Auswertung HijackThis

tschikishiki · 19.07.2009, 17:46

also ich wende mich hiermit ans forum,weil ich naja keine ahnung hab

das wären dann die "dateien" wie mans auch nennt:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:39:03, on 19.07.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18248)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Windows\BR040286.exe
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Users\admin\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Windows\System32\NetFilter.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\mobsync.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\p2phost.exe
C:\Program Files\ICQ6.5\ICQ.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
c:\program files\adobe media player\adobe media player.exe
C:\Program Files\Xfire\xfire.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\conime.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Users\admin\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.intl.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://de.rd.yahoo.com/customize/ycomp/defaults/su/*http://de.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A77D3539-581D-450C-9E44-A84C415A6172} - C:\Windows\System32\msxmlm.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: (no name) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [BisonInst0402] C:\Windows\BR040286.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Setup User] "C:\ProgramData\Eqsoapsoap.pf7an"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [MSDRV] NetFilter.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Setup User] "C:\ProgramData\Eqsoapsoap.qqpa8ul"
O4 - HKCU\..\Run: [locks tick title proc] "C:\ProgramData\Win Chin Software.z56dm1"
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [ICQ] "C:\PROGRA~1\ICQ6.5\ICQ.exe" silent
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Adobe Media Player.lnk = C:\Program Files\Adobe Media Player\Adobe Media Player.exe
O4 - Startup: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?e=1221405781212&h=76cecc8405a5882aac7339e2c2ddcb0d/&filename=jinstall-6u7-windows-i586-jc.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: eNetHook.dll
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Automatisches LiveUpdate - Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 13171 bytes

danke schonmal im voraus,ist mir EXTREM wichtig!

Neotax · 19.07.2009, 20:39

Hast du PC Probleme oder willst du es einfach nur mal ausgewertet bekommen? Beschreibe bitte dein Problem.

tschikishiki · 19.07.2009, 20:51

Problem...Heute Mittag hatts meinen Laptop völlig gepackt und ist nun total hinüber. Habe schon lange unzählige Viren und vorallem Trojaner auf dem Pc und weis echt nicht wie ich die Dinger wegbekomme...Wenn ich es richtig gelesen habe werden beim Auswerten die "bösen" Dateien aufgeschrieben,die man bei HijackThis dann ankreuzt und fixt?! Was dann sozusagen ein Virenzerstörer ist...So hab ich es aufgenommen.
Wobei wenn ich die Viren nicht wegbekomme,muss ich wohl den gesamten Laptop neu formatieren ._. Ich glaube auch nicht wirklich,dass alle Viren beseitigt werden können und er optimal läuft.
Abgesehen davon hat sich dann das Programm "Personal Antivirus" angekündigt,und ich wusste nicht,dass es alles kaputt macht... Das bekomm ich also auch nich mehr runter,habe zwar den Spyware Doctor installiert,aber ohne,dass man die Programme kauft taugt eh nichts mehr.

Neotax · 19.07.2009, 21:03

Also HijackThis sagt das:

C:\Windows\System32\NetFilter.exe = Ein unbekannter Prozess
R3 - URLSearchHook: (no name) - - (no file) = Schädlich (2.4 / 5.00) Ich weiß nicht was das ist ?
Unbekannt
O2 - BHO: (no name) - {A77D3539-581D-450C-9E44-A84C415A6172} - C:\Windows\System32\msxmlm.dll = Nicht bekannt

Und sonst noch ein paar, die er nicht zuordnen kann.
Das beste ist, du speicherst alles udn setzt den PC / Laptop neu auf. So bist du auf der sichersten Seite.

mfg Neotax

.keNNy# · 19.07.2009, 23:09

Hallo und

1.)Sorge bitte für eine ordentliche Ordneransicht.Anleitung: UploadChannel - Trojaner-Board--->nur Schritt 1
2.)Lasse bitte die folgenden Dateien online bei VirusTotal auswerten und poste die kompletten Ergebnisse in Codeboxen [ code][/code]. Das macht das ganze übersichtlicher (alternativ erstellt man die Codeboxen mit diesem Button, #, oben in der Leiste wenn du eine Nachricht erstellst).

Code:

ATTFilter

C:\Windows\System32\NetFilter.exe
C:\Windows\System32\msxmlm.dll
C:\ProgramData\Eqsoapsoap.pf7an
C:\ProgramData\Eqsoapsoap.qqpa8ul
C:\ProgramData\Win Chin Software.z56dm1

3.)Lade dir Malwarebytes Anti-Malware runter und mache einen komplettscan (vorher Updaten). Poste das Ergebniss hier.
4.)Erstelle ein neues HijackThis-log und poste es hier.
5.)Ich hätte gern eine Liste deiner installierten Software. Lade dir dazu CCleaner herunter und installiere es (Toolbars abwählen). Starte nun das Programm und gehe unter Extras auf Programme deinstallieren. Rechts unten befindet sich ein Button "Als Textdatei speichern". Poste den Inhalt der Textdatei, am besten in der Codebox.

tschikishiki · 20.07.2009, 12:02

Code:

ATTFilter

C:\Windows\System32\NetFilter.exe
0 bytes size received / Se ha recibido un archivo vacio --> Avira zeigt seit vorher die ganze Zeit das Trojanische Pferd TR/FraudPack.poy
-

Code:

ATTFilter

C:\Windows\System32\msxmlm.dll
0 bytes size received / Se ha recibido un archivo vacio
-

Code:

ATTFilter

C:\ProgramData\Eqsoapsoap.pf7an
Antivirus Version letzte aktualisierung Ergebnis 
a-squared 4.5.0.24 2009.07.20 - 
AhnLab-V3 5.0.0.2 2009.07.20 - 
AntiVir 7.9.0.222 2009.07.20 - 
Antiy-AVL 2.0.3.7 2009.07.17 - 
Authentium 5.1.2.4 2009.07.20 - 
Avast 4.8.1335.0 2009.07.19 - 
AVG 8.5.0.387 2009.07.20 - 
BitDefender 7.2 2009.07.20 - 
CAT-QuickHeal 10.00 2009.07.20 - 
ClamAV 0.94.1 2009.07.19 - 
Comodo 1713 2009.07.20 - 
DrWeb 5.0.0.12182 2009.07.20 - 
eSafe 7.0.17.0 2009.07.19 - 
eTrust-Vet 31.6.6628 2009.07.20 - 
F-Prot 4.4.4.56 2009.07.20 - 
F-Secure 8.0.14470.0 2009.07.20 - 
Fortinet 3.120.0.0 2009.07.20 - 
GData 19 2009.07.20 - 
Ikarus T3.1.1.64.0 2009.07.20 - 
Jiangmin 11.0.800 2009.07.20 - 
K7AntiVirus 7.10.796 2009.07.18 - 
Kaspersky 7.0.0.125 2009.07.20 - 
McAfee 5681 2009.07.19 - 
McAfee+Artemis 5681 2009.07.19 - 
McAfee-GW-Edition 6.8.5 2009.07.20 - 
Microsoft 1.4803 2009.07.20 - 
NOD32 4260 2009.07.20 - 
Norman 6.01.09 2009.07.20 - 
nProtect 2009.1.8.0 2009.07.20 - 
Panda 10.0.0.14 2009.07.19 - 
PCTools 4.4.2.0 2009.07.19 - 
Prevx 3.0 2009.07.20 - 
Rising 21.39.02.00 2009.07.20 - 
Sophos 4.43.0 2009.07.20 - 
Symantec 1.4.4.12 2009.07.20 - 
TheHacker 6.3.4.3.370 2009.07.17 - 
TrendMicro 8.950.0.1094 2009.07.20 - 
VBA32 3.12.10.8 2009.07.19 - 
ViRobot 2009.7.20.1843 2009.07.20 - 
VirusBuster 4.6.5.0 2009.07.16 - 
weitere Informationen 
File size: 135184 bytes 
MD5...: 6a854a4dfd711a62d074ec1373fa0fca 
SHA1..: 78d608309b09eeb1aa7f2c02e72129542bfb1545 
SHA256: 0fec8c1a11cf9099e3e16e2b524b4e58093b565ea9f705eabcef4e9eb5c37956 
ssdeep: 3072:RCk70U2/IlaimeuuWQoGiKhgYbrlAfoaJsiHPSRTj6HOFjBpUMqaOT:90U2
/SjoFSrvAqTj6uNBKgOT
 
PEiD..: - 
TrID..: File type identification
Unknown! 
PEInfo: - 
PDFiD.: - 
RDS...: NSRL Reference Data Set
-

Code:

ATTFilter

C:\ProgramData\Eqsoapsoap.qqpa8ul

Antivirus Version letzte aktualisierung Ergebnis 
a-squared 4.5.0.24 2009.07.20 - 
AhnLab-V3 5.0.0.2 2009.07.20 - 
AntiVir 7.9.0.222 2009.07.20 - 
Antiy-AVL 2.0.3.7 2009.07.17 - 
Authentium 5.1.2.4 2009.07.20 - 
Avast 4.8.1335.0 2009.07.19 - 
AVG 8.5.0.387 2009.07.20 - 
BitDefender 7.2 2009.07.20 - 
CAT-QuickHeal 10.00 2009.07.20 - 
ClamAV 0.94.1 2009.07.19 - 
Comodo 1713 2009.07.20 - 
DrWeb 5.0.0.12182 2009.07.20 - 
eTrust-Vet 31.6.6628 2009.07.20 - 
F-Prot 4.4.4.56 2009.07.20 - 
F-Secure 8.0.14470.0 2009.07.20 - 
Fortinet 3.120.0.0 2009.07.20 - 
GData 19 2009.07.20 - 
Ikarus T3.1.1.64.0 2009.07.20 - 
Jiangmin 11.0.800 2009.07.20 - 
K7AntiVirus 7.10.796 2009.07.18 - 
Kaspersky 7.0.0.125 2009.07.20 - 
McAfee 5681 2009.07.19 - 
McAfee+Artemis 5681 2009.07.19 - 
McAfee-GW-Edition 6.8.5 2009.07.20 - 
Microsoft 1.4803 2009.07.20 - 
NOD32 4260 2009.07.20 - 
Norman 6.01.09 2009.07.20 - 
nProtect 2009.1.8.0 2009.07.20 - 
Panda 10.0.0.14 2009.07.19 - 
PCTools 4.4.2.0 2009.07.19 - 
Prevx 3.0 2009.07.20 - 
Rising 21.39.02.00 2009.07.20 - 
Sophos 4.43.0 2009.07.20 - 
Sunbelt 3.2.1858.2 2009.07.19 - 
Symantec 1.4.4.12 2009.07.20 - 
TheHacker 6.3.4.3.370 2009.07.17 - 
TrendMicro 8.950.0.1094 2009.07.20 - 
VBA32 3.12.10.8 2009.07.19 - 
ViRobot 2009.7.20.1843 2009.07.20 - 
VirusBuster 4.6.5.0 2009.07.16 - 
weitere Informationen 
File size: 151568 bytes 
MD5...: 52ec188709376edf6aabd5394b5ebcac 
SHA1..: a3090264c9e8815aaeff05dc1178d8990d5d3779 
SHA256: 7e66cffe80ac77fb5ce9e8e2d8017b836be1997cb5d4a3e7099d23b29c2050be 
ssdeep: 3072:NJ9RTLyMewTXxleaBMYodClk7r+wv+zNe/98m5xIN:N3RTGMew3eW9o8lk7
tvP5xIN
 
PEiD..: - 
TrID..: File type identification
Unknown! 
PEInfo: - 
PDFiD.: - 
RDS...: NSRL Reference Data Set
-

Code:

ATTFilter

C:\ProgramData\Win Chin Software.z56dm1

Antivirus Version letzte aktualisierung Ergebnis 
a-squared 4.5.0.24 2009.07.20 - 
AhnLab-V3 5.0.0.2 2009.07.20 - 
AntiVir 7.9.0.222 2009.07.20 - 
Antiy-AVL 2.0.3.7 2009.07.17 - 
Authentium 5.1.2.4 2009.07.20 - 
Avast 4.8.1335.0 2009.07.19 - 
AVG 8.5.0.387 2009.07.20 - 
BitDefender 7.2 2009.07.20 - 
CAT-QuickHeal 10.00 2009.07.20 - 
ClamAV 0.94.1 2009.07.19 - 
Comodo 1713 2009.07.20 - 
DrWeb 5.0.0.12182 2009.07.20 - 
eSafe 7.0.17.0 2009.07.19 - 
eTrust-Vet 31.6.6628 2009.07.20 - 
F-Prot 4.4.4.56 2009.07.20 - 
F-Secure 8.0.14470.0 2009.07.20 - 
Fortinet 3.120.0.0 2009.07.20 - 
GData 19 2009.07.20 - 
Ikarus T3.1.1.64.0 2009.07.20 - 
Jiangmin 11.0.800 2009.07.20 - 
K7AntiVirus 7.10.796 2009.07.18 - 
Kaspersky 7.0.0.125 2009.07.20 - 
McAfee 5681 2009.07.19 - 
McAfee+Artemis 5681 2009.07.19 - 
McAfee-GW-Edition 6.8.5 2009.07.20 - 
Microsoft 1.4803 2009.07.20 - 
NOD32 4260 2009.07.20 - 
Norman 6.01.09 2009.07.20 - 
nProtect 2009.1.8.0 2009.07.20 - 
Panda 10.0.0.14 2009.07.19 - 
PCTools 4.4.2.0 2009.07.19 - 
Prevx 3.0 2009.07.20 - 
Rising 21.39.02.00 2009.07.20 - 
Sophos 4.43.0 2009.07.20 - 
Sunbelt 3.2.1858.2 2009.07.19 - 
Symantec 1.4.4.12 2009.07.20 - 
TheHacker 6.3.4.3.370 2009.07.17 - 
TrendMicro 8.950.0.1094 2009.07.20 - 
VBA32 3.12.10.8 2009.07.19 - 
ViRobot 2009.7.20.1843 2009.07.20 - 
VirusBuster 4.6.5.0 2009.07.16 - 
weitere Informationen 
File size: 110608 bytes 
MD5...: 9c279e4c22bb86dcf8df555b29a1e65e 
SHA1..: 3fd78e2a968fd03bfa6f48052ee93d1f22e4f869 
SHA256: 87986cfb0cf31a720d8385f5995d7a05d3aaaa8ffccb9240fb4c8305310d9b62 
ssdeep: 3072:dLUAxR5O2J2r0j/eXkGYNS/FcMVl63LpGlYszXr:ZUAxDO2yM/wN4So3lsY
Ib
 
PEiD..: - 
TrID..: File type identification
Unknown! 
PEInfo: - 
PDFiD.: - 
RDS...: NSRL Reference Data Set
-

.keNNy# · 20.07.2009, 12:37

Es fehlen noch die Punkte 3-5.

tschikishiki · 20.07.2009, 12:38

eins nach dem anderen,der pc is nich so sonderlich schnell

tschikishiki · 20.07.2009, 15:15

Anti-Malwareergebnis:

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.39
Datenbank Version: 2465
Windows 6.0.6001 Service Pack 1

20.07.2009 16:12:49
mbam-log-2009-07-20 (16-12-07).txt

Scan-Methode: Vollständiger Scan (C:\|D:\|)
Durchsuchte Objekte: 272663
Laufzeit: 2 hour(s), 34 minute(s), 46 second(s)

Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 3
Infizierte Registrierungswerte: 3
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 3
Infizierte Dateien: 11

Infizierte Speicherprozesse:
C:\Windows\System32\NetFilter.exe (Trojan.Agent) -> No action taken.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a77d3539-581d-450c-9e44-a84c415a6172} (Trojan.BHO.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{a77d3539-581d-450c-9e44-a84c415a6172} (Trojan.BHO.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a77d3539-581d-450c-9e44-a84c415a6172} (Trojan.FakeAlert) -> No action taken.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\Environment\avapp (Rogue.PersonalAntiVirus) -> No action taken.
HKEY_CURRENT_USER\Environment\avuninst (Rogue.PersonalAntiVirus) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msdrv (Trojan.Agent) -> No action taken.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
C:\Program Files\PersonalAV (Rogue.PersonalAntiVirus) -> No action taken.
C:\Program Files\Common Files\Uninstall\PersonalAV (Rogue.PersonalAntiVirus) -> No action taken.
C:\ProgramData\Microsoft\Windows\Start Menu\PersonalAV (Rogue.PersonalAntiVirus) -> No action taken.

Infizierte Dateien:
C:\Windows\System32\msxmlm.dll (Trojan.BHO.H) -> No action taken.
c:\Users\admin\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\A13TKH4X\Setup-ad4d76f_02006-34[1].exe (Rogue.Installer) -> No action taken.
c:\users\admin\appdata\local\microsoft\windows\temporary internet files\content.ie5\hao2o1z7\Driver[1].exe (Trojan.Dropper) -> No action taken.
c:\Users\admin\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\SS1RBWF7\Setup-83cd30_02006-34[1].exe (Rogue.Installer) -> No action taken.
c:\Users\Manja\AppData\Local\Mozilla\Firefox\Profiles\s760arwu.default\Cache\7F6AE2EFd01 (Adware.Navipromo) -> No action taken.
c:\Users\Manja\downloads\Live-Player_setup.exe (Adware.Navipromo) -> No action taken.
c:\program files\personalav\pav.exe (Rogue.PersonalAntiVirus) -> No action taken.
c:\program files\common files\uninstall\personalav\Uninstall.lnk (Rogue.PersonalAntiVirus) -> No action taken.
c:\programdata\microsoft\Windows\start menu\personalav\Personal Antivirus.lnk (Rogue.PersonalAntiVirus) -> No action taken.
c:\programdata\microsoft\Windows\start menu\personalav\Uninstall.lnk (Rogue.PersonalAntiVirus) -> No action taken.
C:\Windows\System32\NetFilter.exe (Trojan.Agent) -> No action taken.

HijackThis-Log:

Code:

ATTFilter

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:10:38, on 20.07.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18248)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Windows\BR040286.exe
C:\Windows\system32\taskeng.exe
C:\Users\admin\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Windows\System32\mobsync.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Windows\System32\NetFilter.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\ICQ6.5\ICQ.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
c:\program files\adobe media player\adobe media player.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\conime.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Users\admin\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.intl.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://de.rd.yahoo.com/customize/ycomp/defaults/su/*http://de.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A77D3539-581D-450C-9E44-A84C415A6172} - C:\Windows\System32\msxmlm.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: (no name) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [BisonInst0402] C:\Windows\BR040286.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Setup User] "C:\ProgramData\Eqsoapsoap.pf7an"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [MSDRV] NetFilter.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKLM\..\RunOnce: [InnoSetupRegFile.0000000001] "C:\Windows\is-6DT0S.exe" /REG
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Setup User] "C:\ProgramData\Eqsoapsoap.qqpa8ul"
O4 - HKCU\..\Run: [locks tick title proc] "C:\ProgramData\Win Chin Software.z56dm1"
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [ICQ] "C:\PROGRA~1\ICQ6.5\ICQ.exe" silent
O4 - Startup: Adobe Media Player.lnk = C:\Program Files\Adobe Media Player\Adobe Media Player.exe
O4 - Startup: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O13 - Gopher Prefix: 
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?e=1221405781212&h=76cecc8405a5882aac7339e2c2ddcb0d/&filename=jinstall-6u7-windows-i586-jc.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: eNetHook.dll
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Automatisches LiveUpdate - Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 13633 bytes

Software:

Code:

ATTFilter

Acer Arcade Deluxe	CyberLink Corporation	07.10.2007	21,0MB
Acer Crystal Eye	Acer Crystal Eye	07.10.2007	5,42MB
Acer Crystal Eye webcam	Acer Crystal Eye webcam	07.10.2007	2,78MB
Acer eAudio Management		04.11.2007	783,7MB
Acer eDataSecurity Management	HiTRUST Inc.	13.08.2007	30,0MB
Acer eLock Management	Acer Inc.	13.08.2007	11,3MB
Acer Empowering Technology	Acer Inc.	13.08.2007	141,3MB
Acer eNet Management	Acer Inc.	13.08.2007	8,81MB
Acer ePower Management	Acer Inc.	04.11.2007	16,1MB
Acer ePresentation Management	Acer Inc.	13.08.2007	2,30MB
Acer eSettings Management	Acer Inc.	13.08.2007	10,6MB
Acer GridVista		07.10.2007	1,50MB
Acer Mobility Center Plug-In	Acer Inc.	13.08.2007	5,56MB
Acer ScreenSaver	Acer Inc.	07.10.2007	
Acer Tour	Acer Inc.	13.08.2007	147,6MB
Activation Assistant for the 2007 Microsoft Office suites	Microsoft Corporation	07.10.2007	14,0MB
Adobe AIR	Adobe Systems Inc.	15.09.2008	
Adobe Flash Player 10 ActiveX	Adobe Systems Incorporated	03.06.2009	
Adobe Flash Player 10 Plugin	Adobe Systems Incorporated	22.12.2008	2,95MB
Adobe Flash Player 9 ActiveX	Adobe Systems	10.06.2009	
Adobe Media Player	Adobe Systems Incorporated	15.09.2008	2,95MB
Adobe Reader 8.1.3	Adobe Systems Incorporated	25.11.2008	85,0MB
ALPS Touch Pad Driver	Alps Electric	07.10.2007	
Apple Software Update	Apple Inc.	21.01.2009	2,16MB
Avira AntiVir Personal - Free Antivirus	Avira GmbH	22.02.2009	58,9MB
Call of Duty(R) 4 - Modern Warfare(TM)	Activision	06.05.2009	6.641,3MB
Canon Camera Access Library		06.11.2007	0,35MB
Canon Camera Support Core Library		06.11.2007	1,48MB
Canon Camera Window DC_DV 5 for ZoomBrowser EX		06.11.2007	10,4MB
Canon Camera Window DC_DV 6 for ZoomBrowser EX		06.11.2007	13,3MB
Canon Camera Window MC 6 for ZoomBrowser EX		06.11.2007	12,8MB
CANON iMAGE GATEWAY Task		06.11.2007	36,3MB
Canon Internet Library for ZoomBrowser EX		06.11.2007	36,3MB
Canon RAW Image Task for ZoomBrowser EX		06.11.2007	11,1MB
Canon RemoteCapture Task for ZoomBrowser EX		06.11.2007	11,3MB
Canon Utilities Digital Photo Professional 2.1		06.11.2007	47,9MB
Canon Utilities EOS Utility		06.11.2007	11,5MB
Canon Utilities PhotoStitch		06.11.2007	4,75MB
Canon Utilities ZoomBrowser EX		06.11.2007	36,3MB
CCleaner (remove only)	Piriform	19.07.2009	2,55MB
Die Sims 2		23.12.2008	2.808,0MB
Die Sims 2: Nightlife		23.12.2008	1.286,6MB
Die Sims 2: Open For Business		23.12.2008	697,7MB
Die Sims 2: Wilde Campus-Jahre		23.12.2008	925,4MB
Die Sims™ 2 Apartment-Leben	Electronic Arts	23.12.2008	1.241,7MB
Die Sims™ 2 Freizeit-Spaß	Electronic Arts	23.12.2008	1.194,6MB
Die Sims™ 2 H&M®-Fashion-Accessoires		23.12.2008	498,2MB
Die Sims™ 2 Haustiere		23.12.2008	801,0MB
Die Sims™ 2 Vier Jahreszeiten		23.12.2008	869,0MB
Die*Sims™*3	Electronic Arts	03.06.2009	5.617,6MB
DivX Codec	DivX, Inc.	03.07.2009	1,40MB
DivX Player	DivX, Inc.	03.07.2009	15,4MB
DivX Web Player	DivX,Inc.	03.07.2009	2,92MB
Dynasty	Oberon Media	20.02.2009	23,9MB
Firebird SQL Server - MAGIX Edition	MAGIX AG	21.04.2009	6,06MB
Google Toolbar for Internet Explorer	Google Inc.	13.06.2009	2,59MB
HDAUDIO Soft Data Fax Modem with SmartCP		13.08.2007	1,02MB
IBM ViaVoice Command and Control Runtime 5.3 - Deutsch		22.05.2009	40,1MB
ICQ Toolbar	ICQ	13.07.2009	0,48MB
ICQ6.5	ICQ	13.07.2009	60,9MB
Intel(R) Matrix Storage Manager		07.10.2007	1,79MB
Java(TM) 6 Update 7	Sun Microsystems, Inc.	13.09.2008	136,2MB
Launch Manager		07.10.2007	2,23MB
Malwarebytes' Anti-Malware	Malwarebytes Corporation	19.07.2009	4,04MB
Microsoft .NET Framework 3.5 SP1	Microsoft Corporation	18.04.2009	27,8MB
Microsoft AutoRoute 2007	Microsoft Corporation	13.09.2008	1.176,5MB
Microsoft Office 2000 Premium	Microsoft Corporation	13.11.2007	222,4MB
Microsoft Office Home and Student 2007	Microsoft Corporation	23.12.2007	442,2MB
Microsoft Office PowerPoint Viewer 2007 (German)	Microsoft Corporation	12.05.2009	31,9MB
Microsoft SQL Server 2005 Compact Edition [ENU]	Microsoft Corporation	07.01.2009	1,74MB
Microsoft Sync Framework Runtime Native v1.0 (x86)	Microsoft Corporation	20.02.2009	0,61MB
Microsoft Sync Framework Services Native v1.0 (x86)	Microsoft Corporation	20.02.2009	1,45MB
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	13.08.2007	0,41MB
Microsoft Works	Microsoft Corporation	10.06.2009	286,0MB
Microsoft WSE 3.0 Runtime	Microsoft Corp.	03.06.2009	0,92MB
Mozilla Firefox (3.0.11)	Mozilla	17.06.2009	30,0MB
MSXML 4.0 SP2 (KB936181)	Microsoft Corporation	06.11.2007	1,27MB
MSXML 4.0 SP2 (KB941833)	Microsoft Corporation	07.11.2007	1,27MB
MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	12.11.2008	1,28MB
NTI Backup NOW! 4.7	NewTech Infosystems	13.08.2007	7,21MB
NTI CD & DVD-Maker	NewTech Infosystems	13.08.2007	40,2MB
NVIDIA Drivers		17.04.2008	
Picasa 3	Google, Inc.	11.07.2009	53,7MB
PowerProducer 3.72	CyberLink Corporation	07.10.2007	3,73MB
PunkBuster Services	Even Balance, Inc.	31.10.2008	
QuickTime	Apple Inc.	05.06.2009	74,6MB
RealSpeak Solo fur Deutsch - Steffi	Nuance	13.09.2008	14,4MB
Realtek High Definition Audio Driver	Realtek Semiconductor Corp.	13.08.2007	15,2MB
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01		07.10.2007	1,93MB
Roll		22.05.2009	80,5MB
Skype™ 3.8	Skype Technologies S.A.	25.11.2008	29,7MB
Spelling Dictionaries Support For Adobe Reader 8	Adobe Systems	25.11.2008	32,5MB
Spyware Doctor 6.0	PC Tools	18.07.2009	80,6MB
TeamSpeak 2 RC2	Dominating Bytes Design	15.11.2008	
Text-To-Speech-Runtime	Magix Development GmbH	21.04.2009	0,25MB
TuneUp Utilities 2009	TuneUp Software	20.02.2009	44,7MB
VLC media player 0.9.8a	VideoLAN Team	19.02.2009	60,4MB
Windows Live Anmelde-Assistent	Microsoft Corporation	20.02.2009	1,93MB
Windows Live Essentials	Microsoft Corporation	20.02.2009	139,5MB
Windows Live Sync	Microsoft Corporation	20.02.2009	2,80MB
Windows Live-Uploadtool	Microsoft Corporation	07.01.2009	0,22MB
Windows Media Player Firefox Plugin	Microsoft Corp	10.04.2009	0,29MB
WinRAR		23.12.2008	3,73MB
Xfire (remove only)		18.10.2008	14,4MB

tschikishiki · 20.07.2009, 15:21

C:\Windows\System32\msxmlm.dll wurde gerade der TR/Trash.Gen gefunden,auch von Avira. speziell die datei&die andere datei von dieser quelle hatten wohl schon immer trojaner...kommt mir so vor,als hätten diese dateien überall immer einen virus

tschikishiki · 23.07.2009, 18:20

kannst du mir nicht mehr helfen?! oO

Auswertung HijackThis

Log-Analyse und Auswertung: Auswertung HijackThis