Trojaner-Board
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Trojaner in mehreren Dateien - TR/SMALL.cjd TR/Dldr.Agent.dmrq TR/Ertfor.B. (https://www.trojaner-board.de/85483-trojaner-mehreren-dateien-tr-small-cjd-tr-dldr-agent-dmrq-tr-ertfor-b.html)

mts4711 30.04.2010 19:47
fertig

Code:
All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KMCONFIG deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
File 504-8834-11D5-AC75-0008C73FD642} file:///C:/Program%20Files/proeWildfire%203.0/i486_nt/obj/pvx_install.exe not found.
Starting removal of ActiveX control {1ED48504-8834-11D5-AC75-0008C73FD642}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1ED48504-8834-11D5-AC75-0008C73FD642}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1ED48504-8834-11D5-AC75-0008C73FD642}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1ED48504-8834-11D5-AC75-0008C73FD642}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{1ED48504-8834-11D5-AC75-0008C73FD642}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1ED48504-8834-11D5-AC75-0008C73FD642}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{32a5e8a0-ad06-11de-910d-00238b0b7982}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32a5e8a0-ad06-11de-910d-00238b0b7982}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{32a5e8a0-ad06-11de-910d-00238b0b7982}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32a5e8a0-ad06-11de-910d-00238b0b7982}\ not found.
File F:\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{680b5944-630d-11de-ab8f-00238b0b7982}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{680b5944-630d-11de-ab8f-00238b0b7982}\ not found.
File H:\APOTEKA\\\\\\BRENINA.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{680b5944-630d-11de-ab8f-00238b0b7982}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{680b5944-630d-11de-ab8f-00238b0b7982}\ not found.
File H:\APOTEKA\\\\\\BRENINA.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{680b5944-630d-11de-ab8f-00238b0b7982}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{680b5944-630d-11de-ab8f-00238b0b7982}\ not found.
File H:\APOTEKA\\\\\\BRENINA.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{af4f3379-3ef0-11df-b683-00238b0b7982}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{af4f3379-3ef0-11df-b683-00238b0b7982}\ not found.
File I:\BOMBOM\dokazehehe.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{af4f3379-3ef0-11df-b683-00238b0b7982}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{af4f3379-3ef0-11df-b683-00238b0b7982}\ not found.
File I:\BOMBOM\dokazehehe.exe not found.
C:\Users\mts\AppData\Roaming\lowsec folder moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File\Folder C:\Windows\System32\drivers\yviityx.sys not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: mts
->Temp folder emptied: 1653813825 bytes
->Temporary Internet Files folder emptied: 854897224 bytes
->Java cache emptied: 78170954 bytes
->FireFox cache emptied: 35915082 bytes
->Google Chrome cache emptied: 55951095 bytes
->Flash cache emptied: 2465 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 123139937 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 2.672,00 mb
 
 
OTL by OldTimer - Version 3.2.3.0 log created on 04302010_201248

Files\Folders moved on Reboot...
C:\Users\mts\AppData\Local\Temp\ehmsas.txt moved successfully.
File move failed. C:\Windows\temp\hlktmp scheduled to be moved on reboot.

StLB 30.04.2010 19:52
Ok, jetzt bitte einen Scan mit SuperAntiSpyware machen.

mts4711 01.05.2010 10:44
ok, hier der superanzispyware log. scheint einiges gefunden zu haben...

Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 04/30/2010 at 10:24 PM

Application Version : 4.35.1000

Core Rules Database Version : 4872
Trace Rules Database Version: 2684

Scan type      : Complete Scan
Total Scan Time : 01:29:23

Memory items scanned      : 620
Memory threats detected  : 0
Registry items scanned    : 8722
Registry threats detected : 0
File items scanned        : 64271
File threats detected    : 72

Adware.Tracking Cookie
        C:\Users\mts\AppData\Roaming\Microsoft\Windows\Cookies\mts@atwola[3].txt
        C:\Users\mts\AppData\Roaming\Microsoft\Windows\Cookies\mts@apmebf[2].txt
        C:\Users\mts\AppData\Roaming\Microsoft\Windows\Cookies\mts@tradedoubler[3].txt
        C:\Users\mts\AppData\Roaming\Microsoft\Windows\Cookies\mts@mediaplex[3].txt
        C:\Users\mts\AppData\Roaming\Microsoft\Windows\Cookies\mts@doubleclick[3].txt
        C:\Users\mts\AppData\Roaming\Microsoft\Windows\Cookies\mts@ptc.112.2o7[2].txt
        C:\Users\mts\AppData\Roaming\Microsoft\Windows\Cookies\Low\mts@advertising[2].txt
        C:\Users\mts\AppData\Roaming\Microsoft\Windows\Cookies\Low\mts@serving-sys[2].txt
        C:\Users\mts\AppData\Roaming\Microsoft\Windows\Cookies\Low\mts@ad.yieldmanager[1].txt
        C:\Users\mts\AppData\Roaming\Microsoft\Windows\Cookies\Low\mts@ww251.smartadserver[2].txt
        C:\Users\mts\AppData\Roaming\Microsoft\Windows\Cookies\Low\mts@2o7[1].txt
        C:\Users\mts\AppData\Roaming\Microsoft\Windows\Cookies\Low\mts@ad.71i[1].txt
        C:\Users\mts\AppData\Roaming\Microsoft\Windows\Cookies\Low\mts@adserver.71i[1].txt
        C:\Users\mts\AppData\Roaming\Microsoft\Windows\Cookies\Low\mts@adtech[1].txt
        C:\Users\mts\AppData\Roaming\Microsoft\Windows\Cookies\Low\mts@aolde.122.2o7[1].txt
        C:\Users\mts\AppData\Roaming\Microsoft\Windows\Cookies\Low\mts@de.at.atwola[1].txt
        C:\Users\mts\AppData\Roaming\Microsoft\Windows\Cookies\Low\mts@at.atwola[2].txt
        C:\Users\mts\AppData\Roaming\Microsoft\Windows\Cookies\Low\mts@atdmt[1].txt
        C:\Users\mts\AppData\Roaming\Microsoft\Windows\Cookies\Low\mts@bs.serving-sys[2].txt
        C:\Users\mts\AppData\Roaming\Microsoft\Windows\Cookies\Low\mts@content.yieldmanager[3].txt
        C:\Users\mts\AppData\Roaming\Microsoft\Windows\Cookies\Low\mts@doubleclick[2].txt
        C:\Users\mts\AppData\Roaming\Microsoft\Windows\Cookies\Low\mts@im.banner.t-online[1].txt
        C:\Users\mts\AppData\Roaming\Microsoft\Windows\Cookies\Low\mts@kontera[2].txt
        C:\Users\mts\AppData\Roaming\Microsoft\Windows\Cookies\Low\mts@pro-market[2].txt
        C:\Users\mts\AppData\Roaming\Microsoft\Windows\Cookies\Low\mts@questionmarket[1].txt
        C:\Users\mts\AppData\Roaming\Microsoft\Windows\Cookies\Low\mts@teltarifdeonlineverlaggmbh.112.2o7[1].txt
        C:\Users\mts\AppData\Roaming\Microsoft\Windows\Cookies\Low\mts@sevenoneintermedia.112.2o7[1].txt
        C:\Users\mts\AppData\Roaming\Microsoft\Windows\Cookies\Low\mts@smartadserver[1].txt
        C:\Users\mts\AppData\Roaming\Microsoft\Windows\Cookies\Low\mts@stats.bmw[1].txt
        C:\Users\mts\AppData\Roaming\Microsoft\Windows\Cookies\Low\mts@statse.webtrendslive[1].txt
        C:\Users\mts\AppData\Roaming\Microsoft\Windows\Cookies\Low\mts@tacoda[2].txt
        C:\Users\mts\AppData\Roaming\Microsoft\Windows\Cookies\Low\mts@tradedoubler[1].txt
        C:\Users\mts\AppData\Roaming\Microsoft\Windows\Cookies\Low\mts@traffictrack[2].txt
        C:\Users\mts\AppData\Roaming\Microsoft\Windows\Cookies\Low\mts@xiti[1].txt
        C:\Users\mts\AppData\Roaming\Microsoft\Windows\Cookies\mts@advertising[1].txt
        C:\Users\mts\AppData\Roaming\Microsoft\Windows\Cookies\mts@www.zanox-affiliate[1].txt
        C:\Users\mts\AppData\Roaming\Microsoft\Windows\Cookies\mts@www.etracker[2].txt
        C:\Users\mts\AppData\Roaming\Microsoft\Windows\Cookies\mts@ad.yieldmanager[2].txt
        C:\Users\mts\AppData\Roaming\Microsoft\Windows\Cookies\mts@ad.zanox[1].txt
        C:\Users\mts\AppData\Roaming\Microsoft\Windows\Cookies\mts@traffictrack[2].txt
        C:\Users\mts\AppData\Roaming\Microsoft\Windows\Cookies\mts@2o7[2].txt
        C:\Users\mts\AppData\Roaming\Microsoft\Windows\Cookies\mts@track.adform[2].txt
        C:\Users\mts\AppData\Roaming\Microsoft\Windows\Cookies\mts@adfarm1.adition[1].txt
        C:\Users\mts\AppData\Roaming\Microsoft\Windows\Cookies\mts@ad.71i[1].txt
        C:\Users\mts\AppData\Roaming\Microsoft\Windows\Cookies\mts@adserver.71i[1].txt
        C:\Users\mts\AppData\Roaming\Microsoft\Windows\Cookies\mts@apmebf[1].txt
        C:\Users\mts\AppData\Roaming\Microsoft\Windows\Cookies\mts@ar.atwola[2].txt
        C:\Users\mts\AppData\Roaming\Microsoft\Windows\Cookies\mts@atdmt[2].txt
        C:\Users\mts\AppData\Roaming\Microsoft\Windows\Cookies\mts@atwola[1].txt
        C:\Users\mts\AppData\Roaming\Microsoft\Windows\Cookies\mts@atwola[2].txt
        C:\Users\mts\AppData\Roaming\Microsoft\Windows\Cookies\mts@bs.serving-sys[1].txt
        C:\Users\mts\AppData\Roaming\Microsoft\Windows\Cookies\mts@content.yieldmanager[1].txt
        C:\Users\mts\AppData\Roaming\Microsoft\Windows\Cookies\mts@content.yieldmanager[3].txt
        C:\Users\mts\AppData\Roaming\Microsoft\Windows\Cookies\mts@doubleclick[1].txt
        C:\Users\mts\AppData\Roaming\Microsoft\Windows\Cookies\mts@doubleclick[2].txt
        C:\Users\mts\AppData\Roaming\Microsoft\Windows\Cookies\mts@mediaplex[1].txt
        C:\Users\mts\AppData\Roaming\Microsoft\Windows\Cookies\mts@overture[1].txt
        C:\Users\mts\AppData\Roaming\Microsoft\Windows\Cookies\mts@ptc.112.2o7[1].txt
        C:\Users\mts\AppData\Roaming\Microsoft\Windows\Cookies\mts@serving-sys[2].txt
        C:\Users\mts\AppData\Roaming\Microsoft\Windows\Cookies\mts@sevenoneintermedia.112.2o7[1].txt
        C:\Users\mts\AppData\Roaming\Microsoft\Windows\Cookies\mts@tacoda[1].txt
        C:\Users\mts\AppData\Roaming\Microsoft\Windows\Cookies\mts@tracking.mindshare[1].txt
        C:\Users\mts\AppData\Roaming\Microsoft\Windows\Cookies\mts@tracking.quisma[1].txt
        C:\Users\mts\AppData\Roaming\Microsoft\Windows\Cookies\mts@tradedoubler[1].txt
        C:\Users\mts\AppData\Roaming\Microsoft\Windows\Cookies\mts@tradedoubler[2].txt
        C:\Users\mts\AppData\Roaming\Microsoft\Windows\Cookies\mts@tto2.traffictrack[2].txt
        C:\Users\mts\AppData\Roaming\Microsoft\Windows\Cookies\mts@unitymedia[1].txt
        C:\Users\mts\AppData\Roaming\Microsoft\Windows\Cookies\mts@webmasterplan[1].txt
        C:\Users\mts\AppData\Roaming\Microsoft\Windows\Cookies\mts@zanox-affiliate[1].txt
        C:\Users\mts\AppData\Roaming\Microsoft\Windows\Cookies\mts@zanox[2].txt
        C:\Users\mts\AppData\Roaming\Microsoft\Windows\Cookies\mts@zbox.zanox[2].txt

Application.Agent/Gen-TempZ

StLB 01.05.2010 21:03
Die Funde von SuperAntiSpyware sind nur Cookies, also ungefährlich.
Damit sollten wir durch sein :daumenhoc


Abschließende Maßnahmen:

1. OTL Cleanup:
  • Um die verwendeten Tools zu entfernen, kannst du die CleanUp-Funktion von OTL nutzen
  • Öffne OTL und klicke auf den CleanUp Button

2. Updates prüfen:
  • Hinweis: dies ist nur ein Stardarttext. Nicht alle Punkte treffen bei Dir zu.
  • Microsoft Updates
  • Acrobat Reader
    • Entferne die alte Version von Acrobat Reader über Systemsteuerung ---> Software
    • Lade Dir die aktuelle Version (9.1) herunter oder...
    • ... installiere den kostenlosen Foxit Reader
  • Java
    • Beende alle Programme
    • Deinstalliere über Systemsteuerung ---> Software alle potentiell veralteten Java-Versionen
    • Lade Dir hier die aktuelle Java-Version herunter und installiere sie

3. Infizierte Systemwiederherstellungspunkte löschen:

Lösche alle Systemwiederherstellungspunkte, sie könnten infiziert sein:
  • Deaktiviere die Systemsteuerung:
    • Start -> Systemsteuerung -> System, Register Systemwiederherstellung
    • Setze einen Haken vor: 'Systemwiederherstellung auf allen Laufwerken deaktivieren'
    • Klicke auf OK
  • Reboote Deinen PC.
  • Aktiviere die Systemwiederherstellung nach obigem Schema (optional)


Alle Zeitangaben in WEZ +1. Es ist jetzt 06:54 Uhr.
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55