|
Log-Analyse und Auswertung: Verschieden Trojaner und Malware (Malwarebytelog+OTL Logs)Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
28.04.2010, 02:18 | #1 | |||
| Verschieden Trojaner und Malware (Malwarebytelog+OTL Logs) Guten Morgen allerseits, Vor zwei Tagen klickte ich auf einen Link den ich von einem Kumpel per MSN zugeschickt bekommen habe. Da ich recht aktiv mit ihm chatte kam mir nichts verdächtig vor und ZACK, da wars auch schon passiert. Mehrere Viren gefunden, sämtliche Versuche sie vom System zu bekommen bisher vergeblich darum wende ich mich mal wieder vertrauenswürdig an die Profis~ Hier die Malwarebyte und OTL Logs: Zitat:
Zitat:
Zitat:
Schonmal Danke im Vorraus für die Bemühungen. Mfg Majora ('-')/ P.S.: Kann mir einer vll noch nebenbei erklären was diese ganzen links im O1 sind? Kenne davon keinen einzigen und kommen mir ziemlich suspekt vor |
28.04.2010, 02:25 | #2 |
| Verschieden Trojaner und Malware (Malwarebytelog+OTL Logs) Omg glatt im falschen Forum gepostet... man merkt es ist noch früh =.=
__________________Na dann pack ich hier mal auch noch ein Hjacklog rein ^^ Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 03:28:00, on 28.04.2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v7.00 (7.00.6002.18005) Boot mode: Normal Running processes: C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files (x86)\MagicTune Premium\GammaTray.exe C:\Program Files (x86)\SEC\Natural Color Pro\NCProTray.exe C:\Program Files (x86)\Keyboard Driver\OEMDriver.exe C:\Program Files (x86)\avmwlanstick\WLanGUI.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Creative\USB Headsets\Volume Panel\VolPanlu.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe C:\Program Files (x86)\Opera\opera.exe C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe C:\Program Files (x86)\Adobe\Reader 8.0\Reader\AcroRd32.exe C:\Program Files (x86)\Java\jre6\bin\javaw.exe C:\Program Files (x86)\Winamp\winamp.exe C:\Program Files (x86)\Combined Community Codec Pack\MPC\mpc-hc.exe C:\Users\Majora\AppData\Local\Temp\Jbw.exe C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [KBDriver] "C:\Program Files (x86)\Keyboard Driver\OEMDriver.exe" O4 - HKLM\..\Run: [AVMWlanClient] "C:\Program Files (x86)\avmwlanstick\wlangui.exe" O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [VolPanel] "C:\Program Files (x86)\Creative\USB Headsets\Volume Panel\VolPanlu.exe" /r O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [WindowsUpdateManager] C:\Users\Public\winsvcn.exe O4 - HKLM\..\Run: [ Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe" /autocheck O4 - HKLM\..\RunOnce: [SpybotDeletingA9351] command.com /c del "C:\Windows\System32\sshnas21.dll_old" O4 - HKLM\..\RunOnce: [SpybotDeletingC4968] cmd.exe /c del "C:\Windows\System32\sshnas21.dll_old" O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /install /silent O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [WindowsUpdateManager] C:\Users\Public\winsvcn.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [YVIBBBHA8C] C:\Users\Majora\AppData\Local\Temp\Jbw.exe O4 - HKCU\..\RunOnce: [SpybotDeletingB4351] command.com /c del "C:\Windows\System32\sshnas21.dll_old" O4 - HKCU\..\RunOnce: [SpybotDeletingD6053] cmd.exe /c del "C:\Windows\System32\sshnas21.dll_old" O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - Global Startup: GammaTray.lnk = ? O4 - Global Startup: Logitech SetPoint.lnk = ? O4 - Global Startup: NCProTray.lnk = ? O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - h**p://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15111/CTPID.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe O23 - Service: AVM WLAN Connection Service - AVM Berlin - C:\Program Files (x86)\avmwlanstick\WlanNetService.exe O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe O23 - Service: MagicTuneEngine - Unknown owner - C:\Program Files (x86)\MagicTune Premium\MagicTuneEngine.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe O23 - Service: TVEnhance Background Capture Service (TBCS) (TVECapSvc) - Unknown owner - C:\Program Files (x86)\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe O23 - Service: TVEnhance Task Scheduler (TTS)) (TVESched) - Unknown owner - C:\Program Files (x86)\CyberLink\TV Enhance\Kernel\TV\TVESched.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 9828 bytes Mfg Majora ('-')/ Geändert von Majora (28.04.2010 um 02:30 Uhr) |
28.04.2010, 14:30 | #3 |
| Verschieden Trojaner und Malware (Malwarebytelog+OTL Logs) so eben noch einen Spybot S&D drüberlaufen lassen
__________________hier mal die Namen des Ungeziefers: Virtumonde.sdn Win32.FraudLoad DNSFlush.cws Greetz Majora ('-')/ |
Themen zu Verschieden Trojaner und Malware (Malwarebytelog+OTL Logs) |
acroiehelper.dll, antivir, avira, bho, canon, components, cpu-z, desktop, error, flash player, fontcache, format, hdaudio.sys, helper, hijack, home, install.exe, kompatibilität, local\temp, location, logfile, malware, malwarebytes' anti-malware, mozilla, mozilla thunderbird, msvcr80.dll, oldtimer, opera.exe, otl logfile, otl.exe, plug-in, popup, programdata, realtek, registry, rundll, safer networking, saver, sched.exe, shell32.dll, skype.exe, software, sourceforge, sptd.sys, stick, super, suspekt, system, syswow64, teamspeak, trojan.downloader, trojaner, usb, viren, vista |