Hallo liebe User,
ich bin neu hier und hatte/habe einen Problem.
Ich habe mal ne exe angenommen und sie überprüfen lassen bei
VirusTotal - Free Online Virus and Malware Scan und die haben nichts angezeigt außer bei Nod32 kam die Meldung dass es möglicherweise eine Varainte von Win32 ist. Dachte kann nichts schlimmes sein, da die anderen nichts gefunden haben und deshalb habe ich auf dei exe.Datei draufgeclickt und nix kam und habe sie daher einfach gelöscht.
Am nexten Tag hat sich mein Pc 2 Stunden lang die ganze zeit abgemeldet als ich Verbindung mit dem Internet herstellen wollte und jemand hat sich mit meinem Nick die ganze zeit davor eingeloggt eingeloggt... Also werden die Passwörter an einem anderen Server wohl geschickt.
Habe Anitivr mal durchlaufen lassen und hat den hier gefunden:
TR/Agent.avkg <<<
http://www.viruslist.com/de/viruses/...?virusid=78173
den hat er gelöscht!Dann hat mir jemand geholfen per Teamviewer und hat ccleaner + Doctor search&destroy+HijackThis runtergeladen und alles gescannt...viel gefunden und gelöscht. Adaware habe ich auch runtergeladen und mein pc scannen lassen und da hat er auch was gefunden und habs löschen lassen.
Will jetzt wissen ob der Hacker immer noch Zugriff auf meinem Computer hat.
Ich habe von den Programmen Security Task Manager 7, Kaspersky 2009, brain.exe gehört! Könnten die mir möglicherweise weiterhelfen?
HijackThis new eben gescannt:
Zitat:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:44:46, on 07.01.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
D:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
D:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe
D:\WINDOWS\Explorer.EXE
D:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\TUProgSt.exe
D:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Programme\Spybot - Search & Destroy\TeaTimer.exe
D:\WINDOWS\system32\WgaTray.exe
D:\WINDOWS\system32\wuauclt.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Programme\Windows Live\Messenger\msnmsgr.exe
D:\Programme\Windows Live\Messenger\usnsvc.exe
D:\Programme\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Programme\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Programme\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [An OneNote 2007 senden] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P22 "An OneNote 2007 senden" /O31 "Send To Microsoft OneNote Port:" /M "Stylus CX3600"
O4 - HKLM\..\Run: [avgnt] "D:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://D:\Programme\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - h**p://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programme\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programme\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://h**p://messenger.zone.msn.com...o.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://h**p://messenger.zone.msn.com...t.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F036610D-BF83-46B7-84AC-6360AAD08A16}: NameServer = 195.50.140.178 195.50.140.114
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - D:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - D:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - D:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - D:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software - D:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - D:\WINDOWS\System32\TUProgSt.exe
--
End of file - 6505 bytes
|
Malwarebytes' Anti-Malware hat mehr als 5 Stunden gedauert glaub ich:
Zitat:
Malwarebytes' Anti-Malware 1.32
Datenbank Version: 1625
Windows 5.1.2600 Service Pack 2
07.01.2009 14:31:44
mbam-log-2009-01-07 (14-31-44).txt
Scan-Methode: Vollständiger Scan (C:\|D:\|)
Durchsuchte Objekte: 194988
Laufzeit: 7 hour(s), 18 minute(s), 9 second(s)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 46
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
C:\System Volume Information\_restore{7430BF8A-8774-4C58-8706-4597167C4759}\RP67\A0061692.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7430BF8A-8774-4C58-8706-4597167C4759}\RP67\A0062741.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7430BF8A-8774-4C58-8706-4597167C4759}\RP68\A0062812.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7430BF8A-8774-4C58-8706-4597167C4759}\RP68\A0062829.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7430BF8A-8774-4C58-8706-4597167C4759}\RP68\A0062871.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7430BF8A-8774-4C58-8706-4597167C4759}\RP69\A0062910.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7430BF8A-8774-4C58-8706-4597167C4759}\RP70\A0063088.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7430BF8A-8774-4C58-8706-4597167C4759}\RP71\A0063162.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7430BF8A-8774-4C58-8706-4597167C4759}\RP71\A0064195.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7430BF8A-8774-4C58-8706-4597167C4759}\RP72\A0068208.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7430BF8A-8774-4C58-8706-4597167C4759}\RP73\A0069234.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7430BF8A-8774-4C58-8706-4597167C4759}\RP73\A0070247.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7430BF8A-8774-4C58-8706-4597167C4759}\RP73\A0070260.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7430BF8A-8774-4C58-8706-4597167C4759}\RP74\A0070294.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7430BF8A-8774-4C58-8706-4597167C4759}\RP74\A0070304.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7430BF8A-8774-4C58-8706-4597167C4759}\RP74\A0070376.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7430BF8A-8774-4C58-8706-4597167C4759}\RP74\A0070388.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7430BF8A-8774-4C58-8706-4597167C4759}\RP75\A0070448.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7430BF8A-8774-4C58-8706-4597167C4759}\RP77\A0070509.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7430BF8A-8774-4C58-8706-4597167C4759}\RP78\A0071533.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7430BF8A-8774-4C58-8706-4597167C4759}\RP78\A0071563.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7430BF8A-8774-4C58-8706-4597167C4759}\RP78\A0071581.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7430BF8A-8774-4C58-8706-4597167C4759}\RP78\A0071641.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7430BF8A-8774-4C58-8706-4597167C4759}\RP78\A0071659.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7430BF8A-8774-4C58-8706-4597167C4759}\RP79\A0072698.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7430BF8A-8774-4C58-8706-4597167C4759}\RP79\A0072727.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7430BF8A-8774-4C58-8706-4597167C4759}\RP79\A0072780.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7430BF8A-8774-4C58-8706-4597167C4759}\RP79\A0073832.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7430BF8A-8774-4C58-8706-4597167C4759}\RP79\A0073867.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7430BF8A-8774-4C58-8706-4597167C4759}\RP80\A0073904.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7430BF8A-8774-4C58-8706-4597167C4759}\RP81\A0074912.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7430BF8A-8774-4C58-8706-4597167C4759}\RP81\A0074948.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7430BF8A-8774-4C58-8706-4597167C4759}\RP82\A0075025.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7430BF8A-8774-4C58-8706-4597167C4759}\RP83\A0075095.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7430BF8A-8774-4C58-8706-4597167C4759}\RP83\A0075131.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7430BF8A-8774-4C58-8706-4597167C4759}\RP84\A0075175.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7430BF8A-8774-4C58-8706-4597167C4759}\RP84\A0075195.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7430BF8A-8774-4C58-8706-4597167C4759}\RP84\A0075217.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7430BF8A-8774-4C58-8706-4597167C4759}\RP84\A0075239.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7430BF8A-8774-4C58-8706-4597167C4759}\RP84\A0075288.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7430BF8A-8774-4C58-8706-4597167C4759}\RP85\A0076684.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7430BF8A-8774-4C58-8706-4597167C4759}\RP85\A0076766.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7430BF8A-8774-4C58-8706-4597167C4759}\RP85\A0076865.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7430BF8A-8774-4C58-8706-4597167C4759}\RP85\A0076885.exe (Malware.Tool) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\cmdow.exe (Malware.Tool) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\h@tkeysh@@k.dll (Trojan.Agent) -> Quarantined and deleted successfully.
|
07.01.2009, 16:07
Linear-Darstellung
