Multiple Infektionen meines Systems u.a. TR/Dropper.Gen, JAVA/ClassLoader.AV... Ich habe zusätzlich hier noch einen Ad-aware- und einen
HijackThis Log:
Ad-aware
Code:
Alles auswählen Aufklappen ATTFilter
Logfile created: 17.12.2010 15:27:02
Ad-Aware version: 9.0.0
Extended engine: 3
Extended engine version: 3.1.2770
User performing scan: ***
*********************** Definitions database information ***********************
Lavasoft definition file: 150.204
Genotype definition file version: 2010/12/15 07:50:21
Extended engine definition file: 7675.0
******************************** Scan results: *********************************
Scan profile name: Vollständiger Scan (ID: full)
Objects scanned: 260893
Objects detected: 0
Type Detected
==========================
Processes.......: 0
Registry entries: 0
Hostfile entries: 0
Files...........: 0
Folders.........: 0
LSPs............: 0
Cookies.........: 0
Browser hijacks.: 0
MRU objects.....: 0
Scan and cleaning complete: Finished correctly after 8043 seconds
*********************************** Settings ***********************************
Scan profile:
ID: full, enabled:1, value: Vollständiger Scan
ID: folderstoscan, enabled:1, value: C:\,D:\
ID: useantivirus, enabled:1, value: true
ID: sections, enabled:1
ID: scancriticalareas, enabled:1, value: true
ID: scanrunningapps, enabled:1, value: true
ID: scanregistry, enabled:1, value: true
ID: scanlsp, enabled:1, value: true
ID: scanads, enabled:1, value: true
ID: scanhostsfile, enabled:1, value: true
ID: scanmru, enabled:1, value: true
ID: scanbrowserhijacks, enabled:1, value: true
ID: scantrackingcookies, enabled:1, value: true
ID: closebrowsers, enabled:1, value: false
ID: filescanningoptions, enabled:1
ID: archives, enabled:1, value: true
ID: onlyexecutables, enabled:1, value: false
ID: skiplargerthan, enabled:1, value: 20480
ID: scanrootkits, enabled:1, value: true
ID: rootkitlevel, enabled:1, value: mild, domain: medium,mild,strict
ID: usespywareheuristics, enabled:1, value: true
Scan global:
ID: global, enabled:1
ID: addtocontextmenu, enabled:1, value: true
ID: playsoundoninfection, enabled:1, value: false
ID: soundfile, enabled:0, value: N/A
Scheduled scan settings:
<Empty>
Update settings:
ID: updates, enabled:1
ID: launchthreatworksafterscan, enabled:1, value: off, domain: normal,off,silently
ID: deffiles, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: licenseandinfo, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: schedules, enabled:1, value: true
ID: updatedaily1, enabled:1, value: Daily 1
ID: time, enabled:1, value: Thu Dec 16 17:37:00 2010
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updatedaily2, enabled:1, value: Daily 2
ID: time, enabled:1, value: Thu Dec 16 23:37:00 2010
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updatedaily3, enabled:1, value: Daily 3
ID: time, enabled:1, value: Thu Dec 16 05:37:00 2010
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updatedaily4, enabled:1, value: Daily 4
ID: time, enabled:1, value: Thu Dec 16 11:37:00 2010
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updateweekly1, enabled:1, value: Weekly
ID: time, enabled:1, value: Thu Dec 16 17:37:00 2010
ID: frequency, enabled:1, value: weekly, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: true
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: true
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
Appearance settings:
ID: appearance, enabled:1
ID: skin, enabled:1, value: default.egl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Resource
ID: showtrayicon, enabled:1, value: true
ID: autoentertainmentmode, enabled:1, value: true
ID: guimode, enabled:1, value: mode_simple, domain: mode_advanced,mode_simple
ID: language, enabled:1, value: de, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Language
Realtime protection settings:
ID: realtime, enabled:1
ID: infomessages, enabled:1, value: onlyimportant, domain: display,dontnotify,onlyimportant
ID: layers, enabled:1
ID: useantivirus, enabled:1, value: true
ID: usespywareheuristics, enabled:1, value: true
ID: maintainbackup, enabled:1, value: true
ID: modules, enabled:1
ID: processprotection, enabled:1, value: true
ID: onaccessprotection, enabled:1, value: false
ID: registryprotection, enabled:1, value: true
ID: networkprotection, enabled:1, value: true
****************************** System information ******************************
Computer name: ***-PC
Processor name: Intel(R) Core(TM)2 Duo CPU P8600 @ 2.40GHz
Processor identifier: Intel64 Family 6 Model 23 Stepping 6
Processor speed: ~2394MHZ
Raw info: processorarchitecture 9, processortype 8664, processorlevel 6, processor revision 5894, number of processors 2, processor features: [MMX,SSE,SSE2,SSE3]
Physical memory available: 2646544384 bytes
Physical memory total: 4292030464 bytes
Virtual memory available: 1805348864 bytes
Virtual memory total: 2147352576 bytes
Memory load: 38%
Microsoft (build 7600)
Windows startup mode:
Running processes:
PID: 304 name: C:\Windows\System32\smss.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 448 name: C:\Windows\System32\csrss.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 520 name: C:\Windows\System32\wininit.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 532 name: C:\Windows\System32\csrss.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 568 name: C:\Windows\System32\services.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 584 name: C:\Windows\System32\lsass.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 592 name: C:\Windows\System32\lsm.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 704 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 788 name: C:\Windows\System32\nvvsvc.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 828 name: C:\Windows\System32\svchost.exe owner: NETZWERKDIENST domain: NT-AUTORITÄT
PID: 888 name: C:\Windows\System32\svchost.exe owner: LOKALER DIENST domain: NT-AUTORITÄT
PID: 920 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 960 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 488 name: C:\Windows\System32\svchost.exe owner: LOKALER DIENST domain: NT-AUTORITÄT
PID: 968 name: C:\Windows\System32\svchost.exe owner: NETZWERKDIENST domain: NT-AUTORITÄT
PID: 1140 name: C:\Windows\System32\winlogon.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1188 name: C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1312 name: C:\Windows\System32\nvvsvc.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1436 name: C:\Windows\System32\spoolsv.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1468 name: C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1488 name: C:\Windows\System32\svchost.exe owner: LOKALER DIENST domain: NT-AUTORITÄT
PID: 1600 name: C:\Program Files (x86)\AirPrint\airprint.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1624 name: C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1660 name: C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1708 name: C:\Program Files (x86)\Bonjour\mDNSResponder.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1740 name: C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1776 name: C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1808 name: C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1828 name: C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1872 name: C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1892 name: C:\Windows\System32\conhost.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 2004 name: C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1736 name: C:\Windows\splwow64.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1864 name: C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE owner: SYSTEM domain: NT-AUTORITÄT
PID: 2136 name: C:\Windows\System32\wbem\unsecapp.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 2228 name: C:\Windows\System32\wbem\WmiPrvSE.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 2428 name: C:\Program Files (x86)\TeamViewer\Version5\TeamViewer.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 2596 name: C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE owner: SYSTEM domain: NT-AUTORITÄT
PID: 2700 name: C:\Windows\System32\SearchIndexer.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 2608 name: C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 2076 name: C:\Windows\System32\svchost.exe owner: LOKALER DIENST domain: NT-AUTORITÄT
PID: 2644 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 3008 name: C:\Program Files\Windows Media Player\wmpnetwk.exe owner: NETZWERKDIENST domain: NT-AUTORITÄT
PID: 1352 name: C:\Windows\System32\taskhost.exe owner: *** domain: ***-PC
PID: 2484 name: C:\Windows\System32\dwm.exe owner: *** domain: ***-PC
PID: 3248 name: C:\Windows\RAVCpl64.exe owner: *** domain: ***-PC
PID: 3264 name: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe owner: *** domain: ***-PC
PID: 3272 name: C:\Program Files\Logitech\SetPointP\SetPoint.exe owner: *** domain: ***-PC
PID: 3312 name: C:\Program Files\Windows Sidebar\sidebar.exe owner: *** domain: ***-PC
PID: 3328 name: C:\Program Files (x86)\RocketDock\RocketDock.exe owner: *** domain: ***-PC
PID: 3340 name: C:\Windows\System32\StikyNot.exe owner: *** domain: ***-PC
PID: 3392 name: C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe owner: *** domain: ***-PC
PID: 3616 name: C:\Users\***\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe owner: *** domain: ***-PC
PID: 3724 name: C:\Program Files\Keyboard Manager\Manager Utility\KeyboardManager.exe owner: *** domain: ***-PC
PID: 3816 name: C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe owner: *** domain: ***-PC
PID: 3968 name: C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe owner: *** domain: ***-PC
PID: 4048 name: C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe owner: *** domain: ***-PC
PID: 276 name: C:\Program Files (x86)\iTunes\iTunesHelper.exe owner: *** domain: ***-PC
PID: 2832 name: C:\Windows\System32\wbem\WmiPrvSE.exe owner: NETZWERKDIENST domain: NT-AUTORITÄT
PID: 4108 name: C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe owner: *** domain: ***-PC
PID: 4116 name: C:\Program Files\Synaptics\SynTP\SynTPHelper.exe owner: *** domain: ***-PC
PID: 4128 name: C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe owner: *** domain: ***-PC
PID: 4136 name: C:\Program Files (x86)\PDFCreator\PDFCreator.exe owner: *** domain: ***-PC
PID: 4184 name: C:\Program Files (x86)\Chromatic Dragon\Toodledo Sync Application\SyncApp.exe owner: *** domain: ***-PC
PID: 4208 name: C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe owner: *** domain: ***-PC
PID: 4220 name: C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE owner: *** domain: ***-PC
PID: 4296 name: C:\Program Files\iPod\bin\iPodService.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 4864 name: C:\Windows\System32\svchost.exe owner: LOKALER DIENST domain: NT-AUTORITÄT
PID: 4988 name: C:\Windows\System32\dllhost.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 5164 name: C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe owner: *** domain: ***-PC
PID: 4840 name: C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE owner: *** domain: ***-PC
PID: 5828 name: C:\Windows\System32\wuauclt.exe owner: *** domain: ***-PC
PID: 5384 name: C:\Windows\System32\taskhost.exe owner: *** domain: ***-PC
PID: 5388 name: C:\Windows\System32\svchost.exe owner: LOKALER DIENST domain: NT-AUTORITÄT
PID: 3812 name: C:\Windows\explorer.exe owner: *** domain: ***-PC
PID: 4632 name: C:\Windows\notepad.exe owner: *** domain: ***-PC
PID: 3852 name: C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-Aware.exe owner: *** domain: ***-PC
PID: 3240 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT-AUTORITÄT
Startup items:
Name: WebCheck
imagepath: {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
Name: Malwarebytes' Anti-Malware
imagepath: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
Name: Keyboard Manager Utility
imagepath: "C:\Program Files\Keyboard Manager\Manager Utility\KeyboardManager.exe" /lang DE /H
Name: avgnt
imagepath: "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
Name: GrooveMonitor
imagepath: "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
Name: IAStorIcon
imagepath: C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
Name: DivXUpdate
imagepath: "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
Name: QuickTime Task
imagepath: "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
Name: Adobe Reader Speed Launcher
imagepath: "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
Name: Adobe ARM
imagepath: "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
Name: iTunesHelper
imagepath: "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
Name:
location: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Air Mouse.lnk
imagepath: C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe
Name:
location: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk
imagepath: C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
Name:
imagepath: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
Name:
location: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PDFCreator.lnk
imagepath: C:\Program Files (x86)\PDFCreator\PDFCreator.exe
Name:
location: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Toodledo Sync Tool.lnk
imagepath: C:\Windows\Installer\{9AFA4423-D0E3-4F92-908E-D4C9CEEB3DA3}\_4EBBCD3A645B53E3579F1E.exe
Bootexecute items:
Name:
imagepath: autocheck autochk *
Running services:
Name: AeLookupSvc
displayname: Anwendungserfahrung
Name: AirPrint
displayname: ArPrint
Name: AntiVirSchedulerService
displayname: Avira AntiVir Planer
Name: AntiVirService
displayname: Avira AntiVir Guard
Name: Appinfo
displayname: Anwendungsinformationen
Name: Apple Mobile Device
displayname: Apple Mobile Device
Name: AudioEndpointBuilder
displayname: Windows-Audio-Endpunkterstellung
Name: AudioSrv
displayname: Windows-Audio
Name: BFE
displayname: Basisfiltermodul
Name: BITS
displayname: Intelligenter Hintergrundübertragungsdienst
Name: Bonjour Service
displayname: Dienst "Bonjour"
Name: Browser
displayname: Computerbrowser
Name: CryptSvc
displayname: Kryptografiedienste
Name: CscService
displayname: Offlinedateien
Name: CVPND
displayname: Cisco Systems, Inc. VPN Service
Name: DcomLaunch
displayname: DCOM-Server-Prozessstart
Name: Dhcp
displayname: DHCP-Client
Name: Dnscache
displayname: DNS-Client
Name: DPS
displayname: Diagnoserichtliniendienst
Name: EapHost
displayname: Extensible Authentication-Protokoll
Name: eventlog
displayname: Windows-Ereignisprotokoll
Name: EventSystem
displayname: COM+-Ereignissystem
Name: fdPHost
displayname: Funktionssuchanbieter-Host
Name: FDResPub
displayname: Funktionssuche-Ressourcenveröffentlichung
Name: gpsvc
displayname: Gruppenrichtlinienclient
Name: hidserv
displayname: Zugriff auf Eingabegeräte
Name: HomeGroupListener
displayname: Heimnetzgruppen-Listener
Name: HomeGroupProvider
displayname: Heimnetzgruppen-Anbieter
Name: HotspotShieldService
displayname: Hotspot Shield Service
Name: HssSrv
displayname: Hotspot Shield Routing Service
Name: HssWd
displayname: Hotspot Shield Monitoring Service
Name: IAStorDataMgrSvc
displayname: Intel(R) Rapid Storage Technology
Name: iphlpsvc
displayname: IP-Hilfsdienst
Name: iPod Service
displayname: iPod-Dienst
Name: KeyIso
displayname: CNG-Schlüsselisolation
Name: LanmanServer
displayname: Server
Name: LanmanWorkstation
displayname: Arbeitsstationsdienst
Name: Lavasoft Ad-Aware Service
displayname: Lavasoft Ad-Aware Service
Name: lmhosts
displayname: TCP/IP-NetBIOS-Hilfsdienst
Name: MpsSvc
displayname: Windows-Firewall
Name: Netman
displayname: Netzwerkverbindungen
Name: netprofm
displayname: Netzwerklistendienst
Name: NlaSvc
displayname: NLA (Network Location Awareness)
Name: nsi
displayname: Netzwerkspeicher-Schnittstellendienst
Name: nvsvc
displayname: NVIDIA Display Driver Service
Name: p2pimsvc
displayname: Peernetzwerkidentitäts-Manager
Name: p2psvc
displayname: Peernetzwerk-Gruppenzuordnung
Name: PcaSvc
displayname: Programmkompatibilitäts-Assistent-Dienst
Name: PlugPlay
displayname: Plug & Play
Name: PNRPsvc
displayname: Peer Name Resolution-Protokoll
Name: Power
displayname: Stromversorgung
Name: ProfSvc
displayname: Benutzerprofildienst
Name: ProtectedStorage
displayname: Geschützter Speicher
Name: RpcEptMapper
displayname: RPC-Endpunktzuordnung
Name: RpcSs
displayname: Remoteprozeduraufruf (RPC)
Name: SamSs
displayname: Sicherheitskonto-Manager
Name: Schedule
displayname: Aufgabenplanung
Name: SENS
displayname: Benachrichtigungsdienst für Systemereignisse
Name: ShellHWDetection
displayname: Shellhardwareerkennung
Name: Spooler
displayname: Druckwarteschlange
Name: SSDPSRV
displayname: SSDP-Suche
Name: stisvc
displayname: Windows-Bilderfassung (WIA)
Name: SysMain
displayname: Superfetch
Name: TapiSrv
displayname: Telefonie
Name: TeamViewer5
displayname: TeamViewer 5
Name: Themes
displayname: Designs
Name: TrkWks
displayname: Überwachung verteilter Verknüpfungen (Client)
Name: upnphost
displayname: UPnP-Gerätehost
Name: UxSms
displayname: Sitzungs-Manager für Desktopfenster-Manager
Name: WdiServiceHost
displayname: Diagnosediensthost
Name: WdiSystemHost
displayname: Diagnosesystemhost
Name: WerSvc
displayname: Windows-Fehlerberichterstattungsdienst
Name: WinDefend
displayname: Windows Defender
Name: WinHttpAutoProxySvc
displayname: WinHTTP-Web Proxy Auto-Discovery-Dienst
Name: Winmgmt
displayname: Windows-Verwaltungsinstrumentation
Name: Wlansvc
displayname: Automatische WLAN-Konfiguration
Name: wlidsvc
displayname: Windows Live ID Sign-in Assistant
Name: WMPNetworkSvc
displayname: Windows Media Player-Netzwerkfreigabedienst
Name: wscsvc
displayname: Sicherheitscenter
Name: WSearch
displayname: Windows Search
Name: wuauserv
displayname: Windows Update
Name: wudfsvc
displayname: Windows Driver Foundation - Benutzermodus-Treiberframework
HiJackThis
Code:
Alles auswählen Aufklappen ATTFilter
HiJackthis Logfile:
Code:
Alles auswählen Aufklappen ATTFilter
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:01:02, on 17.12.2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16700)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\RocketDock\RocketDock.exe
C:\Users\***\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe
C:\Program Files (x86)\PDFCreator\PDFCreator.exe
C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\***\Downloads\HiJackThis204.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll
O3 - Toolbar: Trillian Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [Keyboard Manager Utility] "C:\Program Files\Keyboard Manager\Manager Utility\KeyboardManager.exe" /lang DE /H
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\***\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O4 - Startup: Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Air Mouse.lnk = C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: PDFCreator.lnk = C:\Program Files (x86)\PDFCreator\PDFCreator.exe
O4 - Global Startup: Toodledo Sync Tool.lnk = ?
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ArPrint (AirPrint) - Apple Inc. - C:\Program Files (x86)\AirPrint\airprint.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Routing Service (HssSrv) - AnchorFree Inc. - C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE
O23 - Service: Hotspot Shield Monitoring Service (HssWd) - Unknown owner - C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 12628 bytes
--- --- ---
17.12.2010, 18:04
Hybrid-Darstellung
