Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Alles In Ordnung? (https://www.trojaner-board.de/75617-alles-ordnung.html)

Moritz009 27.07.2009 12:41

und? was sagen die experten?

Swisstreasure 27.07.2009 18:17

Schau, ob Du die datei:
Code:

C:\Users\Mau\AppData\Roaming\WindowsUpd.ese\WinUpd.exe
noch findest?

Mach einen Rootkitscan mit GMER und poste das Log.

Du kannst noch einen Onlinescan mit Bitdefender machen und schaun was der sagt.

Gruss Swiss

Moritz009 30.07.2009 11:11

Zitat:

Zitat von Swiss (Beitrag 451677)
Schau, ob Du die datei:
Code:

C:\Users\Mau\AppData\Roaming\WindowsUpd.ese\WinUpd.exe
noch findest?

Also die finde ich nicht mehr. Hier das Log von GMER:
Code:

GMER 1.0.15.15011 [dp7ddp68.exe] - http://www.gmer.net
Rootkit scan 2009-07-30 12:06:23
Windows 6.0.6002 Service Pack 2


---- System - GMER 1.0.15 ----

SSDT            \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys                                                            ZwTerminateProcess [0x938B6DF0]

---- Kernel code sections - GMER 1.0.15 ----

.text          ntkrnlpa.exe!KeSetEvent + 621                                                                                  826BDD64 4 Bytes  [F0, 6D, 8B, 93]

---- User IAT/EAT - GMER 1.0.15 ----

IAT            C:\Windows\system32\services.exe[608] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW]  00130002
IAT            C:\Windows\system32\services.exe[608] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW]        00130000
IAT            C:\Windows\Explorer.EXE[3612] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                          [74987817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3612] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                          [749DA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3612] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]                      [7498BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3612] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]                [7497F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3612] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                          [749875E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3612] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]                        [7497E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3612] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM]            [749B8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3612] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream]              [7498DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3612] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]                      [7497FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3612] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]                        [7497FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3612] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]                        [749771CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3612] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM]                [74A0CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3612] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile]                    [749AC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3612] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]                      [7497D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3612] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                                [74976853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3612] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                                [7497687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3612] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]                  [74982AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\tdx \Device\Tcp                                                                                        aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice  \Driver\tdx \Device\Udp                                                                                        aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice  \FileSystem\fastfat \Fat                                                                                      fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg            HKLM\SOFTWARE\Classes\CLSID\{B6A930A0-A4F5-43A5-9B4E-6189A6C2B9E8}@y!s!\24!r!s!`!\30!y!\24!\24!t!\30!c!y!s!d!  19583823

---- EOF - GMER 1.0.15 ----


Moritz009 30.07.2009 11:28

bei dem onlinescan kommt eine fehlermeldung! Er kann Virensignaturen nicht aktualisieren...

Angel21 01.08.2009 17:49

@Moritz009

Hallo,

ich würde um 100% sicher zu gehen, dass dein System sauber ist neuaufsetzen du hast/hattest Backdoor Bifrost.

Was ist ein Backdoor: Backdoor ? Wikipedia

Man weiß nie was derjenige der dir diesen auf Dein System haute bisher machen konnte und was er alles schon weiß.

Ändere alle kenn- und Passwörter nach dem neuaufsetzen deines Systems ab.

Moritz009 02.08.2009 18:18

ok gut! Neufsetzen wurde durchgeführt und die Passwörter änder ich jetzt. Vielen Dank für die kompetente Hilfe hier.

Angel21 02.08.2009 18:35

Bitteschön :)

Moritz009 03.08.2009 10:11

Aber eine Frage habe ich noch: Also bin ich denn jetzt so mit avast!4 home, Malwarebytes´Anti Malware, Windows Defender und der Windows Firewall gut geschützt?

Moritz009 07.08.2009 15:36

Sorry, aber ich fände es gut wenn mir jetzt jemand antworten würde.


Alle Zeitangaben in WEZ +1. Es ist jetzt 07:47 Uhr.

Copyright ©2000-2026, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20