Zurück   Trojaner-Board > Malware entfernen > Antiviren-, Firewall- und andere Schutzprogramme

Antiviren-, Firewall- und andere Schutzprogramme: Trojaner eingetroffen..

Windows 7 Sämtliche Fragen zur Bedienung von Firewalls, Anti-Viren Programmen, Anti Malware und Anti Trojaner Software sind hier richtig. Dies ist ein Diskussionsforum für Sicherheitslösungen für Windows Rechner. Benötigst du Hilfe beim Trojaner entfernen oder weil du dir einen Virus eingefangen hast, erstelle ein Thema in den oberen Bereinigungsforen.

Antwort
Alt 09.02.2008, 11:53   #1
zambaku
 
Trojaner eingetroffen.. - Standard

Trojaner eingetroffen..



Hallo,
vor ca. 5 Tagen habe ich meinen PC durchgecheckt und mein Antivirusprogramm hatte rund 8 Trojaner und 1 Virus entdeckt, die alle als "deleted" erschienen, und ich konnte sie nur verschieben oder die Meldung löschen. Ich habe dann anschliessend meinen PC mit Ad-Aware 2007 (free) nochmals scanen lassen und hier wurden insgesamt 158 "privacy objects" (tracking cookies und MRU objects) und 9 kritische Objekten erkannt, die ich alle in die Quarantine & Ignore verschoben habe und sie von dort gelöscht.

Als ich wieder von diesem Programm meinen PC scante, erschienen mir die kritischen Objekten nicht mehr, wohl aber die 158 "privacy objects", die ich umsonst lösche, weil die bei jedem scannen wieder erscheinen.

Mein Antivirusprogramm erkennt hingegen die 8 Trojaner und 1 Virus nicht mehr, und gibt mir keine Meldung mehr auf vorhandene Viren.

Mein PC arbeitet aber weiterhin sehr langsam und ich bin mir nicht sicher, ob ich die reichlichen Viren tatsächlich aus meinem PC gelöscht habe. Mir wurde beraten, ein dss Logfile herzustellen, über das Tool: h**p://www.techsupportforum.com/sectools/Deckard/dss.exe

Daraus entstanden 2 Logfiles. Beiliegend ist das erste File - das zweite kopiere ich mit der nächsten Meldung.

Könnt ihr mir aus diesen Daten sagen, ob die Viren noch in meinem PC irgendwo stecken und falls ja, wie ich denen loswerden kann ?

Vielen Dank !

Anlage 1: 1. Logfile:

(1) [CODE]['/CODE]:
Deckard's System Scanner v20071014.68
Run by CCS on 2008-02-09 10:01:38
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
45: 2008-02-09 09:01:47 UTC - RP135 - Deckard's System Scanner Restore Point
44: 2008-02-08 14:33:56 UTC - RP134 - System Checkpoint
43: 2008-02-07 09:23:45 UTC - RP133 - Ad-Aware Restore Point 2008-02-07 10:23:40
42: 2008-02-07 08:58:59 UTC - RP132 - Installed Ad-Aware 2007
41: 2008-02-07 08:38:12 UTC - RP131 - Installed VersionTracker Pro Windows


-- First Restore Point --
1: 2007-11-05 08:53:51 UTC - RP91 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 77% (more than 75%).
Total Physical Memory: 447 MiB (512 MiB recommended).


-- HijackThis (run as CCS.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:03:54, on 09.02.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Sonic Shared\CineTray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\CCS\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\CCS.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = h**p://meine-seite.de
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://meine-seite.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://meine-seite.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://meine-seite.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://meine-seite.de
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://meine-seite.de
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = h**p://meine-seite.de
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: VersionTrackerPro.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Sonic CinePlayer Quick Launch.lnk = C:\Program Files\Common Files\Sonic Shared\CineTray.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: In neuer Registerkarte im Hintergrund öffnen - res://C:\Program Files\Windows Live Toolbar\Components\de-at\msntabres.dll.mui/229?13b27c8cfc784d75b9c82fe4f5107fed
O8 - Extra context menu item: In neuer Registerkarte im Vordergrund öffnen - res://C:\Program Files\Windows Live Toolbar\Components\de-at\msntabres.dll.mui/230?13b27c8cfc784d75b9c82fe4f5107fed
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - h**p://meine-seite.de
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - h**p://meine-seite.de
O17 - HKLM\System\CCS\Services\Tcpip\..\{04E3078B-C081-46AB-B598-CB6D536478B7}: NameServer = 217.24.242.2,217.24.240.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{04E3078B-C081-46AB-B598-CB6D536478B7}: NameServer = 217.24.242.2,217.24.240.4
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe

--
End of file - 8113 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 RecAgent - c:\windows\system32\drivers\recagent.sys <Not Verified; Smart Link; Soft Modem>
R1 NaiAvTdi1 - c:\windows\system32\drivers\mvstdi5x.sys <Not Verified; Network Associates, Inc.; VirusScan (Enterprise, ASaP & Retail.)>
R3 EntDrv51 - c:\windows\system32\drivers\entdrv51.sys <Not Verified; Network Associates, Inc; Virus Scan Enterprise, Entercept>
R3 MODEMCSA (Unimodem Streaming Filter Device) - c:\windows\system32\drivers\modemcsa.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R3 Mtlmnt5 - c:\windows\system32\drivers\mtlmnt5.sys <Not Verified; Smart Link; Soft Modem>
R3 NaiAvFilter1 - c:\windows\system32\drivers\naiavf5x.sys <Not Verified; Network Associates, Inc.; VirusScan (Enterprise, ASaP & Retail.)>
R3 Slntamr (Smart Link 56K Modem Driver) - c:\windows\system32\drivers\slntamr.sys <Not Verified; Smart Link; Soft Modem>
R3 SlWdmSup - c:\windows\system32\drivers\slwdmsup.sys <Not Verified; Smart Link; Soft Modem>
R3 StillCam (Still Serial Digital Camera Driver) - c:\windows\system32\drivers\serscan.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>

S3 ac97intc (Intel(r) 82801 Audio Driver Install Service (WDM)) - c:\windows\system32\drivers\ac97intc.sys <Not Verified; Intel Corporation; Intel(r) Integrated Controller Hub Audio Driver>
S3 i81x - c:\windows\system32\drivers\i81xnt5.sys <Not Verified; Intel(R) Corporation; Intel(R) Graphics Accelerator Drivers for Windows NT(R)>
S3 iAimFP0 - c:\windows\system32\drivers\wadv01nt.sys <Not Verified; Intel(R) Corporation; Intel(R) Graphics Accelerator Drivers for Windows NT(R)>
S3 iAimFP1 - c:\windows\system32\drivers\wadv02nt.sys <Not Verified; Intel(R) Corporation; Intel(R) Graphics Accelerator Drivers for Windows NT(R)>
S3 iAimFP2 - c:\windows\system32\drivers\wadv05nt.sys <Not Verified; Intel(R) Corporation; Intel(R) Graphics Accelerator Drivers for Windows NT(R)>
S3 iAimFP3 - c:\windows\system32\drivers\wsiintxx.sys <Not Verified; Intel(R) Corporation; Intel(R) Graphics Accelerator Drivers for Windows NT(R)>
S3 iAimFP4 - c:\windows\system32\drivers\wvchntxx.sys <Not Verified; Intel(R) Corporation; Intel(R) Graphics Accelerator Drivers for Windows NT(R)>
S3 iAimFP5 - c:\windows\system32\drivers\wadv07nt.sys <Not Verified; Intel(R) Corporation; Intel(R) Graphics Accelerator Drivers for Windows NT(R)>
S3 iAimFP6 - c:\windows\system32\drivers\wadv08nt.sys <Not Verified; Intel(R) Corporation; Intel(R) Graphics Accelerator Drivers for Windows NT(R)>
S3 iAimFP7 - c:\windows\system32\drivers\wadv09nt.sys <Not Verified; Intel(R) Corporation; Intel(R) Graphics Accelerator Drivers for Windows NT(R)>
S3 iAimTV0 - c:\windows\system32\drivers\watv01nt.sys <Not Verified; Intel(R) Corporation; Intel(R) Graphics Accelerator Drivers for Windows NT(R)>
S3 iAimTV1 - c:\windows\system32\drivers\watv02nt.sys <Not Verified; Intel(R) Corporation; Intel(R) Graphics Accelerator Drivers for Windows NT(R)>
S3 iAimTV3 - c:\windows\system32\drivers\watv04nt.sys <Not Verified; Intel(R) Corporation; Intel(R) Graphics Accelerator Drivers for Windows NT(R)>
S3 iAimTV4 - c:\windows\system32\drivers\wch7xxnt.sys <Not Verified; Intel(R) Corporation; Intel(R) Graphics Accelerator Drivers for Windows NT(R)>
S3 iAimTV5 - c:\windows\system32\drivers\watv10nt.sys <Not Verified; Intel(R) Corporation; Intel(R) Graphics Accelerator Drivers for Windows NT(R)>
S3 iAimTV6 - c:\windows\system32\drivers\watv06nt.sys <Not Verified; Intel(R) Corporation; Intel(R) Graphics Accelerator Drivers for Windows NT(R)>
S3 Mtlstrm - c:\windows\system32\drivers\mtlstrm.sys <Not Verified; Smart Link; Soft Modem>
S3 NtMtlFax - c:\windows\system32\drivers\ntmtlfax.sys <Not Verified; Smart Link; Soft Modem>
S3 SlNtHal - c:\windows\system32\drivers\slnthal.sys <Not Verified; Smart Link; Soft Modem>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 McAfeeFramework (McAfee Framework Service) - c:\program files\network associates\common framework\frameworkservice.exe /servicestart <Not Verified; Network Associates, Inc.; McAfee Common Framework>
R2 McTaskManager (Network Associates Task Manager) - "c:\program files\network associates\virusscan\vstskmgr.exe" <Not Verified; Network Associates, Inc.; VirusScan Enterprise>

S2 SLService (SmartLinkService) - slserv.exe <Not Verified; Smart Link; Soft Modem>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Description: PS/2 Compatible Mouse
Device ID: ACPI\PNP0F13\3&61AAA01&0
Manufacturer: Microsoft
Name: PS/2 Compatible Mouse
PNP Device ID: ACPI\PNP0F13\3&61AAA01&0
Service: i8042prt


-- Scheduled Tasks -------------------------------------------------------------

2008-02-09 09:51:03 256 --a------ C:\WINDOWS\Tasks\Auf Updates für Windows Live Toolbar prüfen.job


-- Files created between 2008-01-09 and 2008-02-09 -----------------------------

2008-02-09 10:03:32 0 d-------- C:\Program Files\Trend Micro
2008-02-07 09:59:00 0 d-------- C:\Program Files\Lavasoft
2008-02-07 09:59:00 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-07 09:41:21 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-07 09:38:31 0 d-------- C:\Documents and Settings\CCS\Application Data\VersionTracker Pro
2008-02-07 09:38:14 0 d-------- C:\Program Files\TechTracker
2008-01-11 15:17:23 1158 --a------ C:\WINDOWS\mozver.dat
2008-01-11 15:11:20 0 --a------ C:\WINDOWS\nsreg.dat
2008-01-11 15:11:18 0 d-------- C:\Documents and Settings\CCS\Application Data\Mozilla
2008-01-11 14:12:58 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy


-- Find3M Report ---------------------------------------------------------------

2008-02-07 09:41:21 0 d-------- C:\Program Files\Common Files
2008-01-11 15:17:28 0 d-------- C:\Documents and Settings\CCS\Application Data\Adobe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [05.01.2006 05:05]
"SetRefresh"="C:\Program Files\Compaq\SetRefresh\SetRefresh.exe" [20.11.2003 20:01]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [18.08.2004 07:00]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [06.08.2004 02:50]
"Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" [07.10.2003 08:48]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09.07.2001 10:50]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [14.10.2003 09:22]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [14.04.2004 13:46]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [14.04.2004 14:04]
"ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [07.01.2005 16:30]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04.08.2004 09:00]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [28.06.2007 10:51]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [19.01.2007 11:55]

C:\Documents and Settings\CCS\Start Menu\Programs\Startup\
VersionTrackerPro.lnk - C:\Documents and Settings\CCS\Application Data\Microsoft\Installer\{C1EDC38F-2760-4A4E-9CED-95B53024134C}\New_Shortcut_S1699_A8EB5A2133B04A97AEEFDFB17E2E701D.exe [07.02.2008 09:38:18]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [14.12.2004 12:44:06]
Sonic CinePlayer Quick Launch.lnk - C:\Program Files\Common Files\Sonic Shared\CineTray.exe [15.10.2005 10:01:00]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [06.07.2006 08:43:49]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{29fce119-0c42-11db-ae72-806d6172696f}]
AutoRun\command- D:\Setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8b911e4e-0dc7-11dc-bd6d-0019db35147d}]
AutoRun\command- I:\usdeiect.com
explore\Command- I:\usdeiect.com
open\Command- I:\usdeiect.com

*Newly Created Service* - ENTDRV51



-- Hosts -----------------------------------------------------------------------

127.0.0.1 007guard.com
127.0.0.1 w*w.007guard.com
127.0.0.1 008i.com
127.0.0.1 008k.com
127.0.0.1 w*w.008k.com
127.0.0.1 00hq.com
127.0.0.1 w*w.00hq.com
127.0.0.1 010402.com
127.0.0.1 032439.com
127.0.0.1 w*w.032439.com

7840 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-02-09 10:04:32 ------------

Alt 09.02.2008, 11:56   #2
zambaku
 
Trojaner eingetroffen.. - Standard

Trojaner eingetroffen..



Hiermit die Anlage2 mit dem 2. Logfile:

(2) [CODE]['/CODE]

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Pentium(R) 4 CPU 3.20GHz
Percentage of Memory in Use: 71%
Physical Memory (total/avail): 446.48 MiB / 127.74 MiB
Pagefile Memory (total/avail): 1053.73 MiB / 644.83 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1929.25 MiB

C: is Fixed (NTFS) - 149.05 GiB total, 137.49 GiB free.
D: is CDROM (No Media)
E: is Removable (No Media)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)

\\.\PHYSICALDRIVE0 - WDC WD1600JS-60MHB5 - 149.05 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 149.05 GiB - C:

\\.\PHYSICALDRIVE1 - Generic- Compact Flash USB Device

\\.\PHYSICALDRIVE4 - Generic- MS/MS-Pro USB Device

\\.\PHYSICALDRIVE3 - Generic- SD/MMC USB Device

\\.\PHYSICALDRIVE2 - Generic- SM/xD-Picture USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.


[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"="C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe:*isabled:BearShare"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\CCS\Application Data
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=HP86571673719
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\CCS
LOGONSERVER=\\HP86571673719
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Mozilla Firefox;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0409
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\CCS\LOCALS~1\Temp
TMP=C:\DOCUME~1\CCS\LOCALS~1\Temp
USERDOMAIN=HP86571673719
USERNAME=CCS
USERPROFILE=C:\Documents and Settings\CCS
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

CCS (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> MsiExec.exe /I{8A42F680-2DD6-11D4-9A8C-0040F6982C20}
--> MsiExec.exe /I{A2529672-574A-4A99-86A5-C1770A0E31FE}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Reader 7.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_classISPLAY -clean
Brother MFL-Pro Suite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D83BD5E2-5AF4-49F6-B5C1-484A9760E73D}\Setup.exe" -l0x9 Brunin03.dllBrunin03.dll
Browsen mit Registerkarten (Windows Live Toolbar) --> MsiExec.exe /X{3353CA25-78CC-4321-B67C-16F2933DC94B}
Feederkennung (Windows Live Toolbar) --> MsiExec.exe /X{EBA672FF-F80E-48B1-8FC4-616825318810}
getPlus(R)_ocx --> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\inf\GETPLUSo.INF, DefaultUninstall
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
High Definition Audio Driver Package - KB888111 -->
HijackThis 2.0.2 --> "C:\Documents and Settings\CCS\Local Settings\Temporary Internet Files\Content.IE5\1GQLK5ME\HijackThis.exe" /uninstall
HP Help and Support --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}\SETUP.exe" -l0x9 -removeonly
McAfee VirusScan Enterprise --> MsiExec.exe /I{5DF3D1BB-894E-4DCD-8275-159AC9829B43}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Mozilla Firefox (2.0.0.12) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Nero OEM --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
OneCare Advisor (Windows Live Toolbar) --> MsiExec.exe /X{3AF0CCF7-3D25-470A-91D3-ABBBA7F30327}
PaperPort --> MsiExec.exe /I{A17EABB6-D0C6-44E5-820C-72DC7F495064}
Popupblocker (Windows Live Toolbar) --> MsiExec.exe /X{7677634B-E04E-4D2A-89CE-C6EF2370B498}
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Roxio CinePlayer --> MsiExec.exe /I{26792CA7-D87A-4DBE-896B-C2F66B344511}
Smart Menus (Windows Live Toolbar) --> MsiExec.exe /X{2DD6C198-FA9A-40B4-8DE5-CE5206E3EB34}
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
VersionTracker Pro Windows --> MsiExec.exe /X{C1EDC38F-2760-4A4E-9CED-95B53024134C}
Windows Live Favorites für Windows Live Toolbar --> MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}
Windows Live Messenger --> MsiExec.exe /I{279DB581-239C-4E13-97F8-0F48E40BE75C}
Windows Live Outlook-Toolbar (Windows Live Toolbar) --> MsiExec.exe /X{EFD8E454-EE12-402A-BFC1-7EA096599CBA}
Windows Live Toolbar-Erweiterung (Windows Live Toolbar) --> MsiExec.exe /X{218761F6-CBF6-4973-B910-A33E6563A1EA}
Windows Live Toolbar-Erweiterung (Windows Live Toolbar) --> MsiExec.exe /X{6266BA75-45FA-4B1A-B21F-E04A90C273E5}
Windows Live Toolbar --> "C:\Program Files\Windows Live Toolbar\UnInstall.exe" {0AC49543-9CE2-4434-AD42-5AA6E2967FA5}
Windows Live Toolbar --> MsiExec.exe /X{0AC49543-9CE2-4434-AD42-5AA6E2967FA5}
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall


-- Application Event Log -------------------------------------------------------

Event Record #/Type4078 / Warning
Event Submitted/Written: 02/09/2008 10:04:12 AM
Event ID/Source: 257 / Alert Manager Event Interface
Event Description:
VirusScan Enterprise: Would be blocked by behaviour blocking rule (rule is currently in warn mode) (warn only mode!).(from HP86571673719 IP 192.168.0.3 user SYSTEM running VirusScan Enter 8.0 OAS)

Event Record #/Type4077 / Warning
Event Submitted/Written: 02/09/2008 10:04:12 AM
Event ID/Source: 257 / Alert Manager Event Interface
Event Description:
VirusScan Enterprise: Would be blocked by behaviour blocking rule (rule is currently in warn mode) (warn only mode!).(from HP86571673719 IP 192.168.0.3 user SYSTEM running VirusScan Enter 8.0 OAS)

Event Record #/Type4072 / Success
Event Submitted/Written: 02/09/2008 09:50:42 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type4057 / Error
Event Submitted/Written: 02/08/2008 02:23:19 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application Ad-Aware2007.exe, version 7.0.2.5, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type4042 / Success
Event Submitted/Written: 02/08/2008 09:21:25 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type13424 / Error
Event Submitted/Written: 02/09/2008 09:26:22 AM
Event ID/Source: 7016 / Service Control Manager
Event Description:
The SmartLinkService service has reported an invalid current state 0.

Event Record #/Type13414 / Warning
Event Submitted/Written: 02/09/2008 09:25:53 AM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0019DB35147D. The following
error occurred:
%%121.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type13404 / Error
Event Submitted/Written: 02/08/2008 01:06:17 PM
Event ID/Source: 6161 / Print
Event Description:
The document mhtml:mid://00000038/ owned by CCS failed to print on printer Brother MFC-7820N Printer. Data type: NT EMF 1.008. Size of the spool file in bytes: 131072. Number of bytes printed: 0. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\HP86571673719. Win32 error code returned by the print processor: mhtml:mid://00000038/0. mhtml:mid://00000038/1

Event Record #/Type13389 / Error
Event Submitted/Written: 02/08/2008 09:08:09 AM
Event ID/Source: 7016 / Service Control Manager
Event Description:
The SmartLinkService service has reported an invalid current state 0.

Event Record #/Type13379 / Warning
Event Submitted/Written: 02/08/2008 09:07:38 AM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0019DB35147D. The following
error occurred:
%%121.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.



-- End of Deckard's System Scanner: finished at 2008-02-09 10:04:32 ------------


Vielen Dank für jeden Hinweis !
__________________


Antwort

Themen zu Trojaner eingetroffen..
ad-aware, adobe, application, bho, components, controlcenter, desktop, drivers, error, excel, explorer, firefox, g lösche, google, hijack, hijackthis, installation, internet, internet explorer, langsam, logfile, loswerden, mozilla, mozilla firefox, nicht sicher, opera, quara, refresh, registry, sehr langsam, shortcut, software, start menu, system, system restore, tracker, trojaner, updates, windows xp, windows\system32\drivers





Zum Thema Trojaner eingetroffen.. - Hallo, vor ca. 5 Tagen habe ich meinen PC durchgecheckt und mein Antivirusprogramm hatte rund 8 Trojaner und 1 Virus entdeckt, die alle als "deleted" erschienen, und ich konnte sie - Trojaner eingetroffen.....
Archiv
Du betrachtest: Trojaner eingetroffen.. auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.