Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Malware Trojaner ?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 27.12.2009, 14:40   #1
Priestaftw
 
Malware Trojaner ? - Standard

Malware Trojaner ?



Moin moin,

hier mein logfile, wie schon gesagt, schein ich vom malware virus befallen zu sein. Popups sind leider auch keine Seltenheit :/

Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:30:59, on 27.12.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\ISS\Proventia Desktop\blackd.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\program files\cscmarimba\tuner\Tuner.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Option\GlobeTrotter Connect\GtDetectSc.exe
C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Prot_srv.exe
C:\WINDOWS\system32\pstartSr.exe
C:\Program Files\ISS\Proventia Desktop\RapApp.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
c:\sysmgt\sdprimer.exe
C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe
C:\Program Files\SupportSoft_AMER_CSCi\bin\sprtsvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\SupportSoft_AMER_CSCi\bin\tgsrvc.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\ISS\Proventia Desktop\vpatch.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\Pointsec\Pointsec Media Encryption\Program\pmepol.exe
C:\Program Files\Pointsec\Pointsec Media Encryption\Program\pmelp.exe
C:\Program Files\Pointsec\Pointsec Media Encryption\Program\pmelog.exe
C:\Program Files\Pointsec\Pointsec Media Encryption\Program\pmefsvc.exe
C:\program files\cscmarimba\tuner\.marimba\cscmarimba\ch.3\data\sum.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\SupportSoft_AMER_CSCi\bin\sprtcmd.exe
C:\Program Files\Pointsec\Pointsec for PC\P95Tray.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\DOCUME~1\SKURPI~1\LOCALS~1\Temp\richtx64.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\ISS\Proventia Desktop\blackice.exe
C:\DOCUME~1\SKURPI~1\LOCALS~1\Temp\wscsvc32.exe
C:\SKurpiers\Feuerfuchs\Feuerfuchs.exe
C:\SKurpiers\Pause\ICQ6.5\ICQ.exe
C:\WINDOWS\system32\wuauclt.exe
C:\program files\cscmarimba\tuner\lib\minituner.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://portal.csc.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://portal.csc.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.10.10:80
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [SupportSoft_AMER_CSCi] "C:\Program Files\SupportSoft_AMER_CSCi\bin\sprtcmd.exe" /P SupportSoft_AMER_CSCi
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Pointsec Tray] C:\Program Files\Pointsec\Pointsec for PC\P95Tray.exe
O4 - HKLM\..\Run: [ApacheTomcatMonitor] "C:\Program Files\Apache Software Foundation\Tomcat 6.0\bin\tomcat6w.exe" //MS//Tomcat6
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EA Core] "C:\SKurpiers\Pause\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [richtx64.exe] C:\DOCUME~1\SKURPI~1\LOCALS~1\Temp\richtx64.exe
O4 - HKCU\..\Run: [Malware Defense] "C:\Program Files\Malware Defense\mdefense.exe" -noscan
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: MagicDisc.lnk = C:\SKurpiers\Programme\MagicDisc\Programme\MagicDisc.exe
O4 - Startup: SDK Tray Menu.lnk = ?
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Proventia Desktop Agent.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {E59EB121-F339-4851-A3BA-FE49C35617C2} - ICQ.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {E59EB121-F339-4851-A3BA-FE49C35617C2} - ICQ.exe (file missing)
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://emea-ml11.emea.csc.com/iNotes6W.cab
O16 - DPF: {8F0DF9DB-AA5A-4ED0-9176-1C4A9C762C59} (JNILoader Control) - https://emea-st03.emea.csc.com/sametime/stmeetingroomclient/STJNILoader.cab
O16 - DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} (Domino Web Access 8 Control) - https://emea-ml11.emea.csc.com/dwa8W.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = EMEA.GLOBALCSC.NET
O17 - HKLM\Software\..\Telephony: DomainName = EMEA.GLOBALCSC.NET
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = EMEA.GLOBALCSC.NET
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O20 - Winlogon Notify: Pointsec Media Encryption - C:\WINDOWS\SYSTEM32\pmewnp.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo  - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo  - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\ISS\Proventia Desktop\blackd.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: cscmarimba - BMC Software, Inc. - C:\program files\cscmarimba\tuner\Tuner.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Contivity VPN Service (ExtranetAccess) - Nortel Networks NA, Inc. - C:\Program Files\CSC VPN Client\Extranet_serv.exe
O23 - Service: GtDetectSc - OptionNV - C:\Program Files\Option\GlobeTrotter Connect\GtDetectSc.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPassConnectEngine - iPass, Inc. - C:\Program Files\iPass\iPassConnect\iPassConnectEngine.exe
O23 - Service: iPassPeriodicUpdateApp - iPass, Inc. - C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe
O23 - Service: iPassPeriodicUpdateService - iPass, Inc. - C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: Pointsec - Unknown owner - C:\WINDOWS\system32\Prot_srv.exe
O23 - Service: Pointsec Media Encryption Logging Service - Pointsec Mobile Technologies AB - C:\Program Files\Pointsec\Pointsec Media Encryption\Program\pmelog.exe
O23 - Service: Pointsec Media Encryption Policy Service - Pointsec Mobile Technologies AB - C:\Program Files\Pointsec\Pointsec Media Encryption\Program\pmepol.exe
O23 - Service: Pointsec Media Encryption Service - Pointsec Mobile Technologies AB - C:\Program Files\Pointsec\Pointsec Media Encryption\Program\pmefsvc.exe
O23 - Service: Pointsec Service Start (Pointsec_start) - Unknown owner - C:\WINDOWS\system32\pstartSr.exe
O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\ISS\Proventia Desktop\RapApp.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SD Primer Agent (SDPrimer) - Computer Associates - c:\sysmgt\sdprimer.exe
O23 - Service: SupportSoft Listener Service (sprtlisten) - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe
O23 - Service: SupportSoft Sprocket Service (supportsoft_amer_csci) (sprtsvc_supportsoft_amer_csci) - SupportSoft, Inc. - C:\Program Files\SupportSoft_AMER_CSCi\bin\sprtsvc.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe
O23 - Service: SupportSoft Repair Service (supportsoft_amer_csci) (tgsrvc_supportsoft_amer_csci) - SupportSoft, Inc. - C:\Program Files\SupportSoft_AMER_CSCi\bin\tgsrvc.exe
O23 - Service: Apache Tomcat 6 (Tomcat6) - Apache Software Foundation - C:\Program Files\Apache Software Foundation\Tomcat 6.0\bin\tomcat6.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: ISS Buffer Overflow Exploit Prevention (VPatch) - Internet Security Systems, Inc. - C:\Program Files\ISS\Proventia Desktop\vpatch.exe

--
End of file - 13800 bytes
         
Lg, Priesta

Alt 27.12.2009, 18:54   #2
Priestaftw
 
Malware Trojaner ? - Standard

Malware Trojaner ?



Hier der Avenger report. Hoffe ich bekomme Hilfe. :/
Code:
ATTFilter
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform:  Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

Hidden driver "H8SRTd.sys" found!
ImagePath:  \systemroot\system32\drivers\H8SRTcpkpymebta.sys 
Start Type:  4 (Disabled)

Rootkit scan completed.


Error:  file "C:\WINDOWS\system32\drivers\H8SRTttpnbaklii.sys" not found!
Deletion of file "C:\WINDOWS\system32\drivers\H8SRTttpnbaklii.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  could not open file "C:\Dokumente und Einstellungen\Pc\Lokale Einstellungen\Temp\H8SRT5263.tmp"
Deletion of file "C:\Dokumente und Einstellungen\Pc\Lokale Einstellungen\Temp\H8SRT5263.tmp" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
  --> bad path / the parent directory does not exist


Error:  file "C:\WINDOWS\system32\H8SRTmrdbqgkvhl.dll" not found!
Deletion of file "C:\WINDOWS\system32\H8SRTmrdbqgkvhl.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "C:\WINDOWS\system32\H8SRTujomurujot.dll" not found!
Deletion of file "C:\WINDOWS\system32\H8SRTujomurujot.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "C:\WINDOWS\system32\H8SRTytoiqhosdr.dat" not found!
Deletion of file "C:\WINDOWS\system32\H8SRTytoiqhosdr.dat" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "C:\WINDOWS\Temp\H8SRT63b8.tmp" not found!
Deletion of file "C:\WINDOWS\Temp\H8SRT63b8.tmp" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  could not open file "C:\DOKUME~1\Pc\LOKALE~1\Temp\richtx64.exe"
Deletion of file "C:\DOKUME~1\Pc\LOKALE~1\Temp\richtx64.exe" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
  --> bad path / the parent directory does not exist


Error:  could not open file "C:\Programme\Malware Defense\mdefense.exe"
Deletion of file "C:\Programme\Malware Defense\mdefense.exe" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
  --> bad path / the parent directory does not exist

Driver "H8SRTd.sys" deleted successfully.

Completed script processing.

*******************

Finished!  Terminate.
         
__________________


Alt 27.12.2009, 19:23   #3
Priestaftw
 
Malware Trojaner ? - Standard

Malware Trojaner ?



Bevor ihr fragt, Konterprogramme wie Spyhunter oder Malwarebytes Antimalware lassen sich nicht starten. Ich bin ein wenig hilflos.
__________________

Alt 27.12.2009, 19:45   #4
Argus
 
Malware Trojaner ? - Standard

Malware Trojaner ?



Download rkill.com zum Desktop
Doppelklick rkill.com und fuehre das Programm aus (kann etwas dauern)
Am Ende schliesst das schwarzes Fenster automatisch
Wenn eine Meldung kommt rkill.com sei eine Infektion,reagiere nicht darauf ,diese Warnung kommt von diesen Fake Scanner , schliesse diesen Fenter auch nicht sondern lasse rkill.com nochmal laufen .
Starte dein Rechner NICHT neu wenn rkill.com gelaufen ist sonst wird dieser Fake scanner wieder installiert

Malwarebytes' Anti-Malware
Geh zum Reiter “Update“ und Update Malwarebytes' Anti-Malware
Geh zum Reiter “Scanner“ und waehle “Vollständigen Suchlauf durchführen“

Wenn ein fehlermeldung von MBAM kommt,berichte

Edit:
Wenn am Ende infizierungen gefunden werden,anhaken und entfernen lassen

Unter Scanberichte stet das log (mbam-log-XX-XX-XXXX.txt)
Poste dessen inhalt hier ins Forum
Note:
Wenn MBAM Schwierigkeiten damit hat Daten zu entfernen wird es gemeldet und klicke OK
Danach wird gefragt den Rechner neu zu starten,lass es zu

Geändert von Argus (27.12.2009 um 20:01 Uhr)

Alt 29.12.2009, 11:31   #5
nogo
 
Malware Trojaner ? - Standard

Malware Trojaner ?



Zitat:
Zitat von Priestaftw Beitrag anzeigen
Hier der Avenger report. Hoffe ich bekomme Hilfe. :/
Code:
ATTFilter
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform:  Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

Hidden driver "H8SRTd.sys" found!
ImagePath:  \systemroot\system32\drivers\H8SRTcpkpymebta.sys 
Start Type:  4 (Disabled)

Rootkit scan completed.


Error:  file "C:\WINDOWS\system32\drivers\H8SRTttpnbaklii.sys" not found!
Deletion of file "C:\WINDOWS\system32\drivers\H8SRTttpnbaklii.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  could not open file "C:\Dokumente und Einstellungen\Pc\Lokale Einstellungen\Temp\H8SRT5263.tmp"
Deletion of file "C:\Dokumente und Einstellungen\Pc\Lokale Einstellungen\Temp\H8SRT5263.tmp" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
  --> bad path / the parent directory does not exist


Error:  file "C:\WINDOWS\system32\H8SRTmrdbqgkvhl.dll" not found!
Deletion of file "C:\WINDOWS\system32\H8SRTmrdbqgkvhl.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "C:\WINDOWS\system32\H8SRTujomurujot.dll" not found!
Deletion of file "C:\WINDOWS\system32\H8SRTujomurujot.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "C:\WINDOWS\system32\H8SRTytoiqhosdr.dat" not found!
Deletion of file "C:\WINDOWS\system32\H8SRTytoiqhosdr.dat" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "C:\WINDOWS\Temp\H8SRT63b8.tmp" not found!
Deletion of file "C:\WINDOWS\Temp\H8SRT63b8.tmp" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  could not open file "C:\DOKUME~1\Pc\LOKALE~1\Temp\richtx64.exe"
Deletion of file "C:\DOKUME~1\Pc\LOKALE~1\Temp\richtx64.exe" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
  --> bad path / the parent directory does not exist


Error:  could not open file "C:\Programme\Malware Defense\mdefense.exe"
Deletion of file "C:\Programme\Malware Defense\mdefense.exe" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
  --> bad path / the parent directory does not exist

Driver "H8SRTd.sys" deleted successfully.

Completed script processing.

*******************

Finished!  Terminate.
         
Hallo!

dein logfile enthält unter laufende prozese die "richtx64.exe" laut meiner recherche im net handelt es sich dabei um eine schadsoftware.
Dies datei befand sich bei mir im ordner TEMP und war am laufen.Ich habe im task-manager den prozess beendet und die datei gelöscht. wer bedenken hat kann sie sichern.
ferner hatte ich im hauptverzeichnis C: meiner festplatte noch folgende dateien die ich ort nicht kannte und es keine informationen im net gab.es waren r991t.exe/r2glul.exe
habe beide gesichert für alle fälle und dann gelöscht.
jetzt habe ich ruhe im karton und mein antivir wird auch nicht mehr laufend "fündig"
Mfg nogo

Mein BS:w2k sp4


Alt 29.12.2009, 18:18   #6
Priestaftw
 
Malware Trojaner ? - Standard

Malware Trojaner ?



Super Hilfe Jungs. Schon die Bennenung der zwei Übeltäterdateien hat mir unglaublich weitergeholfen. Hier der MBAM Log sowie ein neuer HijackThis Log.

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.42
Datenbank Version: 3449
Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.11

29.12.2009 19:02:22
mbam-log-2009-12-29 (19-02-22).txt

Scan-Methode: Vollständiger Scan (C:\|)
Durchsuchte Objekte: 349142
Laufzeit: 2 hour(s), 13 minute(s), 35 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 2
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 10

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Malware Defense (Rogue.MalwareDefense) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\H8SRT (Rootkit.TDSS) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\richtx64.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Documents and Settings\skurpiers\Local Settings\Temp\richtx64.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\skurpiers\Local Settings\Temp\wscsvc32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\skurpiers\Local Settings\Temporary Internet Files\Content.IE5\MWFS7WK0\eH96b99382V03006f35002Ra5a024c7102Tdd8f628cQ000002fa901801F0016000aJ10000601l0007318U391c0c450[1] (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\H8SRTkeeyaagrit.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\H8SRTkkjapwvqds.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\H8SRTmukvqyaorx.sys (Malware.Packer) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\krl32mainweq.dll (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Documents and Settings\skurpiers\Application Data\Microsoft\Internet Explorer\Quick Launch\Malware Defense.lnk (Rogue.MalwareDefense) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\H8SRTowupjofdft.dat (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\skurpiers\Local Settings\Temp\H8SRT82a4.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
         
HiJack:

Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:16:22, on 29.12.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\ISS\Proventia Desktop\blackd.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\program files\cscmarimba\tuner\Tuner.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Option\GlobeTrotter Connect\GtDetectSc.exe
C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Prot_srv.exe
C:\WINDOWS\system32\pstartSr.exe
C:\Program Files\ISS\Proventia Desktop\RapApp.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
c:\sysmgt\sdprimer.exe
C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe
C:\Program Files\SupportSoft_AMER_CSCi\bin\sprtsvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\SupportSoft_AMER_CSCi\bin\tgsrvc.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\ISS\Proventia Desktop\vpatch.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\program files\cscmarimba\tuner\.marimba\cscmarimba\ch.3\data\sum.exe
C:\Program Files\Pointsec\Pointsec Media Encryption\Program\pmepol.exe
C:\Program Files\Pointsec\Pointsec Media Encryption\Program\pmelp.exe
C:\Program Files\Pointsec\Pointsec Media Encryption\Program\pmelog.exe
C:\Program Files\Pointsec\Pointsec Media Encryption\Program\pmefsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\SupportSoft_AMER_CSCi\bin\sprtcmd.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Pointsec\Pointsec for PC\P95Tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\ISS\Proventia Desktop\blackice.exe
C:\SKurpiers\Feuerfuchs\Feuerfuchs.exe
C:\program files\cscmarimba\tuner\lib\minituner.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://portal.csc.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://portal.csc.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.10.10:80
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [SupportSoft_AMER_CSCi] "C:\Program Files\SupportSoft_AMER_CSCi\bin\sprtcmd.exe" /P SupportSoft_AMER_CSCi
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Pointsec Tray] C:\Program Files\Pointsec\Pointsec for PC\P95Tray.exe
O4 - HKLM\..\Run: [ApacheTomcatMonitor] "C:\Program Files\Apache Software Foundation\Tomcat 6.0\bin\tomcat6w.exe" //MS//Tomcat6
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EA Core] "C:\SKurpiers\Pause\EADM\Core.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: MagicDisc.lnk = C:\SKurpiers\Programme\MagicDisc\Programme\MagicDisc.exe
O4 - Startup: SDK Tray Menu.lnk = ?
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Proventia Desktop Agent.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {E59EB121-F339-4851-A3BA-FE49C35617C2} - ICQ.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {E59EB121-F339-4851-A3BA-FE49C35617C2} - ICQ.exe (file missing)
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://emea-ml11.emea.csc.com/iNotes6W.cab
O16 - DPF: {8F0DF9DB-AA5A-4ED0-9176-1C4A9C762C59} (JNILoader Control) - https://emea-st03.emea.csc.com/sametime/stmeetingroomclient/STJNILoader.cab
O16 - DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} (Domino Web Access 8 Control) - https://emea-ml11.emea.csc.com/dwa8W.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = EMEA.GLOBALCSC.NET
O17 - HKLM\Software\..\Telephony: DomainName = EMEA.GLOBALCSC.NET
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = EMEA.GLOBALCSC.NET
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O20 - Winlogon Notify: Pointsec Media Encryption - C:\WINDOWS\SYSTEM32\pmewnp.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo  - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo  - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\ISS\Proventia Desktop\blackd.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: cscmarimba - BMC Software, Inc. - C:\program files\cscmarimba\tuner\Tuner.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Contivity VPN Service (ExtranetAccess) - Nortel Networks NA, Inc. - C:\Program Files\CSC VPN Client\Extranet_serv.exe
O23 - Service: GtDetectSc - OptionNV - C:\Program Files\Option\GlobeTrotter Connect\GtDetectSc.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPassConnectEngine - iPass, Inc. - C:\Program Files\iPass\iPassConnect\iPassConnectEngine.exe
O23 - Service: iPassPeriodicUpdateApp - iPass, Inc. - C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe
O23 - Service: iPassPeriodicUpdateService - iPass, Inc. - C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: Pointsec - Unknown owner - C:\WINDOWS\system32\Prot_srv.exe
O23 - Service: Pointsec Media Encryption Logging Service - Pointsec Mobile Technologies AB - C:\Program Files\Pointsec\Pointsec Media Encryption\Program\pmelog.exe
O23 - Service: Pointsec Media Encryption Policy Service - Pointsec Mobile Technologies AB - C:\Program Files\Pointsec\Pointsec Media Encryption\Program\pmepol.exe
O23 - Service: Pointsec Media Encryption Service - Pointsec Mobile Technologies AB - C:\Program Files\Pointsec\Pointsec Media Encryption\Program\pmefsvc.exe
O23 - Service: Pointsec Service Start (Pointsec_start) - Unknown owner - C:\WINDOWS\system32\pstartSr.exe
O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\ISS\Proventia Desktop\RapApp.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SD Primer Agent (SDPrimer) - Computer Associates - c:\sysmgt\sdprimer.exe
O23 - Service: SupportSoft Listener Service (sprtlisten) - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe
O23 - Service: SupportSoft Sprocket Service (supportsoft_amer_csci) (sprtsvc_supportsoft_amer_csci) - SupportSoft, Inc. - C:\Program Files\SupportSoft_AMER_CSCi\bin\sprtsvc.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe
O23 - Service: SupportSoft Repair Service (supportsoft_amer_csci) (tgsrvc_supportsoft_amer_csci) - SupportSoft, Inc. - C:\Program Files\SupportSoft_AMER_CSCi\bin\tgsrvc.exe
O23 - Service: Apache Tomcat 6 (Tomcat6) - Apache Software Foundation - C:\Program Files\Apache Software Foundation\Tomcat 6.0\bin\tomcat6.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: ISS Buffer Overflow Exploit Prevention (VPatch) - Internet Security Systems, Inc. - C:\Program Files\ISS\Proventia Desktop\vpatch.exe

--
End of file - 13523 bytes
         
An sich scheint alles in Ordnung, nur die Windowsupdates stehen konstant bei 0%. Er scheint nichts zu laden :/ Was tun?

Lg, Priestaftw

Alt 29.12.2009, 22:56   #7
Argus
 
Malware Trojaner ? - Standard

Malware Trojaner ?



ComboFix © (by sUBs)
Download ComboFix © by sUBs und speichert es auf den Desktop!

Note:Wenn wehrend du ComboFix runterlaedst oder anwendet ein Meldung deines Virenscanner kommt oder ein anderen Realtime scanner
Schalte diese scanner dann aus und download ComboFix erneut

Es gibt scanner die bestimmte komponente die durch CF benutzt werden als verdaechtig ansehen und versucht sie zu blokkieren oder zu entfernen

Starte combofix.exe
Note:Vista
Um Combofix unter Vista(32 Bit) nutzen zu koennen muss man es als Administrator starten.
Also rechte Maustaste auf die Combofix.exe und "Als Administrator ausfuehren" waehlen.

Folge den Instruktionen in das Fenster
Wenn ComboFix schon vorher benutzt worden ist kann es sein das du eine Meldung bekommst das es ein Update gibt
Erlaube diesen Update und klicke OK im "NirCmd“ fenster klicke nach ablauf auf "ja“um den Scan zu starten
Während Combofix lauft NICHT ins Fenster klicken sonst erfriert dein Rechner
Wenn das Tool fertig ist,oeffnet sich ein logfile (C:\ combofix.txt)
nun das KOMPLETTE Log mit rechtem Mausklick ab kopieren und ins Forum mit rechtem Mausklick "einfügen"
Befolge diese Anleitung

Alt 30.12.2009, 02:18   #8
Priestaftw
 
Malware Trojaner ? - Standard

Malware Trojaner ?



ComboFix Log folgt.

Hier der Log meines McAffee Scans:

Code:
ATTFilter
04.11.2009	01:39:30	Engine version =5301.4018
04.11.2009	01:39:30	AntiVirus   DAT version =5790.0000
04.11.2009	01:39:30	Number of detection signatures in EXTRA.DAT =None
04.11.2009	01:39:30	Names of detection signatures in EXTRA.DAT  =None
04.11.2009	01:39:24	Scan Started	SKURPIERS-1\skurpiers	On-Demand Scan
04.11.2009	01:40:36	Scan Summary	SKURPIERS-1\skurpiers	Scan Summary
04.11.2009	01:40:36	Scan Summary	SKURPIERS-1\skurpiers	Processes scanned    : 67
04.11.2009	01:40:36	Scan Summary	SKURPIERS-1\skurpiers	Processes detected   : 0
04.11.2009	01:40:36	Scan Summary	SKURPIERS-1\skurpiers	Processes cleaned    : 0
04.11.2009	01:40:36	Scan Summary	SKURPIERS-1\skurpiers	Boot sectors scanned : 0
04.11.2009	01:40:36	Scan Summary	SKURPIERS-1\skurpiers	Boot sectors detected: 0
04.11.2009	01:40:36	Scan Summary	SKURPIERS-1\skurpiers	Boot sectors cleaned : 0
04.11.2009	01:40:36	Scan Summary	SKURPIERS-1\skurpiers	Files scanned        : 0
04.11.2009	01:40:36	Scan Summary	SKURPIERS-1\skurpiers	Files with detections: 0
04.11.2009	01:40:36	Scan Summary	SKURPIERS-1\skurpiers	File detections      : 0
04.11.2009	01:40:36	Scan Summary	SKURPIERS-1\skurpiers	Files cleaned        : 0
04.11.2009	01:40:36	Scan Summary	SKURPIERS-1\skurpiers	Files deleted        : 0
04.11.2009	01:40:36	Scan Summary	SKURPIERS-1\skurpiers	Files not scanned    : 0
04.11.2009	01:40:36	Scan Summary	SKURPIERS-1\skurpiers	Scan Summary (Registry Scanning)
04.11.2009	01:40:36	Scan Summary	SKURPIERS-1\skurpiers	Keys scanned         : 0
04.11.2009	01:40:36	Scan Summary	SKURPIERS-1\skurpiers	Keys detected        : 0
04.11.2009	01:40:36	Scan Summary	SKURPIERS-1\skurpiers	Keys cleaned         : 0
04.11.2009	01:40:36	Scan Summary	SKURPIERS-1\skurpiers	Keys deleted         : 0
04.11.2009	01:40:36	Scan Summary	SKURPIERS-1\skurpiers	Scan Summary (Cookie Scanning)
04.11.2009	01:40:36	Scan Summary	SKURPIERS-1\skurpiers	Cookies scanned      : 0
04.11.2009	01:40:36	Scan Summary	SKURPIERS-1\skurpiers	Cookies detected     : 0
04.11.2009	01:40:36	Scan Summary	SKURPIERS-1\skurpiers	Cookies cleaned      : 0
04.11.2009	01:40:36	Scan Summary	SKURPIERS-1\skurpiers	Cookies deleted      : 0
04.11.2009	01:40:36	Scan Summary	SKURPIERS-1\skurpiers	Run time             : 0:01:12
04.11.2009	01:40:36	Scan Terminated	SKURPIERS-1\skurpiers	On-Demand Scan

08.11.2009	18:03:46	Engine version =5301.4018
08.11.2009	18:03:46	AntiVirus   DAT version =5795.0000
08.11.2009	18:03:46	Number of detection signatures in EXTRA.DAT =None
08.11.2009	18:03:46	Names of detection signatures in EXTRA.DAT  =None
08.11.2009	18:03:36	Scan Started	SKURPIERS-1\skurpiers	On-Demand Scan
08.11.2009	18:05:34	Deleted 	skurpiers	c:\documents and settings\skurpiers\cookies\skurpiers@2o7[1].txt\00000000.ie	Cookie-2O7(Potentially Unwanted Program)
08.11.2009	18:05:35	Deleted 	skurpiers	c:\documents and settings\skurpiers\cookies\skurpiers@ad.yieldmanager[1].txt\00000000.ie	Cookie-Yieldmanager(Potentially Unwanted Program)
08.11.2009	18:05:35	Deleted 	skurpiers	c:\documents and settings\skurpiers\cookies\skurpiers@ad.yieldmanager[1].txt\00000000.ie	Cookie-Yieldmanager(Potentially Unwanted Program)
08.11.2009	18:05:35	Deleted 	skurpiers	c:\documents and settings\skurpiers\cookies\skurpiers@ad.yieldmanager[1].txt\00000000.ie	Cookie-Yieldmanager(Potentially Unwanted Program)
08.11.2009	18:05:35	Deleted 	skurpiers	c:\documents and settings\skurpiers\cookies\skurpiers@ad.yieldmanager[1].txt\00000000.ie	Cookie-Yieldmanager(Potentially Unwanted Program)
08.11.2009	18:05:35	Deleted 	skurpiers	c:\documents and settings\skurpiers\cookies\skurpiers@ad.yieldmanager[1].txt\00000000.ie	Cookie-Yieldmanager(Potentially Unwanted Program)
08.11.2009	18:05:35	Deleted 	skurpiers	c:\documents and settings\skurpiers\cookies\skurpiers@ad.yieldmanager[1].txt\00000000.ie	Cookie-Yieldmanager(Potentially Unwanted Program)
08.11.2009	18:05:36	Deleted 	skurpiers	c:\documents and settings\skurpiers\cookies\skurpiers@adtech[1].txt\00000000.ie	Cookie-Adtech(Potentially Unwanted Program)
08.11.2009	18:05:36	Deleted 	skurpiers	c:\documents and settings\skurpiers\cookies\skurpiers@advertising[2].txt\00000000.ie	Cookie-Advertising(Potentially Unwanted Program)
08.11.2009	18:05:36	Deleted 	skurpiers	c:\documents and settings\skurpiers\cookies\skurpiers@advertising[2].txt\00000000.ie	Cookie-Advertising(Potentially Unwanted Program)
08.11.2009	18:05:36	Deleted 	skurpiers	c:\documents and settings\skurpiers\cookies\skurpiers@advertising[2].txt\00000000.ie	Cookie-Advertising(Potentially Unwanted Program)
08.11.2009	18:05:36	Deleted 	skurpiers	c:\documents and settings\skurpiers\cookies\skurpiers@advertising[2].txt\00000000.ie	Cookie-Advertising(Potentially Unwanted Program)
08.11.2009	18:05:36	Deleted 	skurpiers	c:\documents and settings\skurpiers\cookies\skurpiers@advertising[2].txt\00000000.ie	Cookie-Advertising(Potentially Unwanted Program)
08.11.2009	18:05:36	Deleted 	skurpiers	c:\documents and settings\skurpiers\cookies\skurpiers@advertising[2].txt\00000000.ie	Cookie-Advertising(Potentially Unwanted Program)
08.11.2009	18:05:37	Deleted 	skurpiers	c:\documents and settings\skurpiers\cookies\skurpiers@arcor.122.2o7[1].txt\00000000.ie	Cookie-2O7(Potentially Unwanted Program)
08.11.2009	18:05:37	Deleted 	skurpiers	c:\documents and settings\skurpiers\cookies\skurpiers@at.atwola[2].txt\00000000.ie	Cookie-Atwola(Potentially Unwanted Program)
08.11.2009	18:05:37	Deleted 	skurpiers	c:\documents and settings\skurpiers\cookies\skurpiers@at.atwola[2].txt\00000000.ie	Cookie-Atwola(Potentially Unwanted Program)
08.11.2009	18:05:37	Deleted 	skurpiers	c:\documents and settings\skurpiers\cookies\skurpiers@atdmt[2].txt\00000000.ie	Cookie-Atdmt(Potentially Unwanted Program)
08.11.2009	18:05:37	Deleted 	skurpiers	c:\documents and settings\skurpiers\cookies\skurpiers@atdmt[2].txt\00000000.ie	Cookie-Atdmt(Potentially Unwanted Program)
08.11.2009	18:05:37	Deleted 	skurpiers	c:\documents and settings\skurpiers\cookies\skurpiers@atwola[2].txt\00000000.ie	Cookie-Atwola(Potentially Unwanted Program)
08.11.2009	18:05:37	Deleted 	skurpiers	c:\documents and settings\skurpiers\cookies\skurpiers@bluestreak[1].txt\00000000.ie	Cookie-Bluestreak(Potentially Unwanted Program)
08.11.2009	18:05:37	Deleted 	skurpiers	c:\documents and settings\skurpiers\cookies\skurpiers@bs.serving-sys[2].txt\00000000.ie	Cookie-Eyeblaster(Potentially Unwanted Program)
08.11.2009	18:05:37	Deleted 	skurpiers	c:\documents and settings\skurpiers\cookies\skurpiers@casalemedia[2].txt\00000000.ie	Cookie-Casalemedia(Potentially Unwanted Program)
08.11.2009	18:05:37	Deleted 	skurpiers	c:\documents and settings\skurpiers\cookies\skurpiers@casalemedia[2].txt\00000000.ie	Cookie-Casalemedia(Potentially Unwanted Program)
08.11.2009	18:05:37	Deleted 	skurpiers	c:\documents and settings\skurpiers\cookies\skurpiers@casalemedia[2].txt\00000000.ie	Cookie-Casalemedia(Potentially Unwanted Program)
08.11.2009	18:05:37	Deleted 	skurpiers	c:\documents and settings\skurpiers\cookies\skurpiers@casalemedia[2].txt\00000000.ie	Cookie-Casalemedia(Potentially Unwanted Program)
08.11.2009	18:05:37	Deleted 	skurpiers	c:\documents and settings\skurpiers\cookies\skurpiers@casalemedia[2].txt\00000000.ie	Cookie-Casalemedia(Potentially Unwanted Program)
08.11.2009	18:05:37	Deleted 	skurpiers	c:\documents and settings\skurpiers\cookies\skurpiers@casalemedia[2].txt\00000000.ie	Cookie-Casalemedia(Potentially Unwanted Program)
08.11.2009	18:05:37	Deleted 	skurpiers	c:\documents and settings\skurpiers\cookies\skurpiers@casalemedia[2].txt\00000000.ie	Cookie-Casalemedia(Potentially Unwanted Program)
08.11.2009	18:05:37	Deleted 	skurpiers	c:\documents and settings\skurpiers\cookies\skurpiers@casalemedia[2].txt\00000000.ie	Cookie-Casalemedia(Potentially Unwanted Program)
08.11.2009	18:05:37	Deleted 	skurpiers	c:\documents and settings\skurpiers\cookies\skurpiers@casalemedia[2].txt\00000000.ie	Cookie-Casalemedia(Potentially Unwanted Program)
08.11.2009	18:05:38	Deleted 	skurpiers	c:\documents and settings\skurpiers\cookies\skurpiers@casalemedia[2].txt\00000000.ie	Cookie-Casalemedia(Potentially Unwanted Program)
08.11.2009	18:05:38	Deleted 	skurpiers	c:\documents and settings\skurpiers\cookies\skurpiers@cdn.at.atwola[1].txt\00000000.ie	Cookie-Atwola(Potentially Unwanted Program)
08.11.2009	18:05:38	Deleted 	skurpiers	c:\documents and settings\skurpiers\cookies\skurpiers@doubleclick[1].txt\00000000.ie	Cookie-Doubleclick(Potentially Unwanted Program)
08.11.2009	18:05:38	Deleted 	skurpiers	c:\documents and settings\skurpiers\cookies\skurpiers@ehg-twi.hitbox[1].txt\00000000.ie	Cookie-Hitbox(Potentially Unwanted Program)
08.11.2009	18:05:38	Deleted 	skurpiers	c:\documents and settings\skurpiers\cookies\skurpiers@fastclick[1].txt\00000000.ie	Cookie-Fastclick(Potentially Unwanted Program)
08.11.2009	18:05:38	Deleted 	skurpiers	c:\documents and settings\skurpiers\cookies\skurpiers@fastclick[1].txt\00000000.ie	Cookie-Fastclick(Potentially Unwanted Program)
08.11.2009	18:05:39	Deleted 	skurpiers	c:\documents and settings\skurpiers\cookies\skurpiers@hasenet.122.2o7[1].txt\00000000.ie	Cookie-2O7(Potentially Unwanted Program)
08.11.2009	18:05:39	Deleted 	skurpiers	c:\documents and settings\skurpiers\cookies\skurpiers@hit.gemius[2].txt\00000000.ie	Cookie-Gemius(Potentially Unwanted Program)
08.11.2009	18:05:39	Deleted 	skurpiers	c:\documents and settings\skurpiers\cookies\skurpiers@hit.gemius[2].txt\00000000.ie	Cookie-Gemius(Potentially Unwanted Program)
08.11.2009	18:05:39	Deleted 	skurpiers	c:\documents and settings\skurpiers\cookies\skurpiers@hitbox[2].txt\00000000.ie	Cookie-Hitbox(Potentially Unwanted Program)
08.11.2009	18:05:39	Deleted 	skurpiers	c:\documents and settings\skurpiers\cookies\skurpiers@hitbox[2].txt\00000000.ie	Cookie-Hitbox(Potentially Unwanted Program)
08.11.2009	18:05:40	Deleted 	skurpiers	c:\documents and settings\skurpiers\cookies\skurpiers@imgw.adbureau[2].txt\00000000.ie	Cookie-AdBureau(Potentially Unwanted Program)
08.11.2009	18:05:40	Deleted 	skurpiers	c:\documents and settings\skurpiers\cookies\skurpiers@imgw.adbureau[2].txt\00000000.ie	Cookie-AdBureau(Potentially Unwanted Program)
08.11.2009	18:05:40	Deleted 	skurpiers	c:\documents and settings\skurpiers\cookies\skurpiers@imgw.adbureau[2].txt\00000000.ie	Cookie-AdBureau(Potentially Unwanted Program)
08.11.2009	18:05:40	Deleted 	skurpiers	c:\documents and settings\skurpiers\cookies\skurpiers@imgw.adbureau[2].txt\00000000.ie	Cookie-AdBureau(Potentially Unwanted Program)
08.11.2009	18:05:40	Deleted 	skurpiers	c:\documents and settings\skurpiers\cookies\skurpiers@imgw.adbureau[2].txt\00000000.ie	Cookie-AdBureau(Potentially Unwanted Program)
08.11.2009	18:05:40	Deleted 	skurpiers	c:\documents and settings\skurpiers\cookies\skurpiers@mediaplex[2].txt\00000000.ie	Cookie-Mediaplex(Potentially Unwanted Program)
08.11.2009	18:05:40	Deleted 	skurpiers	c:\documents and settings\skurpiers\cookies\skurpiers@mediaplex[2].txt\00000000.ie	Cookie-Mediaplex(Potentially Unwanted Program)
08.11.2009	18:05:40	Deleted 	skurpiers	c:\documents and settings\skurpiers\cookies\skurpiers@msnportal.112.2o7[1].txt\00000000.ie	Cookie-2O7(Potentially Unwanted Program)
08.11.2009	18:05:41	Deleted 	skurpiers	c:\documents and settings\skurpiers\cookies\skurpiers@questionmarket[2].txt\00000000.ie	Cookie-Questionmarke(Potentially Unwanted Program)
08.11.2009	18:05:41	Deleted 	skurpiers	c:\documents and settings\skurpiers\cookies\skurpiers@questionmarket[2].txt\00000000.ie	Cookie-Questionmarke(Potentially Unwanted Program)
08.11.2009	18:05:41	Deleted 	skurpiers	c:\documents and settings\skurpiers\cookies\skurpiers@roiservice[1].txt\00000000.ie	Cookie-Roiservice(Potentially Unwanted Program)
08.11.2009	18:05:41	Deleted 	skurpiers	c:\documents and settings\skurpiers\cookies\skurpiers@serving-sys[2].txt\00000000.ie	Cookie-Eyeblaster(Potentially Unwanted Program)
08.11.2009	18:05:41	Deleted 	skurpiers	c:\documents and settings\skurpiers\cookies\skurpiers@serving-sys[2].txt\00000000.ie	Cookie-Eyeblaster(Potentially Unwanted Program)
08.11.2009	18:05:41	Deleted 	skurpiers	c:\documents and settings\skurpiers\cookies\skurpiers@serving-sys[2].txt\00000000.ie	Cookie-Eyeblaster(Potentially Unwanted Program)
08.11.2009	18:05:41	Deleted 	skurpiers	c:\documents and settings\skurpiers\cookies\skurpiers@serving-sys[2].txt\00000000.ie	Cookie-Eyeblaster(Potentially Unwanted Program)
08.11.2009	18:05:42	Deleted 	skurpiers	c:\documents and settings\skurpiers\cookies\skurpiers@serving-sys[2].txt\00000000.ie	Cookie-Eyeblaster(Potentially Unwanted Program)
08.11.2009	18:05:42	Deleted 	skurpiers	c:\documents and settings\skurpiers\cookies\skurpiers@serving-sys[2].txt\00000000.ie	Cookie-Eyeblaster(Potentially Unwanted Program)
08.11.2009	18:05:42	Deleted 	skurpiers	c:\documents and settings\skurpiers\cookies\skurpiers@sevenoneintermedia.112.2o7[1].txt\00000000.ie	Cookie-2O7(Potentially Unwanted Program)
08.11.2009	18:05:42	Deleted 	skurpiers	c:\documents and settings\skurpiers\cookies\skurpiers@smartadserver[2].txt\00000000.ie	Cookie-Adserver(Potentially Unwanted Program)
08.11.2009	18:05:42	Deleted 	skurpiers	c:\documents and settings\skurpiers\cookies\skurpiers@smartadserver[2].txt\00000000.ie	Cookie-Adserver(Potentially Unwanted Program)
08.11.2009	18:05:42	Deleted 	skurpiers	c:\documents and settings\skurpiers\cookies\skurpiers@smartadserver[2].txt\00000000.ie	Cookie-Adserver(Potentially Unwanted Program)
08.11.2009	18:05:42	Deleted 	skurpiers	c:\documents and settings\skurpiers\cookies\skurpiers@smartadserver[2].txt\00000000.ie	Cookie-Adserver(Potentially Unwanted Program)
08.11.2009	18:05:42	Deleted 	skurpiers	c:\documents and settings\skurpiers\cookies\skurpiers@specificclick[2].txt\00000000.ie	Cookie-SpecClick(Potentially Unwanted Program)
08.11.2009	18:05:42	Deleted 	skurpiers	c:\documents and settings\skurpiers\cookies\skurpiers@specificclick[2].txt\00000000.ie	Cookie-SpecClick(Potentially Unwanted Program)
08.11.2009	18:05:42	Deleted 	skurpiers	c:\documents and settings\skurpiers\cookies\skurpiers@specificclick[2].txt\00000000.ie	Cookie-SpecClick(Potentially Unwanted Program)
08.11.2009	18:05:42	Deleted 	skurpiers	c:\documents and settings\skurpiers\cookies\skurpiers@specificclick[2].txt\00000000.ie	Cookie-SpecClick(Potentially Unwanted Program)
08.11.2009	18:05:42	Deleted 	skurpiers	c:\documents and settings\skurpiers\cookies\skurpiers@specificclick[2].txt\00000000.ie	Cookie-SpecClick(Potentially Unwanted Program)
08.11.2009	18:05:42	Deleted 	skurpiers	c:\documents and settings\skurpiers\cookies\skurpiers@tradedoubler[1].txt\00000000.ie	Cookie-Tradedoubler(Potentially Unwanted Program)
08.11.2009	18:05:43	Deleted 	skurpiers	c:\documents and settings\skurpiers\cookies\skurpiers@tradedoubler[1].txt\00000000.ie	Cookie-Tradedoubler(Potentially Unwanted Program)
08.11.2009	18:05:43	Deleted 	skurpiers	c:\documents and settings\skurpiers\cookies\skurpiers@tradedoubler[1].txt\00000000.ie	Cookie-Tradedoubler(Potentially Unwanted Program)
08.11.2009	18:05:43	Deleted 	skurpiers	c:\documents and settings\skurpiers\cookies\skurpiers@tradedoubler[1].txt\00000000.ie	Cookie-Tradedoubler(Potentially Unwanted Program)
08.11.2009	18:05:43	Deleted 	skurpiers	c:\documents and settings\skurpiers\cookies\skurpiers@tradedoubler[1].txt\00000000.ie	Cookie-Tradedoubler(Potentially Unwanted Program)
08.11.2009	18:05:43	Deleted 	skurpiers	c:\documents and settings\skurpiers\cookies\skurpiers@tradedoubler[1].txt\00000000.ie	Cookie-Tradedoubler(Potentially Unwanted Program)
08.11.2009	18:05:43	Deleted 	skurpiers	c:\documents and settings\skurpiers\cookies\skurpiers@trafficmp[1].txt\00000000.ie	Cookie-Trafficmp(Potentially Unwanted Program)
08.11.2009	18:05:43	Deleted 	skurpiers	c:\documents and settings\skurpiers\cookies\skurpiers@trafficmp[1].txt\00000000.ie	Cookie-Trafficmp(Potentially Unwanted Program)
08.11.2009	18:05:43	Deleted 	skurpiers	c:\documents and settings\skurpiers\cookies\skurpiers@trafficmp[1].txt\00000000.ie	Cookie-Trafficmp(Potentially Unwanted Program)
08.11.2009	18:05:43	Deleted 	skurpiers	c:\documents and settings\skurpiers\cookies\skurpiers@trafficmp[1].txt\00000000.ie	Cookie-Trafficmp(Potentially Unwanted Program)
08.11.2009	18:05:43	Deleted 	skurpiers	c:\documents and settings\skurpiers\cookies\skurpiers@trafficmp[1].txt\00000000.ie	Cookie-Trafficmp(Potentially Unwanted Program)
08.11.2009	18:05:43	Deleted 	skurpiers	c:\documents and settings\skurpiers\cookies\skurpiers@videoegg.adbureau[1].txt\00000000.ie	Cookie-AdBureau(Potentially Unwanted Program)
08.11.2009	18:05:43	Deleted 	skurpiers	c:\documents and settings\skurpiers\cookies\skurpiers@ww251.smartadserver[1].txt\00000000.ie	Cookie-Adserver(Potentially Unwanted Program)
08.11.2009	18:05:46	Deleted 	skurpiers	c:\documents and settings\administrator\cookies\administrator@advertising[2].txt\00000000.ie	Cookie-Advertising(Potentially Unwanted Program)
08.11.2009	18:05:46	Deleted 	skurpiers	c:\documents and settings\administrator\cookies\administrator@advertising[2].txt\00000000.ie	Cookie-Advertising(Potentially Unwanted Program)
08.11.2009	18:05:47	Deleted 	skurpiers	c:\documents and settings\administrator\cookies\administrator@at.atwola[2].txt\00000000.ie	Cookie-Atwola(Potentially Unwanted Program)
08.11.2009	18:05:47	Deleted 	skurpiers	c:\documents and settings\administrator\cookies\administrator@at.atwola[2].txt\00000000.ie	Cookie-Atwola(Potentially Unwanted Program)
08.11.2009	18:05:47	Deleted 	skurpiers	c:\documents and settings\administrator\cookies\administrator@atwola[1].txt\00000000.ie	Cookie-Atwola(Potentially Unwanted Program)
08.11.2009	18:05:47	Deleted 	skurpiers	c:\documents and settings\administrator\cookies\administrator@doubleclick[1].txt\00000000.ie	Cookie-Doubleclick(Potentially Unwanted Program)
08.11.2009	18:05:47	Deleted 	skurpiers	c:\documents and settings\administrator\cookies\administrator@mediaplex[2].txt\00000000.ie	Cookie-Mediaplex(Potentially Unwanted Program)
08.11.2009	18:05:47	Deleted 	skurpiers	c:\documents and settings\administrator\cookies\administrator@mediaplex[2].txt\00000000.ie	Cookie-Mediaplex(Potentially Unwanted Program)
08.11.2009	20:20:52	Scan Summary	SKURPIERS-1\skurpiers	Scan Summary
08.11.2009	20:20:52	Scan Summary	SKURPIERS-1\skurpiers	Processes scanned    : 100
08.11.2009	20:20:52	Scan Summary	SKURPIERS-1\skurpiers	Processes detected   : 0
08.11.2009	20:20:52	Scan Summary	SKURPIERS-1\skurpiers	Processes cleaned    : 0
08.11.2009	20:20:52	Scan Summary	SKURPIERS-1\skurpiers	Boot sectors scanned : 1
08.11.2009	20:20:52	Scan Summary	SKURPIERS-1\skurpiers	Boot sectors detected: 0
08.11.2009	20:20:52	Scan Summary	SKURPIERS-1\skurpiers	Boot sectors cleaned : 0
08.11.2009	20:20:52	Scan Summary	SKURPIERS-1\skurpiers	Files scanned        : 178047
08.11.2009	20:20:52	Scan Summary	SKURPIERS-1\skurpiers	Files with detections: 0
08.11.2009	20:20:52	Scan Summary	SKURPIERS-1\skurpiers	File detections      : 0
08.11.2009	20:20:52	Scan Summary	SKURPIERS-1\skurpiers	Files cleaned        : 0
08.11.2009	20:20:52	Scan Summary	SKURPIERS-1\skurpiers	Files deleted        : 0
08.11.2009	20:20:52	Scan Summary	SKURPIERS-1\skurpiers	Files not scanned    : 56
08.11.2009	20:20:52	Scan Summary	SKURPIERS-1\skurpiers	Scan Summary (Registry Scanning)
08.11.2009	20:20:52	Scan Summary	SKURPIERS-1\skurpiers	Keys scanned         : 74220
08.11.2009	20:20:52	Scan Summary	SKURPIERS-1\skurpiers	Keys detected        : 0
08.11.2009	20:20:52	Scan Summary	SKURPIERS-1\skurpiers	Keys cleaned         : 0
08.11.2009	20:20:52	Scan Summary	SKURPIERS-1\skurpiers	Keys deleted         : 0
08.11.2009	20:20:52	Scan Summary	SKURPIERS-1\skurpiers	Scan Summary (Cookie Scanning)
08.11.2009	20:20:52	Scan Summary	SKURPIERS-1\skurpiers	Cookies scanned      : 1156
08.11.2009	20:20:52	Scan Summary	SKURPIERS-1\skurpiers	Cookies detected     : 90
08.11.2009	20:20:52	Scan Summary	SKURPIERS-1\skurpiers	Cookies cleaned      : 0
08.11.2009	20:20:52	Scan Summary	SKURPIERS-1\skurpiers	Cookies deleted      : 90
08.11.2009	20:20:52	Scan Summary	SKURPIERS-1\skurpiers	Run time             : 2:17:16
08.11.2009	20:20:52	Scan Complete	SKURPIERS-1\skurpiers	On-Demand Scan

09.11.2009	03:09:18	Engine version =5301.4018
09.11.2009	03:09:18	AntiVirus   DAT version =5795.0000
09.11.2009	03:09:18	Number of detection signatures in EXTRA.DAT =None
09.11.2009	03:09:18	Names of detection signatures in EXTRA.DAT  =None
09.11.2009	03:09:11	Scan Started	SKURPIERS-1\skurpiers	On-Demand Scan
09.11.2009	03:10:32	Deleted 	skurpiers	c:\documents and settings\skurpiers\cookies\skurpiers@atwola[1].txt\00000000.ie	Cookie-Atwola(Potentially Unwanted Program)
09.11.2009	03:10:32	Deleted 	skurpiers	c:\documents and settings\skurpiers\cookies\skurpiers@doubleclick[1].txt\00000000.ie	Cookie-Doubleclick(Potentially Unwanted Program)
09.11.2009	03:10:34	Deleted 	skurpiers	c:\documents and settings\skurpiers\cookies\skurpiers@tradedoubler[2].txt\00000000.ie	Cookie-Tradedoubler(Potentially Unwanted Program)
09.11.2009	03:10:35	Deleted 	skurpiers	c:\documents and settings\skurpiers\cookies\skurpiers@tradedoubler[2].txt\00000000.ie	Cookie-Tradedoubler(Potentially Unwanted Program)
09.11.2009	03:10:35	Deleted 	skurpiers	c:\documents and settings\skurpiers\cookies\skurpiers@tradedoubler[2].txt\00000000.ie	Cookie-Tradedoubler(Potentially Unwanted Program)
09.11.2009	03:10:35	Deleted 	skurpiers	c:\documents and settings\skurpiers\cookies\skurpiers@tradedoubler[2].txt\00000000.ie	Cookie-Tradedoubler(Potentially Unwanted Program)
09.11.2009	03:10:35	Deleted 	skurpiers	c:\documents and settings\skurpiers\cookies\skurpiers@tradedoubler[2].txt\00000000.ie	Cookie-Tradedoubler(Potentially Unwanted Program)
09.11.2009	03:10:35	Deleted 	skurpiers	c:\documents and settings\skurpiers\cookies\skurpiers@tradedoubler[2].txt\00000000.ie	Cookie-Tradedoubler(Potentially Unwanted Program)
09.11.2009	05:24:00	Scan Summary	SKURPIERS-1\skurpiers	Scan Summary
09.11.2009	05:24:00	Scan Summary	SKURPIERS-1\skurpiers	Processes scanned    : 100
09.11.2009	05:24:00	Scan Summary	SKURPIERS-1\skurpiers	Processes detected   : 0
09.11.2009	05:24:00	Scan Summary	SKURPIERS-1\skurpiers	Processes cleaned    : 0
09.11.2009	05:24:00	Scan Summary	SKURPIERS-1\skurpiers	Boot sectors scanned : 1
09.11.2009	05:24:00	Scan Summary	SKURPIERS-1\skurpiers	Boot sectors detected: 0
09.11.2009	05:24:00	Scan Summary	SKURPIERS-1\skurpiers	Boot sectors cleaned : 0
09.11.2009	05:24:00	Scan Summary	SKURPIERS-1\skurpiers	Files scanned        : 178182
09.11.2009	05:24:00	Scan Summary	SKURPIERS-1\skurpiers	Files with detections: 0
09.11.2009	05:24:00	Scan Summary	SKURPIERS-1\skurpiers	File detections      : 0
09.11.2009	05:24:00	Scan Summary	SKURPIERS-1\skurpiers	Files cleaned        : 0
09.11.2009	05:24:00	Scan Summary	SKURPIERS-1\skurpiers	Files deleted        : 0
09.11.2009	05:24:00	Scan Summary	SKURPIERS-1\skurpiers	Files not scanned    : 66
09.11.2009	05:24:00	Scan Summary	SKURPIERS-1\skurpiers	Scan Summary (Registry Scanning)
09.11.2009	05:24:00	Scan Summary	SKURPIERS-1\skurpiers	Keys scanned         : 74220
09.11.2009	05:24:00	Scan Summary	SKURPIERS-1\skurpiers	Keys detected        : 0
09.11.2009	05:24:00	Scan Summary	SKURPIERS-1\skurpiers	Keys cleaned         : 0
09.11.2009	05:24:00	Scan Summary	SKURPIERS-1\skurpiers	Keys deleted         : 0
09.11.2009	05:24:00	Scan Summary	SKURPIERS-1\skurpiers	Scan Summary (Cookie Scanning)
09.11.2009	05:24:00	Scan Summary	SKURPIERS-1\skurpiers	Cookies scanned      : 992
09.11.2009	05:24:00	Scan Summary	SKURPIERS-1\skurpiers	Cookies detected     : 8
09.11.2009	05:24:00	Scan Summary	SKURPIERS-1\skurpiers	Cookies cleaned      : 0
09.11.2009	05:24:00	Scan Summary	SKURPIERS-1\skurpiers	Cookies deleted      : 8
09.11.2009	05:24:00	Scan Summary	SKURPIERS-1\skurpiers	Run time             : 2:14:49
09.11.2009	05:24:00	Scan Complete	SKURPIERS-1\skurpiers	On-Demand Scan

27.12.2009	16:04:31	Engine version =5400.1158
27.12.2009	16:04:31	AntiVirus   DAT version =5843.0000
27.12.2009	16:04:31	Number of detection signatures in EXTRA.DAT =None
27.12.2009	16:04:31	Names of detection signatures in EXTRA.DAT  =None
27.12.2009	16:04:25	Scan Started	SKURPIERS-1\skurpiers	On-Demand Scan
27.12.2009	16:04:37	Deleted 	skurpiers	NTOSKRNL-HOOK	Generic Rootkit.d!rootkit(Trojan)
27.12.2009	16:05:29	Deleted 	skurpiers	c:\documents and settings\skurpiers\cookies\skurpiers@ad.yieldmanager[2].txt\00000000.ie	Cookie-Yieldmanager(Potentially Unwanted Program)
27.12.2009	16:05:29	Deleted 	skurpiers	c:\documents and settings\skurpiers\cookies\skurpiers@ad.yieldmanager[2].txt\00000000.ie	Cookie-Yieldmanager(Potentially Unwanted Program)
27.12.2009	16:05:29	Deleted 	skurpiers	c:\documents and settings\skurpiers\cookies\skurpiers@ad.yieldmanager[2].txt\00000000.ie	Cookie-Yieldmanager(Potentially Unwanted Program)
27.12.2009	16:05:29	Deleted 	skurpiers	c:\documents and settings\skurpiers\cookies\skurpiers@ad.yieldmanager[2].txt\00000000.ie	Cookie-Yieldmanager(Potentially Unwanted Program)
27.12.2009	16:05:29	Deleted 	skurpiers	c:\documents and settings\skurpiers\cookies\skurpiers@ad.yieldmanager[2].txt\00000000.ie	Cookie-Yieldmanager(Potentially Unwanted Program)
27.12.2009	16:05:29	Deleted 	skurpiers	c:\documents and settings\skurpiers\cookies\skurpiers@advertising[1].txt\00000000.ie	Cookie-Advertising(Potentially Unwanted Program)
27.12.2009	16:05:29	Deleted 	skurpiers	c:\documents and settings\skurpiers\cookies\skurpiers@atdmt[1].txt\00000000.ie	Cookie-Atdmt(Potentially Unwanted Program)
27.12.2009	16:05:29	Deleted 	skurpiers	c:\documents and settings\skurpiers\cookies\skurpiers@atdmt[1].txt\00000000.ie	Cookie-Atdmt(Potentially Unwanted Program)
27.12.2009	16:05:30	Deleted 	skurpiers	c:\documents and settings\skurpiers\cookies\skurpiers@atwola[2].txt\00000000.ie	Cookie-Atwola(Potentially Unwanted Program)
27.12.2009	16:05:30	Deleted 	skurpiers	c:\documents and settings\skurpiers\cookies\skurpiers@doubleclick[1].txt\00000000.ie	Cookie-Doubleclick(Potentially Unwanted Program)
27.12.2009	16:05:31	Deleted 	skurpiers	c:\documents and settings\skurpiers\cookies\skurpiers@serving-sys[1].txt\00000000.ie	Cookie-Eyeblaster(Potentially Unwanted Program)
27.12.2009	16:05:32	Deleted 	skurpiers	c:\documents and settings\skurpiers\cookies\skurpiers@tradedoubler[2].txt\00000000.ie	Cookie-Tradedoubler(Potentially Unwanted Program)
27.12.2009	16:05:32	Deleted 	skurpiers	c:\documents and settings\skurpiers\cookies\skurpiers@tradedoubler[2].txt\00000000.ie	Cookie-Tradedoubler(Potentially Unwanted Program)
27.12.2009	16:05:32	Deleted 	skurpiers	c:\documents and settings\skurpiers\cookies\skurpiers@tradedoubler[2].txt\00000000.ie	Cookie-Tradedoubler(Potentially Unwanted Program)
27.12.2009	16:05:32	Deleted 	skurpiers	c:\documents and settings\skurpiers\cookies\skurpiers@tradedoubler[2].txt\00000000.ie	Cookie-Tradedoubler(Potentially Unwanted Program)
27.12.2009	16:17:02	Deleted 	skurpiers	c:\Documents and Settings\skurpiers\Local Settings\Temp\Installer.exe	DNSChanger.p(Trojan)
27.12.200927.12.2009	18:46:57	Engine version =5400.1158
27.12.2009	18:46:57	AntiVirus   DAT version =5843.0000
27.12.2009	18:46:57	Number of detection signatures in EXTRA.DAT =None
27.12.2009	18:46:57	Names of detection signatures in EXTRA.DAT  =None
27.12.2009	18:46:51	Scan Started	SKURPIERS-1\skurpiers	On-Demand Scan
27.12.2009	18:47:04	Deleted 	skurpiers	NTOSKRNL-HOOK	Generic Rootkit.d!rootkit(Trojan)
27.12.2009	18:47:21	Scan Summary	SKURPIERS-1\skurpiers	Scan Summary
27.12.2009	18:47:21	Scan Summary	SKURPIERS-1\skurpiers	Processes scanned    : 29
27.12.2009	18:47:21	Scan Summary	SKURPIERS-1\skurpiers	Processes detected   : 1
27.12.2009	18:47:21	Scan Summary	SKURPIERS-1\skurpiers	Processes cleaned    : 0
27.12.2009	18:47:21	Scan Summary	SKURPIERS-1\skurpiers	Boot sectors scanned : 0
27.12.2009	18:47:21	Scan Summary	SKURPIERS-1\skurpiers	Boot sectors detected: 0
27.12.2009	18:47:21	Scan Summary	SKURPIERS-1\skurpiers	Boot sectors cleaned : 0
27.12.2009	18:47:21	Scan Summary	SKURPIERS-1\skurpiers	Files scanned        : 0
27.12.2009	18:47:21	Scan Summary	SKURPIERS-1\skurpiers	Files with detections: 0
27.12.2009	18:47:21	Scan Summary	SKURPIERS-1\skurpiers	File detections      : 0
27.12.2009	18:47:21	Scan Summary	SKURPIERS-1\skurpiers	Files cleaned        : 0
27.12.2009	18:47:21	Scan Summary	SKURPIERS-1\skurpiers	Files deleted        : 0
27.12.2009	18:47:21	Scan Summary	SKURPIERS-1\skurpiers	Files not scanned    : 0
27.12.2009	18:47:21	Scan Summary	SKURPIERS-1\skurpiers	Scan Summary (Registry Scanning)
27.12.2009	18:47:21	Scan Summary	SKURPIERS-1\skurpiers	Keys scanned         : 0
27.12.2009	18:47:21	Scan Summary	SKURPIERS-1\skurpiers	Keys detected        : 0
27.12.2009	18:47:21	Scan Summary	SKURPIERS-1\skurpiers	Keys cleaned         : 0
27.12.2009	18:47:21	Scan Summary	SKURPIERS-1\skurpiers	Keys deleted         : 0
27.12.2009	18:47:21	Scan Summary	SKURPIERS-1\skurpiers	Scan Summary (Cookie Scanning)
27.12.2009	18:47:21	Scan Summary	SKURPIERS-1\skurpiers	Cookies scanned      : 0
27.12.2009	18:47:21	Scan Summary	SKURPIERS-1\skurpiers	Cookies detected     : 0
27.12.2009	18:47:21	Scan Summary	SKURPIERS-1\skurpiers	Cookies cleaned      : 0
27.12.2009	18:47:21	Scan Summary	SKURPIERS-1\skurpiers	Cookies deleted      : 0
27.12.2009	18:47:21	Scan Summary	SKURPIERS-1\skurpiers	Run time             : 0:00:30
27.12.2009	18:47:21	Scan Terminated	SKURPIERS-1\skurpiers	On-Demand Scan

29.12.2009	19:22:45	Engine version =5400.1158
29.12.2009	19:22:45	AntiVirus   DAT version =5844.0000
29.12.2009	19:22:45	Number of detection signatures in EXTRA.DAT =None
29.12.2009	19:22:45	Names of detection signatures in EXTRA.DAT  =None
29.12.2009	19:22:38	Scan Started	SKURPIERS-1\skurpiers	On-Demand Scan
29.12.2009	19:24:01	Deleted 	skurpiers	c:\documents and settings\skurpiers\cookies\skurpiers@atwola[1].txt\00000000.ie	Cookie-Atwola(Potentially Unwanted Program)
29.12.2009	19:24:02	Deleted 	skurpiers	c:\documents and settings\skurpiers\cookies\skurpiers@doubleclick[1].txt\00000000.ie	Cookie-Doubleclick(Potentially Unwanted Program)
29.12.2009	22:00:05	Scan Summary	SKURPIERS-1\skurpiers	Scan Summary
29.12.2009	22:00:05	Scan Summary	SKURPIERS-1\skurpiers	Processes scanned    : 97
29.12.2009	22:00:05	Scan Summary	SKURPIERS-1\skurpiers	Processes detected   : 0
29.12.2009	22:00:05	Scan Summary	SKURPIERS-1\skurpiers	Processes cleaned    : 0
29.12.2009	22:00:05	Scan Summary	SKURPIERS-1\skurpiers	Boot sectors scanned : 1
29.12.2009	22:00:05	Scan Summary	SKURPIERS-1\skurpiers	Boot sectors detected: 0
29.12.2009	22:00:05	Scan Summary	SKURPIERS-1\skurpiers	Boot sectors cleaned : 0
29.12.2009	22:00:05	Scan Summary	SKURPIERS-1\skurpiers	Files scanned        : 205059
29.12.2009	22:00:05	Scan Summary	SKURPIERS-1\skurpiers	Files with detections: 0
29.12.2009	22:00:05	Scan Summary	SKURPIERS-1\skurpiers	File detections      : 0
29.12.2009	22:00:05	Scan Summary	SKURPIERS-1\skurpiers	Files cleaned        : 0
29.12.2009	22:00:05	Scan Summary	SKURPIERS-1\skurpiers	Files deleted        : 0
29.12.2009	22:00:05	Scan Summary	SKURPIERS-1\skurpiers	Files not scanned    : 50
29.12.2009	22:00:05	Scan Summary	SKURPIERS-1\skurpiers	Scan Summary (Registry Scanning)
29.12.2009	22:00:05	Scan Summary	SKURPIERS-1\skurpiers	Keys scanned         : 76893
29.12.2009	22:00:05	Scan Summary	SKURPIERS-1\skurpiers	Keys detected        : 0
29.12.2009	22:00:05	Scan Summary	SKURPIERS-1\skurpiers	Keys cleaned         : 0
29.12.2009	22:00:05	Scan Summary	SKURPIERS-1\skurpiers	Keys deleted         : 0
29.12.2009	22:00:05	Scan Summary	SKURPIERS-1\skurpiers	Scan Summary (Cookie Scanning)
29.12.2009	22:00:05	Scan Summary	SKURPIERS-1\skurpiers	Cookies scanned      : 700
29.12.2009	22:00:05	Scan Summary	SKURPIERS-1\skurpiers	Cookies detected     : 2
29.12.2009	22:00:05	Scan Summary	SKURPIERS-1\skurpiers	Cookies cleaned      : 0
29.12.2009	22:00:05	Scan Summary	SKURPIERS-1\skurpiers	Cookies deleted      : 2
29.12.2009	22:00:05	Scan Summary	SKURPIERS-1\skurpiers	Run time             : 2:37:27
29.12.2009	22:00:05	Scan Complete	SKURPIERS-1\skurpiers	On-Demand Scan

30.12.2009	02:12:04	Engine version =5400.1158
30.12.2009	02:12:04	AntiVirus   DAT version =5846.0000
30.12.2009	02:12:04	Number of detection signatures in EXTRA.DAT =None
30.12.2009	02:12:04	Names of detection signatures in EXTRA.DAT  =None
         

Alt 30.12.2009, 04:15   #9
Priestaftw
 
Malware Trojaner ? - Standard

Malware Trojaner ?



ComboFix lässt sich bei mir nicht starten, gibt es Alternativen?

Alt 30.12.2009, 06:31   #10
Argus
 
Malware Trojaner ? - Standard

Malware Trojaner ?



Update MBAM und fuehre ein Quick-scan durch
Enferne ComboFix und lade neu benenne CF um nach zb cofi

Und versuch es in Abgesicherten Modus

Abgesicherten Modus
Für die Systembereinigung sollte man in vielen Fällen in den abgesicherten Modus von Windows wechseln. Dieser Modus ist eine Startart von Microsoft Windows, bei dem nur jene Dienste und Prozesse geladen werden, die für den minimalen Betrieb von Windows notwendig sind, also Malware gehört hier normal nicht dazu. Da sich das aber auch unter den Malwareautoren herumgesprochen hat, wird oft ein Start in das Auswahlmenü zum abgesicherten Modus blockiert. Mit msconfig kann man das aber wiederum umgehen, es birgt aber ein ziemliches Risiko, den man kann in einer Endlosschleife hängen bleiben und dann bleibt meist nur mehr format:c um den Rechner wieder verwenden zu können, die pers. Daten bleiben dabei auf der Strecke. Wie kommt man in das Auswahlmenü zu abgesicherten Modus?
Im Normalfall drückt man beim Start die Taste F8 , drückt man zu früh, kann man ins BIOS (je nach Rechner) gelangen, drückt man zu spät, ist man bei der Windows Anmeldung und man muss mit einem Neustart wieder von vorne beginnen

Alt 30.12.2009, 19:16   #11
Priestaftw
 
Malware Trojaner ? - Standard

Malware Trojaner ?



Code:
ATTFilter
Malwarebytes' Anti-Malware 1.42
Datenbank Version: 3456
Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.11

30.12.2009 20:14:42
mbam-log-2009-12-30 (20-14-42).txt

Scan-Methode: Quick-Scan
Durchsuchte Objekte: 172765
Laufzeit: 33 minute(s), 32 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         

Antwort

Themen zu Malware Trojaner ?
adobe, bho, computer, defense, desktop, excel, explorer, hijack, hijackthis, hkus\s-1-5-18, internet, internet explorer, internet security, lenovo, logfile, malware, malware defense, malware trojaner, monitor, popups, programme, registry, security, server, software, system, temp, trojaner, trojaner ?, virus, windows, windows xp



Ähnliche Themen: Malware Trojaner ?


  1. malware und trojaner
    Plagegeister aller Art und deren Bekämpfung - 28.10.2015 (11)
  2. V9 Trojaner u. Malware auf dem PC
    Log-Analyse und Auswertung - 16.09.2015 (7)
  3. Trojaner und Malware auf meinem Laptop! Malwarebytes Anti-Malware hat 733 aufgespuert
    Plagegeister aller Art und deren Bekämpfung - 12.12.2013 (19)
  4. BKA-Trojaner und Malware
    Log-Analyse und Auswertung - 29.03.2013 (9)
  5. email link Malware Funde Heur.PE@4294967295, Malware@#nwdk01o66rpro, Malware@#2x6qrvr63cjrw
    Plagegeister aller Art und deren Bekämpfung - 29.10.2012 (10)
  6. Trojaner und Malware
    Plagegeister aller Art und deren Bekämpfung - 17.08.2012 (1)
  7. Malware Trojaner auf PC
    Plagegeister aller Art und deren Bekämpfung - 03.03.2012 (16)
  8. Log-Analyse nach Trojaner/Malware befall (Malware.Trace / Trojan.BHO)
    Log-Analyse und Auswertung - 26.09.2011 (16)
  9. Trojaner + Malware was tun?!
    Log-Analyse und Auswertung - 11.08.2011 (4)
  10. VLCsetup.exe Malware Trojaner? Malware Dropper!!
    Plagegeister aller Art und deren Bekämpfung - 02.01.2011 (2)
  11. Malware, Trojaner?
    Log-Analyse und Auswertung - 31.08.2010 (20)
  12. Trojaner/Malware?
    Plagegeister aller Art und deren Bekämpfung - 29.12.2009 (1)
  13. Zig Trojaner und Malware
    Plagegeister aller Art und deren Bekämpfung - 30.08.2009 (31)
  14. Trojaner+Malware P2P
    Log-Analyse und Auswertung - 28.10.2008 (1)
  15. HELP...Trojaner und Malware auf´m PC!
    Plagegeister aller Art und deren Bekämpfung - 07.10.2008 (8)
  16. Trojaner/Malware
    Plagegeister aller Art und deren Bekämpfung - 10.08.2008 (1)
  17. Trojaner/Malware per PDF
    Plagegeister aller Art und deren Bekämpfung - 18.07.2008 (2)

Zum Thema Malware Trojaner ? - Moin moin, hier mein logfile, wie schon gesagt, schein ich vom malware virus befallen zu sein. Popups sind leider auch keine Seltenheit :/ Code: Alles auswählen Aufklappen ATTFilter Logfile of - Malware Trojaner ?...
Archiv
Du betrachtest: Malware Trojaner ? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.