Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Spyware, Trojaner etc.

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 14.12.2007, 22:12   #16
Hello World-Programm
 
Spyware, Trojaner etc. - Standard

Spyware, Trojaner etc.



Zitat:
Zitat von nochdigger Beitrag anzeigen
Hallo


Du solltest es ja gerade vermeiden den Namen Hijackthis.exe zu nutzen, da einige Schädlinge sich vor der laufenden Datei verstecken.


Wo wurde was gefunden (Pfad/Dateiname - Schädlingsbezeichnung)?


Schön ruhig bleiben wir sind noch da

MFG
Achso... Deshalb ^^

Es hat mir nur die Anzahl gezeigt, aber nicht die Pfade...

Was nun? Habe ich etwas falsch gemacht?

Alt 15.12.2007, 06:54   #17
nochdigger
 
Spyware, Trojaner etc. - Standard

Spyware, Trojaner etc.



Moin

Zitat:
Es hat mir nur die Anzahl gezeigt, aber nicht die Pfade...
Was die Suche nicht erleichtert.

Zitat:
Was nun? Habe ich etwas falsch gemacht?
Nein nein hast du nicht, ich würde sagen bevor wir dich laufen lassen, machen wir noch einige kleine Tests und dann sollte es das gewesen sein.


Lade dir bitte den CCleaner runter
CCleaner Download
- Ccleaner installieren (die toolbar nicht installieren) und starten
- wähle unter Options --> Settings --> German
- bereinige dein System
- lass auch die fehler in der registry beheben --> unter "Probleme" --> nach Fehlern suchen --> Fehler beheben



Filelist

1. Lade das filelist.zip auf deinen Desktop herunter.
2. Entpacke die Zip-Datei auf deinen Desktop (mit WINZIP), öffne die nun auf deinem Destop vorhandene filelist.bat mit einem Doppelklick auf die Datei
3. Dein Editor (Textverarbeitungsprogramm) wird sich öffnen
4. Markiere von diesem Inhalt aus jedem Verzeichnis jeweils die letzten 30 Tage, wähle kopieren, füge diese Dateien in deinem nächsten Beitrag ein.

Dies sind die Verzeichnisse von denen wir jeweils die letzten 30 Tage sehen wollen:
Verzeichnis von C:\
Verzeichnis von C:\WINDOWS\system32
Verzeichnis von C:\WINDOWS
Verzeichnis von C:\WINDOWS\Prefetch (Windows XP)
Verzeichnis von C:\WINDOWS\tasks
Verzeichnis von C:\WINDOWS\Temp
Verzeichnis von C:\DOCUME~1\Name\LOCALS~1\Temp


Silentrunners Logfile

-Lade dir das Tool -> Silentrunners
-Entpacke das Script in einen Ordner deiner Wahl
-Doppelklick auf -> Silent Runners -> Option Supplementary Searches auswählen
-System wird nun überprüft, nach Beendigung wird eine Log-Datei erstellt
(Dein Antiviren-Scanner könnte eine Meldung wegen „bösartigem Script“
erstellen, ignoriere dieses und arbeite weiter!)
-Dann öffne die Silent Runners xxx.txt mit einem Editor und kopiere den gesamten Inhalt ab und füge ihn in einen Beitrag ein.
(Strg+A markieren -> Strg+C kopieren -> Strg+V einfügen)


Führe bitte Updates deiner Programme durch
Avast
AVG

und lass diese im abgesicherten Modus einen Fullscan durchlaufen.

Berichte bitte ob noch etwas gefunden wurde bzw. ob es noch Probleme gibt.

Aktualisiere deine Java Version, deinstalliere die alte über Start -> Einstellungen -> Systemsteuerung -> Software, die neue Version gibt es
hier --> Download der Java-Software von Sun Microsystems

MFG
__________________


Alt 15.12.2007, 13:11   #18
Hello World-Programm
 
Spyware, Trojaner etc. - Standard

Spyware, Trojaner etc.



Halloo


Silent Runners Bericht:

"Silent Runners.vbs", revision 55, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"msnmsgr" = ""C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background" [MS]
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"VoipBuster" = ""C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe" -nosplash -minimized" ["VoipBuster"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Inc."]
"avast!" = "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" ["ALWIL Software"]
"NeroCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"Adobe Reader Speed Launcher" = ""C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"" ["Adobe Systems Incorporated"]
"!AVG Anti-Spyware" = ""C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized" ["GRISOFT s.r.o."]
"MotiveReportAgent" = ""C:\Program Files\Common Files\Motive\McciBootStrapper.exe" /url="-url=file://C:\Program Files\Common Files\Motive\ReportAgent.html" /browsertype=CustomMSIE /browserpath="C:\Program Files\Common Files\Motive\MotiveBrowser.exe" /hidden" ["Motive Communications, Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{055FD26D-3A88-4e15-963D-DC8493744B1D}\(Default) = "XTTBPos00"
-> {HKLM...CLSID} = "XTTBPos00 Class"
\InProcServer32\(Default) = "C:\PROGRA~1\ICQTOO~1\toolbaru.dll" ["IE Toolbar"]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{60BF5EE3-0105-4858-AD98-17C19F86B042}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Burn4Free Toolbar Helper"
\InProcServer32\(Default) = "C:\Program Files\Burn4Free Toolbar\v3.3.0.0\Burn4Free_Toolbar.dll" [null data]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll" ["Sun Microsystems, Inc."]
{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Windows Live Sign-in Helper"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {HKLM...CLSID} = "Display Panning CPL Extension"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]


Und der andere:

----- Root -----------------------------
Volume in drive C has no label.
Volume Serial Number is B49E-80BC

Directory of C:\

23/11/2011 09:40 a.m. 172 sqmnoopt16.sqm
23/11/2011 09:40 a.m. 172 sqmdata15.sqm
23/11/2011 09:40 a.m. 136 sqmdata16.sqm
23/11/2011 09:40 a.m. 244 sqmnoopt14.sqm
23/11/2011 09:40 a.m. 268 sqmdata14.sqm
23/11/2011 09:40 a.m. 172 sqmnoopt15.sqm
23/11/2011 09:37 a.m. 244 sqmnoopt13.sqm
23/11/2011 09:37 a.m. 268 sqmdata13.sqm
23/11/2011 09:27 a.m. 268 sqmdata12.sqm
23/11/2011 09:27 a.m. 244 sqmnoopt12.sqm
23/11/2011 08:55 a.m. 268 sqmdata09.sqm
23/11/2011 08:55 a.m. 244 sqmnoopt09.sqm
23/11/2011 12:23 a.m. 244 sqmnoopt11.sqm
23/11/2011 12:23 a.m. 304 sqmdata11.sqm
22/11/2011 10:46 a.m. 268 sqmdata10.sqm
22/11/2011 10:46 a.m. 244 sqmnoopt10.sqm
22/11/2011 04:49 a.m. 268 sqmdata08.sqm
22/11/2011 04:49 a.m. 244 sqmnoopt08.sqm
22/11/2011 01:36 a.m. 268 sqmdata07.sqm
22/11/2011 01:36 a.m. 244 sqmnoopt07.sqm
20/11/2011 11:39 a.m. 268 sqmdata06.sqm
20/11/2011 11:39 a.m. 244 sqmnoopt06.sqm
20/11/2011 03:10 a.m. 268 sqmdata05.sqm
20/11/2011 03:10 a.m. 244 sqmnoopt05.sqm
19/11/2011 01:33 a.m. 244 sqmnoopt04.sqm
19/11/2011 01:33 a.m. 304 sqmdata04.sqm
18/11/2011 01:11 p.m. 268 sqmdata03.sqm
18/11/2011 01:11 p.m. 244 sqmnoopt03.sqm
15/12/2007 12:53 p.m. 91 ambit.log
15/12/2007 12:48 p.m. 2,146,684,928 hiberfil.sys
15/12/2007 12:48 p.m. 2,145,386,496 pagefile.sys
15/12/2007 11:57 a.m. 268 sqmdata17.sqm
15/12/2007 11:57 a.m. 244 sqmnoopt17.sqm
13/12/2007 08:00 p.m. 2,807 rapport.txt
13/12/2007 07:53 p.m. 268 sqmdata02.sqm
13/12/2007 07:53 p.m. 244 sqmnoopt02.sqm
13/12/2007 07:26 p.m. 268 sqmdata01.sqm
13/12/2007 07:26 p.m. 244 sqmnoopt01.sqm
13/12/2007 07:02 p.m. 268 sqmdata19.sqm
13/12/2007 07:02 p.m. 244 sqmnoopt19.sqm
13/12/2007 06:16 p.m. 268 sqmdata00.sqm
13/12/2007 06:16 p.m. 244 sqmnoopt00.sqm
12/12/2007 10:12 p.m. 268 sqmdata18.sqm
12/12/2007 10:12 p.m. 244 sqmnoopt18.sqm
09/12/2007 03:44 p.m. 12,625 FONTLOG.TXT

----- System32 -------------------------
Volume in drive C has no label.
Volume Serial Number is B49E-80BC

Directory of C:\WINDOWS\system32

15/12/2007 12:48 p.m. 13,646 wpa.dbl
13/12/2007 08:00 p.m. 2,046 tmp.reg
13/12/2007 08:00 p.m. 0 tmp.txt
13/12/2007 05:36 p.m. 2,626 CONFIG.NT
12/12/2007 05:18 p.m. 387,496 TZLog.log
04/12/2007 02:04 p.m. 837,496 aswBoot.exe
04/12/2007 01:54 p.m. 95,608 AvastSS.scr
03/12/2007 12:00 a.m. 18,684,536 MRT.exe
29/11/2007 11:41 a.m. 1,493,936 FNTCACHE.DAT
13/11/2007 12:31 p.m. 60,416 tzchange.exe

----- Prefetch -------------------------
Volume in drive C has no label.
Volume Serial Number is B49E-80BC

Directory of C:\WINDOWS\Prefetch

23/11/2011 09:45 a.m. 35,422 WMIPRVSE.EXE-28F301A9.pf
23/11/2011 09:40 a.m. 76,516 MSNMSGR.EXE-366A1A81.pf
23/11/2011 09:39 a.m. 79,104 MSIEXEC.EXE-2F8A8CAE.pf
23/11/2011 09:24 a.m. 55,856 WUAUCLT.EXE-399A8E72.pf
23/11/2011 09:01 a.m. 41,418 DWWIN.EXE-30875ADC.pf
23/11/2011 08:58 a.m. 34,568 WLLOGINPROXY.EXE-1781D844.pf
23/11/2011 08:58 a.m. 80,820 IEXPLORE.EXE-27122324.pf
23/11/2011 08:43 a.m. 15,768 VERCLSID.EXE-3667BD89.pf
23/11/2011 08:39 a.m. 64,538 ACRORD32.EXE-356875A2.pf
23/11/2011 08:17 a.m. 16,940 SNDVOL32.EXE-383480B7.pf
23/11/2011 07:29 a.m. 80,752 OPERA.EXE-12085680.pf
23/11/2011 07:27 a.m. 7,088 LOGON.SCR-151EFAEA.pf
23/11/2011 07:05 a.m. 15,614 HPDARC.EXE-18B11979.pf
23/11/2011 07:05 a.m. 25,400 WMIAPSRV.EXE-1E2270A5.pf
23/11/2011 07:05 a.m. 89,240 AVAST.SETUP-032170A8.pf
23/11/2011 07:05 a.m. 25,464 SETUP.OVR-154CE291.pf
23/11/2011 01:15 a.m. 37,912 LOGONUI.EXE-0AF22957.pf
23/11/2011 12:52 a.m. 20,586 REGSVR32.EXE-25EEFE2F.pf
23/11/2011 12:20 a.m. 38,016 IMAPI.EXE-0BF740A4.pf
23/11/2011 12:20 a.m. 13,956 RUNDLL32.EXE-451FC2C0.pf
22/11/2011 09:46 a.m. 14,476 HPZSTC09.EXE-3AFDDA16.pf
22/11/2011 09:46 a.m. 17,828 HPZENG09.EXE-21FF5F4F.pf
22/11/2011 09:25 a.m. 15,284 CALC.EXE-02CD573A.pf
22/11/2011 09:18 a.m. 119,350 WINWORD.EXE-29F5CB89.pf
20/11/2011 03:10 a.m. 20,600 RUNDLL32.EXE-2A94BB85.pf
20/11/2011 03:10 a.m. 20,252 RUNDLL32.EXE-2E5AF1D7.pf
20/11/2011 02:37 a.m. 58,910 HL2.EXE-026CCA21.pf
15/12/2007 01:03 p.m. 12,028 FIND.EXE-0EC32F1E.pf
15/12/2007 01:03 p.m. 12,824 CMD.EXE-087B4001.pf
15/12/2007 01:03 p.m. 17,690 WINRAR.EXE-39C6DAD9.pf
15/12/2007 01:01 p.m. 36,496 RUNDLL32.EXE-2BF3472E.pf
15/12/2007 12:57 p.m. 19,710 CCLEANER.EXE-0BCE437C.pf
15/12/2007 12:57 p.m. 42,364 WINZIP32.EXE-335422C1.pf
15/12/2007 12:55 p.m. 50,584 MOTIVEBROWSER.EXE-08C2C6F2.pf
15/12/2007 12:55 p.m. 19,166 MCCIBOOTSTRAPPER.EXE-00655CE1.pf
15/12/2007 12:53 p.m. 46,500 SETUP.EXE-08A0D6B9.pf
15/12/2007 12:53 p.m. 38,320 IKERNEL.EXE-078AA887.pf
15/12/2007 12:53 p.m. 20,614 SETUP.EXE-3962F3C0.pf
15/12/2007 12:53 p.m. 13,524 DRINST.EXE-1E6F9198.pf
15/12/2007 12:51 p.m. 26,094 MCCIINST.EXE-006FC7A2.pf
15/12/2007 12:51 p.m. 33,432 INSTALLHELPER.EXE-20D6735B.pf
15/12/2007 12:51 p.m. 11,050 JAVACHECK.EXE-2F96C5C4.pf
15/12/2007 12:51 p.m. 8,136 CABLECOM_INSTALLER.EXE-2D9E56A6.pf
15/12/2007 12:49 p.m. 1,400,916 NTOSBOOT-B00DFAAD.pf
15/12/2007 11:57 a.m. 15,080 SL11C.TMP-2F99790E.pf
15/12/2007 11:57 a.m. 129,366 NDP1.1SP1-KB867460-X86.EXE-1BF8984A.pf
15/12/2007 10:52 a.m. 14,416 WZQKPICK.EXE-350A392A.pf
15/12/2007 10:52 a.m. 12,734 CONIME.EXE-13EEEA1A.pf
15/12/2007 10:52 a.m. 15,524 MPBTN.EXE-099A6FD1.pf
15/12/2007 10:52 a.m. 15,544 MOTIVE~1.EXE-34114D40.pf
15/12/2007 10:52 a.m. 32,172 CABLECOM_ASSISTANT.EXE-3A23515E.pf
15/12/2007 10:52 a.m. 14,378 MATCLI.EXE-0A80AF99.pf
15/12/2007 10:52 a.m. 12,194 ADOBE GAMMA LOADER.EXE-1DBD7BA3.pf
15/12/2007 10:52 a.m. 16,056 OSA.EXE-2CD63980.pf
14/12/2007 10:13 p.m. 15,082 SL22EC.TMP-2E2E0AFE.pf
14/12/2007 09:18 p.m. 15,570 SETHC.EXE-0D6CE1BC.pf
14/12/2007 08:10 p.m. 73,224 ASHCHEST.EXE-0FED8209.pf
14/12/2007 07:21 p.m. 57,782 GAME.EXE-3AFCC444.pf
14/12/2007 07:20 p.m. 15,332 18699785CE73C032B75_18_UPDATE-0CFC76ED.pf
14/12/2007 07:20 p.m. 93,722 UPDATER.EXE-0E8D5D67.pf
14/12/2007 07:19 p.m. 53,472 CH-SKICHALLENGE08.EXE-21C6CAD2.pf
14/12/2007 07:06 p.m. 206,392 DUMPREP.EXE-1B46F901.pf
14/12/2007 07:06 p.m. 115,390 TASKMGR.EXE-20256C55.pf
14/12/2007 05:57 p.m. 34,942 SRCDS.EXE-147367F9.pf
14/12/2007 05:55 p.m. 41,896 MSACCESS.EXE-12E8FF10.pf
14/12/2007 05:55 p.m. 18,660 HPQTHB08.EXE-060DCF16.pf
14/12/2007 05:53 p.m. 29,948 FRONTPG.EXE-2056CF36.pf
14/12/2007 05:32 p.m. 51,202 WOW.EXE-02137854.pf
14/12/2007 05:31 p.m. 70,988 LAUNCHER.EXE-32675156.pf
14/12/2007 05:23 p.m. 60,770 RUNDLL32.EXE-1BC55A4F.pf
14/12/2007 05:15 p.m. 55,192 USETUP.EXE-1E8BC12E.pf
14/12/2007 05:15 p.m. 12,982 SXUNINST.EXE-212B412A.pf
14/12/2007 05:15 p.m. 24,396 AU_.EXE-065E637B.pf
14/12/2007 05:15 p.m. 20,360 DIVXWEBPLAYERUNINSTALL.EXE-1A4B0336.pf
14/12/2007 04:43 p.m. 10,810 USNSVC.EXE-373E4DBC.pf
14/12/2007 02:29 p.m. 87,432 DFRGNTFS.EXE-269967DF.pf
14/12/2007 02:29 p.m. 65,470 DEFRAG.EXE-273F131E.pf
14/12/2007 01:31 p.m. 597,482 Layout.ini
14/12/2007 12:44 p.m. 99,106 VOIPBUSTER.EXE-0F926355.pf

----- Windows --------------------------
Volume in drive C has no label.
Volume Serial Number is B49E-80BC

Directory of C:\WINDOWS

23/11/2011 12:55 a.m. 235 HansWare.ini
15/12/2007 01:03 p.m. 1,531,445 WindowsUpdate.log
15/12/2007 12:48 p.m. 159 wiadebug.log
15/12/2007 12:48 p.m. 50 wiaservc.log
15/12/2007 12:48 p.m. 2,048 bootstat.dat
15/12/2007 11:57 a.m. 32,540 SchedLgU.Txt
12/12/2007 04:48 p.m. 681 mozver.dat
09/12/2007 03:37 p.m. 54,156 QTFont.qfn
02/12/2007 02:17 p.m. 29,706 hpoins03.dat
02/12/2007 02:17 p.m. 638 win.ini

----- Tasks ----------------------------
Volume in drive C has no label.
Volume Serial Number is B49E-80BC

Directory of C:\WINDOWS\tasks

15/12/2007 12:48 p.m. 6 SA.DAT

----- Wintemp --------------------------
Volume in drive C has no label.
Volume Serial Number is B49E-80BC

Directory of C:\WINDOWS\temp

20/11/2011 12:29 a.m. 16,384 Perflib_Perfdata_5e0.dat
15/12/2007 12:48 p.m. 0 Perflib_Perfdata_434.dat
15/12/2007 11:57 a.m. 479,010 netfxsl.log
13/12/2007 05:47 p.m. 16,384 Perflib_Perfdata_5ec.dat
12/12/2007 05:18 p.m. 596 hpzcoi09.log
12/12/2007 05:18 p.m. 596 hpzcoi08.log

----- Temp -----------------------------
Volume in drive C has no label.
Volume Serial Number is B49E-80BC

Directory of C:\DOCUME~1\Kevin\LOCALS~1\Temp

15/12/2007 01:03 p.m. 138,733 filelist.txt
15/12/2007 12:55 p.m. 29,581 tmp25.tmp
15/12/2007 12:55 p.m. 32,620 tmp22.tmp
15/12/2007 12:55 p.m. 29,150 tmp24.tmp
15/12/2007 12:55 p.m. 17,497 tmp23.tmp
15/12/2007 12:55 p.m. 0 PTI10.tmp
15/12/2007 12:55 p.m. 6,444 Report.xml
15/12/2007 12:53 p.m. 110 driverInstall.log
15/12/2007 12:49 p.m. 16,384 Perflib_Perfdata_8c4.dat
15/12/2007 12:48 p.m. 98,304 ~DFBBE6.tmp
15/12/2007 11:50 a.m. 0 tmp115.tmp
15/12/2007 11:47 a.m. 29,581 tmp10B.tmp
15/12/2007 11:47 a.m. 32,426 tmp108.tmp
15/12/2007 11:47 a.m. 29,150 tmp10A.tmp
15/12/2007 11:47 a.m. 17,496 tmp109.tmp
15/12/2007 11:42 a.m. 32,426 tmp100.tmp
15/12/2007 11:42 a.m. 29,581 tmp103.tmp
15/12/2007 11:42 a.m. 29,150 tmp102.tmp
15/12/2007 11:42 a.m. 17,496 tmp101.tmp
15/12/2007 11:42 a.m. 32,426 tmpF8.tmp
15/12/2007 11:42 a.m. 29,150 tmpFA.tmp
15/12/2007 11:42 a.m. 29,581 tmpFB.tmp
15/12/2007 11:42 a.m. 17,496 tmpF9.tmp
15/12/2007 11:41 a.m. 17,496 tmpF4.tmp
15/12/2007 11:41 a.m. 32,426 tmpF3.tmp
15/12/2007 11:41 a.m. 29,581 tmpF6.tmp
15/12/2007 11:41 a.m. 29,150 tmpF5.tmp
15/12/2007 11:41 a.m. 32,426 tmpEA.tmp
15/12/2007 11:41 a.m. 29,150 tmpEC.tmp
15/12/2007 11:41 a.m. 29,581 tmpED.tmp
15/12/2007 11:41 a.m. 17,496 tmpEB.tmp
15/12/2007 11:32 a.m. 32,426 tmpD4.tmp
15/12/2007 11:32 a.m. 29,150 tmpD6.tmp
15/12/2007 11:32 a.m. 29,581 tmpD7.tmp
15/12/2007 11:32 a.m. 17,496 tmpD5.tmp
15/12/2007 11:27 a.m. 29,563 tmpB4.tmp
15/12/2007 11:27 a.m. 32,293 tmpB2.tmp
15/12/2007 11:27 a.m. 29,581 tmpB5.tmp
15/12/2007 11:27 a.m. 17,509 tmpB3.tmp
15/12/2007 11:16 a.m. 29,563 tmp6F.tmp
15/12/2007 11:16 a.m. 29,581 tmp70.tmp
15/12/2007 11:16 a.m. 32,293 tmp6D.tmp
15/12/2007 11:16 a.m. 17,517 tmp6E.tmp
15/12/2007 11:14 a.m. 32,293 tmp64.tmp
15/12/2007 11:14 a.m. 29,563 tmp66.tmp
15/12/2007 11:14 a.m. 29,581 tmp67.tmp
15/12/2007 11:14 a.m. 17,517 tmp65.tmp
15/12/2007 11:12 a.m. 29,581 tmp5E.tmp
15/12/2007 11:12 a.m. 17,517 tmp5C.tmp
15/12/2007 11:12 a.m. 32,293 tmp5B.tmp
15/12/2007 11:12 a.m. 29,563 tmp5D.tmp
15/12/2007 11:12 a.m. 32,293 tmp55.tmp
15/12/2007 11:12 a.m. 29,563 tmp57.tmp
15/12/2007 11:12 a.m. 29,581 tmp58.tmp
15/12/2007 11:12 a.m. 17,517 tmp56.tmp
15/12/2007 11:11 a.m. 29,563 tmp51.tmp
15/12/2007 11:11 a.m. 32,293 tmp4F.tmp
15/12/2007 11:11 a.m. 29,581 tmp52.tmp
15/12/2007 11:11 a.m. 17,517 tmp50.tmp
15/12/2007 11:09 a.m. 29,581 tmp4D.tmp
15/12/2007 11:09 a.m. 32,293 tmp4A.tmp
15/12/2007 11:09 a.m. 29,563 tmp4C.tmp
15/12/2007 11:09 a.m. 17,517 tmp4B.tmp
15/12/2007 11:07 a.m. 29,581 tmp3B.tmp
15/12/2007 11:07 a.m. 32,293 tmp38.tmp
15/12/2007 11:07 a.m. 29,563 tmp3A.tmp
15/12/2007 11:07 a.m. 17,535 tmp39.tmp
15/12/2007 10:58 a.m. 32,291 tmp26.tmp
15/12/2007 10:58 a.m. 29,581 tmp29.tmp
15/12/2007 10:58 a.m. 29,563 tmp28.tmp
15/12/2007 10:58 a.m. 17,580 tmp27.tmp
15/12/2007 10:57 a.m. 32,291 tmp16.tmp
15/12/2007 10:57 a.m. 29,563 tmp20.tmp
15/12/2007 10:57 a.m. 29,581 tmp21.tmp
15/12/2007 10:57 a.m. 17,580 tmp1B.tmp
15/12/2007 10:53 a.m. 29,581 tmpF.tmp
15/12/2007 10:53 a.m. 32,291 tmpC.tmp
15/12/2007 10:53 a.m. 29,563 tmpE.tmp
15/12/2007 10:53 a.m. 17,580 tmpD.tmp
15/12/2007 10:52 a.m. 32,291 tmp7.tmp
15/12/2007 10:52 a.m. 29,563 tmp9.tmp
15/12/2007 10:52 a.m. 29,581 tmpA.tmp
15/12/2007 10:52 a.m. 17,580 tmp8.tmp
15/12/2007 10:52 a.m. 32,291 tmp2.tmp
15/12/2007 10:52 a.m. 29,563 tmp4.tmp
15/12/2007 10:52 a.m. 29,581 tmp5.tmp
15/12/2007 10:52 a.m. 17,580 tmp3.tmp
15/12/2007 10:52 a.m. 98,304 ~DF8526.tmp
14/12/2007 04:33 p.m. 32,140 tmp2054.tmp
14/12/2007 04:33 p.m. 27,541 tmp2056.tmp
14/12/2007 04:33 p.m. 28,653 tmp2057.tmp
14/12/2007 04:33 p.m. 17,593 tmp2055.tmp
14/12/2007 04:18 p.m. 28,653 tmp1DB6.tmp
14/12/2007 04:18 p.m. 27,541 tmp1DB5.tmp
14/12/2007 04:18 p.m. 32,261 tmp1DB3.tmp
14/12/2007 04:18 p.m. 17,645 tmp1DB4.tmp
14/12/2007 04:03 p.m. 28,653 tmp19F2.tmp
14/12/2007 04:03 p.m. 32,314 tmp19EF.tmp
14/12/2007 04:03 p.m. 27,541 tmp19F1.tmp
14/12/2007 04:03 p.m. 17,645 tmp19F0.tmp
14/12/2007 03:48 p.m. 32,169 tmp1690.tmp
14/12/2007 03:48 p.m. 27,152 tmp1692.tmp
14/12/2007 03:48 p.m. 28,653 tmp1693.tmp
14/12/2007 03:48 p.m. 17,632 tmp1691.tmp
14/12/2007 03:33 p.m. 28,653 tmp1441.tmp
14/12/2007 03:33 p.m. 32,168 tmp143E.tmp
14/12/2007 03:33 p.m. 27,152 tmp1440.tmp
14/12/2007 03:33 p.m. 17,632 tmp143F.tmp
14/12/2007 03:18 p.m. 32,166 tmp122B.tmp
14/12/2007 03:18 p.m. 27,152 tmp122D.tmp
14/12/2007 03:18 p.m. 28,653 tmp122E.tmp
14/12/2007 03:18 p.m. 17,600 tmp122C.tmp
14/12/2007 03:03 p.m. 17,611 tmp105D.tmp
14/12/2007 03:03 p.m. 28,652 tmp105F.tmp
14/12/2007 03:03 p.m. 27,152 tmp105E.tmp
14/12/2007 03:03 p.m. 32,110 tmp105C.tmp
14/12/2007 02:48 p.m. 32,130 tmp1057.tmp
14/12/2007 02:48 p.m. 28,652 tmp105A.tmp
14/12/2007 02:48 p.m. 27,152 tmp1059.tmp
14/12/2007 02:48 p.m. 17,603 tmp1058.tmp
14/12/2007 02:33 p.m. 28,652 tmp1048.tmp
14/12/2007 02:33 p.m. 27,152 tmp1047.tmp
14/12/2007 02:33 p.m. 32,128 tmp1045.tmp
14/12/2007 02:33 p.m. 17,603 tmp1046.tmp
14/12/2007 02:18 p.m. 28,652 tmp1043.tmp
14/12/2007 02:18 p.m. 27,152 tmp1042.tmp
14/12/2007 02:18 p.m. 32,320 tmp1040.tmp
14/12/2007 02:18 p.m. 17,594 tmp1041.tmp
14/12/2007 02:03 p.m. 27,152 tmp103C.tmp
14/12/2007 02:03 p.m. 32,319 tmp103A.tmp
14/12/2007 02:03 p.m. 28,652 tmp103D.tmp
14/12/2007 02:03 p.m. 17,582 tmp103B.tmp
14/12/2007 01:48 p.m. 28,652 tmp1038.tmp
14/12/2007 01:48 p.m. 27,224 tmp1037.tmp
14/12/2007 01:48 p.m. 32,318 tmp1035.tmp
14/12/2007 01:48 p.m. 17,583 tmp1036.tmp
14/12/2007 01:33 p.m. 32,317 tmp1031.tmp
14/12/2007 01:33 p.m. 28,652 tmp1034.tmp
14/12/2007 01:33 p.m. 27,224 tmp1033.tmp
14/12/2007 01:33 p.m. 17,576 tmp1032.tmp
14/12/2007 01:18 p.m. 32,481 tmp102B.tmp
14/12/2007 01:18 p.m. 28,652 tmp102E.tmp
14/12/2007 01:18 p.m. 27,224 tmp102D.tmp
14/12/2007 01:18 p.m. 17,585 tmp102C.tmp
14/12/2007 01:03 p.m. 28,652 tmpE8E.tmp
14/12/2007 01:03 p.m. 32,481 tmpE8B.tmp
14/12/2007 01:03 p.m. 27,224 tmpE8D.tmp
14/12/2007 01:03 p.m. 17,592 tmpE8C.tmp
14/12/2007 12:48 p.m. 32,480 tmp822.tmp
14/12/2007 12:48 p.m. 27,224 tmp824.tmp
14/12/2007 12:48 p.m. 28,652 tmp825.tmp
14/12/2007 12:48 p.m. 17,576 tmp823.tmp
14/12/2007 12:48 p.m. 32,480 tmp816.tmp
14/12/2007 12:48 p.m. 28,652 tmp819.tmp
14/12/2007 12:48 p.m. 27,224 tmp818.tmp
14/12/2007 12:48 p.m. 17,573 tmp817.tmp
14/12/2007 12:33 p.m. 28,652 tmpDB.tmp
14/12/2007 12:33 p.m. 32,380 tmpD8.tmp
14/12/2007 12:33 p.m. 27,224 tmpDA.tmp
14/12/2007 12:33 p.m. 17,534 tmpD9.tmp
14/12/2007 12:33 p.m. 32,380 tmpBA.tmp
14/12/2007 12:33 p.m. 27,224 tmpBC.tmp
14/12/2007 12:33 p.m. 28,652 tmpBD.tmp
14/12/2007 12:33 p.m. 17,542 tmpBB.tmp
14/12/2007 12:18 p.m. 32,379 tmp1C.tmp
14/12/2007 12:18 p.m. 28,942 tmp1F.tmp
14/12/2007 12:18 p.m. 27,224 tmp1E.tmp
14/12/2007 12:18 p.m. 17,528 tmp1D.tmp
14/12/2007 12:18 p.m. 32,379 tmp17.tmp
14/12/2007 12:18 p.m. 28,942 tmp15.tmp
14/12/2007 12:18 p.m. 27,224 tmp19.tmp
14/12/2007 12:18 p.m. 28,942 tmp1A.tmp
14/12/2007 12:18 p.m. 17,528 tmp18.tmp
14/12/2007 12:18 p.m. 32,379 tmp12.tmp
14/12/2007 12:18 p.m. 27,224 tmp14.tmp
14/12/2007 12:18 p.m. 17,528 tmp13.tmp
14/12/2007 12:14 p.m. 98,304 ~DF627E.tmp
13/12/2007 08:04 p.m. 98,304 ~DF3F7.tmp
14/12/2004 06:32 p.m. 629 setup.iss

Naechsteres update ich gleich...
__________________

Alt 15.12.2007, 13:32   #19
Hello World-Programm
 
Spyware, Trojaner etc. - Standard

Spyware, Trojaner etc.



TrackingCookie.2o7
TrackingCookie.Atdmt

Wurde noch gefunden, Avast lasse ich noch durchlaufen, der Scan geht um die 6h ...


Das Tracking Cookie, ich habe seit einiger Zeit beobachtet, dass news.idealo.de nicht weggeht, also unloeschbar ist, ist es vielleicht dieses Cookie? Ich habe kA.

mfG

Alt 15.12.2007, 13:38   #20
nochdigger
 
Spyware, Trojaner etc. - Standard

Spyware, Trojaner etc.



Hallo

mach dir wegen so einem Keks keinen Kopf die sind die Aufregung nicht wert.
Dazu kannst du hier einiges lesen
Cockie
Silentrunners ist sehr kurz geraten, lass das Programm noch mal laufen warte diesesmal aber mal ca. 3min ab und poste das Ergebnis nochmal.

MFG


Alt 15.12.2007, 13:41   #21
Hello World-Programm
 
Spyware, Trojaner etc. - Standard

Spyware, Trojaner etc.



Jetzt kommt nur noch das:

"Silent Runners.vbs", revision 55, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"msnmsgr" = ""C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background" [MS]
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"VoipBuster" = ""C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe" -nosplash -minimized" ["VoipBuster"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Inc."]
"avast!" = "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" ["ALWIL Software"]
"NeroCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"Adobe Reader Speed Launcher" = ""C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"" ["Adobe Systems Incorporated"]
"!AVG Anti-Spyware" = ""C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized" ["GRISOFT s.r.o."]


Silent Runners Log waere schon laenger, aber die anderen sind veraltet, also von frueher.

Alt 15.12.2007, 13:45   #22
nochdigger
 
Spyware, Trojaner etc. - Standard

Spyware, Trojaner etc.



Hallo

poste das Log bitte im ganzen, sonst bekomme ich ne Sehnenscheidenentzündung im Scrollfinger

MFG

Antwort

Themen zu Spyware, Trojaner etc.
add-on, adobe, antivirus, avast, avast!, avg, bho, bonjour, computer, desktop, excel, explorer, helper, hijack, hijackthis, internet, internet explorer, nvidia, opera, pdf, rundll, software, spyware, system, trend micro, trojaner, urlsearchhook, windows, windows xp



Ähnliche Themen: Spyware, Trojaner etc.


  1. Trojaner und Malware/Spyware auf dem PC
    Plagegeister aller Art und deren Bekämpfung - 10.11.2014 (13)
  2. Malware Trojaner Spyware?
    Plagegeister aller Art und deren Bekämpfung - 20.01.2014 (9)
  3. spyware/Trojaner
    Plagegeister aller Art und deren Bekämpfung - 26.10.2013 (3)
  4. Trojaner oder Spyware
    Log-Analyse und Auswertung - 19.08.2011 (1)
  5. Viren, Trojaner, Spyware
    Plagegeister aller Art und deren Bekämpfung - 07.02.2009 (46)
  6. Trojaner Spyware
    Log-Analyse und Auswertung - 20.10.2008 (5)
  7. Warning! Spyware detected on your computer install an antivirus or spyware remover to
    Plagegeister aller Art und deren Bekämpfung - 11.09.2008 (30)
  8. Warning. Spyware detected on your computer. Install an Antivirus or spyware ...
    Plagegeister aller Art und deren Bekämpfung - 25.08.2008 (4)
  9. Spyware Trojaner??
    Plagegeister aller Art und deren Bekämpfung - 18.04.2008 (6)
  10. AVG Anti Spyware Trojaner in NOD 32?
    Plagegeister aller Art und deren Bekämpfung - 29.01.2008 (3)
  11. Spyware (Trojaner)
    Log-Analyse und Auswertung - 10.06.2007 (6)
  12. Trojaner und Spyware
    Log-Analyse und Auswertung - 03.06.2007 (7)
  13. Möglicher Trojaner/Spyware
    Log-Analyse und Auswertung - 01.03.2007 (3)
  14. 180Solutions Spyware/, VX2 Spyware/Adware, VB and VBA Program Settings Spyware/Adware
    Log-Analyse und Auswertung - 12.07.2006 (10)
  15. Trojaner/Spyware eingefangen
    Plagegeister aller Art und deren Bekämpfung - 07.07.2006 (17)
  16. Spyware, Trojaner oder was ist das?
    Plagegeister aller Art und deren Bekämpfung - 29.04.2006 (3)
  17. spyware und trojaner
    Log-Analyse und Auswertung - 08.01.2006 (18)

Zum Thema Spyware, Trojaner etc. - Zitat: Zitat von nochdigger Hallo Du solltest es ja gerade vermeiden den Namen Hijackthis.exe zu nutzen, da einige Schädlinge sich vor der laufenden Datei verstecken. Wo wurde was gefunden (Pfad/Dateiname - Spyware, Trojaner etc....
Archiv
Du betrachtest: Spyware, Trojaner etc. auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.