|
Log-Analyse und Auswertung: Verdacht auf Virus oder ähnlichesWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
09.03.2009, 19:04 | #1 |
| Verdacht auf Virus oder ähnliches Hallo erstmal,und zwar hab ich seit einigen Tagen arge Pingprobleme ich vermute das ich mir irgendwo was eingefangen habe, habe mein System zwar schon mehrmals gescannt aber ohne Erfolg. Mein Laien Auge hat beim Hijack Log auch nichts gefunden evtl seht ihr ja mehr. Hijack Log Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:02:55, on 09.03.2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: E:\Trillian\trillian.exe E:\Gamers.IRC\mirc.exe E:\Mozilla Firefox\firefox.exe E:\Avira\AntiVir PersonalEdition Classic\avgnt.exe E:\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - - (no file) F2 - REG:system.ini: UserInit=userinit.exe O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\MICROS~1\Office12\GRA8E1~1.DLL O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [avgnt] "E:\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://E:\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - E:\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - E:\ICQ6\ICQ.exe O13 - Gopher Prefix: O17 - HKLM\System\CCS\Services\Tcpip\..\{97A0BD50-60A4-4DD5-99CA-D25F2A16E016}: NameServer = 192.168.2.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{97A0BD50-60A4-4DD5-99CA-D25F2A16E016}: NameServer = 192.168.2.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{97A0BD50-60A4-4DD5-99CA-D25F2A16E016}: NameServer = 192.168.2.1 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\MICROS~1\Office12\GR99D3~1.DLL O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Avira AntiVir Personal - Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - E:\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - E:\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NetLimiter (nlsvc) - Locktime Software - E:\NetLimiter 2 Pro\nlsvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: O&O Defrag - Unknown owner - C:\Windows\system32\oodag.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files (x86)\WinPcap\rpcapd.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: ServiceLayer - Nokia. - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) -- End of file - 6507 bytes Malware Log: Code:
ATTFilter Malwarebytes' Anti-Malware 1.34 Datenbank Version: 1827 Windows 6.0.6001 Service Pack 1 08.03.2009 21:34:57 mbam-log-2009-03-08 (21-34-08).txt Scan-Methode: Vollständiger Scan (C:\|D:\|E:\|F:\|) Durchsuchte Objekte: 248092 Laufzeit: 20 minute(s), 55 second(s) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 1 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 1 Infizierte Verzeichnisse: 0 Infizierte Dateien: 2 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: E:\Gamers.IRC\bin\dll\SysTray.dll (Trojan.Bot) -> No action taken. Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken. Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: E:\Gamers.IRC\bin\dll\SysTray.dll (Trojan.Bot) -> No action taken. E:\Gamers.IRC\bin\dll\dmu.dll (Trojan.Bot) -> No action taken. Hoffe ihr findet den Fehler, danke schonmal im Vorraus |
10.03.2009, 06:31 | #2 |
/// the machine /// TB-Ausbilder | Verdacht auf Virus oder ähnlichesHallo Pansky und
|
11.03.2009, 16:28 | #3 |
| Verdacht auf Virus oder ähnliches Danke für die Antwortund hier die gewünschten Logs:
__________________log: Code:
ATTFilter Logfile of random's system information tool 1.05 (written by random/random) Run by Sweet at 2009-03-11 16:25:21 Microsoft® Windows Vista™ Ultimate Service Pack 1 System drive C: has 63 GB (63%) free of 100 GB Total RAM: 4094 MB (72% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:25:22, on 11.03.2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: E:\Avira\AntiVir PersonalEdition Classic\avgnt.exe E:\Trillian\trillian.exe C:\Users\Sweet\Desktop\RSIT.exe E:\HijackThis\Sweet.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - - (no file) F2 - REG:system.ini: UserInit=userinit.exe O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\MICROS~1\Office12\GRA8E1~1.DLL O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [avgnt] "E:\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://E:\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - E:\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - E:\ICQ6\ICQ.exe O10 - Broken Internet access because of LSP provider 'c:\program files (x86)\bonjour\mdnsnsp.dll' missing O13 - Gopher Prefix: O17 - HKLM\System\CCS\Services\Tcpip\..\{97A0BD50-60A4-4DD5-99CA-D25F2A16E016}: NameServer = 192.168.2.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{97A0BD50-60A4-4DD5-99CA-D25F2A16E016}: NameServer = 192.168.2.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{97A0BD50-60A4-4DD5-99CA-D25F2A16E016}: NameServer = 192.168.2.1 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\MICROS~1\Office12\GR99D3~1.DLL O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Avira AntiVir Personal - Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - E:\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - E:\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NetLimiter (nlsvc) - Locktime Software - E:\NetLimiter 2 Pro\nlsvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: O&O Defrag - Unknown owner - C:\Windows\system32\oodag.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files (x86)\WinPcap\rpcapd.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: ServiceLayer - Nokia. - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) -- End of file - 6777 bytes ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] Groove GFS Browser Helper - E:\MICROS~1\Office12\GRA8E1~1.DLL [2006-10-27 2210608] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2009-01-13 320920] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2009-01-13 34816] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "avgnt"=E:\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=E:\MICROS~1\Office12\GRA8E1~1.DLL [2006-10-27 2210608] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "EnableLUA"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableUIADesktopToggle"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoActiveDesktop"= "NoActiveDesktopChanges"= "ForceActiveDesktopOn"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{85c1a018-b125-11dd-8889-001d603a66b2}] shell\AutoRun\command - I:\Autorun.exe ======List of files/folders created in the last 1 months====== 2009-03-10 23:49:37 ----D---- C:\rsit 2009-03-09 19:22:08 ----D---- C:\ProgramData\Apple 2009-03-09 19:22:08 ----D---- C:\Program Files (x86)\Apple Software Update 2009-03-08 20:40:25 ----D---- C:\Users\Sweet\AppData\Roaming\Malwarebytes 2009-03-08 20:40:19 ----D---- C:\ProgramData\Malwarebytes 2009-03-08 03:40:51 ----D---- C:\Program Files (x86)\MSXML 4.0 2009-03-08 03:31:47 ----A---- C:\Windows\system32\PresentationNative_v0300.dll 2009-03-08 03:31:47 ----A---- C:\Windows\system32\PresentationHostProxy.dll 2009-03-08 03:31:47 ----A---- C:\Windows\system32\icardres.dll 2009-03-08 03:31:46 ----A---- C:\Windows\system32\infocardapi.dll 2009-03-08 03:31:46 ----A---- C:\Windows\system32\icardagt.exe 2009-03-08 03:31:43 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2009-03-08 03:31:41 ----A---- C:\Windows\system32\PresentationHost.exe 2009-03-08 03:26:37 ----A---- C:\Windows\system32\netfxperf.dll 2009-03-08 03:26:33 ----A---- C:\Windows\system32\dfshim.dll 2009-03-08 03:26:25 ----A---- C:\Windows\system32\mscoree.dll 2009-03-08 03:26:21 ----A---- C:\Windows\system32\mscorier.dll 2009-03-08 03:26:19 ----A---- C:\Windows\system32\mscories.dll 2009-03-08 03:25:43 ----A---- C:\Windows\system32\tzres.dll 2009-03-08 03:22:59 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll 2009-03-08 03:22:59 ----A---- C:\Windows\system32\Apphlpdm.dll 2009-03-08 03:22:53 ----A---- C:\Windows\system32\mshtml.dll 2009-03-08 03:22:52 ----A---- C:\Windows\system32\urlmon.dll 2009-03-08 03:22:52 ----A---- C:\Windows\system32\ieframe.dll 2009-03-08 03:22:51 ----A---- C:\Windows\system32\wininet.dll 2009-03-08 03:22:51 ----A---- C:\Windows\system32\mstime.dll 2009-03-08 03:22:51 ----A---- C:\Windows\system32\msfeeds.dll 2009-03-08 03:22:50 ----A---- C:\Windows\system32\jsproxy.dll 2009-03-08 03:22:50 ----A---- C:\Windows\system32\iertutil.dll 2009-03-08 03:22:48 ----A---- C:\Windows\system32\mf.dll 2009-03-08 03:22:47 ----A---- C:\Windows\system32\WMVCORE.DLL 2009-03-08 03:22:47 ----A---- C:\Windows\system32\WMNetMgr.dll 2009-03-08 03:22:47 ----A---- C:\Windows\system32\logagent.exe 2009-03-08 03:22:35 ----A---- C:\Windows\system32\shell32.dll 2009-03-08 03:22:21 ----A---- C:\Windows\system32\gdi32.dll 2009-03-08 03:22:20 ----A---- C:\Windows\system32\explorer.exe 2009-03-08 03:22:20 ----A---- C:\Windows\explorer.exe 2009-03-07 00:31:59 ----D---- C:\Users\Sweet\AppData\Roaming\Locktime 2009-03-07 00:28:55 ----D---- C:\ProgramData\Locktime 2009-03-04 23:34:11 ----D---- C:\Users\Sweet\AppData\Roaming\Publish Providers 2009-03-04 23:34:03 ----AD---- C:\ProgramData\TEMP 2009-03-04 23:34:02 ----D---- C:\Users\Sweet\AppData\Roaming\Sony 2009-03-04 22:09:24 ----D---- C:\ProgramData\Sony 2009-03-01 17:49:50 ----D---- C:\Users\Sweet\AppData\Roaming\Nero 2009-03-01 17:41:21 ----A---- C:\Windows\system32\TwnLib4.dll 2009-03-01 17:41:21 ----A---- C:\Windows\system32\imagXRA7.dll 2009-03-01 17:41:21 ----A---- C:\Windows\system32\imagXR7.dll 2009-03-01 17:41:21 ----A---- C:\Windows\system32\imagXpr7.dll 2009-03-01 17:41:20 ----A---- C:\Windows\system32\imagX7.dll 2009-03-01 17:41:19 ----D---- C:\ProgramData\Nero 2009-03-01 17:41:19 ----D---- C:\Program Files (x86)\Common Files\Nero 2009-02-26 19:46:50 ----A---- C:\Windows\system32\xfcodec.dll ======List of files/folders modified in the last 1 months====== 2009-03-11 16:25:15 ----D---- C:\Windows\Prefetch 2009-03-11 16:25:07 ----D---- C:\Windows\Temp 2009-03-11 16:24:34 ----D---- C:\Users\Sweet\AppData\Roaming\uTorrent 2009-03-11 14:54:24 ----D---- C:\Windows\System32 2009-03-11 14:54:24 ----D---- C:\Windows\inf 2009-03-10 23:35:48 ----D---- C:\Users\Sweet\AppData\Roaming\Hamachi 2009-03-10 15:45:16 ----SHD---- C:\System Volume Information 2009-03-09 19:34:28 ----RD---- C:\Program Files (x86) 2009-03-09 19:28:30 ----SHD---- C:\Windows\Installer 2009-03-09 19:28:24 ----D---- C:\Windows\SysWOW64 2009-03-09 19:22:08 ----HD---- C:\ProgramData 2009-03-08 21:10:08 ----D---- C:\Windows\Debug 2009-03-08 21:10:08 ----D---- C:\Windows 2009-03-08 20:49:58 ----D---- C:\Windows\Microsoft.NET 2009-03-08 20:49:53 ----RSD---- C:\Windows\assembly 2009-03-08 20:40:23 ----D---- C:\Windows\system32\drivers 2009-03-08 04:02:25 ----D---- C:\Windows\rescache 2009-03-08 03:45:17 ----D---- C:\Windows\AppPatch 2009-03-08 03:45:14 ----D---- C:\Windows\system32\de-DE 2009-03-08 03:45:11 ----D---- C:\Windows\system32\XPSViewer 2009-03-08 03:45:07 ----D---- C:\Windows\system32\wbem 2009-03-08 03:45:07 ----D---- C:\Windows\system32\en-US 2009-03-08 03:44:05 ----D---- C:\Windows\winsxs 2009-03-08 03:41:45 ----SD---- C:\ProgramData\Microsoft 2009-03-07 19:56:03 ----D---- C:\Users\Sweet\AppData\Roaming\Xfire 2009-03-07 01:17:14 ----D---- C:\Program Files (x86)\Common Files 2009-03-06 23:30:47 ----D---- C:\Users\Sweet\AppData\Roaming\teamspeak2 2009-03-06 18:50:43 ----D---- C:\Program Files (x86)\Common Files\Adobe 2009-03-06 18:50:36 ----D---- C:\Users\Sweet\AppData\Roaming\Adobe 2009-03-06 16:34:27 ----A---- C:\Windows\system32\PnkBstrB.exe 2009-03-05 18:58:26 ----D---- C:\ProgramData\Xfire 2009-02-24 16:32:03 ----D---- C:\Program Files (x86)\Common Files\Blizzard Entertainment 2009-02-17 13:23:51 ----D---- C:\Users\Sweet\AppData\Roaming\ICQ ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 CSC;Offline Files Driver; C:\Windows\system32\drivers\csc.sys [] R1 nltdi;nltdi; \??\C:\Windows\system32\drivers\nltdi.sys [] R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [] R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [] R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [] R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [] R3 ksthunk;Kernel Streaming Thunks; C:\Windows\system32\drivers\ksthunk.sys [] R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [] R3 NVENETFD;NVIDIA nForce-Netzwerkcontrollertreiber; C:\Windows\system32\DRIVERS\nvm60x64.sys [] R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [] R3 usbscan;USB-Scannertreiber; C:\Windows\system32\DRIVERS\usbscan.sys [] S3 ak7had13;ak7had13; C:\Windows\system32\drivers\ak7had13.sys [] S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [] S3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys [] S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [] S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [] S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [] S3 nmwcdcjx64;Nokia USB Port; C:\Windows\system32\drivers\nmwcdcjx64.sys [] S3 nmwcdcmx64;Nokia USB Modem; C:\Windows\system32\drivers\nmwcdcmx64.sys [] S3 nmwcdcx64;Nokia USB Generic; C:\Windows\system32\drivers\nmwcdcx64.sys [] S3 nmwcdx64;Nokia USB Phone Parent; C:\Windows\system32\drivers\nmwcdx64.sys [] S3 NPF;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [] S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [] S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [] S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [] S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Planer; E:\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865] R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; E:\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297] R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2008-01-21 21504] R2 nlsvc;NetLimiter; E:\NetLimiter 2 Pro\nlsvc.exe [2007-05-13 867840] R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [] R2 O&O Defrag;O&O Defrag; C:\Windows\system32\oodag.exe [] S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2008-01-21 21504] S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2008-07-27 93184] S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe [] S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-01-11 655624] S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; E:\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136] S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2008-01-21 19968] S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files (x86)\WinPcap\rpcapd.exe [2007-11-06 92792] S3 ServiceLayer;ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [2007-02-08 212480] S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2008-01-21 21504] S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe [] S4 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2009-02-04 66872] -----------------EOF----------------- |
11.03.2009, 18:08 | #4 |
/// the machine /// TB-Ausbilder | Verdacht auf Virus oder ähnliches du hast ne schöne backdoor-infizierung, wenn du geldgeschäfte am pc machst gibt es nur Neuaufsetzen für dich, wenn du versuchen willst zu bereinigen mach folgendes: ComboFix
Combofix darf ausschließlich ausgeführt werden wenn ein Kompetenzler dies ausdrücklich empfohlen hat!Hinweis: Combofix verhindert die Autostart Funktion aller CD / DVD und USB - Laufwerken um so eine Verbeitung einzudämmen. Wenn es hierdurch zu Problemen kommt, diese im Thread posten. (ausführliche Anleitung -> Ein Leitfaden und Tutorium zur Nutzung von ComboFix)
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
12.03.2009, 00:49 | #5 |
| Verdacht auf Virus oder ähnliches Danke für die Informationen aber woran hast du jetzt die Infizierung erkannt? Aso und ich werde mich für die Neuinstallation entscheiden ;D |
Themen zu Verdacht auf Virus oder ähnliches |
adobe, antivir, antivirus, avg, avira, bho, bonjour, browser, computer, explorer, fehler, firefox, hijack, hijack.displayproperties, hijackthis, internet, internet explorer, logfile, malwarebytes' anti-malware, mozilla, nvidia, plug-in, registrierungsschlüssel, senden, software, solution, system, verdacht auf virus, virus, vista, windows |