Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Hab ich einen Hack?

Hab ich einen Hack?


Log-Analyse und Auswertung: Hab ich einen Hack?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 13.06.2010, 20:15   #1
Michali
 
Hab ich einen Hack? - Böse

Hab ich einen Hack?


Meine Umts carte wurde scheinbar gehackt
wolte wissen ob da was ist
da ich dauernd irgend einen SPR pasword Tool XLr
gefunden wird

An bei die logs
erstes log RSIT vom 6.06.2010
Da wo ich die meldung von O2 bekam:

RSIT Logfile:
Code:
ATTFilter
Logfile of random's system information tool 1.07 (written by random/random)
Run by Micha at 2010-06-06 17:12:10
Microsoft® Windows Vista™ Home Premium  Service Pack 2
System drive C: has 6 GB (12%) free of 48 GB
Total RAM: 4095 MB (54% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:12:30, on 06.06.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal

Running processes:
C:\Windows\SOUNDMAN.EXE
C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Micha\Downloads\RSIT.exe
C:\Program Files (x86)\trend micro\Micha.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: ZoneAlarm Toolbar Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN\Toolbar\3.0.0744.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: ZoneAlarm Toolbar - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files (x86)\MSN\Toolbar\3.0.0744.0\msneshellx.dll
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000
O17 - HKLM\System\CCS\Services\Tcpip\..\{3082C2EF-0FA7-437D-BB8A-C7A10CA75DD0}: NameServer = 195.182.96.28 195.82.96.61
O17 - HKLM\System\CS1\Services\Tcpip\..\{3082C2EF-0FA7-437D-BB8A-C7A10CA75DD0}: NameServer = 195.182.96.28 195.82.96.61
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: AODService - Unknown owner - F:\Program Files (x86)\AMD\OverDrive\AODAssist.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - F:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - F:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010.SP1a\RpcAgentSrv.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\SysWOW64\ZoneLabs\vsmon.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7787 bytes

======Scheduled tasks folder======

C:\Windows\tasks\User_Feed_Synchronization-{31332379-6E26-4810-ADC0-A39F223E7EE1}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-04-04 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3}]
ZoneAlarm Toolbar Registrar - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll [2009-10-14 578928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
MSN Toolbar Helper - C:\Program Files (x86)\MSN\Toolbar\3.0.0744.0\msneshellx.dll [2008-10-15 83800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-02-07 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - ZoneAlarm Toolbar - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll [2009-10-14 578928]
{1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - MSN Toolbar - C:\Program Files (x86)\MSN\Toolbar\3.0.0744.0\msneshellx.dll [2008-10-15 83800]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client"=C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe [2009-11-22 1037192]
"amd_dc_opt"=C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [2008-07-22 77824]
"avgnt"=C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [2010-03-02 282792]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1555968]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 138240]
"NVIDIA nTune"=C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe [2007-09-04 98304]
"Sony Ericsson PC Suite"=C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe [2008-07-02 397312]
"WMPNSCFG"=C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe []

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=
"ForceActiveDesktopOn"=
"BindDirectlyToPropertySetStorage"=
"NoActiveDesktopChanges"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\R]
shell\AutoRun\command - R:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0f9e701a-4fb2-11df-a1e2-001731ad66da}]
shell\AutoRun\command - N:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4d12bad6-2fa0-11df-b75d-001731ad66da}]
shell\AutoRun\command - N:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4d12bae0-2fa0-11df-b75d-001731ad66da}]
shell\AutoRun\command - N:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4d12bae8-2fa0-11df-b75d-001731ad66da}]
shell\AutoRun\command - N:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{56cc464f-6bfc-11df-8228-001731ad66da}]
shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{56cc4657-6bfc-11df-8228-001731ad66da}]
shell\AutoRun\command - O:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{585c3685-6ffe-11df-96bc-001731ad66da}]
shell\AutoRun\command - O:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aab10d57-0e4c-11df-91e0-001731ad66da}]
shell\AutoRun\command - R:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aab10d6a-0e4c-11df-91e0-001731ad66da}]
shell\AutoRun\command - N:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e20bc937-504d-11df-bc95-001731ad66da}]
shell\AutoRun\command - O:\AutoRun.exe


======File associations======

.js - edit - C:\Windows\SysWOW64\Notepad.exe %1
.js - open - C:\Windows\SysWOW64\WScript.exe "%1" %*

======List of files/folders created in the last 2 months======

2010-06-06 16:37:32 ----D---- C:\ProgramData\BVRP Software
2010-06-06 16:28:39 ----D---- C:\Windows\LastGood
2010-06-06 16:28:00 ----D---- C:\ProgramData\Sony Ericsson
2010-06-06 16:28:00 ----D---- C:\Program Files (x86)\Sony Ericsson
2010-06-06 16:27:47 ----D---- C:\Users\Micha\AppData\Roaming\InstallShield
2010-06-05 17:13:22 ----D---- C:\Windows\MATS
2010-06-05 17:12:11 ----D---- C:\Windows\SysWOW64\WindowsPowerShell
2010-06-02 21:25:46 ----A---- C:\Windows\Tcsofla.INI
2010-06-02 21:04:38 ----A---- C:\Windows\IsUninst.exe
2010-06-02 20:56:55 ----A---- C:\Windows\SysWOW64\AegisI2.exe
2010-06-02 20:56:55 ----A---- C:\Windows\SysWOW64\AegisE2.dll
2010-06-02 20:56:54 ----D---- C:\Program Files (x86)\ZyXEL Technology Corporation
2010-06-02 20:56:54 ----A---- C:\Windows\SysWOW64\AegisI5.exe
2010-06-02 20:56:54 ----A---- C:\Windows\SysWOW64\AegisE5.dll
2010-06-02 20:56:53 ----A---- C:\Windows\SysWOW64\ZDCN50.DLL
2010-06-02 20:56:53 ----A---- C:\Windows\SysWOW64\WGAPILOC.DLL
2010-06-02 20:56:53 ----A---- C:\Windows\SysWOW64\WGAPI.DLL
2010-06-02 20:56:53 ----A---- C:\Windows\SysWOW64\WCAPI.DLL
2010-06-02 20:56:53 ----A---- C:\Windows\SysWOW64\ATHGINA.DLL
2010-06-02 20:56:53 ----A---- C:\Windows\SysWOW64\athcfg11resloc.dll
2010-06-02 20:56:53 ----A---- C:\Windows\SysWOW64\athcfg11res.dll
2010-06-02 20:56:53 ----A---- C:\Windows\SysWOW64\ACS.EXE
2010-06-02 20:56:52 ----A---- C:\Windows\SysWOW64\ATHCFG11.DLL
2010-05-30 21:34:20 ----A---- C:\ProgramData\xml1ECA.tmp
2010-05-30 21:34:20 ----A---- C:\ProgramData\xml1EC9.tmp
2010-05-30 21:34:19 ----A---- C:\ProgramData\xml1EC8.tmp
2010-05-30 21:34:19 ----A---- C:\ProgramData\xml1DDD.tmp
2010-05-30 14:51:59 ----A---- C:\ProgramData\xml24C6.tmp
2010-05-30 14:51:59 ----A---- C:\ProgramData\xml24C5.tmp
2010-05-30 14:51:59 ----A---- C:\ProgramData\xml24C4.tmp
2010-05-30 14:51:58 ----A---- C:\ProgramData\xml23E8.tmp
2010-05-30 14:50:56 ----D---- C:\Windows\SysWOW64\directx
2010-05-25 19:47:55 ----A---- C:\Windows\SysWOW64\tzres.dll
2010-05-24 11:26:32 ----D---- C:\Program Files (x86)\AquaMark3
2010-05-12 06:34:57 ----A---- C:\Windows\SysWOW64\inetcomm.dll
2010-05-04 18:58:33 ----D---- C:\Users\Micha\AppData\Roaming\DivX
2010-05-04 18:58:20 ----D---- C:\Program Files (x86)\Common Files\PX Storage Engine
2010-05-01 16:17:29 ----D---- C:\ProgramData\Windows Genuine Advantage
2010-05-01 16:06:05 ----A---- C:\Windows\ntbtlog.txt
2010-04-25 19:28:41 ----D---- C:\Program Files (x86)\Common Files\DivX Shared
2010-04-25 19:28:10 ----D---- C:\Program Files (x86)\DivX
2010-04-25 19:27:18 ----D---- C:\ProgramData\DivX
2010-04-25 03:12:23 ----A---- C:\Windows\SysWOW64\OpenCL.dll
2010-04-25 03:12:21 ----A---- C:\Windows\SysWOW64\nvoglv32.dll
2010-04-25 03:12:19 ----A---- C:\Windows\SysWOW64\nvd3dum.dll
2010-04-25 03:12:19 ----A---- C:\Windows\SysWOW64\nvcuvid.dll
2010-04-25 03:12:19 ----A---- C:\Windows\SysWOW64\nvcuvenc.dll
2010-04-25 03:12:17 ----A---- C:\Windows\SysWOW64\nvcuda.dll
2010-04-25 03:12:17 ----A---- C:\Windows\SysWOW64\nvcompiler.dll
2010-04-25 03:12:17 ----A---- C:\Windows\SysWOW64\nvapi.dll
2010-04-25 02:20:50 ----D---- C:\Program Files (x86)\NVIDIA Corporation
2010-04-25 02:19:25 ----D---- C:\Program Files (x86)\NVIDIA nTune Performance Application
2010-04-24 20:39:51 ----RHD---- C:\Users\Micha\AppData\Roaming\SecuROM
2010-04-24 20:34:20 ----A---- C:\Windows\SysWOW64\xactengine2_0.dll
2010-04-24 20:34:20 ----A---- C:\Windows\SysWOW64\x3daudio1_0.dll
2010-04-24 20:34:09 ----A---- C:\Windows\SysWOW64\d3dx9_29.dll
2010-04-24 20:34:09 ----A---- C:\Windows\SysWOW64\d3dx9_28.dll
2010-04-24 20:34:08 ----A---- C:\Windows\SysWOW64\d3dx9_27.dll
2010-04-24 20:34:08 ----A---- C:\Windows\SysWOW64\d3dx9_26.dll
2010-04-24 20:34:07 ----A---- C:\Windows\SysWOW64\d3dx9_25.dll
2010-04-24 20:34:07 ----A---- C:\Windows\SysWOW64\d3dx9_24.dll
2010-04-24 20:12:04 ----A---- C:\Windows\Uninstall Jade Empire.exe
2010-04-24 10:41:57 ----D---- C:\Users\Micha\AppData\Roaming\Microsoft Games
2010-04-19 19:37:02 ----AC---- C:\mbam-error.txt
2010-04-13 20:42:07 ----A---- C:\Windows\SysWOW64\vbscript.dll
2010-04-13 20:42:03 ----A---- C:\Windows\SysWOW64\cabview.dll
2010-04-13 20:42:02 ----A---- C:\Windows\SysWOW64\wintrust.dll
2010-04-11 10:42:10 ----D---- C:\Users\Micha\AppData\Roaming\AnvSoft

======List of files/folders modified in the last 2 months======

2010-06-06 17:12:29 ----D---- C:\Program Files (x86)\trend micro
2010-06-06 17:12:00 ----D---- C:\Windows\Temp
2010-06-06 17:07:07 ----D---- C:\Windows\Internet Logs
2010-06-06 16:48:00 ----D---- C:\Windows\ModemLogs
2010-06-06 16:47:13 ----D---- C:\Windows\System32
2010-06-06 16:47:13 ----D---- C:\Windows\inf
2010-06-06 16:40:04 ----SHD---- C:\System Volume Information
2010-06-06 16:37:32 ----HD---- C:\ProgramData
2010-06-06 16:28:39 ----D---- C:\Windows
2010-06-06 16:28:00 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2010-06-06 16:28:00 ----D---- C:\Program Files (x86)
2010-06-06 15:33:33 ----D---- C:\Windows\rescache
2010-06-06 13:30:43 ----D---- C:\Windows\Microsoft.NET
2010-06-06 13:30:23 ----RSD---- C:\Windows\assembly
2010-06-05 17:13:31 ----SHD---- C:\Windows\Installer
2010-06-05 17:13:21 ----RD---- C:\Program Files
2010-06-05 17:12:16 ----D---- C:\Windows\winsxs
2010-06-05 17:12:11 ----D---- C:\Windows\SysWOW64
2010-06-05 17:10:29 ----D---- C:\Windows\SoftwareDistribution
2010-06-02 21:07:32 ----D---- C:\Windows\Prefetch
2010-06-02 20:56:54 ----D---- C:\Windows\SysWOW64\drivers
2010-05-30 14:50:55 ----D---- C:\Windows\Logs
2010-05-29 23:35:42 ----D---- C:\Windows\Minidump
2010-05-25 19:49:02 ----D---- C:\Program Files (x86)\Internet Explorer
2010-05-25 19:48:50 ----D---- C:\Windows\SysWOW64\de-DE
2010-05-12 06:39:47 ----D---- C:\Windows\Debug
2010-05-12 06:39:37 ----D---- C:\Program Files (x86)\Windows Mail
2010-05-09 11:45:44 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2010-05-05 23:46:17 ----RSD---- C:\Windows\Fonts
2010-05-04 18:58:20 ----D---- C:\Program Files (x86)\Common Files
2010-05-03 21:33:56 ----SD---- C:\Users\Micha\AppData\Roaming\Microsoft
2010-05-01 16:17:22 ----SD---- C:\Windows\Downloaded Program Files
2010-04-28 19:23:12 ----D---- C:\Program Files (x86)\Mozilla Firefox
2010-04-25 03:15:23 ----D---- C:\ProgramData\NVIDIA
2010-04-25 02:19:58 ----D---- C:\Program Files (x86)\Common Files\InstallShield
2010-04-11 23:28:32 ----D---- C:\Program Files (x86)\CCleaner

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys []
R1 Vsdatant;Zone Alarm Firewall Driver; C:\Windows\system32\DRIVERS\vsdatant.sys []
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys []
R2 DRHARD64;DRHARD64; \??\C:\Windows\system32\drivers\DRHARD64.sys [2008-08-06 22216]
R2 ISWKL;ZoneAlarm Toolbar ISWKL; \??\C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [2009-10-14 32888]
R2 LMIInfo;LogMeIn Kernel Information Provider; \??\F:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [2008-08-11 15928]
R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\C:\Windows\system32\drivers\LMIRfsDriver.sys []
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\Windows\system32\drivers\RTKVAC64.SYS []
R3 AmdLLD64;AMD Low Level Device Driver; C:\Windows\system32\DRIVERS\AmdLLD64.sys []
R3 AODDriver;AODDriver; \??\F:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver.sys [2009-10-22 21048]
R3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys []
R3 hwusbdev;Huawei DataCard USB PNP Device; C:\Windows\system32\DRIVERS\ewusbdev.sys []
R3 ksthunk;Kernel Streaming Thunks; C:\Windows\system32\drivers\ksthunk.sys []
R3 L8042Kbd;SetPoint Keyboard Driver; C:\Windows\system32\DRIVERS\L8042Kbd.sys []
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys []
R3 lmimirr;lmimirr; C:\Windows\system32\DRIVERS\lmimirr.sys []
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys []
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys []
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx64.sys []
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys []
R3 NVR0Dev;NVR0Dev; \??\C:\Windows\nvoclk64.sys [2007-09-04 39968]
R3 RivaTuner64;RivaTuner64; \??\C:\Program Files (x86)\RivaTuner v2.24\RivaTuner64.sys [2010-02-03 19952]
R3 s0016bus;Sony Ericsson Device 0016 driver (WDM); C:\Windows\system32\DRIVERS\s0016bus.sys []
R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\s0016mdfl.sys []
R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\s0016mdm.sys []
R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\s0016mgmt.sys []
R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS); C:\Windows\system32\DRIVERS\s0016nd5.sys []
R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\s0016obex.sys []
R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM); C:\Windows\system32\DRIVERS\s0016unic.sys []
R3 tbhsd;Tunebite High-Speed Dubbing; C:\Windows\system32\drivers\tbhsd.sys []
S3 ATITool;ATITool Overclocking Utility; C:\Windows\system32\DRIVERS\ATITool64.sys []
S3 CrystalSysInfo;CrystalSysInfo; \??\C:\Users\Micha\Documents\CrystalCPUID415x64\SysInfoX64.sys [2007-09-25 18128]
S3 DRHARD;DRHARD; \??\C:\Windows\system32\DRIVERS\DRHARD.SYS []
S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys []
S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys []
S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys []
S3 RTL8023x64;Realtek 10/100-Netzwerkkartenfamilie-NDIS-x64-Treiber; C:\Windows\system32\DRIVERS\Rtnic64.sys []
S3 SANDRA;SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010.SP1a\WNt500x64\Sandra.sys [2009-08-07 23112]
S3 vncmirror;vncmirror; C:\Windows\system32\DRIVERS\vncmirror.sys []
S3 vsdatant7;vsdatant7; C:\Windows\System32\drivers\vsdatant.win7.sys []
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys []
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys []
S4 LMIRfsClientNP;LMIRfsClientNP; C:\Windows\SysWOW64\drivers\LMIRfsClientNP.sys []
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys []
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2010-04-22 267432]
R2 AODService;AODService; F:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [2009-10-22 136544]
R2 IswSvc;ZoneAlarm Toolbar IswSvc; C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe [2009-10-14 800624]
R2 LMIMaint;LogMeIn Maintenance Service; F:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [2009-09-28 120640]
R2 LogMeIn;LogMeIn; F:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [2008-08-11 57920]
R2 MDM;Machine Debug Manager; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]
R2 nTuneService;nTune Service; C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe [2007-09-04 180224]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe []
R2 vsmon;TrueVector Internet Monitor; C:\Windows\SysWOW64\ZoneLabs\vsmon.exe [2009-11-22 2384240]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-03-30 89920]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 getPlusHelper;@C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll,-101; C:\Windows\System32\svchost.exe [2008-01-21 21504]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe [2009-07-20 160784]
S3 MatSvc;@%ProgramFiles%\Microsoft Fix it Center\MatsRes.dll,-9000; C:\Program Files\Microsoft Fix it Center\Matsvc.exe [2010-04-10 342320]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2008-01-21 19968]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010.SP1a\RpcAgentSrv.exe [2009-08-17 93336]

-----------------EOF-----------------
--- --- ---

restliche Logs als Dateianhang
stand der logs 6.06
bzw. 7.06
werde aktuell welche auf verlangen machen

 

Themen zu Hab ich einen Hack?
antivir, antivir guard, avgntflt.sys, avira, bho, browser, checkpoint, dateianhang, desktop, device driver, excel, firefox, fontcache, hack?, hijack, hijackthis, home, home premium, installation, internet, internet explorer, microsoft fix it, mozilla, notepad.exe, nvlddmkm.sys, performance, plug-in, programdata, proxy, realtek, registry, rundll, security, security scan, software, start menu, svchost.exe, system, syswow64, windows, wscript.exe, zone alarm


« "Unerwünschtes Programm BDS/Papras.IX" | Icq Virus 'Schau dir das Bild mal an :D' »


Ähnliche Themen: Hab ich einen Hack?


  1. Bei Anruf Mac-Hack
    Nachrichten - 22.10.2015 (0)
  2. mail delivery failed returning message - kann es sich um einen hack des Mailkontos handeln?
    Plagegeister aller Art und deren Bekämpfung - 18.07.2014 (5)
  3. evtl. PC-Hack oder Online-Hack?
    Log-Analyse und Auswertung - 19.01.2014 (1)
  4. Habe einen virus! aber was für einen ?
    Log-Analyse und Auswertung - 17.07.2013 (8)
  5. 2x | Habe einen virus !aber was für einen?
    Mülltonne - 20.05.2013 (0)
  6. Gmx Mail Account gehackt? Habe ich einen Trojaner oder einen Spybot auf dem Rechner?
    Log-Analyse und Auswertung - 01.05.2013 (18)
  7. Einen Lizenzvertrag für einen Testvirus ?
    Überwachung, Datenschutz und Spam - 22.02.2013 (3)
  8. Benötige einen Check meiner Dienste, evtl. habe ich einen Virus, der meinen PC überwacht!
    Log-Analyse und Auswertung - 19.12.2011 (10)
  9. Hab einen Trojaner oder wurm oder nen virus weis aber nicht was für einen
    Log-Analyse und Auswertung - 30.11.2011 (2)
  10. Wow Acount Hack
    Log-Analyse und Auswertung - 20.05.2010 (2)
  11. Msn hack
    Mülltonne - 29.01.2010 (2)
  12. MSN Hack
    Mülltonne - 16.12.2008 (0)
  13. MSN hack?
    Mülltonne - 24.10.2008 (1)
  14. msn hack?
    Mülltonne - 05.04.2008 (0)
  15. pc hack
    Plagegeister aller Art und deren Bekämpfung - 24.04.2007 (9)
  16. PM Hack?
    Lob, Kritik und Wünsche - 02.03.2003 (3)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Hab ich einen Hack? - Meine Umts carte wurde scheinbar gehackt wolte wissen ob da was ist da ich dauernd irgend einen SPR pasword Tool XLr gefunden wird An bei die logs erstes log RSIT - Hab ich einen Hack?...
Archiv
Du betrachtest: Hab ich einen Hack? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131