| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Mal wieder ein Virus?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
12.04.2012, 01:23
| #1 |
 |  Mal wieder ein Virus? Hallo mal wieder, habe eben schon in der anderen Kategorie gepostet und bin nun hierher verwiesen worden. Ich habe einen provisorischen Scan mit Malware durchgeführt, es wurde etwas gefunden, ich habe dies unter Quarantäne gestellt. Vor einiger Zeit hatte ich den 50 Euro Virus drauf und seither "kleinere" Probleme. Ich habe das aber wie gesagt alles schon in der anderen Kat gepostet. Weiß jetzt grad gar nicht genau, wie ich das Problem beschreiben soll. Mir wurde jetzt nah gelegt, ich solle nun hier posten...und dabei weiß ich gar nicht, ob ich eigentlich einen Virus draufhabe. Habe jetzt mal alles ausgeführt, was angefordert ist und hier nun der DDS.txt und im Anhang dann die anderen Sachen. Hoffe dass die Zip Datei funktioniert. Sorry, wenn ich grad so unglaublich unklar schreibe. Bin grad selber etwas verwirrt. LG Lena-Laura Code:
ATTFilter .
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.2.0
Run by lena-laura at 0:30:45 on 2012-04-12
Microsoft Windows 7 Starter 6.1.7601.1.1252.49.1031.18.2039.982 [GMT 2:00]
.
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\windows\system32\svchost.exe -k apphost
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\System32\AsusService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\system32\CISVC.EXE
C:\windows\System32\svchost.exe -k ipripsvc
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\windows\system32\conhost.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\windows\System32\tcpsvcs.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\svchost.exe -k iissvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe
C:\Program Files\EeePC\HotkeyService\HotkeyService.exe
C:\Program Files\EeePC\SHE\SuperHybridEngine.exe
C:\Windows\System32\igfxpers.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Freecorder\FLVSrvc.exe
C:\Program Files\FILSHtray\FILSHtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\windows\system32\svchost.exe -k SDRSVC
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
mStart Page =
uInternet Settings,ProxyOverride = *.local
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
{555d4d79-4bd2-4094-a395-cfc534424a05}
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [Google Update] "c:\users\lena-laura\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Userinit] c:\users\lena-laura\appdata\roaming\appconf32.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [HotkeyService] AsusSender.exe c:\program files\eeepc\hotkeyservice\HotkeyService.exe
mRun: [HotKeyMon] AsusSender.exe c:\program files\eeepc\hotkeyservice\HotKeyMon.exe
mRun: [SuperHybridEngine] AsusSender.exe c:\program files\eeepc\she\SuperHybridEngine.exe
mRun: [SynAsusAcpi] %ProgramFiles%\Synaptics\SynTP\SynAsusAcpi.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [Freecorder FLV Service] "c:\program files\freecorder\FLVSrvc.exe" /run
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [FILSHtray] "c:\program files\filshtray\FILSHtray.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
StartupFolder: c:\users\lena-l~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\users\lena-l~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Nach Microsoft E&xel exportieren - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{10D8D06D-13E7-46A5-AEC4-38C5609E3260} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{18A4EB30-28E1-4E04-8664-4351C9AD8B76} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{18A4EB30-28E1-4E04-8664-4351C9AD8B76}\1462F40284F6473507F647 : DhcpNameServer = 192.168.12.1
TCP: Interfaces\{18A4EB30-28E1-4E04-8664-4351C9AD8B76}\353686E656C6C60257E64602351657265627 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{18A4EB30-28E1-4E04-8664-4351C9AD8B76}\3636C6 : DhcpNameServer = 217.68.161.141 217.68.161.171
TCP: Interfaces\{18A4EB30-28E1-4E04-8664-4351C9AD8B76}\65966716C646960284F64756C6021303 : DhcpNameServer = 192.168.1.33
TCP: Interfaces\{18A4EB30-28E1-4E04-8664-4351C9AD8B76}\65966716C646960284F64756C60293 : DhcpNameServer = 192.168.1.33
TCP: Interfaces\{18A4EB30-28E1-4E04-8664-4351C9AD8B76}\75C414E4D2133444030393 : DhcpNameServer = 192.168.2.1 192.168.2.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\lena-laura\appdata\roaming\mozilla\firefox\profiles\ztgpl636.default\
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
FF - plugin: c:\program files\tracker software\pdf viewer\npPDFXCviewNPPlugin.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\lena-laura\appdata\local\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\users\lena-laura\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_228.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.softonic_i.newTab - false
FF - user.js: extensions.softonic_i.tlbrSrchUrl - hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=1&cc=&q=
FF - user.js: extensions.softonic_i.id - b0a1e4500000000000000625d3f6b5b0
FF - user.js: extensions.softonic_i.instlDay - 15399
FF - user.js: extensions.softonic_i.vrsn - 1.5.11.5
FF - user.js: extensions.softonic_i.vrsni - 1.5.11.5
FF - user.js: extensions.softonic_i.vrsnTs - 1.5.11.51:14:30
FF - user.js: extensions.softonic_i.prtnrId - softonic
FF - user.js: extensions.softonic_i.prdct - softonic
FF - user.js: extensions.softonic_i.aflt - SD
FF - user.js: extensions.softonic_i.smplGrp - eng7
FF - user.js: extensions.softonic_i.tlbrId - de12JANdefault
FF - user.js: extensions.softonic_i.instlRef - MON00015
FF - user.js: extensions.softonic_i.dfltLng - de
FF - user.js: extensions.softonic_i.excTlbr - false
.
============= SERVICES / DRIVERS ===============
.
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-5-1 11608]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\avira\antivir desktop\sched.exe [2010-5-1 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-5-1 269480]
R2 AsusService;Asus Launcher Service;c:\windows\system32\AsusService.exe [2010-2-25 219136]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-5-1 66616]
R2 iprip;RIP-Überwachung;c:\windows\system32\svchost.exe -k ipripsvc [2009-7-14 20992]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\drivers\L1C62x86.sys [2009-8-13 51712]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-11 253600]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-4-1 183560]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2011-11-8 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2011-5-13 1492840]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-14 52224]
.
=============== Created Last 30 ================
.
2012-04-11 13:17:25 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-11 13:11:00 7384 ----a-w- c:\users\lena-laura\appdata\roaming\BAcroIEHelpe101.dll
2012-04-11 13:11:00 226808 ----a-w- c:\users\lena-laura\appdata\roaming\AcroIEHelpe101.dll
2012-04-11 02:10:27 -------- d-----w- c:\users\lena-laura\appdata\roaming\11009
2012-04-10 23:02:45 -------- d-----w- c:\users\lena-laura\appdata\local\{F863156E-F87C-496F-B226-C7DDAE68E633}
2012-04-10 23:02:32 -------- d-----w- c:\users\lena-laura\appdata\local\{F025FC7C-40A5-4051-AAA9-E0C028AE904A}
2012-04-10 23:00:43 -------- d-----w- c:\users\lena-laura\appdata\local\{EE6A1AB8-9E47-4E9F-9169-AC4A88785E2A}
2012-04-10 23:00:29 -------- d-----w- c:\users\lena-laura\appdata\local\{D581E52F-86D8-4DD7-AF56-E656EEECC13C}
2012-04-09 15:33:44 -------- d-----w- c:\users\lena-laura\appdata\roaming\11008
2012-04-09 15:33:37 7384 ----a-w- c:\users\lena-laura\appdata\roaming\BAcroIEHelpe099.dll
2012-04-09 15:00:18 -------- d-----w- c:\users\lena-laura\appdata\roaming\UAs
2012-04-08 20:06:53 -------- d-----w- c:\users\lena-laura\appdata\roaming\11007
2012-04-08 20:06:32 264 ----a-w- c:\users\lena-laura\appdata\roaming\srvblck5.tmp
2012-04-08 20:06:25 -------- d-----w- c:\users\lena-laura\appdata\roaming\xmldm
2012-04-08 20:06:24 -------- d-----w- c:\users\lena-laura\appdata\roaming\kock
2012-04-08 03:27:23 -------- d-----w- c:\users\lena-laura\appdata\roaming\HpUpdate
2012-04-08 03:27:15 -------- d-----w- c:\windows\Hewlett-Packard
2012-04-07 16:07:53 -------- d-----w- c:\users\lena-laura\appdata\local\{0F687047-71DC-499C-9399-34C7414D9952}
2012-04-07 01:51:33 -------- d-----w- c:\program files\VS Revo Group
2012-04-07 01:44:41 -------- d-----w- c:\program files\CCleaner
2012-04-06 10:39:07 -------- d-----w- c:\programdata\Mediafour
2012-04-06 10:37:50 -------- d-----w- c:\program files\Mediafour
2012-04-04 19:36:09 -------- d-----w- c:\users\lena-laura\appdata\local\{1A7B5EB3-7759-41FE-AA09-79525CBC2E2D}
2012-04-04 19:35:00 -------- d-----w- c:\users\lena-laura\appdata\local\{81A290BE-954A-4168-806C-81CA377D7DE2}
2012-04-04 19:25:37 -------- d-----w- c:\users\lena-laura\appdata\local\{02F6304D-037F-4A4C-8003-5437EE5FA85D}
2012-04-03 18:10:31 -------- d-----r- c:\users\lena-laura\appdata\roaming\Brother
2012-03-31 00:09:10 -------- d-----w- c:\users\lena-laura\appdata\local\{4CB2A80D-8224-4701-B414-6843804829AD}
2012-03-24 21:14:13 -------- d-----w- c:\program files\MixMeister BPM Analyzer
2012-03-18 15:22:48 592824 ----a-w- c:\program files\mozilla firefox\gkmedias.dll
2012-03-18 15:22:48 44472 ----a-w- c:\program files\mozilla firefox\mozglue.dll
2012-03-15 02:02:04 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-15 02:02:00 3913584 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 15:33:42 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 15:33:38 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 15:32:43 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 15:32:43 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 15:32:42 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 15:32:37 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 15:32:36 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-14 15:32:36 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
==================== Find3M ====================
.
2012-04-11 15:19:05 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-11 00:51:03 637848 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-02-11 00:51:03 567184 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-10 17:23:09 152576 ----a-w- c:\windows\system32\msclmd.dll
.
============= FINISH: 0:33:52,34 ===============
|
| Themen zu Mal wieder ein Virus? |
| adobe flash player, antivir, antivir guard, avira, bacroiehelpe, bingbar, bonjour, defender, desktop, eeepc, euro, explorer, firefox, flash player, google, malware, mozilla, plug-in, realtek, scan, security, security scan, software, superantispyware, svchost.exe, system, tracker, virus, windows, windows 7 starter, wmp |
Baum-Darstellung