|
Brauche Hilfe beim Checken meines Logfiles Hallo liebe Trojanerboard User Mein Laptop ist extrem langsam und nun wurde mir von einem Freund Hijack*his empfohlen. Folglich hab ich es mir gedownloadet und frage mich jetzt ist das Logfile gut oder schlecht? Mein Freund sagt das das so wie es aussieht nicht grad gut ist und hat gesagt ich solle mal im Internet forschen ob ich ein Forum finde in dem ich den Logfile checken lassen kann, um zu sehen ob dort irgendwelche Viren, Trojaner, Würmer, etc. drauf sind hoffe ihr könnt mir helfen. Hier ist der Logfile: Logfile of Trend Micro Hijack*his v2.0.2 Scan saved at 23:59:53, on 06.09.2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v8.00 (8.00.6001.18241) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\VMware\VMware Player\hqtray.exe C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE\avp.exe C:\Windows\System32\wpcumi.exe C:\Program Files\Synaptics\SynTP\SynTPStart.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe C:\Users\Jani\AppData\Local\Google\Update\GoogleUpdate.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\FRITZ!DSL\StCenter.exe C:\Windows\system32\taskeng.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\System32\mobsync.exe C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe C:\Users\Jani\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Jani\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Jani\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = h**p://www.pagessyndication.com/google/iesearch.php R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = file://C:\Program Files\WinSweep\ws.js R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll O3 - Toolbar: (no name) - {E915E62E-41DA-40D0-8106-3438B4D24394} - (no file) O4 - HKLM\..\Run: [VMware hqtray] "C:\Program Files\VMware\VMware Player\hqtray.exe" O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE\avp.exe" O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\WINDOWS LIVE\MESSENGER\MSNMSGR.EXE" /background O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray O4 - HKCU\..\Run: [Google Update] "C:\Users\Jani\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user') O4 - Global Startup: FRITZ!DSL Startcenter.lnk = ? O8 - Extra context menu item: Hinzufügen zu Kaspersky Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE\ie_banner_deny.htm O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Statistik für Web-Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE\SCIEPlgn.dll O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll O9 - Extra button: HP Sammelmappe - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: HP Intelligente Auswahl - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O13 - Gopher Prefix: O16 - DPF: CabBuilder - h**p://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{32950BAC-63AD-40B0-A659-FF77F953D303}: NameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{4C69830A-8298-44F1-97DF-7FD2289BE932}: NameServer = 192.168.178.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{0485351E-EA58-4E57-8C9D-FC999A327FC4}: NameServer = 192.168.178.1 O17 - HKLM\System\CS3\Services\Tcpip\..\{0485351E-EA58-4E57-8C9D-FC999A327FC4}: NameServer = 192.168.178.1 O17 - HKLM\System\CS4\Services\Tcpip\..\{0485351E-EA58-4E57-8C9D-FC999A327FC4}: NameServer = 192.168.178.1 O17 - HKLM\System\CS5\Services\Tcpip\..\{0485351E-EA58-4E57-8C9D-FC999A327FC4}: NameServer = 192.168.178.1 O17 - HKLM\System\CS6\Services\Tcpip\..\{0485351E-EA58-4E57-8C9D-FC999A327FC4}: NameServer = 192.168.178.1 O17 - HKLM\System\CS7\Services\Tcpip\..\{0485351E-EA58-4E57-8C9D-FC999A327FC4}: NameServer = 192.168.178.1 O17 - HKLM\System\CS8\Services\Tcpip\..\{0485351E-EA58-4E57-8C9D-FC999A327FC4}: NameServer = 192.168.178.1 O17 - HKLM\System\CS9\Services\Tcpip\..\{0485351E-EA58-4E57-8C9D-FC999A327FC4}: NameServer = 192.168.178.1 O17 - HKLM\System\CS10\Services\Tcpip\..\{0485351E-EA58-4E57-8C9D-FC999A327FC4}: NameServer = 192.168.178.1 O17 - HKLM\System\CS11\Services\Tcpip\..\{0485351E-EA58-4E57-8C9D-FC999A327FC4}: NameServer = 192.168.178.1 O17 - HKLM\System\CS12\Services\Tcpip\..\{0485351E-EA58-4E57-8C9D-FC999A327FC4}: NameServer = 192.168.178.1 O17 - HKLM\System\CS13\Services\Tcpip\..\{0485351E-EA58-4E57-8C9D-FC999A327FC4}: NameServer = 192.168.178.1 O17 - HKLM\System\CS14\Services\Tcpip\..\{0485351E-EA58-4E57-8C9D-FC999A327FC4}: NameServer = 192.168.178.1 O17 - HKLM\System\CS15\Services\Tcpip\..\{0485351E-EA58-4E57-8C9D-FC999A327FC4}: NameServer = 192.168.178.1 O17 - HKLM\System\CS16\Services\Tcpip\..\{0485351E-EA58-4E57-8C9D-FC999A327FC4}: NameServer = 192.168.178.1 O17 - HKLM\System\CS17\Services\Tcpip\..\{0485351E-EA58-4E57-8C9D-FC999A327FC4}: NameServer = 192.168.178.1 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\r3hook.dll C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: Kaspersky Security Suite CBE (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE\avp.exe O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: AVM IGD CTRL Service (IGDCTRL) - AVM Berlin - C:\Program Files\FRITZ!DSL\IGDCTRL.EXE O23 - Service: MokaFive Authorization Service (m5authd) - moka5, Inc. - C:\Program Files\moka5\Engine\bin\m5authd.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Franzis\Alcohol Virtual CD + DVD\StarWind\StarWindService.exe O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-authd.exe O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 11349 bytes Hoffe ihr könnt mir helfen denn ich kenn mich in solchen Sachen einfach nicht aus. PS: wenn dort Programme dabei sind die ich vielleicht Löschen sollte um den PC schneller zu machen bitte auch posten |
So, wenn dir deine Datensicherheit lieb ist: Google-Zeugs deinstallieren. Dazu zählen:
Dann folgende Schritte durchführen: 1.) Dateien Online überprüfen lassen:
Code: C:\Windows\system32\WpcUmi.exe
2.) MalwareBytes Anti-Malware:
|
Ok hab jetzt die ganzen Logfiles gemacht und poste die jetzt: MalwareBytes: Malwarebytes' Anti-Malware 1.26 Datenbank Version: 1103 Windows 6.0.6001 Service Pack 1 10.09.2008 17:15:33 mbam-log-2008-09-10 (17-15-33).txt Scan-Methode: Quick-Scan Durchsuchte Objekte: 48251 Laufzeit: 6 minute(s), 27 second(s) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) WpcUmi.exe: ntivirus Version letzte aktualisierung Ergebnis AhnLab-V3 2008.9.6.0 2008.09.10 - AntiVir 7.8.1.28 2008.09.10 - Authentium 5.1.0.4 2008.09.10 - Avast 4.8.1195.0 2008.09.10 - AVG 8.0.0.161 2008.09.10 - BitDefender 7.2 2008.09.10 - CAT-QuickHeal 9.50 2008.09.10 - ClamAV 0.93.1 2008.09.10 - DrWeb 4.44.0.09170 2008.09.10 - eSafe 7.0.17.0 2008.09.10 - eTrust-Vet 31.6.6080 2008.09.09 - Ewido 4.0 2008.09.10 - F-Prot 4.4.4.56 2008.09.09 - F-Secure 8.0.14332.0 2008.09.10 - Fortinet 3.112.0.0 2008.09.10 - GData 19 2008.09.10 - Ikarus T3.1.1.34.0 2008.09.10 - K7AntiVirus 7.10.450 2008.09.10 - Kaspersky 7.0.0.125 2008.09.10 - McAfee 5380 2008.09.09 - Microsoft 1.3903 2008.09.10 - NOD32v2 3429 2008.09.09 - Norman 5.80.02 2008.09.10 - Panda 9.0.0.4 2008.09.09 - PCTools 4.4.2.0 2008.09.10 - Prevx1 V2 2008.09.10 - Rising 20.61.22.00 2008.09.10 - Sophos 4.33.0 2008.09.10 - Sunbelt 3.1.1616.1 2008.09.09 - Symantec 10 2008.09.10 - TheHacker 6.3.0.9.077 2008.09.10 - TrendMicro 8.700.0.1004 2008.09.10 - VBA32 3.12.8.5 2008.09.10 - ViRobot 2008.9.10.1371 2008.09.10 - VirusBuster 4.5.11.0 2008.09.10 - Webwasher-Gateway 6.6.2 2008.09.10 - weitere Informationen File size: 176128 bytes MD5...: c456658af90f42be3cdf1048f9cdb5ca SHA1..: 1a28d6e191dfdbf9c59e1c75ba794be1327b075c SHA256: ca59b715f38a7ffc002860937ec819ec916119775f3fa7d644b88ee225c675ea SHA512: e4b415eac881658d2c8920c3b32656f9bcd94315f9495665511cca4ccda96c86 9d35e7a502272950146cb3c6dd4c30996439d7e1e4829af6c2aef461fd5921c8 PEiD..: - TrID..: File type identification Win32 Executable Generic (42.3%) Win32 Dynamic Link Library (generic) (37.6%) Generic Win/DOS Executable (9.9%) DOS Executable Generic (9.9%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x100832b timedatestamp.....: 0x4549b09a (Thu Nov 02 08:47:22 2006) machinetype.......: 0x14c (I386) ( 4 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x8a02 0x8c00 6.35 c3bb81e9b9a31fdccbb00ce6d37dad0c .data 0xa000 0x490 0x200 1.35 5402e694d699563169efdefda7100d1e .rsrc 0xb000 0x210d0 0x21200 7.21 6145c146f4aa602c4bee516ede017885 .reloc 0x2d000 0xae6 0xc00 5.32 16e47e6c6c4dcf7a91a6ee8adbac1ca1 ( 14 imports ) > ADVAPI32.dll: TraceMessage, GetTraceEnableFlags, GetTraceEnableLevel, GetTraceLoggerHandle, RegisterTraceGuidsW, UnregisterTraceGuids, RegCloseKey, RegGetValueW, CopySid, GetLengthSid, GetTokenInformation, OpenProcessToken, OpenThreadToken, ConvertSidToStringSidW, RegNotifyChangeKeyValue, RegOpenKeyExW, RegQueryValueExW, EqualSid, ConvertStringSidToSidW, LookupAccountSidW, CreateWellKnownSid, LogonUserW > KERNEL32.dll: RegisterApplicationRestart, HeapSetInformation, InterlockedDecrement, CloseHandle, UnregisterWait, FreeResource, LockResource, LoadResource, GetLastError, FormatMessageW, LocalFree, LocalAlloc, GetCurrentProcess, GetCurrentThread, LeaveCriticalSection, EnterCriticalSection, RegisterWaitForSingleObject, CreateEventW, CreateThread, InterlockedIncrement, IsWow64Process, FileTimeToSystemTime, GetLocalTime, FileTimeToLocalFileTime, SystemTimeToFileTime, SystemTimeToTzSpecificLocalTime, DeleteCriticalSection, UnhandledExceptionFilter, TerminateProcess, GetSystemTimeAsFileTime, GetCurrentProcessId, GetCurrentThreadId, GetTickCount, QueryPerformanceCounter, GetModuleHandleA, SetUnhandledExceptionFilter, GetStartupInfoW, InterlockedCompareExchange, Sleep, InterlockedExchange, InitializeCriticalSection, FindResourceExW > USER32.dll: LoadStringW, KillTimer, DefWindowProcW, CharLowerBuffW, GetMessageW, GetWindowLongW, RegisterWindowMessageW, SetWindowLongW, CreateWindowExW, RegisterClassExW, LoadCursorW, FindWindowW, DestroyMenu, TrackPopupMenuEx, SetForegroundWindow, GetCursorPos, GetSubMenu, LoadMenuW, TranslateMessage, DispatchMessageW, DestroyWindow, UnregisterClassW, DestroyIcon, CopyImage, LoadImageW, SetTimer, PostMessageW > msvcrt.dll: __3@YAXPAX@Z, ___V@YAXPAX@Z, _wcsnicmp, _purecall, _controlfp, _except_handler4_common, ___U@YAPAXI@Z, _terminate@@YAXXZ, _onexit, _lock, __dllonexit, _unlock, __set_app_type, __p__fmode, __p__commode, _adjust_fdiv, __setusermatherr, _amsg_exit, _initterm, _wcmdln, exit, _XcptFilter, _exit, _cexit, __wgetmainargs, _ftol2_sse, _vscwprintf, __2@YAPAXI@Z, memset, _wcsicmp, _vsnwprintf > ntdll.dll: WinSqmEventWrite, WinSqmEventEnabled > OLEAUT32.dll: -, -, -, - > ole32.dll: CoSetProxyBlanket, CoTaskMemFree, CLSIDFromString, StringFromGUID2, CoQueryProxyBlanket, CoCreateInstance, CoInitialize, CoUninitialize, CoGetObject > SHELL32.dll: -, Shell_NotifyIconW > SHLWAPI.dll: -, SHRegGetValueW, PathFindFileNameW > NETAPI32.dll: NetQueryDisplayInformation, NetUserGetLocalGroups, NetApiBufferFree > COMCTL32.dll: -, - > wevtapi.dll: EvtRender, EvtSubscribe, EvtClose > Secur32.dll: LsaGetLogonSessionData, LsaEnumerateLogonSessions, LsaFreeReturnBuffer > WTSAPI32.dll: WTSFreeMemory, WTSQuerySessionInformationW ( 0 exports ) m5authd.exe: Antivirus Version letzte aktualisierung Ergebnis AhnLab-V3 2008.9.6.0 2008.09.10 - AntiVir 7.8.1.28 2008.09.10 - Authentium 5.1.0.4 2008.09.10 - Avast 4.8.1195.0 2008.09.10 - AVG 8.0.0.161 2008.09.10 - BitDefender 7.2 2008.09.10 - CAT-QuickHeal 9.50 2008.09.10 - ClamAV 0.93.1 2008.09.10 - DrWeb 4.44.0.09170 2008.09.10 - eSafe 7.0.17.0 2008.09.10 - eTrust-Vet 31.6.6082 2008.09.10 - Ewido 4.0 2008.09.10 - F-Prot 4.4.4.56 2008.09.09 - F-Secure 8.0.14332.0 2008.09.10 - Fortinet 3.112.0.0 2008.09.10 - GData 19 2008.09.10 - Ikarus T3.1.1.34.0 2008.09.10 - K7AntiVirus 7.10.450 2008.09.10 - Kaspersky 7.0.0.125 2008.09.10 - McAfee 5380 2008.09.09 - Microsoft 1.3903 2008.09.10 - NOD32v2 3429 2008.09.09 - Norman 5.80.02 2008.09.10 - Panda 9.0.0.4 2008.09.09 Suspicious file PCTools 4.4.2.0 2008.09.10 - Prevx1 V2 2008.09.10 - Rising 20.61.22.00 2008.09.10 - Sophos 4.33.0 2008.09.10 - Sunbelt 3.1.1616.1 2008.09.09 - Symantec 10 2008.09.10 - TheHacker 6.3.0.9.077 2008.09.10 - TrendMicro 8.700.0.1004 2008.09.10 - VBA32 3.12.8.5 2008.09.10 - ViRobot 2008.9.10.1371 2008.09.10 - VirusBuster 4.5.11.0 2008.09.10 - Webwasher-Gateway 6.6.2 2008.09.10 - weitere Informationen File size: 318704 bytes MD5...: f564f73f681c2bfba0634889afdff093 SHA1..: 08181e3f0fcaa7e1ca093421f4dabaa4e0329019 SHA256: 766bf3539f33ce20dd749f6c38d3fde2d852107795519b5e3c1fdfe3336b8c93 SHA512: 0754662e893021b6c3217c957297d8e1799d3130f3920e7f73aed608f1ba3a73 522ec113cdfa7d5b7ace6995efd41f291d8dc4e24a7d3ffcbd99979dda63c72f PEiD..: - TrID..: File type identification Win32 Executable MS Visual C++ (generic) (75.0%) Win32 Executable Generic (16.9%) Generic Win/DOS Executable (3.9%) DOS Executable Generic (3.9%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x415e08 timedatestamp.....: 0x482e45ca (Sat May 17 02:41:14 2008) machinetype.......: 0x14c (I386) ( 4 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x23f1e 0x24000 6.64 3901f6313ec02dcca3f09a17ed8139c9 .rdata 0x25000 0xc5dc 0xd000 5.46 34beb0da672a529d06cbd12d4c35d226 .data 0x32000 0x4aa8 0x2000 3.77 c656e2bb117b677f27f50fd7141f7309 .rsrc 0x37000 0x18988 0x19000 4.11 52c39f9cc9713a84c564fdeb5ba2a9a6 ( 3 imports ) > KERNEL32.dll: MoveFileW, OpenMutexW, CreateToolhelp32Snapshot, CloseHandle, Process32FirstW, Process32NextW, ResumeThread, VirtualAllocEx, VirtualFreeEx, WriteProcessMemory, CreateRemoteThread, GetExitCodeThread, LoadLibraryW, FreeLibrary, GetProcAddress, CreateEventW, GetModuleFileNameW, OpenProcess, SetEvent, ResetEvent, WaitForSingleObject, SystemTimeToTzSpecificLocalTime, GetSystemTime, FormatMessageA, GetFileSizeEx, CreateFileW, GetFileAttributesW, GetFileAttributesExW, WriteFile, GetCurrentThreadId, GetSystemInfo, GetThreadTimes, GetCurrentThread, MultiByteToWideChar, WideCharToMultiByte, DeleteFileW, SetFileAttributesW, FlushFileBuffers, GetFullPathNameW, GetCurrentProcess, InitializeCriticalSection, DeleteCriticalSection, EnterCriticalSection, LocalAlloc, LeaveCriticalSection, ReleaseMutex, CreateMutexA, InterlockedDecrement, InterlockedIncrement, InterlockedExchange, HeapFree, RtlUnwind, RaiseException, ExitProcess, GetModuleHandleA, GetCommandLineA, GetVersionExA, GetSystemTimeAsFileTime, LCMapStringA, LCMapStringW, GetCPInfo, HeapAlloc, GetStringTypeA, GetStringTypeW, HeapDestroy, HeapCreate, VirtualFree, VirtualAlloc, HeapReAlloc, IsBadWritePtr, TlsAlloc, SetLastError, TlsFree, TlsSetValue, TlsGetValue, SetUnhandledExceptionFilter, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetModuleFileNameA, TerminateProcess, HeapSize, GetStdHandle, UnhandledExceptionFilter, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, SetHandleCount, GetFileType, GetStartupInfoA, SetFilePointer, GetLocaleInfoA, VirtualProtect, VirtualQuery, GetUserDefaultLCID, EnumSystemLocalesA, IsValidLocale, IsValidCodePage, IsBadReadPtr, IsBadCodePtr, GetACP, GetOEMCP, LoadLibraryA, SetStdHandle, GetLocaleInfoW, LocalFree, Sleep, GetLastError > ADVAPI32.dll: StartServiceCtrlDispatcherW, RegisterServiceCtrlHandlerW, CreateServiceW, SetServiceStatus, DeleteService, GetSecurityInfo, CreateWellKnownSid, GetAclInformation, GetAce, EqualSid, GetLengthSid, CopySid, DeleteAce, AddAce, SetSecurityInfo, StartServiceW, ControlService, CloseServiceHandle, OpenSCManagerW, OpenServiceW, QueryServiceStatusEx > SHELL32.dll: SHGetFolderPathW, SHCreateDirectoryExW ( 0 exports ) PS: hab nicht gewusst was HASH (kenn nur Hasschisch;) ) ist, hab einfach von Antivirus bis ganz unten kopiert. |
Jop, sieht gut aus. Räume mal mit dem CCleaner deine Registry auf und lass temp. Daten entfernen. ;) |
Danke für deine Hilfe mit dem CCleaner konnte ich ne Menge Speicherplatz freimachen. #CLOSED# |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 22:05 Uhr. |
Copyright ©2000-2025, Trojaner-Board