Results 1 to 2 of 2

Thread: Malwareinfektion

  1. #1
    Junior Member
    Join Date
    May 2011
    Posts
    2

    Default Hatte auch die beta drauf, danach aber irgendsoein malware prog auf dem rechner

    Halllo,

    hatte mal die beta installiert und danach wenn ich mich angemeldet hatte waren die windows hintergrundbilder weg und es lief ein prüfprogramm für xp automatisch ab das ich nicht kenne. Nun konnte ich einiges wieder löschen. Es installierte sich noch so ein sentinel. Spybot 1.6.2 findet nun ffraud oder wie das hieß nicht mehr. Woher bin ich sicher das alles sauber ist?

    Hier das logfile

    C:\Program Files (x86)\Panda Software\AVTC\PavSrvX86.exe
    C:\Program Files (x86)\Panda Software\AVTC\AVENGINE.EXE
    C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
    C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    C:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\Hp.Skyroom.Windows.Service.exe
    C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    C:\Program Files (x86)\Java\jre6\bin\jqs.exe
    C:\Program Files (x86)\Panda Software\AVTC\PsCtrlS.exe
    C:\Program Files (x86)\Panda Software\Panda Administrator 3\Pav_Agent\Pagent.exe
    C:\Program Files (x86)\Panda Software\Panda Administrator 3\Pav_Agent\pagentwd.exe
    C:\Program Files (x86)\Panda Software\Panda Administrator 3\Scheduler\pavsched.exe
    C:\Program Files (x86)\Panda Software\AVTC\PSKMsSvc.exe
    C:\Program Files (x86)\Panda Software\AVTC\PsImSvc.exe
    C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\SysWOW64\ctfmon.exe
    C:\Program Files (x86)\Panda Software\AVTC\PSCtrlC.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Panda Software\AVTC\AvTask.exe
    C:\Program Files (x86)\Opera\opera.exe
    C:\Documents and Settings\cnc2\Desktop\Downloads\HiJackThis204.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://companyweb
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://companyweb
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    F2 - REG:system.ini: UserInit=userinit
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files (x86)\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Panda Controller Client] "C:\Program Files (x86)\Panda Software\AVTC\PSCtrlC.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOKALER DIENST')
    O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETZWERKDIENST')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
    O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - ESC Trusted Zone: http://runonce.msn.com
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1262006554812
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1297754826187
    O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) -
    O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} (Java Plug-in 1.6.0_13) -
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = digitorgau.local
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = digitorgau.local
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\SysWOW64\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\SysWOW64\browseui.dll
    O23 - Service: Broadcom Management Agent (BrcmMgmtAgent) - Broadcom Corporation - C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
    O23 - Service: CodeMeter Runtime Server (CodeMeter.exe) - WIBU-SYSTEMS AG - C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe (file missing)
    O23 - Service: Event Log (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: HP SkyRoom (Hp.Skyroom.Windows.Service) - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\Hp.Skyroom.Windows.Service.exe
    O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
    O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe (file missing)
    O23 - Service: IviRegMgr - InterVideo - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files (x86)\Java\jre6\bin\jqs.exe
    O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\WINDOWS\system32\msdtc.exe (file missing)
    O23 - Service: Net Logon (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
    O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
    O23 - Service: NVIDIA Performance Driver Service - Unknown owner - C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\WINDOWS\system32\nvsvc64.exe (file missing)
    O23 - Service: Panda Software Controller - Panda Security - C:\Program Files (x86)\Panda Software\AVTC\PsCtrlS.exe
    O23 - Service: Panda AdminSecure Communications Agent (PAVAGENTE) - Panda Security, S.L. - C:\Program Files (x86)\Panda Software\Panda Administrator 3\Pav_Agent\Pagent.exe
    O23 - Service: Panda AdminSecure Scheduler (PavAtScheduler) - Panda Security, S.L. - C:\Program Files (x86)\Panda Software\Panda Administrator 3\Scheduler\pavsched.exe
    O23 - Service: Panda Antivirus Report Service (PavReport) - Panda Security, S.L. - C:\Program Files (x86)\Panda Software\Panda Administrator 3\PavReport\PavReport.exe
    O23 - Service: Panda Antivirus Service (PavSrv) - Panda Security, S.L. - C:\Program Files (x86)\Panda Software\AVTC\PavSrvX86.exe
    O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
    O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)
    O23 - Service: Panda AntiSpam Engine (PMShellSrv) - Panda Software International - C:\Program Files (x86)\Panda Software\AVTC\PSKMsSvc.exe
    O23 - Service: IPSEC Services (PolicyAgent) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
    O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
    O23 - Service: Panda IManager Service (PsImSvc) - Panda Security - C:\Program Files (x86)\Panda Software\AVTC\PsImSvc.exe
    O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    O23 - Service: Sitzungs-Manager für Remotedesktophilfe (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe (file missing)
    O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
    O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: Virtual Disk Service (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
    O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe (file missing)
    O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)

  2. #2
    Retired
    Join Date
    Oct 2005
    Posts
    566

    Default

    Hi,
    was noch hilfreich sein könnte ist ein SpybotSD-Bericht:
    Bitte starte Spybot-S&D und wechsel ueber den Menuepunkt
    'Modus' in den 'Erweiterten Modus', gehe dann nach 'Werkzeuge ->
    Bericht anzeigen', klicke auf den Knopf 'Bericht anzeigen' oben, und
    exportiere den dann angezeigten Bereicht in eine Text-Datei, und poste sie dann hier

    Auch wenn in einem Scan nichts gefunden wurde, sollten wir die Bedrohung im Report sehen können.

    Hier findest du eine Flash Animation die dir zeigt, wie du einen Bug Report erstellen kannst:
    http://www.safer-networking.org/flas...pybotsd-de.htm

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •