Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Trojaner http://www.searchnu.com/406 (https://www.trojaner-board.de/113837-trojaner-http-www-searchnu-com-406-a.html)

kwango 19.04.2012 01:40
Trojaner http://www.searchnu.com/406
 
Hallo zusammen,

Seit einiger Zeit habe ich mir diesen Trojaner eingehandelt (hxxp://www.searchnu.com/406?tag=newtab). Ich habe bereits 1 Thema zu diesem Problem gesichtet, jedoch habe ich gelesen, dass es ja nur für diesen einen Rechner behandlet wird, und es nicht überall gleich sein muss. Deshalb ein neues Thema.

www.searchnu.com war seit einiger Zeit als meine Startseite eingestellt. Doch damals hatte ich mir dabei nichts Schlimmes gedacht und es dabei belassen. Jedoch ging es mir langsam auf den Wecker und ich stellte eine andere Startseite ein, doch wenn ich eine neue Tab öffne, kommt diese Seite: hxxp://www.searchnu.com/406?tag=newtab
Die Rede ist hier jedoch nur bei Firefox, bei Google Chrome ist alles palleti. Mein Betriebssystem ist Windows 7.
Ich bin bereits einen Check mit malwarebytes am ausführen, doch dieser dauert schon seit bald 2 Stunden, ist das normal?
Bei Add-ons und Systemsteuerung habe ich bereits Verdächtiges gelöscht.

Da ich nicht gerade der grosse Hirsch bin, wenn es um Viren geht, hoffe ich auf Eure Unterstützung und Hilfe zur Behebung meines Problemes.
Danke schon im Voraus.

Psychotic 19.04.2012 07:35
Um eine genauere Analyse zu ermöglichen, befolge bitte diesen Link:

An alle Hilfesuchenden! Was muss ich vor Eröffnung eines Themas beachten?

kwango 19.04.2012 13:53
okay, danke :)

hier meine 2 Logfiles :
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.DDS Logfile:
Code:
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 14.01.2011 11:38:17
System Uptime: 19.04.2012 14:33:45 (0 hours ago)
.
Motherboard: Quanta |  | 3629
Processor: Intel(R) Core(TM)2 Duo CPU    P7450  @ 2.13GHz | CPU | 789/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 373.013 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description:
Device ID: ACPI\ENE0100\4&6C35330&0
Manufacturer:
Name:
PNP Device ID: ACPI\ENE0100\4&6C35330&0
Service:
.
==== System Restore Points ===================
.
RP153: 05.04.2012 18:32:16 - Windows-Sicherung
RP154: 12.04.2012 19:34:21 - Geplanter Prüfpunkt
RP156: 15.04.2012 00:49:22 - Windows Modules Installer
RP157: 18.04.2012 01:26:40 - Windows Update
.
==== Installed Programs ======================
.
 Update for Microsoft Office 2007 (KB2508958)
Acronis True Image Home
ActiveCheck component for HP Active Support Library
Adobe Flash Player 10 ActiveX
Adobe Reader X (10.1.3) - Deutsch
Apple Application Support
Apple Software Update
D3DX10
Facebook Video Calling 1.2.0.159
Free YouTube Download 3 version 3.0.12.804
Free YouTube to MP3 Converter version 3.10.8.815
Google Chrome
Google Update Helper
HP Customer Experience Enhancements
HP Quick Launch Buttons
HP Support Assistant
HPAsset component for HP Active Support Library
IDT Audio
JMicron Flash Media Controller Driver
Junk Mail filter update
Malwarebytes Anti-Malware Version 1.61.0.1400
Messenger Companion
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (German) 2007
Microsoft Office Excel MUI (German) 2007
Microsoft Office File Validation Add-In
Microsoft Office Live Add-in 1.5
Microsoft Office Outlook MUI (German) 2007
Microsoft Office PowerPoint MUI (German) 2007
Microsoft Office Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Italian) 2007
Microsoft Office Proofing (German) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (German) 2007
Microsoft Office Shared MUI (German) 2007
Microsoft Office Word MUI (German) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Mozilla Firefox (3.6.28)
MSVCRT
MSVCRT_amd64
Norton 360
NVIDIA PhysX
QLBCASL
QuickTime
Safari
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Ski Challenge 11 (SF)
Ski Challenge 12 (SRF)
Skype Toolbars
Skype™ 5.1
System Requirements Lab
Total Commander (Remove or Repair)
Uninstall 1.0.0.1
Update für Microsoft Office Excel 2007 Help (KB963678)
Update für Microsoft Office Outlook 2007 Help (KB963677)
Update für Microsoft Office Powerpoint 2007 Help (KB963669)
Update für Microsoft Office Word 2007 Help (KB963665)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2598306) 32-Bit Edition
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Windows Live Communications Platform
Windows Live Essentials
Windows Live Fotogalerie
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== End Of File ===========================

und:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514
Run by Besitzer at 14:42:06 on 2012-04-19
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.41.1031.18.4093.2541 [GMT 2:00]
.
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe
C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Norton 360\Engine\5.2.1.3\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Norton 360\Engine\5.2.1.3\ccSvcHst.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.searchqu.com/406
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=e2b09c4500000000000000238b6d6dfd&tlver=1.4.19.19&affID=17162
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton 360\Engine\5.2.1.3\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton 360\Engine\5.2.1.3\IPS\IPSBHO.DLL
BHO: Windows Live ID-Anmelde-Hilfsprogramm: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton 360\Engine\5.2.1.3\coIEPlg.dll
TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll
TB: {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No File
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Facebook Update] "C:\Users\Besitzer\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
mRun: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\Users\Besitzer\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\HP_5C0~1.LNK - C:\Program Files (x86)\HP\csiInstaller\5C069542-CA13-4f1b-B90C-28C6430F4992\Setup.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Free YouTube Download - C:\Users\Besitzer\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - C:\Users\Besitzer\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
TCP: DhcpNameServer = 194.230.1.103 194.230.1.39
TCP: Interfaces\{3022F94B-B99F-4414-BC78-0B74B3CDD917} : DhcpNameServer = 192.168.100.2
TCP: Interfaces\{EE26317E-9C10-4CF2-A6D4-FFA1E0BFEADC} : DhcpNameServer = 194.230.1.103 194.230.1.39
TCP: Interfaces\{EE26317E-9C10-4CF2-A6D4-FFA1E0BFEADC}\26F627E6 : DhcpNameServer = 192.168.2.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}
{6D53EC84-6AAE-4787-AEEE-F4628F01010C}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{99079a25-328f-4bd4-be04-00955acaa0a7}
{9FDDE16B-836F-4806-AB1F-1455CBEFF289}
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
{99079a25-328f-4bd4-be04-00955acaa0a7}
TB-X64: {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No File
mRun-x64: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
mRun-x64: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\ou0vs8tc.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - DVDVideoSoftTB Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ch/|hxxp://www.facebook.com/|hxxp://www.20min.ch/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q=
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Besitzer\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: Symantec Intrusion Prevention: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360x64\0502010.003\SYMDS64.SYS --> C:\Windows\system32\drivers\N360x64\0502010.003\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0502010.003\SYMEFA64.SYS --> C:\Windows\system32\drivers\N360x64\0502010.003\SYMEFA64.SYS [?]
R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);C:\Windows\system32\DRIVERS\tdrpm273.sys --> C:\Windows\system32\DRIVERS\tdrpm273.sys [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120402.001\BHDrvx64.sys [2012-4-3 1160824]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120418.001\IDSviA64.sys [2012-4-19 488568]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360x64\0502010.003\Ironx64.SYS --> C:\Windows\system32\drivers\N360x64\0502010.003\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\N360x64\0502010.003\SYMNETS.SYS --> C:\Windows\system32\Drivers\N360x64\0502010.003\SYMNETS.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-4 63928]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2011-1-14 89600]
R2 afcdpsrv;Acronis Nonstop Backup-Dienst;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-1-14 3246040]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-1-25 92216]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\5.2.1.3\ccsvchst.exe [2012-4-5 130008]
R3 afcdp;afcdp;C:\Windows\system32\DRIVERS\afcdp.sys --> C:\Windows\system32\DRIVERS\afcdp.sys [?]
R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2011-1-14 227896]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-2-12 138360]
R3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys --> C:\Windows\system32\DRIVERS\jmcr.sys [?]
R3 NETw5s64;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 64-Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 RTL8167;Realtek 8167 NT-Treiber;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-1-19 136176]
S3 gupdatem;Google Update-Dienst (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-1-19 136176]
S3 HPFXBULKLEDM;HPFXBULKLEDM;C:\Windows\system32\drivers\hppdbulkio.sys --> C:\Windows\system32\drivers\hppdbulkio.sys [?]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series - Adaptertreiber für Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows-Aktivierungstechnologieservice;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-04-19 08:39:55        --------        d-----w-        C:\Users\Besitzer\AppData\Local\{5A5616F6-C0CB-48B3-923D-398EBC131AA4}
2012-04-19 08:39:41        --------        d-----w-        C:\Users\Besitzer\AppData\Local\{958FB87A-876E-4828-B528-E3898BB5488E}
2012-04-19 00:21:39        --------        d-----w-        C:\Users\Besitzer\AppData\Local\{479C1F6A-068F-4F13-A0F8-E01F3A6024A9}
2012-04-19 00:21:24        --------        d-----w-        C:\Users\Besitzer\AppData\Local\{4CC22EED-63BA-469B-84CF-66B5E817D4A0}
2012-04-18 22:52:54        --------        d-----w-        C:\Windows\SysWow64\N360_BACKUP
2012-04-18 22:39:38        --------        d-----w-        C:\Users\Besitzer\AppData\Roaming\Malwarebytes
2012-04-18 22:39:28        24904        ----a-w-        C:\Windows\System32\drivers\mbam.sys
2012-04-18 22:39:28        --------        d-----w-        C:\ProgramData\Malwarebytes
2012-04-18 22:39:28        --------        d-----w-        C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-17 23:27:11        --------        d-----w-        C:\Program Files (x86)\Microsoft
2012-04-17 00:05:21        --------        d-----w-        C:\Users\Besitzer\AppData\Local\Facebook
2012-04-15 10:52:41        --------        d-----w-        C:\Users\Besitzer\AppData\Local\{64C3A8F3-9A6D-40EF-B9A7-F71AF1124E50}
2012-04-14 22:53:32        5559152        ----a-w-        C:\Windows\System32\ntoskrnl.exe
2012-04-14 22:53:32        3968368        ----a-w-        C:\Windows\SysWow64\ntkrnlpa.exe
2012-04-14 22:53:31        3913072        ----a-w-        C:\Windows\SysWow64\ntoskrnl.exe
2012-04-14 22:50:09        23408        ----a-w-        C:\Windows\System32\drivers\fs_rec.sys
2012-04-14 22:50:08        81408        ----a-w-        C:\Windows\System32\imagehlp.dll
2012-04-14 22:50:08        159232        ----a-w-        C:\Windows\SysWow64\imagehlp.dll
2012-04-14 22:50:07        5120        ----a-w-        C:\Windows\SysWow64\wmi.dll
2012-04-14 22:50:07        5120        ----a-w-        C:\Windows\System32\wmi.dll
2012-04-14 22:50:07        220672        ----a-w-        C:\Windows\System32\wintrust.dll
2012-04-14 22:50:07        172544        ----a-w-        C:\Windows\SysWow64\wintrust.dll
2012-04-12 17:00:59        1638912        ----a-w-        C:\Windows\SysWow64\mshtml.tlb
2012-04-12 17:00:59        1638912        ----a-w-        C:\Windows\System32\mshtml.tlb
2012-04-06 16:51:16        --------        d-----w-        C:\Users\Besitzer\AppData\Local\{601F83B0-432F-40A3-B880-7A84106E3059}
2012-04-05 16:43:35        912504        ----a-w-        C:\Windows\System32\drivers\N360x64\0502010.003\symefa64.sys
2012-04-05 16:43:35        744568        ----a-w-        C:\Windows\System32\drivers\N360x64\0502010.003\srtsp64.sys
2012-04-05 16:43:35        450680        ----a-w-        C:\Windows\System32\drivers\N360x64\0502010.003\symds64.sys
2012-04-05 16:43:35        40568        ----a-w-        C:\Windows\System32\drivers\N360x64\0502010.003\srtspx64.sys
2012-04-05 16:43:35        386168        ----a-w-        C:\Windows\System32\drivers\N360x64\0502010.003\symnets.sys
2012-04-05 16:43:35        171128        ----a-r-        C:\Windows\System32\drivers\N360x64\0502010.003\ironx64.sys
2012-04-05 16:43:16        --------        d-----w-        C:\Windows\System32\drivers\N360x64\0502010.003
2012-04-04 05:53:56        182160        ----a-w-        C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2012-04-04 05:53:56        182160        ----a-w-        C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
2012-03-27 18:42:30        --------        d-----w-        C:\Users\Besitzer\AppData\Local\{A04F7C40-7507-44FD-A261-08F91335048C}
2012-03-27 18:42:12        --------        d-----w-        C:\Users\Besitzer\AppData\Local\{02E5124C-571F-4929-8B2F-036CEFD82927}
2012-03-23 09:48:11        --------        d-----w-        C:\Users\Besitzer\AppData\Local\{0CB1810E-1434-4791-9BF5-5551E5895D91}
2012-03-22 09:57:39        --------        d-----w-        C:\Users\Besitzer\AppData\Local\{8E64F58E-489A-479D-A7BF-1E44D0FE2FAD}
2012-03-22 09:57:27        --------        d-----w-        C:\Users\Besitzer\AppData\Local\{980A3D67-16EB-455B-9AAE-EE26497C1D31}
.
==================== Find3M  ====================
.
2012-02-28 06:39:37        1188864        ----a-w-        C:\Windows\System32\wininet.dll
2012-02-28 05:38:52        981504        ----a-w-        C:\Windows\SysWow64\wininet.dll
2012-02-17 06:38:26        1031680        ----a-w-        C:\Windows\System32\rdpcore.dll
2012-02-17 05:34:22        826880        ----a-w-        C:\Windows\SysWow64\rdpcore.dll
2012-02-17 04:58:24        210944        ----a-w-        C:\Windows\System32\drivers\rdpwd.sys
2012-02-17 04:57:32        23552        ----a-w-        C:\Windows\System32\drivers\tdtcp.sys
2012-02-10 06:36:07        1544192        ----a-w-        C:\Windows\System32\DWrite.dll
2012-02-10 05:38:43        1077248        ----a-w-        C:\Windows\SysWow64\DWrite.dll
2012-02-07 09:02:40        1070352        ----a-w-        C:\Windows\SysWow64\MSCOMCTL.OCX
2012-02-03 04:34:34        3145728        ----a-w-        C:\Windows\System32\win32k.sys
2012-01-25 06:38:39        77312        ----a-w-        C:\Windows\System32\rdpwsx.dll
2012-01-25 06:38:38        149504        ----a-w-        C:\Windows\System32\rdpcorekmts.dll
2012-01-25 06:33:30        9216        ----a-w-        C:\Windows\System32\rdrmemptylst.exe
.
============= FINISH: 14:42:55.49 ===============
--- --- ---


geht das? oder was habe ich bei der Anleitung übersehen?

Psychotic 19.04.2012 19:33
Du hast mir die attach.txt gepostet - ich brauche jedoch die dds.txt! :)


Mach außerdem noch folgendes:


Schritt 1: Scan mit TSDD-Killer


Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und speichere das Logfile. TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern ( Meistens C:\ ) Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt
Poste den Inhalt bitte hier in deinen Thread.


Schritt 2: aswMBR


Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung) Vista und Win7 User mit Rechtsklick "als Admininstartor starten"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. ( Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen ) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

kwango 19.04.2012 21:01
Indemfall haben Sie ihn übersehen, weil ich hatte ihn unten dran noch reingepostet. -->
.DDS Logfile:
Code:
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514
Run by Besitzer at 14:42:06 on 2012-04-19
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.41.1031.18.4093.2541 [GMT 2:00]
.
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe
C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Norton 360\Engine\5.2.1.3\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Norton 360\Engine\5.2.1.3\ccSvcHst.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.searchqu.com/406
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=e2b09c4500000000000000238b6d6dfd&tlver=1.4.19.19&affID=17162
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton 360\Engine\5.2.1.3\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton 360\Engine\5.2.1.3\IPS\IPSBHO.DLL
BHO: Windows Live ID-Anmelde-Hilfsprogramm: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton 360\Engine\5.2.1.3\coIEPlg.dll
TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll
TB: {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No File
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Facebook Update] "C:\Users\Besitzer\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
mRun: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\Users\Besitzer\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\HP_5C0~1.LNK - C:\Program Files (x86)\HP\csiInstaller\5C069542-CA13-4f1b-B90C-28C6430F4992\Setup.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Free YouTube Download - C:\Users\Besitzer\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - C:\Users\Besitzer\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
TCP: DhcpNameServer = 194.230.1.103 194.230.1.39
TCP: Interfaces\{3022F94B-B99F-4414-BC78-0B74B3CDD917} : DhcpNameServer = 192.168.100.2
TCP: Interfaces\{EE26317E-9C10-4CF2-A6D4-FFA1E0BFEADC} : DhcpNameServer = 194.230.1.103 194.230.1.39
TCP: Interfaces\{EE26317E-9C10-4CF2-A6D4-FFA1E0BFEADC}\26F627E6 : DhcpNameServer = 192.168.2.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}
{6D53EC84-6AAE-4787-AEEE-F4628F01010C}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{99079a25-328f-4bd4-be04-00955acaa0a7}
{9FDDE16B-836F-4806-AB1F-1455CBEFF289}
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
{99079a25-328f-4bd4-be04-00955acaa0a7}
TB-X64: {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No File
mRun-x64: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
mRun-x64: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\ou0vs8tc.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - DVDVideoSoftTB Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ch/|hxxp://www.facebook.com/|hxxp://www.20min.ch/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q=
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Besitzer\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: Symantec Intrusion Prevention: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360x64\0502010.003\SYMDS64.SYS --> C:\Windows\system32\drivers\N360x64\0502010.003\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0502010.003\SYMEFA64.SYS --> C:\Windows\system32\drivers\N360x64\0502010.003\SYMEFA64.SYS [?]
R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);C:\Windows\system32\DRIVERS\tdrpm273.sys --> C:\Windows\system32\DRIVERS\tdrpm273.sys [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120402.001\BHDrvx64.sys [2012-4-3 1160824]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120418.001\IDSviA64.sys [2012-4-19 488568]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360x64\0502010.003\Ironx64.SYS --> C:\Windows\system32\drivers\N360x64\0502010.003\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\N360x64\0502010.003\SYMNETS.SYS --> C:\Windows\system32\Drivers\N360x64\0502010.003\SYMNETS.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-4 63928]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2011-1-14 89600]
R2 afcdpsrv;Acronis Nonstop Backup-Dienst;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-1-14 3246040]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-1-25 92216]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\5.2.1.3\ccsvchst.exe [2012-4-5 130008]
R3 afcdp;afcdp;C:\Windows\system32\DRIVERS\afcdp.sys --> C:\Windows\system32\DRIVERS\afcdp.sys [?]
R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2011-1-14 227896]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-2-12 138360]
R3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys --> C:\Windows\system32\DRIVERS\jmcr.sys [?]
R3 NETw5s64;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 64-Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 RTL8167;Realtek 8167 NT-Treiber;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-1-19 136176]
S3 gupdatem;Google Update-Dienst (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-1-19 136176]
S3 HPFXBULKLEDM;HPFXBULKLEDM;C:\Windows\system32\drivers\hppdbulkio.sys --> C:\Windows\system32\drivers\hppdbulkio.sys [?]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series - Adaptertreiber für Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows-Aktivierungstechnologieservice;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-04-19 08:39:55        --------        d-----w-        C:\Users\Besitzer\AppData\Local\{5A5616F6-C0CB-48B3-923D-398EBC131AA4}
2012-04-19 08:39:41        --------        d-----w-        C:\Users\Besitzer\AppData\Local\{958FB87A-876E-4828-B528-E3898BB5488E}
2012-04-19 00:21:39        --------        d-----w-        C:\Users\Besitzer\AppData\Local\{479C1F6A-068F-4F13-A0F8-E01F3A6024A9}
2012-04-19 00:21:24        --------        d-----w-        C:\Users\Besitzer\AppData\Local\{4CC22EED-63BA-469B-84CF-66B5E817D4A0}
2012-04-18 22:52:54        --------        d-----w-        C:\Windows\SysWow64\N360_BACKUP
2012-04-18 22:39:38        --------        d-----w-        C:\Users\Besitzer\AppData\Roaming\Malwarebytes
2012-04-18 22:39:28        24904        ----a-w-        C:\Windows\System32\drivers\mbam.sys
2012-04-18 22:39:28        --------        d-----w-        C:\ProgramData\Malwarebytes
2012-04-18 22:39:28        --------        d-----w-        C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-17 23:27:11        --------        d-----w-        C:\Program Files (x86)\Microsoft
2012-04-17 00:05:21        --------        d-----w-        C:\Users\Besitzer\AppData\Local\Facebook
2012-04-15 10:52:41        --------        d-----w-        C:\Users\Besitzer\AppData\Local\{64C3A8F3-9A6D-40EF-B9A7-F71AF1124E50}
2012-04-14 22:53:32        5559152        ----a-w-        C:\Windows\System32\ntoskrnl.exe
2012-04-14 22:53:32        3968368        ----a-w-        C:\Windows\SysWow64\ntkrnlpa.exe
2012-04-14 22:53:31        3913072        ----a-w-        C:\Windows\SysWow64\ntoskrnl.exe
2012-04-14 22:50:09        23408        ----a-w-        C:\Windows\System32\drivers\fs_rec.sys
2012-04-14 22:50:08        81408        ----a-w-        C:\Windows\System32\imagehlp.dll
2012-04-14 22:50:08        159232        ----a-w-        C:\Windows\SysWow64\imagehlp.dll
2012-04-14 22:50:07        5120        ----a-w-        C:\Windows\SysWow64\wmi.dll
2012-04-14 22:50:07        5120        ----a-w-        C:\Windows\System32\wmi.dll
2012-04-14 22:50:07        220672        ----a-w-        C:\Windows\System32\wintrust.dll
2012-04-14 22:50:07        172544        ----a-w-        C:\Windows\SysWow64\wintrust.dll
2012-04-12 17:00:59        1638912        ----a-w-        C:\Windows\SysWow64\mshtml.tlb
2012-04-12 17:00:59        1638912        ----a-w-        C:\Windows\System32\mshtml.tlb
2012-04-06 16:51:16        --------        d-----w-        C:\Users\Besitzer\AppData\Local\{601F83B0-432F-40A3-B880-7A84106E3059}
2012-04-05 16:43:35        912504        ----a-w-        C:\Windows\System32\drivers\N360x64\0502010.003\symefa64.sys
2012-04-05 16:43:35        744568        ----a-w-        C:\Windows\System32\drivers\N360x64\0502010.003\srtsp64.sys
2012-04-05 16:43:35        450680        ----a-w-        C:\Windows\System32\drivers\N360x64\0502010.003\symds64.sys
2012-04-05 16:43:35        40568        ----a-w-        C:\Windows\System32\drivers\N360x64\0502010.003\srtspx64.sys
2012-04-05 16:43:35        386168        ----a-w-        C:\Windows\System32\drivers\N360x64\0502010.003\symnets.sys
2012-04-05 16:43:35        171128        ----a-r-        C:\Windows\System32\drivers\N360x64\0502010.003\ironx64.sys
2012-04-05 16:43:16        --------        d-----w-        C:\Windows\System32\drivers\N360x64\0502010.003
2012-04-04 05:53:56        182160        ----a-w-        C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2012-04-04 05:53:56        182160        ----a-w-        C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
2012-03-27 18:42:30        --------        d-----w-        C:\Users\Besitzer\AppData\Local\{A04F7C40-7507-44FD-A261-08F91335048C}
2012-03-27 18:42:12        --------        d-----w-        C:\Users\Besitzer\AppData\Local\{02E5124C-571F-4929-8B2F-036CEFD82927}
2012-03-23 09:48:11        --------        d-----w-        C:\Users\Besitzer\AppData\Local\{0CB1810E-1434-4791-9BF5-5551E5895D91}
2012-03-22 09:57:39        --------        d-----w-        C:\Users\Besitzer\AppData\Local\{8E64F58E-489A-479D-A7BF-1E44D0FE2FAD}
2012-03-22 09:57:27        --------        d-----w-        C:\Users\Besitzer\AppData\Local\{980A3D67-16EB-455B-9AAE-EE26497C1D31}
.
==================== Find3M  ====================
.
2012-02-28 06:39:37        1188864        ----a-w-        C:\Windows\System32\wininet.dll
2012-02-28 05:38:52        981504        ----a-w-        C:\Windows\SysWow64\wininet.dll
2012-02-17 06:38:26        1031680        ----a-w-        C:\Windows\System32\rdpcore.dll
2012-02-17 05:34:22        826880        ----a-w-        C:\Windows\SysWow64\rdpcore.dll
2012-02-17 04:58:24        210944        ----a-w-        C:\Windows\System32\drivers\rdpwd.sys
2012-02-17 04:57:32        23552        ----a-w-        C:\Windows\System32\drivers\tdtcp.sys
2012-02-10 06:36:07        1544192        ----a-w-        C:\Windows\System32\DWrite.dll
2012-02-10 05:38:43        1077248        ----a-w-        C:\Windows\SysWow64\DWrite.dll
2012-02-07 09:02:40        1070352        ----a-w-        C:\Windows\SysWow64\MSCOMCTL.OCX
2012-02-03 04:34:34        3145728        ----a-w-        C:\Windows\System32\win32k.sys
2012-01-25 06:38:39        77312        ----a-w-        C:\Windows\System32\rdpwsx.dll
2012-01-25 06:38:38        149504        ----a-w-        C:\Windows\System32\rdpcorekmts.dll
2012-01-25 06:33:30        9216        ----a-w-        C:\Windows\System32\rdrmemptylst.exe
.
============= FINISH: 14:42:55.49 ===============
--- --- ---
noch ne frage, ist das ein gefährlicher Trojaner?


und hier ist der awsMBR.txt

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-19 21:50:31
-----------------------------
21:50:31.792 OS Version: Windows x64 6.1.7601 Service Pack 1
21:50:31.792 Number of processors: 2 586 0x1706
21:50:31.793 ComputerName: BESITZER-PC UserName: Besitzer
21:50:33.879 Initialize success
21:50:42.864 AVAST engine defs: 12041900
21:52:53.117 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
21:52:53.120 Disk 0 Vendor: SAMSUNG_HM500JI 2AC101C4 Size: 476940MB BusType: 11
21:52:53.137 Disk 0 MBR read successfully
21:52:53.140 Disk 0 MBR scan
21:52:53.145 Disk 0 Windows 7 default MBR code
21:52:53.157 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
21:52:53.168 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 476838 MB offset 206848
21:52:53.199 Disk 0 scanning C:\Windows\system32\drivers
21:53:03.994 Service scanning
21:53:32.231 Modules scanning
21:53:32.254 Disk 0 trace - called modules:
21:53:32.288 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
21:53:32.293 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c6a790]
21:53:32.631 3 CLASSPNP.SYS[fffff8800160143f] -> nt!IofCallDriver -> [0xfffffa8004c6a040]
21:53:32.645 5 hpdskflt.sys[fffff88001deb189] -> nt!IofCallDriver -> [0xfffffa8004ad1520]
21:53:32.662 7 ACPI.sys[fffff88000ef67a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80047d9680]
21:53:34.272 AVAST engine scan C:\Windows
21:53:37.694 AVAST engine scan C:\Windows\system32
21:56:52.952 AVAST engine scan C:\Windows\system32\drivers
21:57:21.213 AVAST engine scan C:\Users\Besitzer
22:00:45.906 Disk 0 MBR has been saved successfully to "C:\Users\Besitzer\Desktop\MBR.dat"
22:00:45.920 The log file has been saved successfully to "C:\Users\Besitzer\Desktop\savelog neu.txt"


danke

Psychotic 20.04.2012 10:31
Hallo kwango,

keine sorge, es handelt sich lediglich um so genannte "potentiell unerwünschte Software", die zwar nervig und schwer zu entfernen, aber im Grunde ungefährlich ist. Wir werden Sie aber entfernen! ;)

Bitte noch das Log des TDSS-Killers posten!

kwango 20.04.2012 19:25
okay, danke!

Der TDSSKiller hat nichts gefunden... Trotzdem posten? hab ihn nicht gefunden...

Psychotic 21.04.2012 18:20
Ja, bitte poste das Log - du müsstest es im Hauptverzeichnis des Laufwerks finden, auf dem Windows installiert ist...

Psychotic 23.04.2012 08:58
Hallo, benötigst Du noch weiterhin Hilfe ? Sollte ich innerhalb der nächsten 24 Stunden keine Antwort von dir erhalten, werde ich dein Thema aus meinen Abos nehmen und bekomme dadurch keine Nachricht über neue Antworten. Das Verschwinden der Symptome bedeutet nicht, dass dein System schon sauber ist

kwango 24.04.2012 20:04
hmm ich nehme an es ist also zu spät.. Hatte gestern und heute keine Zeit mehr, sorry.

Falls Du mir noch helfen kannst, dann ist das Log hier:

file:///C:/TDSSKiller.2.7.29.0_19.04.2012_21.15.19_log.txt

Psychotic 25.04.2012 07:10
Nein, ist es nicht! ;)

du hast mir nur den Link gepostet, der auf dein System verweist - das bringt uns nicht weiter.

Poste den Inhalt der Textdatei hier in Code-Tags - das ist das #-Symbol oben im Antwortfenster.

Sollte dann SO aussehen: [ code] Dein Text [ /code] (ohne die Leerzeichen)

Psychotic 28.04.2012 11:07
Hallo, benötigst Du noch weiterhin Hilfe ? Sollte ich innerhalb der nächsten 24 Stunden keine Antwort von dir erhalten, werde ich dein Thema aus meinen Abos nehmen und bekomme dadurch keine Nachricht über neue Antworten. Das Verschwinden der Symptome bedeutet nicht, dass dein System schon sauber ist

Psychotic 01.05.2012 22:28
Fehlende Rückmeldung
Dieses Thema wurde aus den Abos gelöscht. Somit bekomm ich keine Benachrichtigung über neue Antworten.
PM an mich falls Du denoch weiter machen willst.

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen


Alle Zeitangaben in WEZ +1. Es ist jetzt 10:30 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55