4793-4F4C-B6DC-11C34AA18025} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {184986F6-4793-4F4C-B6DC-11C34AA18025} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {184986F6-4793-4F4C-B6DC-11C34AA18025} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {184986F6-4793-4F4C-B6DC-11C34AA18025} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {184986F6-4793-4F4C-B6DC-11C34AA18025} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {184986F6-4793-4F4C-B6DC-11C34AA18025} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {184986F6-4793-4F4C-B6DC-11C34AA18025} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {184986F6-4793-4F4C-B6DC-11C34AA18025} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {184986F6-4793-4F4C-B6DC-11C34AA18025} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {184986F6-4793-4F4C-B6DC-11C34AA18025} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {184986F6-4793-4F4C-B6DC-11C34AA18025} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {184986F6-4793-4F4C-B6DC-11C34AA18025} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {184986F6-4793-4F4C-B6DC-11C34AA18025} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {184986F6-4793-4F4C-B6DC-11C34AA18025} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {184986F6-4793-4F4C-B6DC-11C34AA18025} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {184986F6-4793-4F4C-B6DC-11C34AA18025} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {184986F6-4793-4F4C-B6DC-11C34AA18025} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {184986F6-4793-4F4C-B6DC-11C34AA18025} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {184986F6-4793-4F4C-B6DC-11C34AA18025} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {184986F6-4793-4F4C-B6DC-11C34AA18025} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {184986F6-4793-4F4C-B6DC-11C34AA18025} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {184986F6-4793-4F4C-B6DC-11C34AA18025} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {184986F6-4793-4F4C-B6DC-11C34AA18025} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {184986F6-4793-4F4C-B6DC-11C34AA18025} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {184986F6-4793-4F4C-B6DC-11C34AA18025} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {184986F6-4793-4F4C-B6DC-11C34AA18025} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {184986F6-4793-4F4C-B6DC-11C34AA18025} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {184986F6-4793-4F4C-B6DC-11C34AA18025} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {184986F6-4793-4F4C-B6DC-11C34AA18025} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {184986F6-4793-4F4C-B6DC-11C34AA18025} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {184986F6-4793-4F4C-B6DC-11C34AA18025} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {184986F6-4793-4F4C-B6DC-11C34AA18025} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {184986F6-4793-4F4C-B6DC-11C34AA18025} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {184986F6-4793-4F4C-B6DC-11C34AA18025} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {184986F6-4793-4F4C-B6DC-11C34AA18025} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {184986F6-4793-4F4C-B6DC-11C34AA18025} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {184986F6-4793-4F4C-B6DC-11C34AA18025} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {184986F6-4793-4F4C-B6DC-11C34AA18025} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {184986F6-4793-4F4C-B6DC-11C34AA18025} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {184986F6-4793-4F4C-B6DC-11C34AA18025} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {184986F6-4793-4F4C-B6DC-11C34AA18025} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {184986F6-4793-4F4C-B6DC-11C34AA18025} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {184986F6-4793-4F4C-B6DC-11C34AA18025} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {184986F6-4793-4F4C-B6DC-11C34AA18025} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {184986F6-4793-4F4C-B6DC-11C34AA18025} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {184986F6-4793-4F4C-B6DC-11C34AA18025} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {184986F6-4793-4F4C-B6DC-11C34AA18025} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {184986F6-4793-4F4C-B6DC-11C34AA18025} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {184986F6-4793-4F4C-B6DC-11C34AA18025} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {184986F6-4793-4F4C-B6DC-11C34AA18025} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {184986F6-4793-4F4C-B6DC-11C34AA18025} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {184986F6-4793-4F4C-B6DC-11C34AA18025} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {184986F6-4793-4F4C-B6DC-11C34AA18025} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {184986F6-4793-4F4C-B6DC-11C34AA18025} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {184986F6-4793-4F4C-B6DC-11C34AA18025} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {184986F6-4793-4F4C-B6DC-11C34AA18025} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {184986F6-4793-4F4C-B6DC-11C34AA18025} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {184986F6-4793-4F4C-B6DC-11C34AA18025} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {184986F6-4793-4F4C-B6DC-11C34AA18025} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {184986F6-4793-4F4C-B6DC-11C34AA18025} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {184986F6-4793-4F4C-B6DC-11C34AA18025} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {184986F6-4793-4F4C-B6DC-11C34AA18025} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {184986F6-4793-4F4C-B6DC-11C34AA18025} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {184986F6-4793-4F4C-B6DC-11C34AA18025} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {184986F6-4793-4F4C-B6DC-11C34AA18025} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {184986F6-4793-4F4C-B6DC-11C34AA18025} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {184986F6-4793-4F4C-B6DC-11C34AA18025} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: haufereader - {39198710-62F7-42CD-9458-069843FA5D32} - C:\Programme\Haufe\HaufeReader\HRInstmon.dll O18 - Protocol: offline-8876480 - {184986F6-4793-4F4C-B6DC-11C34AA18025} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll O20 - Winlogon Notify: LBTServ - C:\Programme\Gemeinsame Dateien\Logitech\Bluetooth\lbtserv.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll |
|
11.01.2007, 20:40
| #2 |
| | 1und1 Mail und Backdoor Darkmoon hier der zweite Teil:
__________________O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apache2 - Unknown owner - C:\xammp\xampp\apache\bin\Apache.exe" -k runservice (file missing) O23 - Service: AVM IGD CTRL Service - AVM Berlin - C:\Programme\FRITZ!DSL\IGDCTRL.EXE O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing) O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: CA-Lizenz-Client (CA_LIC_CLNT) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe O23 - Service: CA-Lizenzserver (CA_LIC_SRVR) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe O23 - Service: Cherry Device Interface - Cherry, Auerbach Germany, www.cherry.de - C:\Programme\Cherry\CDI\cdi.exe O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - C:\Programme\xampp\filezillaftp\filezillaserver.exe (file missing) O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Programme\Ahead\InCD\InCDsrv.exe O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Unknown owner - C:\Programme\CA\eTrust Antivirus\InoRpc.exe (file missing) O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Unknown owner - C:\Programme\CA\eTrust Antivirus\InoRT.exe (file missing) O23 - Service: eTrust Antivirus Job Server (InoTask) - Unknown owner - C:\Programme\CA\eTrust Antivirus\InoTask.exe (file missing) O23 - Service: Logitech Easy Synchronization - Unknown owner - C:\Programme\Logitech\Easy Synchronization\servicestub.exe O23 - Service: Ereignisprotokoll-Überwachung (LogWatch) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Programme\Spyware Doctor\sdhelp.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe |
|
11.01.2007, 22:35
| #3 |
| /// Helfer-Team    | 1und1 Mail und Backdoor Darkmoon Lasse online prüfen:
__________________C:\WINDOWS\ZInit32.exe Nutze die Hinweise in meiner Signatur.
__________________ |
|
12.01.2007, 09:07
| #4 |
| | 1und1 Mail und Backdoor Darkmoon Hallo felix1, hab die Datei mit virustotal und jotti überprüfen lassen, zeigen beide keine Funde bzw. o.K. Ist das System dann clean? |
|
12.01.2007, 22:19
| #5 |
| /// Helfer-Team | 1und1 Mail und Backdoor Darkmoon Das heisst es nicht. Das war nur der erste Ansatz. Auch sonst sehe ich erst mal nichts. Prüfe das System mit F-Secure Blacklight und poste das Logfile. Prüfe Dein System mit Ewido ewido - anti-spyware and anti-malware solutions Lasse alles löschen, was vorgeschlagen wird. Poste das Ergebnis, aber bitte lösche vorher aus dem Log alles was mit Cookies zu tun hat
__________________ LG Der Felix Keine Hilfe per PN und E-Mail |
|
13.01.2007, 01:46
| #6 |
| | 1und1 Mail und Backdoor Darkmoon Dies ist der Report von F-secure Scanning Report Friday, January 12, 2007 23:05:47 - 01:37:28 Computer name: ...... Scanning type: Scan system for viruses, rootkits, spyware Target: C:\ D:\ E:\ -------------------------------------------------------------------------------- Result: 6 malware found Tracking Cookie (spyware) System (Disinfected) System (Submitted) System System System System -------------------------------------------------------------------------------- Statistics Scanned: Files: 62941 System: 6496 Not scanned: 4 Actions: Disinfected: 1 Renamed: 0 Deleted: 0 None: 5 Submitted: 1 Files not scanned: C:\HIBERFIL.SYS C:\PAGEFILE.SYS C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT C:\DOKUMENTE UND EINSTELLUNGEN\ALL USERS\ANWENDUNGSDATEN\MUVEE TECHNOLOGIES\030625\0203\0200\VALUES -------------------------------------------------------------------------------- Options Scanning engines: F-Secure Libra: 2.4.2, 2007-01-12 F-Secure AVP: 7.0.171, 2007-01-12 F-Secure Orion: 1.2.37, 2007-01-11 F-Secure Blacklight: 1.0.53, 0000-00-00 F-Secure Draco: 1.0.35, 2007-01-08 F-Secure Pegasus: 1.19.0, 2006-11-19 Scanning options: Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX Use Advanced heuristics Ewido lasse ich noch laufen... |
|
13.01.2007, 11:50
| #7 |
| | 1und1 Mail und Backdoor Darkmoon hallo felix1 der Prüflauf mit ewido ergab 4 Einträge konnte die se allerdingsnicht mit ewido löschen lassen, Funktion wurde nicht ausgeführt. wenn ich das Ergebnis hier posten soll ohne alles was mit Cookies zu hat, bleibt nichts mehr übrig. Es wurden nur 4 Einträge mit Beginn: "Trackingcookie" gefunden. Was nun? |
|
13.01.2007, 19:59
| #8 |
| /// Helfer-Team | 1und1 Mail und Backdoor Darkmoon Dann gehe ich davon aus, dass das mit dem 1&1 ein Fehlalarm Deinerseits war. Da gebe ich Dir mal Entwarnung.
__________________ LG Der Felix Keine Hilfe per PN und E-Mail |
|
14.01.2007, 14:53
| #9 |
| | 1und1 Mail und Backdoor Darkmoon Danke für die Hilfe! beruhigt mich etwas, aber eben nicht so ganz. was ist denn backdoor.darkmoon? Ist das nicht ein Trojaner? |
|
14.01.2007, 15:57
| #10 |
 | 1und1 Mail und Backdoor Darkmoon Ich hab mal einfach in Google nach Backdoor.Darkmoon gesucht, und das gefunden: Symantec Security Response - Backdoor.Darkmoon] Ist also wohl ein Trojaner. Ob und inwiefern der auf deinem System zugange ist, wie man den Entfernt, ob System neu aufgesetzt werden muss, etc. müssen andere dir sagen, da hab ich nicht das nötige Wissen zu. LG Taranis |
|
| Themen zu 1und1 Mail und Backdoor Darkmoon |
| adobe, antivir, backdoor, bho, browser, desktop, dll, dsl, ebay, explorer, f-secure, google, hijack, internet, internet explorer, logfile, monitor, officejet, rundll, senden, software, spyware, system, temp, windows, windows xp, zu lang |
Linear-Darstellung
