Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Trojan:win32\renos.jm will nicht weggehen (https://www.trojaner-board.de/79637-trojan-win32-renos-jm-will-weggehen.html)

antishooter 22.11.2009 13:22
Trojan:win32\renos.jm will nicht weggehen
 
Bin neu, erhoffe mir hilfe, darf auch ruhig 3 Tage dauern ^^
Also in vielen anderen Posts, die ich auch teilweise hier gelsesn habe, wurde mir nicht geholfen, um Trojan:win32\renos.jm zu entfernen. kennt einer den pfad, damit ich es manuell löschen kann? ansonsten hier logfile mit hijackthis. mehr habe ich bisher nicht tun können, das ding plagt mich aber schon 3 tage lang. vista neu draufziehen kommt erstmal nicht in frage!

kira 23.11.2009 08:08
Hallo und Herzlich Willkommen! :)

- wofür brauchst du das Programm: http://pcwelt-wiki.de/wiki/Knacktechnik

- Die Anweisungen bitte gründlich lesen und immer streng einhalten, da ich die Reihenfolge nach bestimmten Kriterien vorbereitet habe:

1.
Lade Dir Malwarebytes Anti-Malware von→ malwarebytes.org
  • Installieren und per Doppelklick starten.
  • Deutsch einstellen und gleich mal die Datenbanken zu aktualisieren - online updaten
  • "Komplett Scan durchführen" wählen (überall Haken setzen)
  • wenn der Scanvorgang beendet ist, klicke auf "Zeige Resultate"
  • alle Funde markieren und auf "Löschen" - "Ausgewähltes entfernen") klicken.
  • Poste das Ergebnis hier in den Thread - den Bericht findest Du unter "Scan-Berichte"
eine bebilderte Anleitung findest Du hier: Malwarebytes Anti-Malware

2.
poste erneut:
Trend Micro HijackThis-Logfile - Keine offenen Fenster, solang bis HijackThis läuft!!

3.
Ich würde gerne noch all deine installierten Programme sehen:
Lade dir das Tool ccleaner herunter
installieren ("Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ unter Options settings-> "german" einstellen
dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..."
wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein

Zitat:
Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du:[code]
hier kommt dein Logfile rein
→ dahinter:[/code]
gruß
Coverflow

antishooter 25.11.2009 17:44
anscheinend hat es windows vista endlich geschafft, den trojaner zu entfernen, denn es kommen keine meldungen mehr, danke trotzdem!

kira 26.11.2009 09:31
Wenn die Symptome verschwunden sind, das noch lange nicht bedeutet, dass dein rechner restlos sauber ist!, Da hier geht es um einen Infektion mit Backdoor, ich empfehle Dir diese Anleitung genau abzuarbeiten!
Wenn Du es nicht willst, dann empfehle ich dir das System sofort neu zu Installieren!

antishooter 26.11.2009 19:03
vielen dank, ich werde mich am wochenende drum kümmern. aber eine frage: warum schlägt mein kaspersky 2010 nicht aus und warum finde ich keinen pfad zur datei?

kira 27.11.2009 12:05
Zitat:
Zitat von antishooter (Beitrag 483222)
vielen dank, ich werde mich am wochenende drum kümmern. aber eine frage: warum schlägt mein kaspersky 2010 nicht aus ..
was meinst damit?
das hier Kaspersky gemeldet?-> "Trojan:win32\renos.jm"

Zitat:
Zitat von antishooter (Beitrag 483222)
und warum finde ich keinen pfad zur datei?
"Trojan:win32\renos.jm"? ein Bericht sollte vorhanden sein...?!

antishooter 29.11.2009 21:16
Zitat:
Zitat von Coverflow (Beitrag 483351)
was meinst damit?
das hier Kaspersky gemeldet?-> "Trojan:win32\renos.jm"


"Trojan:win32\renos.jm"? ein Bericht sollte vorhanden sein...?!


das mit renos.jm hat windows defender gemeldet, kaspersky war ganz ruhig.

bericht lag dementsprechend nicht vor

ich mach gerade test mit malwarebytes, dann hijack, dann erneut post

hier schon mal ccleaner:
Code:
Adobe AIR        Adobe Systems Inc.        31.10.2009                1.5.2.8900
Adobe Flash Player 10 ActiveX        Adobe Systems Incorporated        21.05.2009                10.0.22.87
Adobe Flash Player 10 Plugin        Adobe Systems Incorporated        14.10.2009                10.0.32.18
Adobe Media Player        Adobe Systems Incorporated        01.06.2009        2,95MB        1.1
Adobe Photoshop 7.0        Adobe Systems, Inc.        13.10.2009        144,8MB        7.0
Adobe Reader 8.1.7 - Deutsch        Adobe Systems Incorporated        18.10.2009                8.1.7
Akamai NetSession Interface                07.11.2009        3,36MB       
Alaplaya Launcher                10.03.2009        4,34MB       
Any DVD Converter Professional 3.7.8        Any-DVD-Converter.com        19.10.2009        65,4MB       
Any Video Converter 2.7.3        Any-Video-Converter.com        04.05.2009        55,1MB       
ArtMoney SE v7.27        System SoftLab        21.11.2008        1,82MB        7.27
Ashampoo Music Studio 2009        ashampoo GmbH & Co. KG        26.06.2009        45,1MB        3.5.0
Battlefield Heroes        EA Digital illusions        10.10.2009        427,0MB       
BattleForge™        Electronic Arts        30.08.2009        2.081,2MB        1.0.0.0
BitComet 1.09        ~RnySmile~        21.02.2009        10,5MB        1.09
BootSkin Vista (Free)        Stardock Corporation        26.09.2009        3,10MB       
C-Media Card Reader Driver USB2.0                21.11.2008               
Camtasia Studio 6        TechSmith Corporation        21.06.2009        76,1MB        6.0.1
CCleaner        Piriform        28.11.2009        2,80MB       
Champions Online: Bloodmoon Free Weekend        Cryptic Studios        30.10.2009        648,2MB       
Cheat Engine 5.5        Dark Byte        07.06.2009        9,67MB       
Chilirec 1.01                23.10.2009        100,1MB       
CloneCD        SlySoft        21.11.2008        5,46MB       
Club Cooee                06.04.2009        32,3MB       
CometBird (3.5.5)        CometNetwork        21.11.2009        28,5MB        3.5.5 (de)
Compatibility Pack für 2007 Office System        Microsoft Corporation        11.11.2009                12.0.6425.1000
ConvertHelper 2.2        DownloadHelper        28.10.2009        29,5MB       
Counter-Strike: Source        Valve        05.08.2009        494,4MB       
Cucku Backup        Cucku, Inc.        22.10.2009        8,58MB        2.10.20509.1119
Data Doctor Password Recovery - Evaluation        Pro Data Doctor Pvt. Ltd.        22.06.2009                4.0.1.5
Day of Defeat: Source        Valve        06.08.2009               
Driver Detective        PC Drivers HeadQuarters        22.06.2009        4,43MB        7.0.0
DVD Suite        CyberLink Corporation        05.03.2009        9,58MB        5.0.1319
EVEREST Home Edition v2.20        Lavalys Inc        26.11.2009        6,58MB        2.20
FEARCombat        Vivendi Universal Games, Inc.        22.11.2008        3.572,1MB        1.00.0000
Firebird SQL Server - MAGIX Edition        MAGIX AG        13.11.2009        6,06MB        2.0.1.13
FlashGet 1.9.6.1073        http://www.FlashGet.com        10.03.2009        7,79MB        1.9.6.1073
Formatwandler Audio        S.A.D.        23.12.2008        24,8MB        1.0.8.318
Fraps (remove only)                16.08.2009        12.793,5MB       
Free Studio version 4.1        DVDVideoSoft Limited.        21.03.2009        40,9MB       
Free Video to Mp3 Converter version 3.1        DVD Video Soft Limited.        30.11.2008        5,68MB       
Free YouTube Uploader version 2.3        DVDVideoSoft Limited.        01.11.2009        3,77MB       
FreeProxy version 4.00        Hand-Crafted Software        08.03.2009        12,8MB        4.00
G-Force        SoundSpectrum        21.11.2008        10,5MB        3.8.4
Game Booster        IObit        08.11.2009        2,53MB        1.2.2.0
Game Cam 2.3.4.41        Planet Game Cam, Inc.        03.07.2009        1,99MB        2.3.4.41
Gigaget        Giganology,Inc.        02.04.2009        7,03MB       
GildenIdent 1.5        ScampiKutter        16.03.2009        3,23MB        3.5ß
Google App Engine        Google Inc.        07.06.2009        10,9MB        1.2.2.0
Google Chrome        Google Inc.        14.02.2009        52,7MB        3.0.195.33
Google Earth        Google        21.11.2008        25,3MB        4.3.7284.3916
Google Gears        Google        05.11.2009        7,47MB        0.5.3300
GreenBrowser        More Quick Tools        30.01.2009        3,02MB       
Half-Life 2: Deathmatch        Valve        06.08.2009        98,9MB       
Half-Life 2: Lost Coast        Valve        06.08.2009        71,5MB       
Highlight Pro V 3.0        Markus Rahlff        14.10.2009        35,8MB        3.0.0
HijackThis 2.0.2        TrendMicro        21.11.2009        0,39MB        2.0.2
HyperCam 2                26.12.2008        1,35MB       
ICQ6.5        ICQ        28.02.2009        43,3MB        6.5
Java(TM) 6 Update 17        Sun Microsystems, Inc.        15.03.2009        94,5MB        6.0.170
Kaspersky Internet Security 2010        Kaspersky Lab        08.10.2009        44,4MB        9.0.0.459
Killing Floor        Tripwire Interactive        08.11.2009        2.602,9MB       
Labtec Legacy USB Camera-Treiberpaket                21.11.2008               
LastChaosGER        T - Entertainment CO., LTD.        15.06.2009        1.715,4MB        1.00.000
Logitech QuickCam        Logitech Inc.        21.11.2008        27,7MB        11.80.1065
Logitech QuickCam-Treiberpaket                21.11.2008               
Logitech SetPoint        Logitech        21.11.2008        20,2MB        4.60
MAGIX 3D Maker (embeded)        MAGIX AG        19.11.2009        16,2MB        6.0.0.10
MAGIX Movie Edit Pro 15 Plus Download version 8.0.5.8 (UK)        MAGIX AG        19.11.2009        317,0MB        8.0.5.8
MAGIX Music Maker 15 Download-Version 15.0.1.5 (D)        MAGIX AG        14.11.2009        537,4MB        15.0.1.5
MAGIX Screenshare 4.3.6.1987 (D)        MAGIX AG        13.11.2009        1,70MB        4.3.6.1987
Malwarebytes' Anti-Malware        Malwarebytes Corporation        28.11.2009        3,99MB       
MediaCoder x64 0.7.2.4522        Broad Intelligence        19.10.2009        96,5MB        0.7.2.4522
Microsoft .NET Framework 1.1                04.12.2008               
Microsoft .NET Framework 1.1 German Language Pack        Microsoft        02.12.2008        3,02MB        1.1.4322
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU        Microsoft Corporation        21.11.2008               
Microsoft .NET Framework 3.5 SP1        Microsoft Corporation        21.11.2008               
Microsoft Office Live Add-in 1.3        Microsoft Corporation        29.03.2009        0,48MB        2.0.2313.0
Microsoft Office Outlook Connector        Microsoft Corporation        02.04.2009        6,15MB        12.0.6423.1000
Microsoft Office Professional Edition 2003        Microsoft Corporation        11.11.2009                11.0.8173.0
Microsoft Silverlight        Microsoft Corporation        09.09.2009                3.0.40818.0
Microsoft SQL Server 2005 Compact Edition [ENU]        Microsoft Corporation        21.11.2008        1,74MB        3.1.0000
Microsoft SQL Server Desktop Engine        Microsoft Corporation        20.06.2009        79,8MB        8.00.761
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053        Microsoft Corporation        31.07.2009        0,25MB        8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable        Microsoft Corporation        15.10.2009        0,33MB        8.0.59193
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148        Microsoft Corporation        21.11.2008        0,21MB        9.0.30729.4148
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148        Microsoft Corporation        31.07.2009        0,19MB        9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17        Microsoft Corporation        21.11.2008        0,76MB        9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148        Microsoft Corporation        21.11.2008        0,76MB        9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022        Microsoft Corporation        10.03.2009        2,06MB        9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17        Microsoft Corporation        21.06.2009        0,58MB        9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148        Microsoft Corporation        30.10.2009        0,58MB        9.0.30729.4148
MOUSE Editor        Ihr Firmenname        14.10.2009        25,5MB        4.31.0000
Mozilla Firefox (3.5.5)        Mozilla        06.11.2009        28,7MB        3.5.5 (de)
MSN Toolbar        Microsoft Corporation        26.06.2009        6,92MB        3.0.744.0
MSXML 4.0 SP2 (KB954430)        Microsoft Corporation        22.11.2008        1,28MB        4.20.9870.0
MSXML 4.0 SP2 (KB973688)        Microsoft Corporation        25.11.2009        1,34MB        4.20.9876.0
Need for Speed™ Most Wanted                22.11.2008        2.820,3MB       
Nero 7 Essentials        Nero AG        05.03.2009        927,7MB        7.03.0918
Next Generation Visualisations        Microsoft        11.09.2009        14,5MB        1.0.0
nLite 1.4.9.1        Dino Nuhagic (nuhi)        07.07.2009        9,39MB        1.4.9.1
No-IP.com DUC (remove only)        Vitalwerks & No-IP.com        09.02.2009        1,13MB        v2.2.1
NVIDIA PhysX v8.10.17        NVIDIA Corporation        27.01.2009        119,4MB        8.10.17
Opera 9.64        Opera Software ASA        06.03.2009        15,7MB        9.64
PC Data Manager        Pro Data Doctor Pvt. Ltd.        22.06.2009                4.0.1.5
PC Data Manager(Basic)        Pro Data Doctor Pvt. Ltd.        23.06.2009                4.0.1.5
Peggle Extreme        PopCap        12.12.2008        22,4MB       
Power Sound Editor Free v6.2.2        PowerSE Studio        21.11.2008        15,3MB       
PowerDVD        CyberLink Corporation        05.03.2009        89,5MB        7.0.3409.a
Proxifier version 2.9        Initex Software        27.11.2009        2,06MB        2.9
PunkBuster Services        Even Balance, Inc.        21.10.2009                0.988
Rush for Berlin GOLD        Deep Silver        16.05.2009        6.963,8MB        1.0
S4 League_EU                11.03.2009        842,0MB        1.00.0000
ShutDownManager 3.0                15.08.2009        0,94MB       
Sibelius Scorch        Sibelius Software        21.11.2008        25,6MB        1.0.0
SiSoftware Sandra Lite 2010        SiSoftware        27.11.2009                16.10.2010.1
Skype™ 3.8        Skype Technologies S.A.        21.11.2008        27,7MB        3.8.139
SmartControl II        Portrait Displays, Inc.        27.03.2009        9,81MB        1.20.008
Sony Media Manager 2.2        Sony        20.06.2009        23,3MB        2.2.136
Sony Vegas 7.0        Sony        21.06.2009        162,7MB        7.0.216
Sony Vegas Pro 8.0        Sony        21.06.2009        206,0MB        8.0.217
Speed Gear v6.0        softcows.com        10.03.2009        2,53MB       
SpeedBit Video Accelerator        SpeedBit Ltd.        31.10.2009        5,90MB        3099(build_997)
SpeedBit Video Downloader        SpeedBit Ltd.        31.10.2009        4,26MB        1138
SpeedCommander 12        SpeedProject        15.12.2008        15,9MB        12
Spelling Dictionaries Support For Adobe Reader 8        Adobe Systems        14.12.2008        32,5MB        8.0.0
Star Wars Battlefront                09.06.2009        2.785,1MB        1.0
Star Wars Battlefront II        LucasArts        29.10.2009        4.406,9MB        1.0
Stardock Impulse        Stardock Corporation        26.09.2009        27,5MB       
Startup Booster v2.1        Smart PC Solutions        23.12.2008        5,24MB        2.1
Steam        Valve        22.11.2008        1,31MB        1.0.0.0
SUPER © Version 2009.bld.36 (June 10, 2009)        eRightSoft        16.08.2009        30,6MB        Version 2009.bld.36 (June 10, 2009)
Team Fortress 2        Valve        22.11.2008        282,2MB       
TeamSpeak 2 RC2        Dominating Bytes Design        21.11.2008        11,4MB        2.0.32.60
TeamSpeak 2 Server RC2        TeamSpeak Systems        05.06.2009        3,44MB        2.0.23.19
TeamViewer 5        TeamViewer GmbH        19.11.2009        16,5MB        5.0.7312  BETA
Text-To-Speech-Runtime        Magix Development GmbH        13.11.2009        0,25MB        1.0.0.0
Uninstall 1.0.0.1                01.11.2009        36,6MB       
Vegas Pro 9.0        Sony        21.06.2009        295,8MB        9.0.563
Vegas Pro 9.0 (64-bit)        Sony        21.11.2008        316,2MB        9.0.562
Vista Boot Logo Generator v1.2        Daniel Smith        14.06.2009        1,46MB       
Visual C++ 8.0 Runtime Setup Package (x64)        GRISOFT, s.r.o.        02.07.2009        1,53MB        8.0.0.35
VLC media player 0.9.9        VideoLAN Team        12.11.2009        33,3MB        0.9.9
WebMediaPlayer        Favorit Network        21.11.2008        1,78MB        1.0
Winamp        Nullsoft, Inc        07.04.2009        29,2MB        5.551
Windows Live Anmelde-Assistent        Microsoft Corporation        04.03.2009        1,93MB        5.000.818.6
Windows Live Essentials        Microsoft Corporation        12.11.2009        116,9MB        14.0.8089.0726
Windows Live OneCare safety scanner        Microsoft Corporation        15.03.2009        27,2MB       
Windows Live Sync        Microsoft Corporation        12.11.2009        2,79MB        14.0.8089.726
Windows Live-Uploadtool        Microsoft Corporation        10.03.2009        0,22MB        14.0.8014.1029
Windows Media Player Firefox Plugin        Microsoft Corp        21.11.2008        0,29MB        1.0.0.8
Windows Movie Maker 2.6        Microsoft Corporation        22.11.2008        8,94MB        2.6.4037.0
WinRAR                21.11.2008        3,73MB       
Xfire (remove only)                05.08.2009        20,1MB       
Yahoo! Messenger        Yahoo! Inc.        21.05.2009        26,9MB
will ja nichts sagen, aber ich würde ewig brauchen, um die gefährlichen programme rauszulesen... und würd ich deine hilfe ablehnen, würd ich sagen, dass du ziemlich viel langeweile hast, aber das tu ich nicht, weil ich deine hilfe sehr schätze, overflow

antishooter 29.11.2009 23:05
malewarebytes:

Code:
Malwarebytes' Anti-Malware 1.41
Datenbank Version: 3258
Windows 6.0.6002 Service Pack 2

29.11.2009 23:04:29
mbam-log-2009-11-29 (23-04-29).txt

Scan-Methode: Vollständiger Scan (C:\|D:\|X:\|)
Durchsuchte Objekte: 389074
Laufzeit: 1 hour(s), 43 minute(s), 26 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 7
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 9
Infizierte Dateien: 19

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Monopod (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NordBull (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ShoppingReport (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ShoppingReport (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\WebMediaPlayer (Rogue.WebMedia) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
C:\ProgramData\MPK (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\2 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\CPDA (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\CPDM (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\REFOG Keylogger (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Program Files (x86)\ShoppingReport (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files (x86)\ShoppingReport\Bin (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files (x86)\ShoppingReport\Bin\2.5.0 (Adware.ShopperReports) -> Quarantined and deleted successfully.

Infizierte Dateien:
C:\Program Files (x86)\Cheat Engine\systemcallsignal.exe (Trojan.Buzus) -> Quarantined and deleted successfully.
C:\Users\Willy\AppData\Local\Temp\Adobe CS4 Keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\Dateien\dateien\keygen.exe (Malware.Tool) -> Quarantined and deleted successfully.
D:\Dateien\dateien\crack vegas 9\Keygen.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\key.bin (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\M0000 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\S0000 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\D0000 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\S0000 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\2\D0000 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\2\S0000 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\CPDM\cpfm.bin (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\REFOG Keylogger\Jetzt bestellen!.lnk (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\REFOG Keylogger\REFOG Keylogger entfernen.lnk (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\REFOG Keylogger\REFOG Keylogger im Internet.lnk (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\REFOG Keylogger\REFOG Keylogger.lnk (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\msxml71.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Willy\AppData\Local\Temp\a.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\Willy\AppData\Local\Temp\c.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

antishooter 29.11.2009 23:23
sry, dass alles hintereinander kommt, hijack:

Code:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:21:47, on 29.11.2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files (x86)\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files (x86)\Portrait Displays\Pivot Software\wpCtrl.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Giganology\Gigaget\GigagetShell.exe
C:\Program Files (x86)\Portrait Displays\Pivot Software\floater.exe
C:\Users\Willy\AppData\Local\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files (x86)\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://de.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://de.search.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/web?&o=13799&l=dis&q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://de.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://de.search.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://de.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://de.search.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://de.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://de.search.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) -  - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: GigagetIEHelper - {111CAA23-6F4F-42AC-8555-B48C1D87BBAB} - C:\Windows\SysWow64\gigagetbho_v10.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files (x86)\FlashGet\jccatch.dll
O2 - BHO: SBCONVERT - {31B27F2D-6BC6-451B-B3D2-4EAB36B2FC3B} - C:\Program Files (x86)\SpeedBit Video Downloader\Toolbar\tbcore3.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.3.1.15.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN\Toolbar\3.0.0744.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files (x86)\FlashGet\getflash.dll
O2 - BHO: GrabberObj Class - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~2\SPEEDB~1\Toolbar\grabber.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files (x86)\MSN\Toolbar\3.0.0744.0\msneshellx.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: SpeedBit Video Downloader - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files (x86)\SpeedBit Video Downloader\Toolbar\tbcore3.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files (x86)\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [PivotSoftware] "C:\Program Files (x86)\Portrait Displays\Pivot Software\wpctrl.exe"
O4 - HKLM\..\Run: [DT PHL] "C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe" -PHL
O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TrayServer] "C:\Program Files (x86)\MAGIX\Movie_Edit_Pro_15_Plus_Download_version\TrayServer.exe"
O4 - HKLM\..\Run: [Gigaget] "C:\Program Files (x86)\Giganology\Gigaget\GigagetShell.exe" /s
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [OscarEditor] "C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe" Minimum
O4 - HKCU\..\Run: [Google Update] "C:\Users\Willy\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Cucku Backup.lnk = C:\Program Files (x86)\Cucku\Cucku Backup\Cucku.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Alles mit BitComet herunterladen - res://C:\Program Files (x86)\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Alles mit FlashGet laden - C:\Program Files (x86)\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download All by Gigaget - L:\Seafight, Spaßradio, usw\Gigaget\getallurl.htm
O8 - Extra context menu item: &Download by Gigaget - L:\Seafight, Spaßradio, usw\Gigaget\geturl.htm
O8 - Extra context menu item: &Mit FlashGet laden - C:\Program Files (x86)\FlashGet\jc_link.htm
O8 - Extra context menu item: Alle &Videos mit BitComet herunterladen - res://C:\Program Files (x86)\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
O8 - Extra context menu item: Mit BitComet herunter&laden - res://C:\Program Files (x86)\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O9 - Extra button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.3.1.15.dll/206 (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\FlashGet.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\prxernsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\prxerdrv.dll
O10 - Unknown file in Winsock LSP: c:\progra~2\speedb~2\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~2\speedb~2\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~2\speedb~2\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~2\speedb~2\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~2\speedb~2\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~2\speedb~2\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~2\speedb~2\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~2\speedb~2\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~2\speedb~2\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~2\speedb~2\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~2\speedb~2\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\prxerdrv.dll
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{E5849FE2-418A-4429-9C19-00D12071D61D}: NameServer = 192.168.2.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: @%systemroot%\system32\CISVC.EXE,-1 (CISVC) - Unknown owner - C:\Windows\system32\CISVC.EXE (file missing)
O23 - Service: Cucku Backup (CuckuSrv) - Cucku, Inc - C:\Program Files (x86)\Cucku\Cucku Backup\CuckuSrv.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - D:\Programme\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVCSer64.exe
O23 - Service: Process Monitor (LVPrcS64) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Portrait Displays SDK Service (PdiService) - Portrait Displays, Inc. - C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010\RpcAgentSrv.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - D:\Programme\Team Viewer\Version5\TeamViewer_Service.exe
O23 - Service: {317BD9D2-FC74-46EC-97FD-EC70D600CBD8} (tfwbs) - Unknown owner - M:\Programme\vistahack\ophcrack\pwdump\servpw.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~2\SPEEDB~2\VideoAcceleratorService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 14819 bytes
das wars soweit

kira 30.11.2009 13:37
hi

Code:
C:\Users\Willy\AppData\Local\Temp\Adobe CS4 Keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\Dateien\dateien\keygen.exe (Malware.Tool) -> Quarantined and deleted successfully.
D:\Dateien\dateien\crack vegas 9\Keygen.exe
Cracks & Serials, Keygen sind immer verseucht mit Trojaner und diverse Schädlinge,es gibt keine seite wo viren frei ist.(Man sollte nicht absitlich der Teufel holen;))
Weil dein Verhalten damit dem deutschen Recht unterliegt, wird den Supprt an dieser Stelle von unsere Seite aus beendet.Also am besten ist es, Du Sicherst deiner Daten und machst eine komplette Neuinstallation des Rechners, das ist der schnellste und sauberste lösung!
** Du solltest in so einem Fall mal dein Konsummuster überdenken...
Zitat:
Sinn & Zweck der Sache - Viren Trojaner Würmer:
Ein Wurm, der fast als "guter Wurm" bezeichnet werden kann, zieht durch
das Netz und verbeitet sich über die File-Sharing Netzwerke BearShare, KaZaA
eMule & Co
Der Wurm besitzt unzählige verschiedene Namen bekannter Cracks oder
Keygeneratoren zur illegalen Benutzung von kommerzieller Software. Wer gezielt
nach solchen Dateien sucht, könnte also durchaus auch auf eine Wurmkopie
treffen.
http://www.world-of-smilies.com/wos_...eschlossen.gif

antishooter 30.11.2009 16:05
ok, ich wollt das programm eig cracken, gefunzt hat trotzdem nicht... trojaner zeigte mir kaspersky aber nie an... naja, in zukunft prüfe ich mit virus total

nochdigger 30.11.2009 17:58
Moin

Zitat:
Zitat von antishooter (Beitrag 484095)
ok, ich wollt das programm eig cracken, gefunzt hat trotzdem nicht... trojaner zeigte mir kaspersky aber nie an... naja, in zukunft prüfe ich mit virus total
in Zukunft solltest du besser die Finger von Cracks lassen:rolleyes:


Prost


Alle Zeitangaben in WEZ +1. Es ist jetzt 14:45 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131