dropper.gen und wahrscheinlich mehr, bitte log auswerten

brocolli · 27.01.2010, 20:42

Da mein pc zunehmend langsamer wird und virenscanner/programme wie Avira Antivir personal und Prevx 3.0 immer wieder warnungen anzeigen (letzte war dropper.gen),
wollte ich fragen ob jmd meine logfile bitte auswerten könnte.

Ich befürchte das sich noch mehr versteckt!

besten dank wenn sich jmd die zeit nimmt!
grüße, brocolli

brocolli · 27.01.2010, 20:45

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:34:40, on 27.01.2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe
C:\Program Files (x86)\Microsoft Office

\Office10\WINWORD.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Trend Micro\HijackThis

\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search

Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start

Page = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
R1 - HKLM\Software\Microsoft\Internet Explorer

\Main,Default_Page_URL = Search Microsoft.com

LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer

\Main,Default_Search_URL =

Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search

Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start

Page = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
R0 - HKLM\Software\Microsoft\Internet Explorer

\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer

\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local

Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer

\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-

FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe

\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-

E861-484f-8273-0445EE161910} - C:\Program Files

(x86)\Common Files\Adobe\Acrobat\ActiveX

\AcroIEFavClient.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-

665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe

\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-

0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe

\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira

\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [AVMWlanClient] C:\Program Files

(x86)\avmwlanstick\wlangui.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files

(x86)\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows

Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows

\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows

Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows

\System32\mctadmin.exe (User 'NETZWERKDIENST')
O4 - Startup: Start Extensions for Windows.lnk = C:\Program

Files\Extensions for Windows\ExtensionsServer.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program

Files (x86)\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: An vorhandene PDF-Datei

anfügen - res://C:\Program Files (x86)\Common Files\Adobe

\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~2\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: In Adobe PDF konvertieren -

res://C:\Program Files (x86)\Common Files\Adobe\Acrobat

\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Linkziel an vorhandene PDF-

Datei anhängen - res://C:\Program Files (x86)\Common Files

\Adobe\Acrobat\ActiveX

\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Linkziel in Adobe PDF

konvertieren - res://C:\Program Files (x86)\Common Files

\Adobe\Acrobat\ActiveX

\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Nach Microsoft &Excel

exportieren - res://C:

\PROGRA~2\MICROS~4\Office10\EXCEL.EXE/3000
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{CCD39725-8D55-

4970-84FB-4A5B6DEABE80}: NameServer =

205.234.170.215,192.168.220.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-

1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) -

Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner

- C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Avira AntiVir Planer

(AntiVirSchedulerService) - Avira GmbH - C:\Program Files

(x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira

GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop

\avguard.exe
O23 - Service: ASP.NET-Zustandsdienst (aspnet_state) -

Unknown owner - C:\Windows\Microsoft.NET\Framework

\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: AVM WLAN Connection Service - AVM Berlin -

C:\Program Files (x86)\avmwlanstick\WlanNetService.exe
O23 - Service: CSIScanner - Prevx - C:\Program Files\Prevx

\prevx.exe
O23 - Service: SysUtils Device Manager Agent Service

(DevManSvc) - Unknown owner - C:\Windows

\SysWOW64\DevManAgent.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS)

- Unknown owner - C:\Windows\System32\lsass.exe (file

missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118

(Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe

(file missing)
O23 - Service: Firebird Server - MAGIX Instance

(FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files

(x86)\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software

Inc. - C:\Program Files (x86)\Common Files\Macrovision

Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Acresso

Software Inc. - C:\Program Files\Common Files\Macrovision

Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine

(Hamachi2Svc) - LogMeIn Inc. - C:\Program Files

(x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) -

Macrovision Corporation - C:\Program Files (x86)\Common

Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner -

C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner -

C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102

(Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe

(file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program

Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: O&O Defrag - Unknown owner - C:\Windows

\system32\oodag.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300

(ProtectedStorage) - Unknown owner - C:\Windows

\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2

(RpcLocator) - Unknown owner - C:\Windows

\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs)

- Unknown owner - C:\Windows\system32\lsass.exe (file

missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3

(SNMPTRAP) - Unknown owner - C:\Windows

\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1

(Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe

(file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101

(sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe

(file missing)
O23 - Service: Steam Client Service - Valve Corporation -

C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TunngleService - Tunngle.net GmbH - C:

\Program Files (x86)\Tunngle\TnglCtrl.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101

(UI0Detect) - Unknown owner - C:\Windows

\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003

(VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe

(file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) -

Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS)

- Unknown owner - C:\Windows\system32\vssvc.exe (file

missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104

(wbengine) - Unknown owner - C:\Windows

\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-

110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem

\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player

\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:

\Program Files (x86)\Windows Media Player\wmpnetwk.exe

(file missing)
O23 - Service: Zwunzi Service - Unknown owner - C:

\ProgramData\Zwunzi\zwunzi127.exe (file missing)

--
End of file - 8903 bytes

brocolli · 01.02.2010, 13:40

kann sich nich jmd ma die log file anschauen bitte bitte!!

brocolli · 11.02.2010, 17:11

wär jedem der sich kurz die zeit nimmt meine logfile zu überprüfen obwohl mittlerweile ne neue nötig is sehr dankbar

ciao

dropper.gen und wahrscheinlich mehr, bitte log auswerten

Log-Analyse und Auswertung: dropper.gen und wahrscheinlich mehr, bitte log auswerten