Trojaner?

  • #1
A

achim89

Guest
Ich habe ein Problem
ich weiß nicht wo ich den her habe, aber mein Windows Defender schlägt seit heute alarm
download.php

Ständig gehen irgendwelche Internetseiten auf dem IE auf und es spielen sich ab und so perverse sounds ab
Avast und AntiVir hab ich schon komplett druchlaufen lassen --> ergebnis nix
ich klicke immer dass ich ihn entfernen möchte jedoch scheint dies nicht zu funktionieren
hat jemand einen rat für mich?

[br][blue]*PCDpan_fee: Verschoben aus "Windows Vista"*[/blue]
 
  • #3
ah mist
du hast recht
ich bekomm die krise
darf ich mein sys neu aufsetzen? :'(
 
  • #5
HighJackThis
Code: 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:44:16, on 12.07.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\SOUNDMAN.EXE
D:\DSL-Manager\DslMgr.exe
D:\Neko\Neko95.exe
D:\Bluetooth Remote Control\BluetoothRemoteControl.exe
D:\Avira\AntiVir Desktop\avgnt.exe
D:\EVEREST Ultimate Edition\everest.exe
C:\Windows\SysWOW64\conime.exe
D:\Winamp\winamp.exe
D:\Mozilla Firefox\firefox.exe
J:\CryptLoad_1.1.6\CryptLoad.exe
D:\Malwarebytes' Anti-Malware\mbam.exe
D:\SUPERAntiSpyware\SUPERAntiSpyware.exe
D:\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://go.microsoft.com/fwlink/?LinkId=69157[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url]http://go.microsoft.com/fwlink/?LinkId=69157[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://go.microsoft.com/fwlink/?LinkId=69157[/url]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [BluetoothRC] D:\Bluetooth Remote Control\BluetoothRemoteControl.exe
O4 - HKLM\..\Run: [avgnt] D:\Avira\AntiVir Desktop\avgnt.exe /min
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] D:\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\MsnMsgr.Exe /background
O4 - HKCU\..\Run: [Everest] D:\EVEREST Ultimate Edition\everest.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\RunOnce: [EVEREST AutoStart] D:\EVEREST Ultimate Edition\everest.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User->LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User->LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User->NETZWERKDIENST')
O4 - .DEFAULT User Startup: DSL-Manager.lnk = D:\DSL-Manager\DslMgr.exe (User->Default user')
O4 - Startup: DSL-Manager.lnk = D:\DSL-Manager\DslMgr.exe
O4 - Startup: Neko95.exe.lnk = D:\Neko\Neko95.exe
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://D:\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra->Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra->Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\ICQ6\ICQ.exe
O9 - Extra->Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\ICQ6\ICQ.exe
O13 - Gopher Prefix: 
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - [url]http://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab[/url]
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - [url]http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab[/url]
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - [url]http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab[/url]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [url]http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[/url]
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - [url]http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab[/url]
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - D:\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - D:\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Avira\AntiVir Desktop\avguard.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: DSL-Manager (TDslMgrService) - T-Systems Enterprise Services GmbH - D:\DSL-Manager\DslMgrSvc.exe
O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - D:\TeamViewer\Version4\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - Unknown owner - C:\Windows\System32\TuneUpDefragService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - Unknown owner - C:\Windows\System32\TUProgSt.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9110 bytes

weil die logs mehr als 20.000 zeichen haben kann ich sie nicht über ien code-bb-code einbinden
hab sie verlinkt
sry :S
http://firestorm.bplaced.net/download.php?user=achim&file=log.txt
http://firestorm.bplaced.net/download.php?user=achim&file=info.txt

ich hab mich noch ein wenig umgeschaut da mit avast und avira nicht viel weitergebracht haben
pfade kann ich leider nicht sagen
windows defender rückt irgendwie nirgends damit raus

ich las aber zurzeit malwarebytes' anti-maleware und SUPERantispyware laufen
anit-maleware hat scohn 7 infizierte objekte und
superantispyware schon allein auf C: 89 tracking cookies, 1 unkown trojan, 3 trojan dropper/win-nv, 1 trojan unclassified MSXML71
mal schaun was sich da noch ergibt

edit
hab jetzt mal kurz abgebrochen um ein zwischenergebnis zu liefern weil will bald ins bett
die cookies lösch ich einfach mal so
dann hab ich noch
download.php
 
  • #6
immer nur ein tool scannen lassen. lass malwarebytes mit nem kompllettscan fertig laufen, funde löschen und poste das logfile. poste auch ein frisches rsit-logfile.
 
  • #7
also es sieht so aus als wäre mein pc wieder sauber =)
an dieser stelle ein danke an schrauber und fireball
 
  • #8
ja wie jetzt? zauberei? malwarebytes? lass mich nicht dumm sterben :)
 
  • #9
auch ja,
ich glaub malwarebytes hat 7 schädlinge gefunden (davon 1 registry)
und superantispy 4 schädlinge und 89 tracking cookies

scheint wieder alles sauber zu laufen und der IE mit dummer werbung öffnet sich auch nciht mehr
 
  • #10
poste doch mal die logfiles :)
 
  • #11
also meine letzen logs
Code: 
SUPERAntiSpyware Scan Log
[url]http://www.superantispyware.com[/url]

Generated 07/13/2009 at 22:24 PM

Application Version : 4.26.1006

Core Rules Database Version : 3988
Trace Rules Database Version: 1928

Scan type    : Complete Scan
Total Scan Time : 08:42:42

Memory items scanned   : 759
Memory threats detected  : 0
Registry items scanned  : 7267
Registry threats detected : 0
File items scanned    : 58773
File threats detected   : 24

Adware.Tracking Cookie
	J:\Internet\Cookies\[email protected][1].txt
	J:\Internet\Cookies\achim@doubleclick[2].txt
	J:\Internet\Cookies\achim@smartadserver[1].txt
	J:\Internet\Cookies\achim@zanox[1].txt
	J:\Internet\Cookies\achim@atdmt[4].txt
	J:\Internet\Cookies\[email protected][1].txt
	J:\Internet\Cookies\achim@atwola[2].txt
	J:\Internet\Cookies\[email protected][1].txt
	J:\Internet\Cookies\[email protected][1].txt
	J:\Internet\Cookies\[email protected][1].txt
	J:\Internet\Cookies\[email protected][1].txt
	J:\Internet\Cookies\achim@yellowlinebanner[1].txt
	J:\Internet\Cookies\achim@trafficholder[2].txt
	J:\Internet\Cookies\[email protected][1].txt
	J:\Internet\Cookies\[email protected][1].txt
	J:\Internet\Cookies\achim@exoclick[1].txt
	J:\Internet\Cookies\achim@atdmt[3].txt
	J:\Internet\Cookies\achim@atdmt[1].txt
	J:\Internet\Cookies\[email protected][1].txt
	J:\Internet\Cookies\achim@doubleclick[1].txt
	J:\Internet\Cookies\achim@atwola[1].txt

Trojan.Dropper/Gen
	C:\USERS\ACHIM\APPDATA\LOCAL\TEMP\MIA20DD.TMP\DATA\MICROSOFT VISUAL C++ RUNTIME 9.0 (INCLUDES ATL AND MFC) SERVICE PACK 1\915FF0F9\CD46533A\AAWDRIVERTOOL.EXE
	C:\USERS\ACHIM\APPDATA\LOCAL\TEMP\MIA2FE5.TMP\DATA\MICROSOFT VISUAL C++ RUNTIME 9.0 (INCLUDES ATL AND MFC) SERVICE PACK 1\915FF0F9\CD46533A\AAWDRIVERTOOL.EXE

Trojan.Unclassified/MSXML71
	C:\USERS\ACHIM\APPDATA\LOCAL\TEMP\MSXML71.DLL

Code: 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:41:52, on 14.07.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\SOUNDMAN.EXE
D:\EVEREST Ultimate Edition\everest.exe
D:\SUPERAntiSpyware\SUPERAntiSpyware.exe
D:\DSL-Manager\DslMgr.exe
D:\Bluetooth Remote Control\BluetoothRemoteControl.exe
D:\Avira\AntiVir Desktop\avgnt.exe
D:\Neko\Neko95.exe
C:\Windows\SysWOW64\conime.exe
D:\Mozilla Firefox\firefox.exe
D:\Winamp\winamp.exe
J:\CryptLoad_1.1.6\CryptLoad.exe
F:\Steam\Steam.exe
D:\ICQ6\ICQ.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://go.microsoft.com/fwlink/?LinkId=69157[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url]http://go.microsoft.com/fwlink/?LinkId=69157[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://go.microsoft.com/fwlink/?LinkId=69157[/url]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [BluetoothRC] D:\Bluetooth Remote Control\BluetoothRemoteControl.exe
O4 - HKLM\..\Run: [avgnt] D:\Avira\AntiVir Desktop\avgnt.exe /min
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\MsnMsgr.Exe /background
O4 - HKCU\..\Run: [Everest] D:\EVEREST Ultimate Edition\everest.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\RunOnce: [EVEREST AutoStart] D:\EVEREST Ultimate Edition\everest.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User->LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User->LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User->NETZWERKDIENST')
O4 - .DEFAULT User Startup: DSL-Manager.lnk = D:\DSL-Manager\DslMgr.exe (User->Default user')
O4 - Startup: DSL-Manager.lnk = D:\DSL-Manager\DslMgr.exe
O4 - Startup: Neko95.exe.lnk = D:\Neko\Neko95.exe
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://D:\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra->Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra->Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\ICQ6\ICQ.exe
O9 - Extra->Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\ICQ6\ICQ.exe
O13 - Gopher Prefix: 
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - [url]http://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab[/url]
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - [url]http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab[/url]
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - [url]http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab[/url]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [url]http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[/url]
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - [url]http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab[/url]
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - D:\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - D:\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Avira\AntiVir Desktop\avguard.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: DSL-Manager (TDslMgrService) - T-Systems Enterprise Services GmbH - D:\DSL-Manager\DslMgrSvc.exe
O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - D:\TeamViewer\Version4\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - Unknown owner - C:\Windows\System32\TuneUpDefragService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - Unknown owner - C:\Windows\System32\TUProgSt.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8910 bytes

Code: 
Malwarebytes' Anti-Malware 1.38
Datenbank Version: 2413
Windows 6.0.6001 Service Pack 1

15.07.2009 16:26:25
mbam-log-2009-07-15 (16-26-25).txt

Scan-Methode: Vollstдndiger Scan (C:\|D:\|E:\|F:\|J:\|)
Durchsuchte Objekte: 386521
Laufzeit: 8 hour(s), 51 minute(s), 43 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlьssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bцsartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bцsartigen Objekte gefunden)

Infizierte Registrierungsschlьssel:
(Keine bцsartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bцsartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bцsartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bцsartigen Objekte gefunden)

Infizierte Dateien:
(Keine bцsartigen Objekte gefunden)
 
  • #12
Das Malwarebytes Logfile is ja von heut, ich würd gern das sehen mit den Funden :)
 
  • #13
achso tut mir leid

Code: 
Malwarebytes' Anti-Malware 1.38
Datenbank Version: 2413
Windows 6.0.6001 Service Pack 1

12.07.2009 23:04:25
mbam-log-2009-07-12 (23-04-25).txt

Scan-Methode: Vollstдndiger Scan (C:\|D:\|E:\|F:\|J:\|)
Durchsuchte Objekte: 144366
Laufzeit: 53 minute(s), 37 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlьssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 7

Infizierte Speicherprozesse:
(Keine bцsartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bцsartigen Objekte gefunden)

Infizierte Registrierungsschlьssel:
(Keine bцsartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bцsartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bцsartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bцsartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\Achim\AppData\Local\Temp\a.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Users\Achim\AppData\Local\Temp\c.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Achim\AppData\Local\Temp\d.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Users\Achim\AppData\Local\Temp\e.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\msa.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\msb.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\msc.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Code: 
SUPERAntiSpyware Scan Log
[url]http://www.superantispyware.com[/url]

Generated 07/12/2009 at 10:57 PM

Application Version : 4.26.1006

Core Rules Database Version : 3988
Trace Rules Database Version: 1928

Scan type    : Quick Scan
Total Scan Time : 00:39:30

Memory items scanned   : 785
Memory threats detected  : 0
Registry items scanned  : 443
Registry threats detected : 1
File items scanned    : 22908
File threats detected   : 93

Adware.Tracking Cookie
	J:\Internet\Cookies\[email protected][1].txt
	J:\Internet\Cookies\achim@fuckinsilly[1].txt
	J:\Internet\Cookies\[email protected][1].txt
	J:\Internet\Cookies\[email protected][2].txt
	J:\Internet\Cookies\achim@mediaplex[1].txt
	J:\Internet\Cookies\[email protected][3].txt
	J:\Internet\Cookies\[email protected][1].txt
	J:\Internet\Cookies\achim@doubleclick[2].txt
	J:\Internet\Cookies\[email protected][1].txt
	J:\Internet\Cookies\[email protected][2].txt
	J:\Internet\Cookies\[email protected][1].txt
	J:\Internet\Cookies\[email protected][1].txt
	J:\Internet\Cookies\[email protected][2].txt
	J:\Internet\Cookies\achim@tradedoubler[2].txt
	J:\Internet\Cookies\achim@euroclick[1].txt
	J:\Internet\Cookies\achim@zanox-affiliate[2].txt
	J:\Internet\Cookies\[email protected][2].txt
	J:\Internet\Cookies\[email protected][1].txt
	J:\Internet\Cookies\achim@adviva[2].txt
	J:\Internet\Cookies\[email protected][2].txt
	J:\Internet\Cookies\[email protected][2].txt
	J:\Internet\Cookies\achim@xiti[1].txt
	J:\Internet\Cookies\[email protected][2].txt
	J:\Internet\Cookies\[email protected][2].txt
	J:\Internet\Cookies\achim@collective-media[1].txt
	J:\Internet\Cookies\achim@yellowlinebanner[2].txt
	J:\Internet\Cookies\[email protected][1].txt
	J:\Internet\Cookies\achim@zanox[1].txt
	J:\Internet\Cookies\[email protected][2].txt
	J:\Internet\Cookies\achim@atdmt[2].txt
	J:\Internet\Cookies\achim@apmebf[2].txt
	J:\Internet\Cookies\[email protected][1].txt
	J:\Internet\Cookies\[email protected][1].txt
	J:\Internet\Cookies\[email protected][1].txt
	J:\Internet\Cookies\[email protected][2].txt
	J:\Internet\Cookies\[email protected][2].txt
	J:\Internet\Cookies\achim@traffictrack[2].txt
	J:\Internet\Cookies\achim@exoclick[3].txt
	J:\Internet\Cookies\[email protected][1].txt
	J:\Internet\Cookies\achim@2o7[1].txt
	J:\Internet\Cookies\achim@media6degrees[1].txt
	J:\Internet\Cookies\achim@advertising[1].txt
	J:\Internet\Cookies\[email protected][1].txt
	J:\Internet\Cookies\achim@adtech[1].txt
	J:\Internet\Cookies\[email protected][1].txt
	J:\Internet\Cookies\[email protected][1].txt
	J:\Internet\Cookies\[email protected][1].txt
	J:\Internet\Cookies\achim@adultadworld[1].txt
	J:\Internet\Cookies\[email protected][2].txt
	J:\Internet\Cookies\[email protected][1].txt
	J:\Internet\Cookies\[email protected][1].txt
	J:\Internet\Cookies\achim@fastclick[1].txt
	J:\Internet\Cookies\[email protected][2].txt
	J:\Internet\Cookies\achim@imrworldwide[2].txt
	J:\Internet\Cookies\[email protected][2].txt
	J:\Internet\Cookies\achim@serving-sys[1].txt
	J:\Internet\Cookies\[email protected][2].txt
	J:\Internet\Cookies\[email protected][1].txt
	J:\Internet\Cookies\achim@weborama[1].txt
	J:\Internet\Cookies\achim@adrevolver[2].txt
	J:\Internet\Cookies\[email protected][3].txt
	J:\Internet\Cookies\[email protected][2].txt
	J:\Internet\Cookies\achim@tacoda[2].txt
	J:\Internet\Cookies\[email protected][1].txt
	J:\Internet\Cookies\[email protected][1].txt
	J:\Internet\Cookies\achim@bluestreak[1].txt
	J:\Internet\Cookies\achim@webmasterplan[1].txt
	J:\Internet\Cookies\[email protected][2].txt
	J:\Internet\Cookies\achim@zanox[2].txt
	J:\Internet\Cookies\achim@adbureau[1].txt
	J:\Internet\Cookies\[email protected][1].txt
	J:\Internet\Cookies\[email protected][2].txt
	J:\Internet\Cookies\achim@atwola[2].txt
	J:\Internet\Cookies\[email protected][1].txt
	J:\Internet\Cookies\achim@myroitracking[2].txt
	J:\Internet\Cookies\[email protected][2].txt
	J:\Internet\Cookies\achim@partypoker[2].txt
	J:\Internet\Cookies\achim@specificclick[2].txt
	J:\Internet\Cookies\achim@komtrack[2].txt
	J:\Internet\Cookies\[email protected][2].txt
	J:\Internet\Cookies\[email protected][3].txt
	J:\Internet\Cookies\[email protected][1].txt
	J:\Internet\Cookies\[email protected][2].txt
	J:\Internet\Cookies\achim@zedo[1].txt
	J:\Internet\Cookies\[email protected][1].txt
	J:\Internet\Cookies\[email protected][3].txt
	J:\Internet\Cookies\achim@xxxblackbook[2].txt
	C:\Users\Achim\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
	C:\Users\Achim\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt

Trojan.Unknown Origin
	HKU\S-1-5-21-3472027199-509022344-3752891326-1000\Software\ColdWare

Trojan.Dropper/Win-NV
	C:\WINDOWS\MSA.EXE
	C:\WINDOWS\MSB.EXE
	C:\WINDOWS\MSC.EXE

Trojan.Unclassified/MSXML71
	C:\WINDOWS\SYSWOW64\MSXML71.DLL
 
  • #14
allles klar, sieht gut aus :). da sind auch keine funde dabei, die zum problem werden könnten, wenn sie nicht zu lange auf dem system waren.
 
Thema:

Trojaner?

ANGEBOTE & SPONSOREN

Neueste Themen

Statistik des Forums

Themen
113.838
Beiträge
707.959
Mitglieder
51.491
Neuestes Mitglied
haraldmuc
Oben