Trojaner-Board
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Habe ich einen Virus (https://www.trojaner-board.de/86368-habe-virus.html)

Darkfilter 30.05.2010 16:42
hi, habe die nächsten logs gepostet warte auf Antwort!
Gruß Nico

cosinus 30.05.2010 16:54
Hab Deinen Strang übersehen. Das osam Logfile sieht unauffällig aus, ich würde jetzt mal CF vorschlagen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
http://saved.im/mtm0nzyzmzd5/cofi.jpg
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Darkfilter 30.05.2010 21:52
Hier das Logfile von ComboFix

Combofix Logfile:
Code:
ComboFix 10-05-29.05 - Nico 30.05.2010  22:38:12.1.4 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.49.1031.18.3070.2000 [GMT 2:00]
ausgeführt von:: c:\users\Nico\Desktop\cofi.exe.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.

G:\install.exe

.
(((((((((((((((((((((((  Dateien erstellt von 2010-04-28 bis 2010-05-30  ))))))))))))))))))))))))))))))
.

2010-05-30 20:45 . 2010-05-30 20:46        --------        d-----w-        c:\users\Nico\AppData\Local\temp
2010-05-30 20:45 . 2010-05-30 20:45        --------        d-----w-        c:\users\Mama\AppData\Local\temp
2010-05-30 20:45 . 2010-05-30 20:45        --------        d-----w-        c:\users\Default\AppData\Local\temp
2010-05-29 20:36 . 2010-05-29 20:36        --------        d-----w-        c:\users\Nico\AppData\Roaming\HPAppData
2010-05-26 10:12 . 2010-04-23 14:13        2048        ----a-w-        c:\windows\system32\tzres.dll
2010-05-25 16:33 . 2010-05-25 16:33        --------        d-----w-        c:\users\Nico\AppData\Roaming\Malwarebytes
2010-05-25 16:33 . 2010-04-29 10:19        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-25 16:33 . 2010-05-25 16:33        --------        d-----w-        c:\programdata\Malwarebytes
2010-05-25 16:33 . 2010-04-29 10:19        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys
2010-05-23 21:25 . 2010-05-23 21:25        --------        d-----w-        c:\program files\Common Files\Java
2010-05-23 21:24 . 2010-04-12 15:29        411368        ----a-w-        c:\windows\system32\deployJava1.dll
2010-05-17 19:46 . 2010-05-17 19:46        --------        d-----w-        c:\users\Nico\AppData\Local\My Games
2010-05-17 19:40 . 2010-05-17 19:40        --------        d-----w-        c:\program files\2K Games
2010-05-16 14:08 . 2010-05-16 14:17        --------        d-----w-        C:\Die Sims 2
2010-05-16 14:03 . 2010-05-16 14:03        --------        d-----w-        c:\users\Nico\AppData\Local\World in Conflict
2010-05-16 13:48 . 2010-05-16 14:03        --------        d-----w-        c:\program files\Sierra Games
2010-05-15 18:57 . 2010-05-15 18:57        138056        ----a-w-        c:\users\Nico\AppData\Roaming\PnkBstrK.sys
2010-05-15 18:57 . 2010-05-15 18:57        2434856        ----a-w-        c:\windows\system32\pbsvc_bc2.exe
2010-05-15 18:43 . 2010-05-15 18:43        --------        d-----w-        c:\program files\Electronic Arts
2010-05-15 18:43 . 2009-09-04 15:44        515416        ----a-w-        c:\windows\system32\XAudio2_5.dll
2010-05-15 18:43 . 2009-09-04 15:44        238936        ----a-w-        c:\windows\system32\xactengine3_5.dll
2010-05-15 18:43 . 2009-09-04 15:29        1974616        ----a-w-        c:\windows\system32\D3DCompiler_42.dll
2010-05-15 18:43 . 2009-09-04 15:29        453456        ----a-w-        c:\windows\system32\d3dx10_42.dll
2010-05-15 18:43 . 2009-09-04 15:29        235344        ----a-w-        c:\windows\system32\d3dx11_42.dll
2010-05-15 18:43 . 2009-09-04 15:29        5501792        ----a-w-        c:\windows\system32\d3dcsx_42.dll
2010-05-15 18:43 . 2009-09-04 15:29        1892184        ----a-w-        c:\windows\system32\D3DX9_42.dll
2010-05-15 18:43 . 2009-09-04 15:44        69464        ----a-w-        c:\windows\system32\XAPOFX1_3.dll
2010-05-15 18:42 . 2008-10-27 08:04        514384        ----a-w-        c:\windows\system32\XAudio2_3.dll
2010-05-15 18:42 . 2008-10-27 08:04        235856        ----a-w-        c:\windows\system32\xactengine3_3.dll
2010-05-15 18:42 . 2008-10-27 08:04        23376        ----a-w-        c:\windows\system32\X3DAudio1_5.dll
2010-05-15 18:42 . 2008-10-27 08:04        70992        ----a-w-        c:\windows\system32\XAPOFX1_2.dll
2010-05-15 16:34 . 2010-05-15 16:34        --------        d-----w-        c:\users\Mama\AppData\Roaming\HPAppData
2010-05-13 11:51 . 2010-05-13 11:51        --------        d-----w-        c:\users\Nico\AppData\Roaming\Atari
2010-05-13 11:50 . 2010-05-28 20:06        --------        d-----w-        c:\users\Nico\AppData\Roaming\vlc
2010-05-13 11:41 . 2010-05-13 11:41        --------        d-----w-        c:\users\Nico\AppData\Roaming\Leadertech
2010-05-12 19:25 . 2010-01-29 15:40        738816        ----a-w-        c:\windows\system32\inetcomm.dll
2010-05-11 18:37 . 2010-05-11 18:37        41872        ----a-w-        c:\windows\system32\xfcodec.dll
2010-05-03 11:28 . 2010-05-03 11:28        --------        d-----w-        C:\Phenomedia AG

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-30 20:15 . 2009-05-28 19:25        1        ----a-w-        c:\users\Nico\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-05-30 20:15 . 2009-04-29 18:02        --------        d-----w-        c:\users\Nico\AppData\Roaming\Xfire
2010-05-30 20:07 . 2009-11-15 16:53        --------        d-----w-        c:\users\Nico\AppData\Roaming\Skype
2010-05-30 19:21 . 2009-06-12 16:38        137464        ----a-w-        c:\windows\system32\drivers\PnkBstrK.sys
2010-05-30 19:21 . 2009-06-12 16:38        214520        ----a-w-        c:\windows\system32\PnkBstrB.exe
2010-05-30 16:52 . 2009-11-15 16:55        --------        d-----w-        c:\users\Nico\AppData\Roaming\skypePM
2010-05-30 15:35 . 2008-01-21 07:15        618204        ----a-w-        c:\windows\system32\perfh007.dat
2010-05-30 15:35 . 2008-01-21 07:15        122636        ----a-w-        c:\windows\system32\perfc007.dat
2010-05-30 15:29 . 2009-04-29 18:02        --------        d-----w-        c:\programdata\Xfire
2010-05-29 21:47 . 2009-03-01 15:56        --------        d---a-w-        c:\program files\WoW
2010-05-23 21:24 . 2009-05-09 18:29        --------        d-----w-        c:\program files\Java
2010-05-17 19:42 . 2009-04-29 17:34        --------        d--h--w-        c:\program files\InstallShield Installation Information
2010-05-16 14:22 . 2009-08-02 10:40        --------        d-----w-        c:\program files\EA GAMES
2010-05-16 13:56 . 2009-05-18 13:16        --------        d-----w-        c:\programdata\Media Center Programs
2010-05-15 18:57 . 2009-06-05 12:50        75064        ----a-w-        c:\windows\system32\PnkBstrA.exe
2010-05-15 16:43 . 2009-08-25 07:32        1        ----a-w-        c:\users\Mama\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-05-12 19:49 . 2006-11-02 11:18        --------        d-----w-        c:\program files\Windows Mail
2010-05-12 09:21 . 2009-10-02 16:32        221568        ------w-        c:\windows\system32\MpSigStub.exe
2010-05-08 15:44 . 2009-08-28 15:36        --------        d-----w-        c:\users\Nico\AppData\Roaming\HpUpdate
2010-05-06 18:43 . 2009-04-29 17:52        --------        d-----w-        c:\users\Nico\AppData\Roaming\teamspeak2
2010-05-05 20:31 . 2009-12-24 01:13        9        ----a-w-        c:\windows\pbase.dat
2010-05-05 20:31 . 2009-12-24 01:13        8        ----a-w-        c:\windows\npbase.dat
2010-05-05 20:31 . 2009-12-24 01:13        3        ----a-w-        c:\windows\ver.dat
2010-04-29 18:34 . 2009-04-29 17:13        --------        d-----w-        c:\program files\ATI
2010-04-28 20:44 . 2010-04-28 20:44        --------        d-----w-        c:\programdata\ATI
2010-04-28 20:24 . 2010-02-11 21:37        680        ----a-w-        c:\users\Nico\AppData\Local\d3d9caps.dat
2010-04-27 14:01 . 2010-02-24 14:48        --------        d-----w-        c:\program files\MSECache
2010-04-25 11:36 . 2010-04-25 11:36        3584        ----a-r-        c:\users\Nico\AppData\Roaming\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2010-04-25 11:36 . 2010-04-25 11:36        --------        d-----w-        c:\program files\Windows Installer Clean Up
2010-04-25 10:54 . 2009-07-17 12:05        --------        d-----w-        c:\program files\Common Files\Adobe
2010-04-24 16:24 . 2010-04-24 16:20        --------        d-----w-        c:\users\Nico\AppData\Roaming\Sony
2010-04-24 16:23 . 2010-04-24 16:23        --------        d-----w-        c:\program files\Common Files\Sony Shared
2010-04-24 16:22 . 2010-04-24 16:22        10134        ----a-r-        c:\users\Nico\AppData\Roaming\Microsoft\Installer\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}\ARPPRODUCTICON.exe
2010-04-24 16:22 . 2010-04-24 16:22        --------        d-----w-        c:\program files\Sony
2010-04-24 16:22 . 2010-04-24 16:22        --------        d-----w-        c:\programdata\Sony Corporation
2010-04-23 21:14 . 2010-04-23 21:14        --------        d-----w-        c:\users\Nico\AppData\Roaming\Avira
2010-04-23 21:13 . 2010-04-23 21:13        --------        d-----w-        c:\programdata\Avira
2010-04-23 21:07 . 2009-04-29 19:44        --------        d-----w-        c:\program files\Bonjour
2010-04-23 20:58 . 2009-08-22 17:19        --------        d-----w-        c:\program files\Common Files\DVDVideoSoft
2010-04-23 20:52 . 2009-05-09 09:51        --------        d-----w-        c:\program files\Common Files\Wise Installation Wizard
2010-04-20 18:25 . 2010-04-20 18:25        --------        d-----w-        c:\program files\Common Files\Skype
2010-04-16 14:29 . 2009-05-22 16:24        196608        ----a-w-        c:\users\Nico\AppData\Roaming\Acreon\WowMatrix\Libraries\wmweb.dll
2010-04-16 14:29 . 2009-05-22 16:24        258048        ----a-w-        c:\users\Nico\AppData\Roaming\Acreon\WowMatrix\Libraries\wmzip.dll
2010-04-07 02:43 . 2010-04-07 02:43        5430272        ----a-w-        c:\windows\system32\drivers\atikmdag.sys
2010-04-07 02:16 . 2010-04-07 02:16        143360        ----a-w-        c:\windows\system32\atiapfxx.exe
2010-04-07 02:16 . 2010-04-07 02:16        489472        ----a-w-        c:\windows\system32\aticfx32.dll
2010-04-07 02:13 . 2010-04-07 02:13        446464        ----a-w-        c:\windows\system32\ATIDEMGX.dll
2010-04-07 02:12 . 2010-04-07 02:12        372736        ----a-w-        c:\windows\system32\atieclxx.exe
2010-04-07 02:12 . 2010-04-07 02:12        14321664        ----a-w-        c:\windows\system32\atioglxx.dll
2010-04-07 02:12 . 2010-04-07 02:12        172032        ----a-w-        c:\windows\system32\atiesrxx.exe
2010-04-07 02:10 . 2010-04-07 02:10        159744        ----a-w-        c:\windows\system32\atitmmxx.dll
2010-04-07 02:10 . 2010-04-07 02:10        356352        ----a-w-        c:\windows\system32\atipdlxx.dll
2010-04-07 02:10 . 2010-04-07 02:10        278528        ----a-w-        c:\windows\system32\Oemdspif.dll
2010-04-07 02:10 . 2010-04-07 02:10        11776        ----a-w-        c:\windows\system32\atimuixx.dll
2010-04-07 02:10 . 2010-04-07 02:10        43520        ----a-w-        c:\windows\system32\ati2edxx.dll
2010-04-07 02:06 . 2010-04-07 02:06        3164160        ----a-w-        c:\windows\system32\atidxx32.dll
2010-04-07 01:46 . 2010-04-07 01:46        50176        ----a-w-        c:\windows\system32\coinst.dll
2010-04-07 01:40 . 2010-04-07 01:40        3707904        ----a-w-        c:\windows\system32\atiumdag.dll
2010-04-07 01:40 . 2010-04-07 01:40        53248        ----a-w-        c:\windows\system32\aticalrt.dll
2010-04-07 01:40 . 2010-04-07 01:40        53248        ----a-w-        c:\windows\system32\aticalcl.dll
2010-04-07 01:38 . 2010-04-07 01:38        4018176        ----a-w-        c:\windows\system32\aticaldd.dll
2010-04-07 01:23 . 2010-04-07 01:23        237568        ----a-w-        c:\windows\system32\atiadlxx.dll
2010-04-07 01:23 . 2010-04-07 01:23        12800        ----a-w-        c:\windows\system32\atiglpxx.dll
2010-04-07 01:23 . 2010-04-07 01:23        14848        ----a-w-        c:\windows\system32\atigktxx.dll
2010-04-07 01:23 . 2010-04-07 01:23        157184        ----a-w-        c:\windows\system32\drivers\atikmpag.sys
2010-04-07 01:22 . 2010-04-07 01:22        28160        ----a-w-        c:\windows\system32\atiuxpag.dll
2010-04-07 01:22 . 2010-04-07 01:22        20480        ----a-w-        c:\windows\system32\atiu9pag.dll
2010-04-07 01:22 . 2010-04-07 01:22        23040        ----a-w-        c:\windows\system32\atitmpxx.dll
2010-04-07 01:22 . 2010-04-07 01:22        53248        ----a-w-        c:\windows\system32\drivers\ati2erec.dll
2010-04-07 01:21 . 2010-04-07 01:21        2983936        ----a-w-        c:\windows\system32\atiumdva.dll
2010-04-07 01:08 . 2010-04-07 01:08        52224        ----a-w-        c:\windows\system32\atimpc32.dll
2010-04-07 01:08 . 2010-04-07 01:08        52224        ----a-w-        c:\windows\system32\amdpcom32.dll
2010-04-02 16:09 . 2010-04-02 16:09        2023        ----a-w-        c:\windows\system32\atipblag.dat
2010-03-22 10:25 . 2009-05-03 17:02        61736        ----a-w-        c:\users\Mama\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-17 15:06 . 2010-03-17 15:06        202234        ----a-w-        c:\windows\system32\atiicdxx.dat
2010-03-09 10:20 . 2010-03-09 10:20        104464        ----a-w-        c:\windows\system32\drivers\AtiHdmi.sys
2010-03-05 14:01 . 2010-04-16 13:17        420352        ----a-w-        c:\windows\system32\vbscript.dll
.

((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-03 6266880]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-03-25 49152]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-01-29 52392]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Adobe Reader Speed Launcher"="g:\programme\Adobe Reader\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"StartCCC"="c:\program files\ATI\ATI.ACE\Core-Static\CLIStart.exe" [2010-04-06 102400]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

c:\users\Mama\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]

c:\users\Nico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 22:08        417792        ----a-w-        c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):cc,27,92,6f,61,40,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-442773238-3665067095-4225304131-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000001

R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;f:\programme\Hamachi\hamachi-2.exe [x]
R3 cdrmkaun;cdrmkaun;c:\users\Nico\AppData\Local\Temp\cdrmkaun.sys [x]
R3 DBKDRVR54;DBKDRVR54;f:\program files\Cheat Engine\dbk32.sys [x]
R3 dump_wmimmc;dump_wmimmc;f:\programme\Cossfire\CrossFire\GameGuard\dump_wmimmc.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2009-05-06 2785582]
R3 PCD52X2;PCD52X2;c:\users\Nico\AppData\Local\Temp\PCD52X2.sys [x]
R3 PCD52X3;PCD52X3;c:\users\Nico\AppData\Local\Temp\PCD52X3.sys [x]
R3 PCD61X2;PCD61X2;c:\users\Nico\AppData\Local\Temp\PCD61X2.sys [x]
R3 PCD61X3;PCD61X3;c:\users\Nico\AppData\Local\Temp\PCD61X3.sys [x]
S1 SSHDRV51;SSHDRV51;c:\windows\system32\drivers\SSHDRV51.sys [2009-09-06 21504]
S1 SSHDRV52;SSHDRV52;c:\windows\system32\drivers\SSHDRV52.sys [2009-09-06 29184]
S1 SSHDRV76;SSHDRV76;c:\windows\system32\drivers\SSHDRV76.sys [2009-09-07 53760]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-04-07 172032]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-04-07 5430272]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-04-07 157184]


--- Andere Dienste/Treiber im Speicher ---

*Deregistered* - avgntflt

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12        REG_MULTI_SZ          Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt        REG_MULTI_SZ          hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache
.
Inhalt des "geplante Tasks" Ordners

2010-05-30 c:\windows\Tasks\User_Feed_Synchronization-{8D9D19FD-3BB5-49B2-A216-4F4719AB1F71}.job
- c:\windows\system32\msfeedssync.exe [2010-03-30 04:54]

2010-05-26 c:\windows\Tasks\WebReg HP Photosmart C5300 series.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2008-03-25 18:42]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

HKCU-Run-RGSC - f:\programme\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
HKCU-Run-Steam - f:\programme\steam\steam.exe
HKLM-Run-hpqSRMon - (no file)
HKLM-Run-iTunesHelper - f:\programme\iTunes\iTunesHelper.exe
HKLM-Run-LogMeIn Hamachi Ui - f:\programme\Hamachi\hamachi-2-ui.exe
MSConfigStartUp-AppleSyncNotifier - c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
MSConfigStartUp-iTunesHelper - f:\program files\iTunes\iTunesHelper.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
AddRemove-Cheat Engine 5.4_is1 - f:\programme\Cheat Engine\unins000.exe
AddRemove-Company of Heroes - f:\programme\THQ\Company of Heroes\Uninstall_German.exe
AddRemove-Free Video to iPod Converter_is1 - f:\programme\Free Video to iPod Converter\unins000.exe
AddRemove-ImgBurn - f:\programme\ImgBurn\uninstall.exe
AddRemove-Metin2_is1 - f:\programme\Metin2\unins000.exe
AddRemove-Mozilla Firefox (3.5.9) - f:\programme\Mozilla Firefox\uninstall\helper.exe
AddRemove-Nero - Burning Rom!UninstallKey - f:\programme\Ahead\Nero\nero\uninstall\UNNERO.exe
AddRemove-Steam App 240 - f:\program files\Steam\steam.exe
AddRemove-Teamspeak 2 RC2_is1 - f:\program files\Teamspeak2_RC2\unins000.exe
AddRemove-{B7050CBDB2504B34BC2A9CA0A692CC29} - f:\programme\DivX\DivXWebPlayerUninstall.exe
AddRemove-TeamSpeak 3 Client - f:\programme\Teamspeak3\uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-05-30 22:46
Windows 6.0.6002 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...


c:\users\Nico\AppData\Local\Temp\catchme.dll 53248 bytes executable

Scan erfolgreich abgeschlossen
versteckte Dateien: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-442773238-3665067095-4225304131-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:69,70,b8,17,8f,94,fb,03,84,08,d1,71,6e,d1,51,c0,9c,7e,64,7f,cc,c7,f0,
  58,84,cd,0f,87,94,bb,a2,c7,51,98,d5,56,d7,c3,d5,68,96,95,35,88,b5,ec,bd,85,\
"??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d

[HKEY_USERS\S-1-5-21-442773238-3665067095-4225304131-1000\Software\SecuROM\License information*]
"datasecu"=hex:36,58,8f,04,77,95,da,de,48,ea,04,ee,f5,23,45,55,8b,21,d1,12,53,
  a6,3f,58,55,3a,ad,da,bc,54,5a,fb,4b,e7,bd,b1,4e,d2,5a,76,05,6a,af,72,4d,12,\
"rkeysecu"=hex:5a,b9,86,93,7b,45,50,27,2f,20,20,d5,0b,14,e6,dd
.
Zeit der Fertigstellung: 2010-05-30  22:47:56
ComboFix-quarantined-files.txt  2010-05-30 20:47

Vor Suchlauf: 12 Verzeichnis(se), 487.017.054.208 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 487.149.494.272 Bytes frei

- - End Of File - - 68BD7E59EA53BE5C6EC3CAA9B834D4FD
--- --- ---

cosinus 31.05.2010 08:50
Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Darkfilter 31.05.2010 23:44
Erst einmal das Logfile von SUPERAntiSpyware
nächstes folgt heute oder morgen

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 06/01/2010 at 00:33 AM

Application Version : 4.38.1004

Core Rules Database Version : 5011
Trace Rules Database Version: 2823

Scan type : Complete Scan
Total Scan Time : 04:15:43

Memory items scanned : 781
Memory threats detected : 0
Registry items scanned : 6425
Registry threats detected : 121
File items scanned : 397517
File threats detected : 34

Keylogger.Actual Spy
HKLM\Software\ACSPMonitor
HKLM\Software\ACSPMonitor\Application
HKLM\Software\ACSPMonitor\Application#enabled
HKLM\Software\ACSPMonitor\Application#path
HKLM\Software\ACSPMonitor\Application#start
HKLM\Software\ACSPMonitor\Application#stop
HKLM\Software\ACSPMonitor\Clipboard
HKLM\Software\ACSPMonitor\Clipboard#enabled
HKLM\Software\ACSPMonitor\Clipboard#isborder
HKLM\Software\ACSPMonitor\Clipboard#numborder
HKLM\Software\ACSPMonitor\Clipboard#razmborder
HKLM\Software\ACSPMonitor\Clipboard#notspy
HKLM\Software\ACSPMonitor\Clipboard#path
HKLM\Software\ACSPMonitor\Computer
HKLM\Software\ACSPMonitor\Computer#enabled
HKLM\Software\ACSPMonitor\Computer#path
HKLM\Software\ACSPMonitor\Email
HKLM\Software\ACSPMonitor\Email#enabled
HKLM\Software\ACSPMonitor\Email#address
HKLM\Software\ACSPMonitor\Email#subject
HKLM\Software\ACSPMonitor\Email#fromaddress
HKLM\Software\ACSPMonitor\Email#smtpserver
HKLM\Software\ACSPMonitor\Email#username
HKLM\Software\ACSPMonitor\Email#port
HKLM\Software\ACSPMonitor\Email#smtpdefault
HKLM\Software\ACSPMonitor\Email#sendkey
HKLM\Software\ACSPMonitor\Email#sendscr
HKLM\Software\ACSPMonitor\Email#sendapp
HKLM\Software\ACSPMonitor\Email#sendclipb
HKLM\Software\ACSPMonitor\Email#sendprnt
HKLM\Software\ACSPMonitor\Email#sendcomputer
HKLM\Software\ACSPMonitor\Email#sendfiledir
HKLM\Software\ACSPMonitor\Email#sendinetcon
HKLM\Software\ACSPMonitor\Email#sendurl
HKLM\Software\ACSPMonitor\Email#delalllogs
HKLM\Software\ACSPMonitor\Email#sendtimeinterval
HKLM\Software\ACSPMonitor\Email#timeinterval
HKLM\Software\ACSPMonitor\Email#timeminutes
HKLM\Software\ACSPMonitor\Email#sizelogs
HKLM\Software\ACSPMonitor\Email#mode
HKLM\Software\ACSPMonitor\Email#code
HKLM\Software\ACSPMonitor\Email#sendtimemoment
HKLM\Software\ACSPMonitor\Email#timesend
HKLM\Software\ACSPMonitor\Email#authentication
HKLM\Software\ACSPMonitor\Email#password
HKLM\Software\ACSPMonitor\Filedir
HKLM\Software\ACSPMonitor\Filedir#enabled
HKLM\Software\ACSPMonitor\Filedir#filecreate
HKLM\Software\ACSPMonitor\Filedir#filedelete
HKLM\Software\ACSPMonitor\Filedir#filerename
HKLM\Software\ACSPMonitor\Filedir#spyfiles
HKLM\Software\ACSPMonitor\Filedir#filesystem
HKLM\Software\ACSPMonitor\Filedir#dirpath
HKLM\Software\ACSPMonitor\Filedir#subdir
HKLM\Software\ACSPMonitor\Filedir#path
HKLM\Software\ACSPMonitor\FTP
HKLM\Software\ACSPMonitor\FTP#enabled
HKLM\Software\ACSPMonitor\FTP#host
HKLM\Software\ACSPMonitor\FTP#username
HKLM\Software\ACSPMonitor\FTP#password
HKLM\Software\ACSPMonitor\FTP#port
HKLM\Software\ACSPMonitor\Inetcon
HKLM\Software\ACSPMonitor\Inetcon#enabled
HKLM\Software\ACSPMonitor\Inetcon#path
HKLM\Software\ACSPMonitor\Keylogger
HKLM\Software\ACSPMonitor\Keylogger#enabled
HKLM\Software\ACSPMonitor\Keylogger#spy_only_char
HKLM\Software\ACSPMonitor\Keylogger#show_only_char
HKLM\Software\ACSPMonitor\Keylogger#path
HKLM\Software\ACSPMonitor\LAN
HKLM\Software\ACSPMonitor\LAN#enabled
HKLM\Software\ACSPMonitor\LAN#path
HKLM\Software\ACSPMonitor\Main
HKLM\Software\ACSPMonitor\Main#spy
HKLM\Software\ACSPMonitor\Main#hotkey
HKLM\Software\ACSPMonitor\Main#path_log
HKLM\Software\ACSPMonitor\Main#encrypt
HKLM\Software\ACSPMonitor\Main#search_case
HKLM\Software\ACSPMonitor\Main#pass
HKLM\Software\ACSPMonitor\Main#pass_txt
HKLM\Software\ACSPMonitor\Main#run_word
HKLM\Software\ACSPMonitor\Main#max_text
HKLM\Software\ACSPMonitor\Main#max_scr
HKLM\Software\ACSPMonitor\Main#clear
HKLM\Software\ACSPMonitor\Main#start_on_startup
HKLM\Software\ACSPMonitor\Main#spy_on_start
HKLM\Software\ACSPMonitor\Main#hide_on_startup
HKLM\Software\ACSPMonitor\Main#hide_desktop
HKLM\Software\ACSPMonitor\Main#hide_start
HKLM\Software\ACSPMonitor\Main#hide_uninstall
HKLM\Software\ACSPMonitor\Main#hide_folder
HKLM\Software\ACSPMonitor\Main#remind
HKLM\Software\ACSPMonitor\Main#shutdown
HKLM\Software\ACSPMonitor\Main#path_app2
HKLM\Software\ACSPMonitor\Printer
HKLM\Software\ACSPMonitor\Printer#enabled
HKLM\Software\ACSPMonitor\Printer#path
HKLM\Software\ACSPMonitor\Report
HKLM\Software\ACSPMonitor\Report#mode
HKLM\Software\ACSPMonitor\Report#logs
HKLM\Software\ACSPMonitor\Report#onepage
HKLM\Software\ACSPMonitor\Report#reccount
HKLM\Software\ACSPMonitor\Screenshot
HKLM\Software\ACSPMonitor\Screenshot#enabled
HKLM\Software\ACSPMonitor\Screenshot#active_window
HKLM\Software\ACSPMonitor\Screenshot#cursor
HKLM\Software\ACSPMonitor\Screenshot#quality
HKLM\Software\ACSPMonitor\Screenshot#interval
HKLM\Software\ACSPMonitor\Screenshot#timeminutes
HKLM\Software\ACSPMonitor\Screenshot#idle
HKLM\Software\ACSPMonitor\Screenshot#idle_time
HKLM\Software\ACSPMonitor\Screenshot#path
HKLM\Software\ACSPMonitor\Screenshot#path_pic
HKLM\Software\ACSPMonitor\Test
HKLM\Software\ACSPMonitor\Url
HKLM\Software\ACSPMonitor\Url#enabled
HKLM\Software\ACSPMonitor\Url#http
HKLM\Software\ACSPMonitor\Url#https
HKLM\Software\ACSPMonitor\Url#ftp
HKLM\Software\ACSPMonitor\Url#other
HKLM\Software\ACSPMonitor\Url#path
C:\Windows\system\actualspystart.lnk
C:\Program Files\ACSPMonitor\ActualSpy.chm
C:\Program Files\ACSPMonitor\ASMonitor.exe
C:\Program Files\ACSPMonitor\asmonitor.exe.manifest
C:\Program Files\ACSPMonitor\f.bat
C:\Program Files\ACSPMonitor\FILE_ID.DIZ
C:\Program Files\ACSPMonitor\hk.dll
C:\Program Files\ACSPMonitor\hprog.dll
C:\Program Files\ACSPMonitor\libeay32.dll
C:\Program Files\ACSPMonitor\license.txt
C:\Program Files\ACSPMonitor\logs\app.dat
C:\Program Files\ACSPMonitor\logs\clipboard.dat
C:\Program Files\ACSPMonitor\logs\computer.dat
C:\Program Files\ACSPMonitor\logs\filedir.dat
C:\Program Files\ACSPMonitor\logs\inetcon.dat
C:\Program Files\ACSPMonitor\logs\key.dat
C:\Program Files\ACSPMonitor\logs\pic
C:\Program Files\ACSPMonitor\logs\prnt.dat
C:\Program Files\ACSPMonitor\logs\screenshots.dat
C:\Program Files\ACSPMonitor\logs\url.dat
C:\Program Files\ACSPMonitor\logs
C:\Program Files\ACSPMonitor\readme.txt
C:\Program Files\ACSPMonitor\rights.bat
C:\Program Files\ACSPMonitor\ssleay32.dll
C:\Program Files\ACSPMonitor\unins000.dat
C:\Program Files\ACSPMonitor\unins000.exe
C:\Program Files\ACSPMonitor
C:\DOKUMENTE UND EINSTELLUNGEN\NICO\DESKTOP\COMPUTER\PROGRAMME\ACTUALSPY.LNK
C:\USERS\NICO\DESKTOP\COMPUTER\PROGRAMME\ACTUALSPY.LNK

Trojan.Agent/CDesc[Generic]
C:\PROGRAM FILES\SONY\PLAYSTATION STORE\NPAAC_WIN.DLL
C:\PROGRAM FILES\SONY\PLAYSTATION STORE\NPCOMMERCE2LIB.DLL

Trojan.Unclassified-Packed/Suspicious
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9A487E93-5CF2-48B1-8774-5D5682EECE5E}\RP92\A0024627.DLL

Trojan.Agent/Gen-PennyStockChaser
G:\PROGRAMME\CHEAT ENGINE\SYSTEMCALLSIGNAL.EXE

Trojan.Agent/Gen-Krpytik
G:\PROGRAMME\JOWOOD\BöSE NACHBARN 2\BIN\AR.EXE

Darkfilter 01.06.2010 13:58
So der letzte Logfile

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4160

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18904

01.06.2010 14:56:32
mbam-log-2010-06-01 (14-56-32).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|G:\|)
Durchsuchte Objekte: 526249
Laufzeit: 1 Stunde(n), 46 Minute(n), 38 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

cosinus 01.06.2010 18:39
Zitat:
Keylogger.Actual Spy
HKLM\Software\ACSPMonitor
Wie kommt dieser Keylogger da rauf? Selbst installiert oder haben noch andere Zugang zu diesem Rechner (vllt mal gehabt) ?
Die anderen Funde von SASW sehen nach Fehlalarmen aus.

Darkfilter 01.06.2010 20:53
Hi, den habe ich selber einmal installiert zur Überwachung!

cosinus 01.06.2010 20:55
Zur Überwachung von wem? Find ich unschön, andere Personen an den Rechner zu lassen und dann deren Tastaturanschläge aufzuzeichnen :pfui:

Darkfilter 02.06.2010 21:48
Nein, nicht um andere an den Rechner zu lassen usw..... Jedoch geht mein Bruder gern an meinen PC und versucht sich an irgendwelchen Passwörtern wenn ich nicht da bin. Um dies zu vermeiden habe ich den mal installiert.
Gruß Nico

cosinus 03.06.2010 12:04
Zitat:
Jedoch geht mein Bruder gern an meinen PC und versucht sich an irgendwelchen Passwörtern wenn ich nicht da bin. Um dies zu vermeiden habe ich den mal installiert.
Und wie soll ein Keylogger das verhindern?

Darkfilter 03.06.2010 22:09
Nein, verhindern nicht! JEdoch sehe ich das er was gemacht hat. Denn er gibt es nie zu.....!


Alle Zeitangaben in WEZ +1. Es ist jetzt 18:07 Uhr.
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131