Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Viren entdeckt? (https://www.trojaner-board.de/115777-viren-entdeckt.html)

JAF 26.05.2012 08:13
Viren entdeckt?
 
Hallo alle zusammen.
Ich habe gestern Nacht, meinen Computer von zwei verschiedenen Virenprogrammen scannen lassen (Malware Bytes und Antivir). Dabei habe ich 2 verschiedene Ergebnisse erhalten, was mich ein wenig verwundert hat. Antivir hat unter anderem java/dldr.opens.i und java/dldr.opens.h im app data Ordner gefunden. Bei Malware wurden diese aber nicht angezeigt. Nach einer kurzen Suche hatte ich das aber so verstanden, dass dies Viren sind.
Ich hoffe ihr könnt mir da weiterhelfen.
Ich hoffe ich hab alles gemacht, dass alle benötigten Informationen zur Verfügung stehen.

Mit freundlichen Grüßen,
Jan


Defogger Disable:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 01:54 on 26/05/2012 (jan)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
HKCU:DAEMON Tools Lite -> Removed

Checking for services/drivers...


-=E.O.F=-

DDS:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_31
Run by jan at 1:57:33 on 2012-05-26
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.4095.2586 [GMT 2:00]
.
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\srvany.exe
C:\Windows\KMService.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
E:\postgres\bin\pg_ctl.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
E:\postgres\bin\postgres.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
E:\postgres\bin\postgres.exe
E:\postgres\bin\postgres.exe
E:\postgres\bin\postgres.exe
E:\postgres\bin\postgres.exe
E:\postgres\bin\postgres.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\EXPERTool\TBPANEL.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\Windows\system32\conhost.exe
G:\Real Player\update\realsched.exe
E:\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID-Anmelde-Hilfsprogramm: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - G:\Programme\skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [GAINWARD] C:\Program Files (x86)\EXPERTool\TBPanel.exe /A
uRun: [AdobeBridge]
uRun: [EPSON SX110 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFBE.EXE /FU "C:\Windows\TEMP\E_SD8F0.tmp" /EF "HKCU"
uRun: [Facebook Update] "C:\Users\jan\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [TkBellExe] "G:\Real Player\Update\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "E:\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce: [Malwarebytes Anti-Malware] E:\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
StartupFolder: C:\Users\jan\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\jan\AppData\Roaming\Dropbox\bin\Dropbox.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Nach Microsoft E&xcel exportieren - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
IE: {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Users\jan\Desktop\PartyCasino.lnk
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\jan\Desktop\PartyPoker.lnk
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - G:\Programme\skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{6CCDC307-A507-48F9-9793-2F39CA04F3A2} : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - G:\Programme\skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{72853161-30C5-4D22-B7F9-0BBC1D38A37E}
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
{B4F3A835-0E21-4959-BA22-42B3008E02FF}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [TkBellExe] "G:\Real Player\Update\realsched.exe" -osboot
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "E:\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce-x64: [Malwarebytes Anti-Malware] E:\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
IE-X64: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
IE-X64: {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Users\jan\Desktop\PartyCasino.lnk
IE-X64: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\jan\Desktop\PartyPoker.lnk
SEH-X64: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}: Groove GFS Stub Execution Hook
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\jan\AppData\Roaming\Mozilla\Firefox\Profiles\lfnsiezk.default\
FF - plugin: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\npBrowserPlugin.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - plugin: G:\Real Player\Netscape6\nppl3260.dll
FF - plugin: G:\Real Player\Netscape6\nprjplug.dll
FF - plugin: G:\Real Player\Netscape6\nprpjplug.dll
.
============= SERVICES / DRIVERS ===============
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-4 63928]
R2 AntiVirSchedulerService;Avira AntiVir Planer;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-9-18 136360]
R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-9-18 269480]
R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
R2 KMService;KMService;C:\Windows\System32\srvany.exe [2011-9-20 8192]
R2 MBAMService;MBAMService;E:\Malwarebytes' Anti-Malware\mbamservice.exe [2012-5-26 654408]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2012-3-20 2214504]
R2 pgsql-8.3;PostgreSQL Database Server 8.3;E:\postgres\bin\pg_ctl.exe runservice -w -N "pgsql-8.3" -D "E:\postgres\data\" --> E:\postgres\bin\pg_ctl.exe runservice -w -N pgsql-8.3 [?]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-12-12 369256]
R3 hxctlflt;hxctlflt;C:\Windows\system32\DRIVERS\hxctlflt.sys --> C:\Windows\system32\DRIVERS\hxctlflt.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update-Dienst (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-19 136176]
S2 SkypeUpdate;Skype Updater;G:\Programme\skype\Updater\Updater.exe [2012-2-29 158856]
S3 gupdatem;Google Update-Dienst (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-19 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-27 129976]
S3 StorSvc;Speicherdienst;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
.
=============== Created Last 30 ================
.
2012-05-25 23:41:25 -------- d-----w- C:\Users\jan\AppData\Roaming\Malwarebytes
2012-05-25 23:41:14 -------- d-----w- C:\ProgramData\Malwarebytes
2012-05-25 23:41:10 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-05-25 23:07:51 -------- d-----w- C:\Users\jan\AppData\Roaming\Avira
2012-05-25 20:44:20 8955792 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{896457CF-0C07-40C5-AE4C-BF0D792DC4E8}\mpengine.dll
2012-05-25 02:43:32 -------- d-----w- C:\Users\jan\AppData\Local\Apple Computer
2012-05-24 13:21:19 -------- d-----w- C:\Users\jan\AppData\Local\{EF692D6F-5B83-4BD4-8F5E-AC45D0AF181E}
2012-05-24 13:21:05 -------- d-----w- C:\Users\jan\AppData\Local\{48C27B12-81ED-4B28-BBDA-94176E618397}
2012-05-23 21:36:43 -------- d-----w- C:\Users\jan\AppData\Roaming\.minecraft
2012-05-23 07:26:15 -------- d-----w- C:\Users\jan\AppData\Local\{DDBBDC71-B834-4FB7-A128-6689F06932DC}
2012-05-23 07:26:05 -------- d-----w- C:\Users\jan\AppData\Local\{0C8C7F08-CD07-4DE5-8B73-13237AA94E87}
2012-05-22 10:24:28 -------- d-----w- C:\Users\jan\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2012-05-22 09:44:19 -------- d-----w- C:\Users\jan\AppData\Local\Nero_AG
2012-05-22 09:43:46 -------- d-----w- C:\Users\jan\AppData\Local\Nero
2012-05-21 07:30:19 -------- d-----w- C:\Users\jan\AppData\Local\IsolatedStorage
2012-05-21 04:56:17 -------- d-----w- C:\Users\jan\AppData\Local\{A179938B-2DA2-48FD-8C6F-A9C110AF5CA7}
2012-05-21 04:56:08 -------- d-----w- C:\Users\jan\AppData\Local\{C86B0196-E4DE-42D9-9A0A-467C8885266F}
2012-05-20 08:36:56 -------- d-----w- C:\Users\jan\AppData\Local\PokerStrategy
2012-05-20 08:09:52 -------- d-----w- C:\Users\jan\AppData\Local\ICMTrainer
2012-05-19 18:05:20 -------- d-----w- C:\Users\jan\AppData\Local\{E6B18BF9-2B24-48D7-83FA-2EB66D9B40F4}
2012-05-19 14:36:09 -------- d-----w- C:\Users\jan\AppData\Roaming\SiteBuilder.1092AF29A5D2D6F129EC9E969ADB342C4F09EC7B.1
2012-05-19 13:49:08 -------- d-----w- C:\Users\jan\AppData\Roaming\com.showitfast.web.uploader.1092AF29A5D2D6F129EC9E969ADB342C4F09EC7B.1
2012-05-19 13:01:00 -------- d-----w- C:\Users\jan\AppData\Local\Windows Live
2012-05-19 13:00:24 -------- d-----w- C:\Users\jan\AppData\Local\{1F29BABF-CE82-48F4-B710-250270E3C395}
2012-05-19 12:54:44 -------- d-----w- C:\ProgramData\Soulseek
2012-05-19 09:59:07 -------- d-----w- C:\Users\jan\AppData\Local\{4EE797D7-735E-4C98-90BA-61E01C5F759B}
2012-05-18 23:34:58 -------- d-----w- C:\ProgramData\Nero
2012-05-18 09:32:00 -------- d-----w- C:\Users\jan\AppData\Local\Apple
2012-05-18 09:22:59 -------- d-----w- C:\Users\jan\AppData\Local\{10990703-7F9E-46EF-8E16-2ECE45334B0D}
2012-05-17 15:20:12 -------- d-----w- C:\Users\jan\AppData\Local\PokerStars
2012-05-17 15:19:43 -------- d-----w- C:\Users\jan\AppData\Local\{55898F20-79E5-4D4B-B9A9-900AD8606182}
2012-05-17 15:19:16 -------- d-----w- C:\Users\jan\AppData\Roaming\DAEMON Tools Lite
2012-05-17 15:18:55 -------- d-----w- C:\Users\jan\AppData\Local\VirtualStore
2012-05-09 17:05:00 1544704 ----a-w- C:\Windows\System32\DWrite.dll
2012-05-09 17:05:00 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-05-09 17:04:57 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-09 17:04:56 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-09 17:04:56 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-09 17:04:56 3146240 ----a-w- C:\Windows\System32\win32k.sys
2012-05-09 17:04:32 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-05-09 17:04:30 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-05-09 17:04:27 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-09 17:04:27 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2012-05-09 17:04:27 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2012-05-09 17:04:27 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2012-05-09 17:04:27 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2012-04-27 19:41:08 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2012-04-27 19:41:04 157352 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-04-27 19:41:04 129976 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe
.
==================== Find3M ====================
.
2012-05-17 11:44:14 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-03 22:14:30 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-03-13 17:07:37 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2012-03-13 17:07:37 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2012-03-01 06:46:16 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-03-01 06:38:27 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-03-01 06:33:50 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-03-01 06:28:47 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-03-01 05:37:41 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-03-01 05:33:23 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-03-01 05:29:16 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-02-28 06:39:37 1188864 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 05:38:52 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 04:31:38 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 03:52:27 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-27 09:30:25 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
.
============= FINISH: 1:58:04,55 ===============


PS: Ich habe auch die beiden Report von den Scans mit angehängt.

kira 26.05.2012 18:59
- Das Installieren von Raubkopien ist eine ziemlich sichere Methode, ein Rechner zu infizierenhttp://www.world-of-smilies.com/wos_sonstige/a048.gif
- Ich beführte dass Du Dein Problem nur lösen kannst, wenn du dein System neu installierst, da geht`s um:
Code:
C:\Windows\KMService.exe (RiskWare.Tool.CK) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Microsoft Office\Office14\mini-KMS_Activator_v1.052.exe (Riskware.Keygen) -> Keine Aktion durchgeführt.
F:\Microsoft Office Professional 2010\Microsoft.Office.Professional.Plus.2010.x86.German.VL.Edition-TIw\mini-KMS_Activator_v1.052.exe (Riskware.Keygen) -> Keine Aktion durchgeführt.
F:\relink.us Container\Adobe.Photoshop.CS5.Extended.v12.0.Multilanguage-TIw\keygen.exe (Malware.Packer.Gen) -> Keine Aktion durchgeführt.
G:\Programme\TuneUp Utilities 2011\keygen.exe (RiskWare.Tool.CK) -> Keine Aktion durchgeführt.
"Solche Programme" enthalten immer besonders viele und gefährliche Schadprogramme, sollte man die Finger davon lassen!
** Du solltest in so einem Fall mal dein Konsummuster überdenken:twak:
Weil dein Verhalten damit dem deutschen Recht unterliegt, wird den Support an dieser Stelle von unsere Seite aus beendet. Also am besten ist es, Du Sicherst deiner Daten (ohne cracks & Keygens!) und machst eine komplette Neuinstallation des Rechners, das ist der schnellste und sauberste lösung!
Aber wenigstens hast Du dann nach einer Neuinstallation wieder ein sauberes System und hoffentlich hast Du was draus gelernt und in Zukunft lässt die Finger von...
-> Forumregel!

Zitat:
Sinn & Zweck der Sache - Viren Trojaner Würmer:
Ein Wurm, der fast als "guter Wurm" bezeichnet werden kann, zieht durch
das Netz und verbeitet sich über die File-Sharing Netzwerke BearShare, KaZaA
eMule & Co
Der Wurm besitzt unzählige verschiedene Namen bekannter Cracks oder
Keygeneratoren zur illegalen Benutzung von kommerzieller Software. Wer gezielt
nach solchen Dateien sucht, könnte also durchaus auch auf eine Wurmkopie
treffen.
http://www.world-of-smilies.com/wos_...eschlossen.gif


Alle Zeitangaben in WEZ +1. Es ist jetzt 03:58 Uhr.

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129