|
Log-Analyse und Auswertung: Auswertung HijackThisWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
19.07.2009, 17:46 | #1 |
| Auswertung HijackThis also ich wende mich hiermit ans forum,weil ich naja keine ahnung hab das wären dann die "dateien" wie mans auch nennt: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:39:03, on 19.07.2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18248) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe C:\Windows\BR040286.exe C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Apoint2K\Apoint.exe C:\Acer\Empowering Technology\eAudio\eAudio.exe C:\Users\admin\AppData\Local\Temp\RtkBtMnt.exe C:\Windows\System32\rundll32.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Windows\System32\NetFilter.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\mobsync.exe C:\Windows\ehome\ehtray.exe C:\Windows\System32\p2phost.exe C:\Program Files\ICQ6.5\ICQ.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Windows\ehome\ehmsas.exe C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE c:\program files\adobe media player\adobe media player.exe C:\Program Files\Xfire\xfire.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\conime.exe C:\Program Files\Windows Live\Toolbar\wltuser.exe C:\Users\admin\Desktop\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de.intl.acer.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.intl.acer.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://de.rd.yahoo.com/customize/ycomp/defaults/su/*http://de.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) R3 - URLSearchHook: (no name) - - (no file) R3 - URLSearchHook: (no name) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - (no file) R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll O1 - Hosts: ::1 localhost O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {A77D3539-581D-450C-9E44-A84C415A6172} - C:\Windows\System32\msxmlm.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: (no name) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - (no file) O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe O4 - HKLM\..\Run: [BisonInst0402] C:\Windows\BR040286.exe O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe" O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe" O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Setup User] "C:\ProgramData\Eqsoapsoap.pf7an" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [MSDRV] NetFilter.exe O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [Setup User] "C:\ProgramData\Eqsoapsoap.qqpa8ul" O4 - HKCU\..\Run: [locks tick title proc] "C:\ProgramData\Win Chin Software.z56dm1" O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent O4 - HKCU\..\Run: [ICQ] "C:\PROGRA~1\ICQ6.5\ICQ.exe" silent O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - Startup: Adobe Media Player.lnk = C:\Program Files\Adobe Media Player\Adobe Media Player.exe O4 - Startup: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: Empowering Technology Launcher.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing) O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing) O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe O13 - Gopher Prefix: O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?e=1221405781212&h=76cecc8405a5882aac7339e2c2ddcb0d/&filename=jinstall-6u7-windows-i586-jc.cab O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O20 - AppInit_DLLs: eNetHook.dll O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Automatisches LiveUpdate - Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing) O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 13171 bytes danke schonmal im voraus,ist mir EXTREM wichtig! |
19.07.2009, 20:39 | #2 |
| Auswertung HijackThis Hast du PC Probleme oder willst du es einfach nur mal ausgewertet bekommen? Beschreibe bitte dein Problem.
__________________ |
19.07.2009, 20:51 | #3 |
| Auswertung HijackThis Problem...Heute Mittag hatts meinen Laptop völlig gepackt und ist nun total hinüber. Habe schon lange unzählige Viren und vorallem Trojaner auf dem Pc und weis echt nicht wie ich die Dinger wegbekomme...Wenn ich es richtig gelesen habe werden beim Auswerten die "bösen" Dateien aufgeschrieben,die man bei HijackThis dann ankreuzt und fixt?! Was dann sozusagen ein Virenzerstörer ist...So hab ich es aufgenommen.
__________________Wobei wenn ich die Viren nicht wegbekomme,muss ich wohl den gesamten Laptop neu formatieren ._. Ich glaube auch nicht wirklich,dass alle Viren beseitigt werden können und er optimal läuft. Abgesehen davon hat sich dann das Programm "Personal Antivirus" angekündigt,und ich wusste nicht,dass es alles kaputt macht... Das bekomm ich also auch nich mehr runter,habe zwar den Spyware Doctor installiert,aber ohne,dass man die Programme kauft taugt eh nichts mehr. |
19.07.2009, 21:03 | #4 |
| Auswertung HijackThis Also HijackThis sagt das: C:\Windows\System32\NetFilter.exe = Ein unbekannter Prozess R3 - URLSearchHook: (no name) - - (no file) = Schädlich (2.4 / 5.00) Ich weiß nicht was das ist ? Unbekannt O2 - BHO: (no name) - {A77D3539-581D-450C-9E44-A84C415A6172} - C:\Windows\System32\msxmlm.dll = Nicht bekannt Und sonst noch ein paar, die er nicht zuordnen kann. Das beste ist, du speicherst alles udn setzt den PC / Laptop neu auf. So bist du auf der sichersten Seite. mfg Neotax |
19.07.2009, 23:09 | #5 |
| Auswertung HijackThis Hallo und 1.)Sorge bitte für eine ordentliche Ordneransicht.Anleitung: UploadChannel - Trojaner-Board--->nur Schritt 1 2.)Lasse bitte die folgenden Dateien online bei VirusTotal auswerten und poste die kompletten Ergebnisse in Codeboxen [ code][/code]. Das macht das ganze übersichtlicher (alternativ erstellt man die Codeboxen mit diesem Button, #, oben in der Leiste wenn du eine Nachricht erstellst). Code:
ATTFilter C:\Windows\System32\NetFilter.exe C:\Windows\System32\msxmlm.dll C:\ProgramData\Eqsoapsoap.pf7an C:\ProgramData\Eqsoapsoap.qqpa8ul C:\ProgramData\Win Chin Software.z56dm1 4.)Erstelle ein neues HijackThis-log und poste es hier. 5.)Ich hätte gern eine Liste deiner installierten Software. Lade dir dazu CCleaner herunter und installiere es (Toolbars abwählen). Starte nun das Programm und gehe unter Extras auf Programme deinstallieren. Rechts unten befindet sich ein Button "Als Textdatei speichern". Poste den Inhalt der Textdatei, am besten in der Codebox. Geändert von .keNNy# (19.07.2009 um 23:14 Uhr) |
20.07.2009, 12:02 | #6 |
| Auswertung HijackThisCode:
ATTFilter C:\Windows\System32\NetFilter.exe 0 bytes size received / Se ha recibido un archivo vacio --> Avira zeigt seit vorher die ganze Zeit das Trojanische Pferd TR/FraudPack.poy - Code:
ATTFilter C:\Windows\System32\msxmlm.dll 0 bytes size received / Se ha recibido un archivo vacio - Code:
ATTFilter C:\ProgramData\Eqsoapsoap.pf7an Antivirus Version letzte aktualisierung Ergebnis a-squared 4.5.0.24 2009.07.20 - AhnLab-V3 5.0.0.2 2009.07.20 - AntiVir 7.9.0.222 2009.07.20 - Antiy-AVL 2.0.3.7 2009.07.17 - Authentium 5.1.2.4 2009.07.20 - Avast 4.8.1335.0 2009.07.19 - AVG 8.5.0.387 2009.07.20 - BitDefender 7.2 2009.07.20 - CAT-QuickHeal 10.00 2009.07.20 - ClamAV 0.94.1 2009.07.19 - Comodo 1713 2009.07.20 - DrWeb 5.0.0.12182 2009.07.20 - eSafe 7.0.17.0 2009.07.19 - eTrust-Vet 31.6.6628 2009.07.20 - F-Prot 4.4.4.56 2009.07.20 - F-Secure 8.0.14470.0 2009.07.20 - Fortinet 3.120.0.0 2009.07.20 - GData 19 2009.07.20 - Ikarus T3.1.1.64.0 2009.07.20 - Jiangmin 11.0.800 2009.07.20 - K7AntiVirus 7.10.796 2009.07.18 - Kaspersky 7.0.0.125 2009.07.20 - McAfee 5681 2009.07.19 - McAfee+Artemis 5681 2009.07.19 - McAfee-GW-Edition 6.8.5 2009.07.20 - Microsoft 1.4803 2009.07.20 - NOD32 4260 2009.07.20 - Norman 6.01.09 2009.07.20 - nProtect 2009.1.8.0 2009.07.20 - Panda 10.0.0.14 2009.07.19 - PCTools 4.4.2.0 2009.07.19 - Prevx 3.0 2009.07.20 - Rising 21.39.02.00 2009.07.20 - Sophos 4.43.0 2009.07.20 - Symantec 1.4.4.12 2009.07.20 - TheHacker 6.3.4.3.370 2009.07.17 - TrendMicro 8.950.0.1094 2009.07.20 - VBA32 3.12.10.8 2009.07.19 - ViRobot 2009.7.20.1843 2009.07.20 - VirusBuster 4.6.5.0 2009.07.16 - weitere Informationen File size: 135184 bytes MD5...: 6a854a4dfd711a62d074ec1373fa0fca SHA1..: 78d608309b09eeb1aa7f2c02e72129542bfb1545 SHA256: 0fec8c1a11cf9099e3e16e2b524b4e58093b565ea9f705eabcef4e9eb5c37956 ssdeep: 3072:RCk70U2/IlaimeuuWQoGiKhgYbrlAfoaJsiHPSRTj6HOFjBpUMqaOT:90U2 /SjoFSrvAqTj6uNBKgOT PEiD..: - TrID..: File type identification Unknown! PEInfo: - PDFiD.: - RDS...: NSRL Reference Data Set - Code:
ATTFilter C:\ProgramData\Eqsoapsoap.qqpa8ul Antivirus Version letzte aktualisierung Ergebnis a-squared 4.5.0.24 2009.07.20 - AhnLab-V3 5.0.0.2 2009.07.20 - AntiVir 7.9.0.222 2009.07.20 - Antiy-AVL 2.0.3.7 2009.07.17 - Authentium 5.1.2.4 2009.07.20 - Avast 4.8.1335.0 2009.07.19 - AVG 8.5.0.387 2009.07.20 - BitDefender 7.2 2009.07.20 - CAT-QuickHeal 10.00 2009.07.20 - ClamAV 0.94.1 2009.07.19 - Comodo 1713 2009.07.20 - DrWeb 5.0.0.12182 2009.07.20 - eTrust-Vet 31.6.6628 2009.07.20 - F-Prot 4.4.4.56 2009.07.20 - F-Secure 8.0.14470.0 2009.07.20 - Fortinet 3.120.0.0 2009.07.20 - GData 19 2009.07.20 - Ikarus T3.1.1.64.0 2009.07.20 - Jiangmin 11.0.800 2009.07.20 - K7AntiVirus 7.10.796 2009.07.18 - Kaspersky 7.0.0.125 2009.07.20 - McAfee 5681 2009.07.19 - McAfee+Artemis 5681 2009.07.19 - McAfee-GW-Edition 6.8.5 2009.07.20 - Microsoft 1.4803 2009.07.20 - NOD32 4260 2009.07.20 - Norman 6.01.09 2009.07.20 - nProtect 2009.1.8.0 2009.07.20 - Panda 10.0.0.14 2009.07.19 - PCTools 4.4.2.0 2009.07.19 - Prevx 3.0 2009.07.20 - Rising 21.39.02.00 2009.07.20 - Sophos 4.43.0 2009.07.20 - Sunbelt 3.2.1858.2 2009.07.19 - Symantec 1.4.4.12 2009.07.20 - TheHacker 6.3.4.3.370 2009.07.17 - TrendMicro 8.950.0.1094 2009.07.20 - VBA32 3.12.10.8 2009.07.19 - ViRobot 2009.7.20.1843 2009.07.20 - VirusBuster 4.6.5.0 2009.07.16 - weitere Informationen File size: 151568 bytes MD5...: 52ec188709376edf6aabd5394b5ebcac SHA1..: a3090264c9e8815aaeff05dc1178d8990d5d3779 SHA256: 7e66cffe80ac77fb5ce9e8e2d8017b836be1997cb5d4a3e7099d23b29c2050be ssdeep: 3072:NJ9RTLyMewTXxleaBMYodClk7r+wv+zNe/98m5xIN:N3RTGMew3eW9o8lk7 tvP5xIN PEiD..: - TrID..: File type identification Unknown! PEInfo: - PDFiD.: - RDS...: NSRL Reference Data Set - Code:
ATTFilter C:\ProgramData\Win Chin Software.z56dm1 Antivirus Version letzte aktualisierung Ergebnis a-squared 4.5.0.24 2009.07.20 - AhnLab-V3 5.0.0.2 2009.07.20 - AntiVir 7.9.0.222 2009.07.20 - Antiy-AVL 2.0.3.7 2009.07.17 - Authentium 5.1.2.4 2009.07.20 - Avast 4.8.1335.0 2009.07.19 - AVG 8.5.0.387 2009.07.20 - BitDefender 7.2 2009.07.20 - CAT-QuickHeal 10.00 2009.07.20 - ClamAV 0.94.1 2009.07.19 - Comodo 1713 2009.07.20 - DrWeb 5.0.0.12182 2009.07.20 - eSafe 7.0.17.0 2009.07.19 - eTrust-Vet 31.6.6628 2009.07.20 - F-Prot 4.4.4.56 2009.07.20 - F-Secure 8.0.14470.0 2009.07.20 - Fortinet 3.120.0.0 2009.07.20 - GData 19 2009.07.20 - Ikarus T3.1.1.64.0 2009.07.20 - Jiangmin 11.0.800 2009.07.20 - K7AntiVirus 7.10.796 2009.07.18 - Kaspersky 7.0.0.125 2009.07.20 - McAfee 5681 2009.07.19 - McAfee+Artemis 5681 2009.07.19 - McAfee-GW-Edition 6.8.5 2009.07.20 - Microsoft 1.4803 2009.07.20 - NOD32 4260 2009.07.20 - Norman 6.01.09 2009.07.20 - nProtect 2009.1.8.0 2009.07.20 - Panda 10.0.0.14 2009.07.19 - PCTools 4.4.2.0 2009.07.19 - Prevx 3.0 2009.07.20 - Rising 21.39.02.00 2009.07.20 - Sophos 4.43.0 2009.07.20 - Sunbelt 3.2.1858.2 2009.07.19 - Symantec 1.4.4.12 2009.07.20 - TheHacker 6.3.4.3.370 2009.07.17 - TrendMicro 8.950.0.1094 2009.07.20 - VBA32 3.12.10.8 2009.07.19 - ViRobot 2009.7.20.1843 2009.07.20 - VirusBuster 4.6.5.0 2009.07.16 - weitere Informationen File size: 110608 bytes MD5...: 9c279e4c22bb86dcf8df555b29a1e65e SHA1..: 3fd78e2a968fd03bfa6f48052ee93d1f22e4f869 SHA256: 87986cfb0cf31a720d8385f5995d7a05d3aaaa8ffccb9240fb4c8305310d9b62 ssdeep: 3072:dLUAxR5O2J2r0j/eXkGYNS/FcMVl63LpGlYszXr:ZUAxDO2yM/wN4So3lsY Ib PEiD..: - TrID..: File type identification Unknown! PEInfo: - PDFiD.: - RDS...: NSRL Reference Data Set - Geändert von tschikishiki (20.07.2009 um 12:27 Uhr) |
20.07.2009, 12:37 | #7 |
| Auswertung HijackThis Es fehlen noch die Punkte 3-5. |
20.07.2009, 12:38 | #8 |
| Auswertung HijackThis eins nach dem anderen,der pc is nich so sonderlich schnell |
20.07.2009, 15:15 | #9 |
| Auswertung HijackThis Anti-Malwareergebnis: Code:
ATTFilter Malwarebytes' Anti-Malware 1.39 Datenbank Version: 2465 Windows 6.0.6001 Service Pack 1 20.07.2009 16:12:49 mbam-log-2009-07-20 (16-12-07).txt Scan-Methode: Vollständiger Scan (C:\|D:\|) Durchsuchte Objekte: 272663 Laufzeit: 2 hour(s), 34 minute(s), 46 second(s) Infizierte Speicherprozesse: 1 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 3 Infizierte Registrierungswerte: 3 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 3 Infizierte Dateien: 11 Infizierte Speicherprozesse: C:\Windows\System32\NetFilter.exe (Trojan.Agent) -> No action taken. Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a77d3539-581d-450c-9e44-a84c415a6172} (Trojan.BHO.H) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{a77d3539-581d-450c-9e44-a84c415a6172} (Trojan.BHO.H) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a77d3539-581d-450c-9e44-a84c415a6172} (Trojan.FakeAlert) -> No action taken. Infizierte Registrierungswerte: HKEY_CURRENT_USER\Environment\avapp (Rogue.PersonalAntiVirus) -> No action taken. HKEY_CURRENT_USER\Environment\avuninst (Rogue.PersonalAntiVirus) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msdrv (Trojan.Agent) -> No action taken. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: C:\Program Files\PersonalAV (Rogue.PersonalAntiVirus) -> No action taken. C:\Program Files\Common Files\Uninstall\PersonalAV (Rogue.PersonalAntiVirus) -> No action taken. C:\ProgramData\Microsoft\Windows\Start Menu\PersonalAV (Rogue.PersonalAntiVirus) -> No action taken. Infizierte Dateien: C:\Windows\System32\msxmlm.dll (Trojan.BHO.H) -> No action taken. c:\Users\admin\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\A13TKH4X\Setup-ad4d76f_02006-34[1].exe (Rogue.Installer) -> No action taken. c:\users\admin\appdata\local\microsoft\windows\temporary internet files\content.ie5\hao2o1z7\Driver[1].exe (Trojan.Dropper) -> No action taken. c:\Users\admin\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\SS1RBWF7\Setup-83cd30_02006-34[1].exe (Rogue.Installer) -> No action taken. c:\Users\Manja\AppData\Local\Mozilla\Firefox\Profiles\s760arwu.default\Cache\7F6AE2EFd01 (Adware.Navipromo) -> No action taken. c:\Users\Manja\downloads\Live-Player_setup.exe (Adware.Navipromo) -> No action taken. c:\program files\personalav\pav.exe (Rogue.PersonalAntiVirus) -> No action taken. c:\program files\common files\uninstall\personalav\Uninstall.lnk (Rogue.PersonalAntiVirus) -> No action taken. c:\programdata\microsoft\Windows\start menu\personalav\Personal Antivirus.lnk (Rogue.PersonalAntiVirus) -> No action taken. c:\programdata\microsoft\Windows\start menu\personalav\Uninstall.lnk (Rogue.PersonalAntiVirus) -> No action taken. C:\Windows\System32\NetFilter.exe (Trojan.Agent) -> No action taken. Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:10:38, on 20.07.2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18248) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe C:\Windows\BR040286.exe C:\Windows\system32\taskeng.exe C:\Users\admin\AppData\Local\Temp\RtkBtMnt.exe C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Apoint2K\Apoint.exe C:\Windows\System32\mobsync.exe C:\Acer\Empowering Technology\eAudio\eAudio.exe C:\Windows\System32\rundll32.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Windows\System32\NetFilter.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\System32\rundll32.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\ICQ6.5\ICQ.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Windows\ehome\ehmsas.exe C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE c:\program files\adobe media player\adobe media player.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\conime.exe C:\Program Files\Windows Live\Toolbar\wltuser.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Xfire\xfire.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\Users\admin\Desktop\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de.intl.acer.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.intl.acer.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://de.rd.yahoo.com/customize/ycomp/defaults/su/*http://de.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) R3 - URLSearchHook: (no name) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - (no file) R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll O1 - Hosts: ::1 localhost O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {A77D3539-581D-450C-9E44-A84C415A6172} - C:\Windows\System32\msxmlm.dll (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: (no name) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - (no file) O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe O4 - HKLM\..\Run: [BisonInst0402] C:\Windows\BR040286.exe O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe" O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe" O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Setup User] "C:\ProgramData\Eqsoapsoap.pf7an" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [MSDRV] NetFilter.exe O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKLM\..\RunOnce: [InnoSetupRegFile.0000000001] "C:\Windows\is-6DT0S.exe" /REG O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [Setup User] "C:\ProgramData\Eqsoapsoap.qqpa8ul" O4 - HKCU\..\Run: [locks tick title proc] "C:\ProgramData\Win Chin Software.z56dm1" O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent O4 - HKCU\..\Run: [ICQ] "C:\PROGRA~1\ICQ6.5\ICQ.exe" silent O4 - Startup: Adobe Media Player.lnk = C:\Program Files\Adobe Media Player\Adobe Media Player.exe O4 - Startup: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: Empowering Technology Launcher.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing) O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing) O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe O13 - Gopher Prefix: O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?e=1221405781212&h=76cecc8405a5882aac7339e2c2ddcb0d/&filename=jinstall-6u7-windows-i586-jc.cab O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O20 - AppInit_DLLs: eNetHook.dll O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Automatisches LiveUpdate - Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing) O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 13633 bytes Code:
ATTFilter Acer Arcade Deluxe CyberLink Corporation 07.10.2007 21,0MB Acer Crystal Eye Acer Crystal Eye 07.10.2007 5,42MB Acer Crystal Eye webcam Acer Crystal Eye webcam 07.10.2007 2,78MB Acer eAudio Management 04.11.2007 783,7MB Acer eDataSecurity Management HiTRUST Inc. 13.08.2007 30,0MB Acer eLock Management Acer Inc. 13.08.2007 11,3MB Acer Empowering Technology Acer Inc. 13.08.2007 141,3MB Acer eNet Management Acer Inc. 13.08.2007 8,81MB Acer ePower Management Acer Inc. 04.11.2007 16,1MB Acer ePresentation Management Acer Inc. 13.08.2007 2,30MB Acer eSettings Management Acer Inc. 13.08.2007 10,6MB Acer GridVista 07.10.2007 1,50MB Acer Mobility Center Plug-In Acer Inc. 13.08.2007 5,56MB Acer ScreenSaver Acer Inc. 07.10.2007 Acer Tour Acer Inc. 13.08.2007 147,6MB Activation Assistant for the 2007 Microsoft Office suites Microsoft Corporation 07.10.2007 14,0MB Adobe AIR Adobe Systems Inc. 15.09.2008 Adobe Flash Player 10 ActiveX Adobe Systems Incorporated 03.06.2009 Adobe Flash Player 10 Plugin Adobe Systems Incorporated 22.12.2008 2,95MB Adobe Flash Player 9 ActiveX Adobe Systems 10.06.2009 Adobe Media Player Adobe Systems Incorporated 15.09.2008 2,95MB Adobe Reader 8.1.3 Adobe Systems Incorporated 25.11.2008 85,0MB ALPS Touch Pad Driver Alps Electric 07.10.2007 Apple Software Update Apple Inc. 21.01.2009 2,16MB Avira AntiVir Personal - Free Antivirus Avira GmbH 22.02.2009 58,9MB Call of Duty(R) 4 - Modern Warfare(TM) Activision 06.05.2009 6.641,3MB Canon Camera Access Library 06.11.2007 0,35MB Canon Camera Support Core Library 06.11.2007 1,48MB Canon Camera Window DC_DV 5 for ZoomBrowser EX 06.11.2007 10,4MB Canon Camera Window DC_DV 6 for ZoomBrowser EX 06.11.2007 13,3MB Canon Camera Window MC 6 for ZoomBrowser EX 06.11.2007 12,8MB CANON iMAGE GATEWAY Task 06.11.2007 36,3MB Canon Internet Library for ZoomBrowser EX 06.11.2007 36,3MB Canon RAW Image Task for ZoomBrowser EX 06.11.2007 11,1MB Canon RemoteCapture Task for ZoomBrowser EX 06.11.2007 11,3MB Canon Utilities Digital Photo Professional 2.1 06.11.2007 47,9MB Canon Utilities EOS Utility 06.11.2007 11,5MB Canon Utilities PhotoStitch 06.11.2007 4,75MB Canon Utilities ZoomBrowser EX 06.11.2007 36,3MB CCleaner (remove only) Piriform 19.07.2009 2,55MB Die Sims 2 23.12.2008 2.808,0MB Die Sims 2: Nightlife 23.12.2008 1.286,6MB Die Sims 2: Open For Business 23.12.2008 697,7MB Die Sims 2: Wilde Campus-Jahre 23.12.2008 925,4MB Die Sims™ 2 Apartment-Leben Electronic Arts 23.12.2008 1.241,7MB Die Sims™ 2 Freizeit-Spaß Electronic Arts 23.12.2008 1.194,6MB Die Sims™ 2 H&M®-Fashion-Accessoires 23.12.2008 498,2MB Die Sims™ 2 Haustiere 23.12.2008 801,0MB Die Sims™ 2 Vier Jahreszeiten 23.12.2008 869,0MB Die*Sims™*3 Electronic Arts 03.06.2009 5.617,6MB DivX Codec DivX, Inc. 03.07.2009 1,40MB DivX Player DivX, Inc. 03.07.2009 15,4MB DivX Web Player DivX,Inc. 03.07.2009 2,92MB Dynasty Oberon Media 20.02.2009 23,9MB Firebird SQL Server - MAGIX Edition MAGIX AG 21.04.2009 6,06MB Google Toolbar for Internet Explorer Google Inc. 13.06.2009 2,59MB HDAUDIO Soft Data Fax Modem with SmartCP 13.08.2007 1,02MB IBM ViaVoice Command and Control Runtime 5.3 - Deutsch 22.05.2009 40,1MB ICQ Toolbar ICQ 13.07.2009 0,48MB ICQ6.5 ICQ 13.07.2009 60,9MB Intel(R) Matrix Storage Manager 07.10.2007 1,79MB Java(TM) 6 Update 7 Sun Microsystems, Inc. 13.09.2008 136,2MB Launch Manager 07.10.2007 2,23MB Malwarebytes' Anti-Malware Malwarebytes Corporation 19.07.2009 4,04MB Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 18.04.2009 27,8MB Microsoft AutoRoute 2007 Microsoft Corporation 13.09.2008 1.176,5MB Microsoft Office 2000 Premium Microsoft Corporation 13.11.2007 222,4MB Microsoft Office Home and Student 2007 Microsoft Corporation 23.12.2007 442,2MB Microsoft Office PowerPoint Viewer 2007 (German) Microsoft Corporation 12.05.2009 31,9MB Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 07.01.2009 1,74MB Microsoft Sync Framework Runtime Native v1.0 (x86) Microsoft Corporation 20.02.2009 0,61MB Microsoft Sync Framework Services Native v1.0 (x86) Microsoft Corporation 20.02.2009 1,45MB Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 13.08.2007 0,41MB Microsoft Works Microsoft Corporation 10.06.2009 286,0MB Microsoft WSE 3.0 Runtime Microsoft Corp. 03.06.2009 0,92MB Mozilla Firefox (3.0.11) Mozilla 17.06.2009 30,0MB MSXML 4.0 SP2 (KB936181) Microsoft Corporation 06.11.2007 1,27MB MSXML 4.0 SP2 (KB941833) Microsoft Corporation 07.11.2007 1,27MB MSXML 4.0 SP2 (KB954430) Microsoft Corporation 12.11.2008 1,28MB NTI Backup NOW! 4.7 NewTech Infosystems 13.08.2007 7,21MB NTI CD & DVD-Maker NewTech Infosystems 13.08.2007 40,2MB NVIDIA Drivers 17.04.2008 Picasa 3 Google, Inc. 11.07.2009 53,7MB PowerProducer 3.72 CyberLink Corporation 07.10.2007 3,73MB PunkBuster Services Even Balance, Inc. 31.10.2008 QuickTime Apple Inc. 05.06.2009 74,6MB RealSpeak Solo fur Deutsch - Steffi Nuance 13.09.2008 14,4MB Realtek High Definition Audio Driver Realtek Semiconductor Corp. 13.08.2007 15,2MB RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01 07.10.2007 1,93MB Roll 22.05.2009 80,5MB Skype™ 3.8 Skype Technologies S.A. 25.11.2008 29,7MB Spelling Dictionaries Support For Adobe Reader 8 Adobe Systems 25.11.2008 32,5MB Spyware Doctor 6.0 PC Tools 18.07.2009 80,6MB TeamSpeak 2 RC2 Dominating Bytes Design 15.11.2008 Text-To-Speech-Runtime Magix Development GmbH 21.04.2009 0,25MB TuneUp Utilities 2009 TuneUp Software 20.02.2009 44,7MB VLC media player 0.9.8a VideoLAN Team 19.02.2009 60,4MB Windows Live Anmelde-Assistent Microsoft Corporation 20.02.2009 1,93MB Windows Live Essentials Microsoft Corporation 20.02.2009 139,5MB Windows Live Sync Microsoft Corporation 20.02.2009 2,80MB Windows Live-Uploadtool Microsoft Corporation 07.01.2009 0,22MB Windows Media Player Firefox Plugin Microsoft Corp 10.04.2009 0,29MB WinRAR 23.12.2008 3,73MB Xfire (remove only) 18.10.2008 14,4MB |
20.07.2009, 15:21 | #10 |
| Auswertung HijackThis C:\Windows\System32\msxmlm.dll wurde gerade der TR/Trash.Gen gefunden,auch von Avira. speziell die datei&die andere datei von dieser quelle hatten wohl schon immer trojaner...kommt mir so vor,als hätten diese dateien überall immer einen virus |
23.07.2009, 18:20 | #11 |
| Auswertung HijackThis kannst du mir nicht mehr helfen?! oO |
Themen zu Auswertung HijackThis |
adobe, antivir, antivirus, avg, avira, bho, canon, defender, desktop, google, helper, hijack, hijackthis, internet, internet explorer, jusched.exe, launch, local\temp, magix, monitor, pop-up-blocker, popup, programdata, rundll, senden, server, skype.exe, software, symantec, system, temp, tuneup.defrag, tuprogst.exe, vista, windows |