|
Habe ich einen Virus Hi Leute, habe mein Vierenprogramm laufen lassen und er fand folgendes:TR/Spy.Bebloh.A.55 (2 mal) 'EXP/Java.3243 Dies wurde jedoch nur verschoben in die Quarantäne. Wie kann ich diese Vieren löschen? Hijack: HiJackthis Logfile: Code: Logfile of Trend Micro HijackThis v2.0.2 |
Hallo und :hallo: Zitat:
Ein schädliches Objekt in der Quarantäne ist isoliert, das kommt einem Löschen gleich mit der Ausnahme, dass man notfalls nochmal Dateien, die versehentlich gelöscht wurden (bei Fehlalarmen!!) wiederherstellen kann! Bitte nen Vollscan mit malwarebytes machen und Log posten. Danach OTL: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
|
Logfile von OTL: OTL Logfile: Code: OTL logfile created on: 25.05.2010 18:24:06 - Run 1 |
2. Logfile: OTL EXTRAS Logfile: Code: OTL Extras logfile created on: 25.05.2010 18:24:06 - Run 1 |
Was ist mit Malwarebytes? Das solltest Du vor OTL ausführen. |
Sry, da es länger gedauert hat, habe ich es erst jetzt ausgeführt nun hier: (Soll ich jetzt noch einmal OTL ausführen?) Gruß Nico Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4142 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18904 25.05.2010 21:25:02 mbam-log-2010-05-25 (21-25-02).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|G:\|) Durchsuchte Objekte: 530080 Laufzeit: 1 Stunde(n), 48 Minute(n), 43 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 1 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 6 Infizierte Dateien: 9 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CURRENT_USER\SOFTWARE\WS9E3IQBKY (Trojan.FakeAlert) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rthdbpl (Trojan.Agent) -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: C:\ProgramData\MPK (Refog.Keylogger) -> Quarantined and deleted successfully. C:\ProgramData\MPK\1 (Refog.Keylogger) -> Quarantined and deleted successfully. C:\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D} (Trojan.Swisyn) -> Quarantined and deleted successfully. C:\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\chrome (Trojan.Swisyn) -> Quarantined and deleted successfully. C:\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content (Trojan.Swisyn) -> Quarantined and deleted successfully. C:\Users\Nico\AppData\Roaming\SystemProc (Trojan.Agent) -> Quarantined and deleted successfully. Infizierte Dateien: C:\System Volume Information\_restore{9A487E93-5CF2-48B1-8774-5D5682EECE5E}\RP103\A0025076.dll (Keylogger.PerfectKeylogger) -> Quarantined and deleted successfully. C:\ProgramData\MPK\M0000 (Refog.Keylogger) -> Quarantined and deleted successfully. C:\ProgramData\MPK\S0000 (Refog.Keylogger) -> Quarantined and deleted successfully. C:\ProgramData\MPK\1\D0000 (Refog.Keylogger) -> Quarantined and deleted successfully. C:\ProgramData\MPK\1\S0000 (Refog.Keylogger) -> Quarantined and deleted successfully. C:\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\chrome.manifest (Trojan.Swisyn) -> Quarantined and deleted successfully. C:\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\install.rdf (Trojan.Swisyn) -> Quarantined and deleted successfully. C:\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content\timer.xul (Trojan.Swisyn) -> Quarantined and deleted successfully. C:\Windows\System32\h@tkeysh@@k.dll (Trojan.Agent) -> Quarantined and deleted successfully. |
Ja, ein frisches OTL-Log wäre gut, da sich durch Malwarebytes ja wieder das System verändert hat. |
So, ich hoffe jetzt ist alles vorhanden was Du benötigst OTL Logfile: Code: OTL logfile created on: 25.05.2010 22:52:08 - Run 2 |
2. logfile OTL Logfile: Code: OTL logfile created on: 25.05.2010 22:52:08 - Run 2 |
Das OTL-Log sieht ok aus, aber kannst Du nochmal das extras Log nachreichen? Du hast 2x das gleiche Log gepostet. |
So, aber jetzt!^^ OTL EXTRAS Logfile: Code: OTL Extras logfile created on: 26.05.2010 17:42:58 - Run 3 |
Zitat:
Code: Drive G: | 465,76 Gb Total Space | 224,36 Gb Free Space | 48,17% Space Free | Partition Type: NTFS |
Jup, ich glaube ich kenne das Problem. Die Festplatte ist mal ein Platz verrutscht! Also sie war mal F und jetzt ist sie G. Musste die Pfade bei den Programmen ändern die auf F waren. Jedoch tat ich das nicht bei allen. Vielleicht wüsstest du noch eine Lösung für´s Problem. Gruß Nico |
Eine Laufwerksbuchstabenänderung ist so kein Hinweis auf ein echtes Problem. Was ich aus dem Ereisgnisprotokoll gefischt habe aber eher, denn das deutet auf ein Hardwareproblem hin! Das sollten wir im Hinterkopf behalten, lass und erstmal nach noch verbliebenen Schdälingen Ausschau halten, mach dazu bitte Logs mit GMER und OSAM - falls GMER auch beim 2. Mal abstürzt einfach nur OSAM ausführen. |
Hier, Report von OSAM Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 22:34:37 on 27.05.2010 OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit Default Browser: Mozilla Corporation Firefox 3.5.9 Scanner Settings Rootkits detection (hidden registry) Rootkits detection (hidden files) Retrieve files information Check Microsoft signatures Filters Trusted entries Empty entries Hidden registry entries (rootkit activity) Exclusively opened files Not found files Files without detailed information Existing files Non-startable services Non-startable drivers Active entries Disabled entries Risk Name Publisher Full Path Status Common %SystemRoot%\Tasks |||| "WebReg HP Photosmart C5300 series.job" "Hewlett-Packard Co." C:\Program Files\HP\Digital Imaging\bin\hpqwrg.exe File exists Control Panel Objects %SystemRoot%\system32 |||||| "TIControlPanel.cpl" "Texas Instruments Incorporated" C:\Windows\system32\TIControlPanel.cpl File exists HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls |||||| "Pando" "Pando Networks" C:\Program Files\Pando Networks\Media Booster\PMB.cpl File exists |||||| "QuickTime" "Apple Inc." C:\Program Files\QuickTime\QTSystem\QuickTime.cpl File exists Drivers HKLM\SYSTEM\CurrentControlSet\Services |||||| "avgntflt" (avgntflt) "Avira GmbH" C:\Windows\System32\DRIVERS\avgntflt.sys File exists |||||| "avipbb" (avipbb) "Avira GmbH" C:\Windows\System32\DRIVERS\avipbb.sys File exists "cdrmkaun" (cdrmkaun) C:\Users\Nico\AppData\Local\Temp\cdrmkaun.sys File not found "DBKDRVR54" (DBKDRVR54) F:\Program Files\Cheat Engine\dbk32.sys File not found "dump_wmimmc" (dump_wmimmc) F:\Programme\Cossfire\CrossFire\GameGuard\dump_wmimmc.sys File not found "EagleNT" (EagleNT) C:\Windows\system32\drivers\EagleNT.sys File not found |||||| "ElbyCDIO Driver" (ElbyCDIO) "Elaborate Bytes AG" C:\Windows\System32\Drivers\ElbyCDIO.sys File exists "GMSIPCI" (GMSIPCI) E:\INSTALL\GMSIPCI.SYS File not found |||||| "Hamachi Network Interface" (hamachi) "LogMeIn, Inc." C:\Windows\System32\DRIVERS\hamachi.sys File exists "IP in IP Tunnel Driver" (IpInIp) C:\Windows\System32\DRIVERS\ipinip.sys File not found "IPX Traffic Filter Driver" (NwlnkFlt) C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found "IPX Traffic Forwarder Driver" (NwlnkFwd) C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found |||||| "NPPTNT2" (NPPTNT2) "INCA Internet Co., Ltd." C:\Windows\system32\npptNT2.sys File exists "PCD52X2" (PCD52X2) C:\Users\Nico\AppData\Local\Temp\PCD52X2.sys File not found "PCD52X3" (PCD52X3) C:\Users\Nico\AppData\Local\Temp\PCD52X3.sys File not found "PCD61X2" (PCD61X2) C:\Users\Nico\AppData\Local\Temp\PCD61X2.sys File not found "PCD61X3" (PCD61X3) C:\Users\Nico\AppData\Local\Temp\PCD61X3.sys File not found "SSHDRV51" (SSHDRV51) C:\Windows\system32\drivers\SSHDRV51.sys File found, but it contains no detailed information |||||| "SSHDRV52" (SSHDRV52) C:\Windows\system32\drivers\SSHDRV52.sys File found, but it contains no detailed information |||||| "SSHDRV61" (SSHDRV61) C:\Windows\system32\drivers\SSHDRV61.sys File found, but it contains no detailed information |||||| "SSHDRV76" (SSHDRV76) C:\Windows\system32\drivers\SSHDRV76.sys File exists |||||| "ssmdrv" (ssmdrv) "Avira GmbH" C:\Windows\System32\DRIVERS\ssmdrv.sys File exists |||||| "StarForce Protection Environment Driver v6" (prodrv06) "Protection Technology" C:\Windows\System32\drivers\prodrv06.sys File exists |||||| "StarForce Protection Helper Driver" (sfhlp01) "Protection Technology" C:\Windows\System32\drivers\sfhlp01.sys File exists |||||| "StarForce Protection Helper Driver v2" (prohlp02) "Protection Technology" C:\Windows\System32\drivers\prohlp02.sys File exists |||||| "StarForce Protection Synchronization Driver v1" (prosync1) "Protection Technology" C:\Windows\System32\drivers\prosync1.sys File exists |||||| "StarOpen" (StarOpen) C:\Windows\system32\drivers\StarOpen.sys File found, but it contains no detailed information |||||| "TIEHDUSB" (TIEHDUSB) "Texas Instruments Incorporated" C:\Windows\System32\drivers\tiehdusb.sys File exists Explorer HKLM\Software\Classes\Folder\shellex\ColumnHandlers |||||| {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" "Adobe Systems, Inc." C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll File exists |||||| {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll File exists HKLM\Software\Classes\Protocols\Handler |||||| {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" "Skype Technologies" C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL File exists HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" File not found | COM-object registry key not found {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" File not found | COM-object registry key not found {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" File not found | COM-object registry key not found {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" File not found | COM-object registry key not found |||||| {872A9397-E0D6-4e28-B64D-52B8D0A7EA35} "DisplayCplExt Class" "Advanced Micro Devices, Inc." C:\Program Files\ATI\ATI.ACE\Core-Static\atiamaxx.dll File exists {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" File not found | COM-object registry key not found |||||| {3FCEF010-09A4-11D4-8D3B-D12F9D3D8B02} "FileTimeShlExt Class" "Texas Instruments Incorporated" C:\PROGRA~2\COMMON~1\TISHAR~1\TICONN~1\TIShlExt.dll File exists {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" File not found | COM-object registry key not found {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" F:\Programme\iTunes\iTunesMiniPlayer.dll File not found {00020d75-0000-0000-c000-000000000046} "lnkfile" File not found | COM-object registry key not found |||||| {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" "Microsoft Corporation" G:\PROGRA~1\MICROS~2\OFFICE11\msohev.dll File exists |||||| {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" "Microsoft Corporation" C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\msoshext.dll File exists |||||| {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" "Microsoft Corporation" C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\msoshext.dll File exists |||||| {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll File exists |||||| {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll File exists |||||| {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll File exists |||||| {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll File exists {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" File not found | COM-object registry key not found {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" File not found | COM-object registry key not found |||||| {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" "Avira GmbH" C:\Program Files\Avira\AntiVir Desktop\shlext.dll File exists |||||| {5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" "Advanced Micro Devices, Inc." C:\Program Files\ATI\ATI.ACE\Core-Static\atiacmxx.dll File exists |||||| {B7056B8E-4F99-44f8-8CBD-282390FE5428} "VirtualCloneDrive Shell Extension" "Elaborate Bytes AG" C:\Program Files\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll File exists {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" File not found | COM-object registry key not found |||||| {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" C:\Program Files\WinRAR\rarext.dll File exists Internet Explorer HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars |||| {555D4D79-4BD2-4094-A395-CFC534424A05} "HP Smart Web Printing" "Hewlett-Packard Co." C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll File exists HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser "ITBar7Layout" File not found | COM-object registry key not found HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units |||| {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_20" hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab "Sun Microsystems, Inc." C:\Program Files\Java\jre6\bin\jp2iexp.dll File exists |||| {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab "Sun Microsystems, Inc." C:\Program Files\Java\jre6\bin\jp2iexp.dll File exists |||| {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab "Sun Microsystems, Inc." C:\Program Files\Java\jre6\bin\npjpi160_20.dll File exists HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars |||| {555D4D79-4BD2-4094-A395-CFC534424A05} "HP Smart Web Printing" "Hewlett-Packard Co." C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll File exists HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions |||| {DDE87865-83C5-48c4-8357-2F5B1AA84522} "HP Smart Web Printing ein- oder ausblenden" "Hewlett-Packard Co." C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll File exists "ICQ6" F:\Program Files\ICQ6.5\ICQ.exe File not found HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects |||||| {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" "Adobe Systems Incorporated" C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll File exists |||| {0347C33E-8762-4905-BF09-768834316C61} "HP Print Enhancer" "Hewlett-Packard Co." C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll File exists |||| {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} "HP Smart BHO Class" "Hewlett-Packard Co." C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll File exists |||| {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" "Sun Microsystems, Inc." C:\Program Files\Java\jre6\bin\jp2ssv.dll File exists Logon %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup |||||| "desktop.ini" C:\Users\Nico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini File exists |||| "OpenOffice.org 3.1.lnk" C:\Program Files\OpenOffice.org 3\program\quickstart.exe Shortcut exists | File found, but it contains no detailed information | File exists "Product Registration.lnk" C:\Users\Nico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Product Registration.lnk Shortcut exists | File not found %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup |||||| "desktop.ini" C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini File exists |||| "HP Digital Imaging Monitor.lnk" "Hewlett-Packard Co." C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe Shortcut exists | File exists HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "iTap" C:\Program Files\HLW\iTap\iTap.exe File not found "RGSC" F:\Programme\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent File not found "Steam" "f:\programme\steam\steam.exe" -silent File not found HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd "StartupPrograms" rdpclip File not found HKLM\Software\Microsoft\Windows\CurrentVersion\Run |||| "Adobe ARM" "Adobe Systems Incorporated" "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" File exists |||| "Adobe Reader Speed Launcher" "Adobe Systems Incorporated" "G:\Programme\Adobe Reader\Reader\Reader_sl.exe" File exists |||||| "avgnt" "Avira GmbH" "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min File exists |||| "HP Software Update" "Hewlett-Packard" C:\Program Files\HP\HP Software Update\HPWuSchd2.exe File exists "iTunesHelper" "F:\Programme\iTunes\iTunesHelper.exe" File not found |||||| "JMB36X IDE Setup" C:\Windows\RaidTool\xInsIDE.exe File found, but it contains no detailed information "LogMeIn Hamachi Ui" "F:\Programme\Hamachi\hamachi-2-ui.exe" --auto-start File not found |||| "NeroFilterCheck" "Ahead Software Gmbh" C:\Windows\system32\NeroCheck.exe File exists |||| "StartCCC" "Advanced Micro Devices, Inc." "C:\Program Files\ATI\ATI.ACE\Core-Static\CLIStart.exe" MSRun File exists |||| "SunJavaUpdateSched" "Sun Microsystems, Inc." "C:\Program Files\Common Files\Java\Java Update\jusched.exe" File exists |||| "VirtualCloneDrive" "Elaborate Bytes AG" "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s File exists Print Monitors HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors |||||| "PCL Language Monitor" "Hewlett-Packard Company" C:\Windows\system32\hpz3l692.dll File exists Services HKLM\SYSTEM\CurrentControlSet\Services |||||| "Apple Mobile Device" (Apple Mobile Device) "Apple Inc." C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe File exists |||||| "Avira AntiVir Guard" (AntiVirService) "Avira GmbH" C:\Program Files\Avira\AntiVir Desktop\avguard.exe File exists |||||| "Avira AntiVir Planer" (AntiVirSchedulerService) "Avira GmbH" C:\Program Files\Avira\AntiVir Desktop\sched.exe File exists |||||| "Bonjour-Dienst" (Bonjour Service) "Apple Inc." C:\Program Files\Bonjour\mDNSResponder.exe File exists |||||| "HP CUE DeviceDiscovery Service" (hpqddsvc) "Hewlett-Packard Co." C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll File exists |||||| "hpqcxs08" (hpqcxs08) "Hewlett-Packard Co." C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll File exists |||||| "iPod-Dienst" (iPod Service) "Apple Inc." C:\Program Files\iPod\bin\iPodService.exe File exists "LogMeIn Hamachi 2.0 Tunneling Engine" (Hamachi2Svc) F:\Programme\Hamachi\hamachi-2.exe -s File not found |||||| "Net Driver HPZ12" (Net Driver HPZ12) "Hewlett-Packard" C:\Windows\system32\HPZinw12.dll File exists |||| "nProtect GameGuard Service" (npggsvc) "INCA Internet Co., Ltd." C:\Windows\system32\GameMon.des File exists |||||| "Office Source Engine" (ose) "Microsoft Corporation" C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE File exists |||||| "Pml Driver HPZ12" (Pml Driver HPZ12) "Hewlett-Packard" C:\Windows\system32\HPZipm12.dll File exists |||||| "PnkBstrA" (PnkBstrA) C:\Windows\system32\PnkBstrA.exe File found, but it contains no detailed information "PnkBstrB" (PnkBstrB) C:\Windows\system32\PnkBstrB.exe File found, but it contains no detailed information |||||| "Steam Client Service" (Steam Client Service) "Valve Corporation" C:\Program Files\Common Files\Steam\SteamService.exe File exists Winsock Providers HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries |||||| "mdnsNSP" "Apple Inc." C:\Program Files\Bonjour\mdnsNSP.dll File exists If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru |
hi, habe die nächsten logs gepostet warte auf Antwort! Gruß Nico |
Hab Deinen Strang übersehen. Das osam Logfile sieht unauffällig aus, ich würde jetzt mal CF vorschlagen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
http://saved.im/mtm0nzyzmzd5/cofi.jpg
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! |
Hier das Logfile von ComboFix Combofix Logfile: Code: ComboFix 10-05-29.05 - Nico 30.05.2010 22:38:12.1.4 - x86 |
Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!! |
Erst einmal das Logfile von SUPERAntiSpyware nächstes folgt heute oder morgen SUPERAntiSpyware Scan Log hxxp://www.superantispyware.com Generated 06/01/2010 at 00:33 AM Application Version : 4.38.1004 Core Rules Database Version : 5011 Trace Rules Database Version: 2823 Scan type : Complete Scan Total Scan Time : 04:15:43 Memory items scanned : 781 Memory threats detected : 0 Registry items scanned : 6425 Registry threats detected : 121 File items scanned : 397517 File threats detected : 34 Keylogger.Actual Spy HKLM\Software\ACSPMonitor HKLM\Software\ACSPMonitor\Application HKLM\Software\ACSPMonitor\Application#enabled HKLM\Software\ACSPMonitor\Application#path HKLM\Software\ACSPMonitor\Application#start HKLM\Software\ACSPMonitor\Application#stop HKLM\Software\ACSPMonitor\Clipboard HKLM\Software\ACSPMonitor\Clipboard#enabled HKLM\Software\ACSPMonitor\Clipboard#isborder HKLM\Software\ACSPMonitor\Clipboard#numborder HKLM\Software\ACSPMonitor\Clipboard#razmborder HKLM\Software\ACSPMonitor\Clipboard#notspy HKLM\Software\ACSPMonitor\Clipboard#path HKLM\Software\ACSPMonitor\Computer HKLM\Software\ACSPMonitor\Computer#enabled HKLM\Software\ACSPMonitor\Computer#path HKLM\Software\ACSPMonitor\Email HKLM\Software\ACSPMonitor\Email#enabled HKLM\Software\ACSPMonitor\Email#address HKLM\Software\ACSPMonitor\Email#subject HKLM\Software\ACSPMonitor\Email#fromaddress HKLM\Software\ACSPMonitor\Email#smtpserver HKLM\Software\ACSPMonitor\Email#username HKLM\Software\ACSPMonitor\Email#port HKLM\Software\ACSPMonitor\Email#smtpdefault HKLM\Software\ACSPMonitor\Email#sendkey HKLM\Software\ACSPMonitor\Email#sendscr HKLM\Software\ACSPMonitor\Email#sendapp HKLM\Software\ACSPMonitor\Email#sendclipb HKLM\Software\ACSPMonitor\Email#sendprnt HKLM\Software\ACSPMonitor\Email#sendcomputer HKLM\Software\ACSPMonitor\Email#sendfiledir HKLM\Software\ACSPMonitor\Email#sendinetcon HKLM\Software\ACSPMonitor\Email#sendurl HKLM\Software\ACSPMonitor\Email#delalllogs HKLM\Software\ACSPMonitor\Email#sendtimeinterval HKLM\Software\ACSPMonitor\Email#timeinterval HKLM\Software\ACSPMonitor\Email#timeminutes HKLM\Software\ACSPMonitor\Email#sizelogs HKLM\Software\ACSPMonitor\Email#mode HKLM\Software\ACSPMonitor\Email#code HKLM\Software\ACSPMonitor\Email#sendtimemoment HKLM\Software\ACSPMonitor\Email#timesend HKLM\Software\ACSPMonitor\Email#authentication HKLM\Software\ACSPMonitor\Email#password HKLM\Software\ACSPMonitor\Filedir HKLM\Software\ACSPMonitor\Filedir#enabled HKLM\Software\ACSPMonitor\Filedir#filecreate HKLM\Software\ACSPMonitor\Filedir#filedelete HKLM\Software\ACSPMonitor\Filedir#filerename HKLM\Software\ACSPMonitor\Filedir#spyfiles HKLM\Software\ACSPMonitor\Filedir#filesystem HKLM\Software\ACSPMonitor\Filedir#dirpath HKLM\Software\ACSPMonitor\Filedir#subdir HKLM\Software\ACSPMonitor\Filedir#path HKLM\Software\ACSPMonitor\FTP HKLM\Software\ACSPMonitor\FTP#enabled HKLM\Software\ACSPMonitor\FTP#host HKLM\Software\ACSPMonitor\FTP#username HKLM\Software\ACSPMonitor\FTP#password HKLM\Software\ACSPMonitor\FTP#port HKLM\Software\ACSPMonitor\Inetcon HKLM\Software\ACSPMonitor\Inetcon#enabled HKLM\Software\ACSPMonitor\Inetcon#path HKLM\Software\ACSPMonitor\Keylogger HKLM\Software\ACSPMonitor\Keylogger#enabled HKLM\Software\ACSPMonitor\Keylogger#spy_only_char HKLM\Software\ACSPMonitor\Keylogger#show_only_char HKLM\Software\ACSPMonitor\Keylogger#path HKLM\Software\ACSPMonitor\LAN HKLM\Software\ACSPMonitor\LAN#enabled HKLM\Software\ACSPMonitor\LAN#path HKLM\Software\ACSPMonitor\Main HKLM\Software\ACSPMonitor\Main#spy HKLM\Software\ACSPMonitor\Main#hotkey HKLM\Software\ACSPMonitor\Main#path_log HKLM\Software\ACSPMonitor\Main#encrypt HKLM\Software\ACSPMonitor\Main#search_case HKLM\Software\ACSPMonitor\Main#pass HKLM\Software\ACSPMonitor\Main#pass_txt HKLM\Software\ACSPMonitor\Main#run_word HKLM\Software\ACSPMonitor\Main#max_text HKLM\Software\ACSPMonitor\Main#max_scr HKLM\Software\ACSPMonitor\Main#clear HKLM\Software\ACSPMonitor\Main#start_on_startup HKLM\Software\ACSPMonitor\Main#spy_on_start HKLM\Software\ACSPMonitor\Main#hide_on_startup HKLM\Software\ACSPMonitor\Main#hide_desktop HKLM\Software\ACSPMonitor\Main#hide_start HKLM\Software\ACSPMonitor\Main#hide_uninstall HKLM\Software\ACSPMonitor\Main#hide_folder HKLM\Software\ACSPMonitor\Main#remind HKLM\Software\ACSPMonitor\Main#shutdown HKLM\Software\ACSPMonitor\Main#path_app2 HKLM\Software\ACSPMonitor\Printer HKLM\Software\ACSPMonitor\Printer#enabled HKLM\Software\ACSPMonitor\Printer#path HKLM\Software\ACSPMonitor\Report HKLM\Software\ACSPMonitor\Report#mode HKLM\Software\ACSPMonitor\Report#logs HKLM\Software\ACSPMonitor\Report#onepage HKLM\Software\ACSPMonitor\Report#reccount HKLM\Software\ACSPMonitor\Screenshot HKLM\Software\ACSPMonitor\Screenshot#enabled HKLM\Software\ACSPMonitor\Screenshot#active_window HKLM\Software\ACSPMonitor\Screenshot#cursor HKLM\Software\ACSPMonitor\Screenshot#quality HKLM\Software\ACSPMonitor\Screenshot#interval HKLM\Software\ACSPMonitor\Screenshot#timeminutes HKLM\Software\ACSPMonitor\Screenshot#idle HKLM\Software\ACSPMonitor\Screenshot#idle_time HKLM\Software\ACSPMonitor\Screenshot#path HKLM\Software\ACSPMonitor\Screenshot#path_pic HKLM\Software\ACSPMonitor\Test HKLM\Software\ACSPMonitor\Url HKLM\Software\ACSPMonitor\Url#enabled HKLM\Software\ACSPMonitor\Url#http HKLM\Software\ACSPMonitor\Url#https HKLM\Software\ACSPMonitor\Url#ftp HKLM\Software\ACSPMonitor\Url#other HKLM\Software\ACSPMonitor\Url#path C:\Windows\system\actualspystart.lnk C:\Program Files\ACSPMonitor\ActualSpy.chm C:\Program Files\ACSPMonitor\ASMonitor.exe C:\Program Files\ACSPMonitor\asmonitor.exe.manifest C:\Program Files\ACSPMonitor\f.bat C:\Program Files\ACSPMonitor\FILE_ID.DIZ C:\Program Files\ACSPMonitor\hk.dll C:\Program Files\ACSPMonitor\hprog.dll C:\Program Files\ACSPMonitor\libeay32.dll C:\Program Files\ACSPMonitor\license.txt C:\Program Files\ACSPMonitor\logs\app.dat C:\Program Files\ACSPMonitor\logs\clipboard.dat C:\Program Files\ACSPMonitor\logs\computer.dat C:\Program Files\ACSPMonitor\logs\filedir.dat C:\Program Files\ACSPMonitor\logs\inetcon.dat C:\Program Files\ACSPMonitor\logs\key.dat C:\Program Files\ACSPMonitor\logs\pic C:\Program Files\ACSPMonitor\logs\prnt.dat C:\Program Files\ACSPMonitor\logs\screenshots.dat C:\Program Files\ACSPMonitor\logs\url.dat C:\Program Files\ACSPMonitor\logs C:\Program Files\ACSPMonitor\readme.txt C:\Program Files\ACSPMonitor\rights.bat C:\Program Files\ACSPMonitor\ssleay32.dll C:\Program Files\ACSPMonitor\unins000.dat C:\Program Files\ACSPMonitor\unins000.exe C:\Program Files\ACSPMonitor C:\DOKUMENTE UND EINSTELLUNGEN\NICO\DESKTOP\COMPUTER\PROGRAMME\ACTUALSPY.LNK C:\USERS\NICO\DESKTOP\COMPUTER\PROGRAMME\ACTUALSPY.LNK Trojan.Agent/CDesc[Generic] C:\PROGRAM FILES\SONY\PLAYSTATION STORE\NPAAC_WIN.DLL C:\PROGRAM FILES\SONY\PLAYSTATION STORE\NPCOMMERCE2LIB.DLL Trojan.Unclassified-Packed/Suspicious C:\SYSTEM VOLUME INFORMATION\_RESTORE{9A487E93-5CF2-48B1-8774-5D5682EECE5E}\RP92\A0024627.DLL Trojan.Agent/Gen-PennyStockChaser G:\PROGRAMME\CHEAT ENGINE\SYSTEMCALLSIGNAL.EXE Trojan.Agent/Gen-Krpytik G:\PROGRAMME\JOWOOD\BöSE NACHBARN 2\BIN\AR.EXE |
So der letzte Logfile Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4160 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18904 01.06.2010 14:56:32 mbam-log-2010-06-01 (14-56-32).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|G:\|) Durchsuchte Objekte: 526249 Laufzeit: 1 Stunde(n), 46 Minute(n), 38 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) |
Zitat:
Die anderen Funde von SASW sehen nach Fehlalarmen aus. |
Hi, den habe ich selber einmal installiert zur Überwachung! |
Zur Überwachung von wem? Find ich unschön, andere Personen an den Rechner zu lassen und dann deren Tastaturanschläge aufzuzeichnen :pfui: |
Nein, nicht um andere an den Rechner zu lassen usw..... Jedoch geht mein Bruder gern an meinen PC und versucht sich an irgendwelchen Passwörtern wenn ich nicht da bin. Um dies zu vermeiden habe ich den mal installiert. Gruß Nico |
Zitat:
|
Nein, verhindern nicht! JEdoch sehe ich das er was gemacht hat. Denn er gibt es nie zu.....! |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 20:13 Uhr. |
Copyright ©2000-2025, Trojaner-Board