Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Ich denke ich habe Vieren auf meinem System! (https://www.trojaner-board.de/50102-denke-habe-vieren-meinem-system.html)

Verseucht 02.03.2008 17:54
Ich denke ich habe Vieren auf meinem System!
 
Hallo
Dieses Forum ist echt klasse!
ch lese mir gerne die Probleme von anderen durch,
doch bin ich noch nicht lange hier registriert!

Also mein Problem:

Seit langer Zeit startet mein PC sehr langsam und ist auch im Betrieb serh lahm!
Meine Hardware ist es nicht: ich habe: Athlon 64 3000+
2Gb Ram
Abit Av8
Auserdem findet McAffe AntiVirus immer wieder Vieren und Trojaner (nur sehr selten und ganz wenig aber immer wieder).
Ich habe mal einen Rootkit Scan (Sysmatec Rootkit Revealer) gemacht und er findet irgendwas mit blue.Shortcut!
Ich habe das Log nicht mehr.

Logfile von HijackThis:

Logfile of HijackThis v1.99.1
Scan saved at 17:24:36, on 02.03.2008
Platform: Windows XP SP3, v.3264 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\Programme\Windows SteadyState\SCTSvc.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\Programme\DigitalPersona\Bin\DPWinLct.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
F:\Programme\DigitalPersona\Bin\DpHost.exe
F:\WINDOWS\eHome\ehRecvr.exe
F:\WINDOWS\eHome\ehSched.exe
F:\Programme\Ext2Fsd\Ext2Mgr.exe
F:\Programme\Nero\Nero 7\InCD\InCDsrv.exe
F:\Programme\Network Associates\Common Framework\FrameworkService.exe
F:\Programme\Network Associates\VirusScan\Mcshield.exe
F:\Programme\Network Associates\VirusScan\VsTskMgr.exe
F:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
F:\Programme\Microsoft LifeCam\MSCamS32.exe
F:\xampp\mysql\bin\mysqld-nt.exe
F:\Programme\NDAS\System\ndassvc.exe
F:\WINDOWS\system32\nisvcloc.exe
F:\Programme\SiteAdvisor\6253\SAService.exe
F:\WINDOWS\system32\svchost.exe
F:\Programme\Gemeinsame Dateien\Acronis\Fomatik\TrueImageTryStartService.exe
F:\Programme\VMware\VMware Converter\vmware-ufad.exe
F:\Programme\Gemeinsame Dateien\VMware\VMware Virtual Image Editing\vmount2.exe
F:\WINDOWS\system32\vmnat.exe
F:\Programme\DigitalPersona\Bin\DPFUSMgr.exe
F:\Programme\VMware\VMware Player\vmware-authd.exe
F:\WINDOWS\system32\vmnetdhcp.exe
F:\WINDOWS\Explorer.EXE
F:\Programme\Network Associates\VirusScan\SHSTAT.EXE
F:\Programme\Network Associates\Common Framework\UpdaterUI.exe
F:\Programme\Gemeinsame Dateien\Network Associates\TalkBack\TBMon.exe
F:\Programme\SiteAdvisor\6253\SiteAdv.exe
F:\Programme\ABIT\ABIT uGuru\uGuru_Event_Receiver.exe
F:\Programme\Microsoft IntelliPoint\ipoint.exe
F:\Programme\DigitalPersona\Bin\DPAgnt.exe
F:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
F:\WINDOWS\SOUNDMAN.EXE
F:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe
F:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe
F:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe
F:\Programme\Spybot - Search & Destroy\TeaTimer.exe
F:\Programme\ICQ6\ICQ.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Programme\NDAS\System\ndasmgmt.exe
F:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
f:\progra~1\mozill~1\firefox.exe
F:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE
F:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
F:\Dokumente und Einstellungen\Alex\Desktop\HijakThis\HijakThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://w*w.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - F:\Programme\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - F:\Programme\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [ShStatEXE] "F:\Programme\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "F:\Programme\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "F:\Programme\Gemeinsame Dateien\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [GuruClock] F:\Programme\ABIT\ABIT uGuru\GuruClock.exe
O4 - HKLM\..\Run: [SiteAdvisor] F:\Programme\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IntelliPoint] "F:\Programme\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [DPAgnt] F:\Programme\DigitalPersona\Bin\DPAgnt.exe
O4 - HKLM\..\Run: [itype] "F:\Programme\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [StartCCC] "F:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [ATICustomerCare] "F:\Programme\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [D-Link AirPlus G] F:\Programme\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] F:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [OSSelectorReinstall] F:\Programme\Gemeinsame Dateien\Acronis\Acronis Disk Director\oss_reinstall.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] F:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] F:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "F:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\RunServices: [] F:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\RunServicesOnce: [capscanuninstall] "F:\WINDOWS\command.com" /c del "F:\DOKUME~1\Alex\LOKALE~1\Temp\uninstal.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] F:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ICQ] "F:\Programme\ICQ6\ICQ.exe" silent
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AnyDVD] F:\Programme\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs"
O4 - Global Startup: NDAS Device Management.lnk = F:\Programme\NDAS\System\ndasmgmt.exe
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://F:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Programme\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Programme\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - F:\Programme\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - F:\Programme\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - F:\Programme\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - F:\Programme\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Programme\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted IP range: h**p://192.168.0.211
O16 - DPF: {B48F3498-D67D-11D4-9F7A-006097914998} (IEQuickIClient Control) - h**ps://w*w.pdts.cc/qii/download/IEQuickIClient.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - h**p://clubbing.21er.at/activex/AMC.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - F:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - F:\Programme\SiteAdvisor\6253\SiteAdv.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - F:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: DPWLN - F:\WINDOWS\system32\DPWLEvHd.dll
O20 - Winlogon Notify: WgaLogon - F:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - F:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - F:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - F:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - F:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - F:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Windows XP FUS Manager (DPFUSMgr) - DigitalPersona, Inc. - F:\Programme\DigitalPersona\Bin\DPFUSMgr.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - F:\Programme\DigitalPersona\Bin\DpHost.exe
O23 - Service: Ext2 Volume Manger (Ext2Mgr) - Ext2Fsd Group (w*w.ext2fsd.com) - F:\Programme\Ext2Fsd\Ext2Mgr.exe
O23 - Service: FanSpeedNT Service - Unknown owner - F:\Dokumente und Einstellungen\Alex\UserData\Temporäre Internetdateien\Content.IE5\I1JSICPX\FanSpeed-1.2.0[1]\fanspeedNT.exe" (file missing)
O23 - Service: HRGMGAVZJ - Sysinternals - w*w.sysinternals.com - F:\DOKUME~1\Alex\LOKALE~1\Temp\HRGMGAVZJ.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - F:\Programme\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - F:\Programme\iPod\bin\iPodService.exe
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - F:\WINDOWS\system32\lkcitdl.exe
O23 - Service: MAQETOVQ - Sysinternals - w*w.sysinternals.com - F:\DOKUME~1\Alex\LOKALE~1\Temp\MAQETOVQ.exe
O23 - Service: McAfee Framework-Dienst (McAfeeFramework) - Network Associates, Inc. - F:\Programme\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - F:\Programme\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - F:\Programme\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: mysql - Unknown owner - F:\xampp\mysql\bin\mysqld-nt.exe
O23 - Service: NBService - Nero AG - F:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NDAS Service (ndassvc) - XIMETA, Inc. - F:\Programme\NDAS\System\ndassvc.exe
O23 - Service: NILM License Manager - Macrovision Corporation - F:\Programme\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - F:\WINDOWS\system32\nisvcloc.exe
O23 - Service: NMIndexingService - Nero AG - F:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NXJYEB - Sysinternals - w*w.sysinternals.com - F:\DOKUME~1\Alex\LOKALE~1\Temp\NXJYEB.exe
O23 - Service: OpcEnum - Unknown owner - F:\WINDOWS\system32\OpcEnum.exe (file missing)
O23 - Service: QELWLSMNXSDVX - Unknown owner - F:\DOKUME~1\Alex\LOKALE~1\Temp\QELWLSMNXSDVX.exe (file missing)
O23 - Service: CHIPDRIVE Smartcard Office Kernel (SCM_Smart_Card_Office_Kernel) - CISCO Security Pte Ltd - F:\WINDOWS\system32\sokscmnt.exe
O23 - Service: Dienst für das Zusammenwirken mit dem SafeDisk Treiber (Sdapisvc) - Infotecs - F:\Programme\InfoTeCS\ViPNet SafeDisk\sdapisvc.exe
O23 - Service: SiteAdvisor-Dienst (SiteAdvisor Service) - Unknown owner - F:\Programme\SiteAdvisor\6253\SAService.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - F:\Programme\Gemeinsame Dateien\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: VMware Converter Service (ufad-p2v) - Unknown owner - F:\Programme\VMware\VMware Converter\vmware-ufad.exe" -d "F:\Programme\VMware\VMware Converter\\" -s ufad-p2v.xml (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - F:\Programme\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - F:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - F:\Programme\Gemeinsame Dateien\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - F:\WINDOWS\system32\vmnat.exe
O23 - Service: WEMIRWS - Sysinternals - w*w.sysinternals.com - F:\DOKUME~1\Alex\LOKALE~1\Temp\WEMIRWS.exe

Hoffe ihr könnt mir Helfen!!!
lG
Verseucht
p.S.: Escan log kommt!!

Verseucht 02.03.2008 18:38
Kann mir irgendjemand helfen???:heulen:


Alle Zeitangaben in WEZ +1. Es ist jetzt 11:05 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131