Trojaner-Board - Backdoors gefunden!

Hallo,

ich habe mit MBAM einen Suchlauf gemacht, und hat folgendes gefunden:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 7956

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

16.10.2011 11:27:17
mbam-log-2011-10-16 (11-27-17).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Durchsuchte Objekte: 266135
Laufzeit: 40 Minute(n), 33 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 2
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 5

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\Software\VB and VBA Program Settings\SrvID (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\XTREMERAT (Malware.Trace) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU (Backdoor.HMCPol.Gen) -> Value: HKCU -> Quarantined and
deleted successfully.

HKEY_CURRENT_USER\Software\XtremeRAT\Mutex (Malware.Trace) -> Value: Mutex -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\Glenn\AppData\Local\Temp\7zO429C.tmp\---------.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.

c:\Users\Glenn\AppData\Local\Temp\7zOA748.tmp---------.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.

c:\Users\Glenn\AppData\Local\Temp\7zOD394.tmp\--------.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.

c:\Users\Glenn\AppData\Local\Temp\7zOE52.tmp\--------.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.

c:\Users\Glenn\AppData\Local\Temp\7zO627C.tmp\blackopsmp.exe (Backdoor.HMCPol.Gen) -> Quarantined and deleted successfully.

HijackThis-Log folgt!

HijackThis-Log:

HiJackthis Logfile:

Code:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 11:37:08, on 16.10.2011

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\rundll32.exe

C:\Program Files\Ask.com\Updater\Updater.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe

C:\Users\Glenn\Downloads\HiJackThis204(1).exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 

O1 - Hosts: # Copyright (c) 1993-2009 Microsoft Corp.

O2 - BHO: CBAbzockschutz.InitToolbarBHO - {2e250b90-0e7a-42a3-9d65-e39f9f227fa4} - mscoree.dll (file missing)

O2 - BHO: facemoods Helper - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll

O2 - BHO: G Data CloudSecurity Class - {AADAC261-4EE9-473A-AB95-D8E153424C38} - C:\Program Files\G Data\G Data CloudSecurity\CloudSecurityIE.dll

O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

O3 - Toolbar: COMPUTERBILD-Abzockschutz - {353e2a48-6254-4bd3-88f4-3b51a0ca7870} - mscoree.dll (file missing)

O3 - Toolbar: G Data CloudSecurity - {AADAC261-4EE9-473A-AB95-D8E153424C38} - C:\Program Files\G Data\G Data CloudSecurity\CloudSecurityIE.dll

O3 - Toolbar: Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

O3 - Toolbar: facemoods Toolbar - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [facemoods] "C:\Program Files\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe" /md I

O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start hxxp://www.avg.de/de.special-uninstallation-feedback-appf?lic=NFVXV1UtV0JEWEMtVllGTjMtUURKTUgtNDJBT0EtSzZIVTk"&"inst=NzctNzY3OTEzMTgyLVNUMTJGT0krMS1ERFQrMC1FVUxBKzEtU1QxMkZBUFArMQ"&"prod=90"&"ver=2012.0.1831"&"mid=fe1b4fbe2a4347d1b024d156505f4b1d-c3a6893bcc8069a5411480088287517bd8f71f64

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O17 - HKLM\System\CCS\Services\Tcpip\..\{59CD317D-E18D-47F4-A4BE-289975894ABE}: NameServer = 8.26.56.26,156.154.70.22

O17 - HKLM\System\CCS\Services\Tcpip\..\{BA370E14-E042-4E16-8FC7-E0D2730F2CF6}: NameServer = 8.26.56.26,156.154.70.22

O17 - HKLM\System\CS1\Services\Tcpip\..\{59CD317D-E18D-47F4-A4BE-289975894ABE}: NameServer = 8.26.56.26,156.154.70.22

O17 - HKLM\System\CS2\Services\Tcpip\..\{59CD317D-E18D-47F4-A4BE-289975894ABE}: NameServer = 8.26.56.26,156.154.70.22

O23 - Service: Emsisoft Anti-Malware 6.0 - Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\Emsisoft Anti-Malware\a2service.exe

O23 - Service: Avira Planer (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira Echtzeit Scanner (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Avira Browser Schutz (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE

O23 - Service: Freemake Service (FreemakeUtilsService) - Freemake - C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files\Secunia\PSI\PSIA.exe

O23 - Service: Secunia Update Agent - Secunia - C:\Program Files\Secunia\PSI\sua.exe

O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

 

--

End of file - 5699 bytes

--- --- ---