Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Ständig neue Popups! Werbetrojaner? (https://www.trojaner-board.de/75992-staendig-neue-popups-werbetrojaner.html)

lonelyplanet 02.08.2009 19:52
Ständig neue Popups! Werbetrojaner?
 
Hallo

Kann mir jemand vielleicht weiter helfen. Ich habe das Problem, dass sich seit zwei, drei Tagen ständig neue Popups öffnen. Benutze Firefox und Virenscan oder Ad Aware habe bisher auch nichts gebracht.

Zitat:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:39:47, on 02.08.2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe
C:\Program Files\ZoneAlarm\zlclient.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe
C:\Program Files\pdf24\PDFBackend.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\M&M&M\AppData\Local\hijlm.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\M&M&M\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://de.rd.yahoo.com/customize/ycomp/defaults/sp/*http://de.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.schnellsucher.com/?t=Q0907291865&s=h
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.intl.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://de.rd.yahoo.com/customize/ycomp/defaults/su/*http://de.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [PLFSetL] C:\Windows\PLFSetL.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [WrtMon.exe] C:\Windows\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PDFPrint] "C:\Program Files\pdf24\PDFBackend.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [hijlm] "c:\users\m&m&m\appdata\local\hijlm.exe" hijlm
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\Sandra Lite XII.SP1\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\Sandra Lite XII.SP1\RpcSandraSrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9322 bytes
Danke schon einmal im voraus.

kira 02.08.2009 20:51
Hallo und Herzlich Willkommen! :)

- Die Anweisungen bitte gründlich lesen und immer streng einhalten, da ich die Reihenfolge nach bestimmten Kriterien vorbereitet habe:

1.
bitte Versteckte - und Systemdateien sichtbar machen::
→ Klicke unter Start auf Arbeitsplatz.
→ Klicke im Menü Extras auf Ordneroptionen.
→ Dateien und Ordner/Erweiterungen bei bekannten Dateitypen ausblenden → Haken entfernen
→ Geschützte und Systemdateien ausblenden → Haken entfernen
→ Versteckte Dateien und Ordner/Alle Dateien und Ordner anzeigen → Haken setzen.
→ Bei "Geschützte Systemdateien ausblenden" darf kein Häkchen sein und "Alle Dateien und Ordner anzeigen" muss aktiviert sein.

2.
- Lade dir RSIT - http://filepony.de/download-rsit/:
- an einen Ort deiner Wahl und führe die rsit.exe aus
- wird "Hijackthis" auch von Rsit installiert und ausgeführt
- RSIT erstellt 2 Logfiles (C:\rsit\log.txt und C:\rsit\info.txt) mit erweiterten Infos von deinem System - diese beide bitte komplett hier posten

3.
→ besuche die Seite von virustotal und die Dateien aus Codebox bitte prüfen lassen - inklusive Dateigröße und Name, MD5 und SHA1 auch mitkopieren:
Code:
C:\Users\M&M&M\AppData\Local\hijlm.exe
→ Klicke auf "Durchsuchen"
→ Suche die Datei auf deinem Rechner→ Doppelklick auf die zu prüfende Datei (oder kopiere den Inhalt ab aus der Codebox)
→ "Senden der Datei" und Warte, bis der Scandurchlauf aller Virenscanner beendet ist
→ das Ergebnis wie Du es bekommst da reinkoperen (inklusive Dateigröße und Name, MD5 und SHA1):

4.
Ich würde gerne noch all deine installierten Programme sehen:
Lade dir das Tool ccleaner herunter
installieren ("Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ unter Options settings-> "german" einstellen
dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..."
wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein

Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein log schreibst du:[code]
hier kommt dein logfile rein
→ dahinter:[/code]

** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw

gruß
Coverflow

lonelyplanet 02.08.2009 21:56
Schritt 2

log.txt Teil 1

Code:

Logfile of random's system information tool 1.06 (written by random/random)
Run by M&M&M at 2009-08-02 22:37:28
Microsoft® Windows Vista™ Home Premium  Service Pack 2
System drive C: has 64 GB (56%) free of 114 GB
Total RAM: 2045 MB (48% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:37:34, on 02.08.2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe
C:\Program Files\ZoneAlarm\zlclient.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe
C:\Program Files\pdf24\PDFBackend.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\M&M&M\AppData\Local\hijlm.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\M&M&M\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\M&M&M\Desktop\Neuer Ordner\RSIT.exe
C:\Program Files\HijackThis\M&M&M.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://de.rd.yahoo.com/customize/ycomp/defaults/sp/*http://de.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.schnellsucher.com/?t=Q0907291865&s=h
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.intl.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://de.rd.yahoo.com/customize/ycomp/defaults/su/*http://de.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [PLFSetL] C:\Windows\PLFSetL.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [WrtMon.exe] C:\Windows\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PDFPrint] "C:\Program Files\pdf24\PDFBackend.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [hijlm] "c:\users\m&m&m\appdata\local\hijlm.exe" hijlm
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\Sandra Lite XII.SP1\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\Sandra Lite XII.SP1\RpcSandraSrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9314 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Ad-Aware Update (Weekly).job
C:\Windows\tasks\GlaryInitialize.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-02-01 1377576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-02-14 370296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Anmelde-Hilfsprogramm - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\Windows\system32\eDStoolbar.dll [2007-04-25 151552]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-07-06 4669440]
"eDataSecurity Loader"=C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe [2007-04-25 457216]
"PLFSetL"=C:\Windows\PLFSetL.exe [2007-07-05 94208]
"LManager"=C:\PROGRA~1\LAUNCH~1\LManager.exe [2007-06-27 752136]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2007-03-21 174872]
"eAudio"=C:\Acer\Empowering Technology\eAudio\eAudio.exe [2007-06-11 1286144]
"WrtMon.exe"=C:\Windows\system32\spool\drivers\w32x86\3\WrtMon.exe [2006-09-20 20480]
"ZoneAlarm Client"=C:\Program Files\ZoneAlarm\zlclient.exe [2008-03-03 959976]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-12-06 1029416]
"NvSvc"=C:\Windows\system32\nvsvc.dll [2007-07-25 86016]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2007-07-25 8470528]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2007-07-25 81920]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"PDFPrint"=C:\Program Files\pdf24\PDFBackend.exe [2008-01-31 134144]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-09 148888]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]
"hijlm"=c:\users\m&m&m\appdata\local\hijlm.exe [2009-07-29 241664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Tour Reminder]
C:\Acer\AcerTour\Reminder.exe [2007-05-22 151552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk]
C:\Windows\INSTAL~1\{CCBAA~1\ICON3E~1.ICO [2008-07-15 6144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
igfxdev.dll []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
"ShutdownWithoutLogon"=1
"NoDispCPL"=0
"NoDispSettingsPage"=0
"NoDispScrSavPage"=0
"EnableLUA"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"HideClock"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=
"NoResolveTrack"=
"NoViewContextMenu"=
"NoFileAssociate"=
"NoFind"=
"NoRun"=
"NoClose"=
"StartMenuLogoff"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe"="C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu"
"C:\Acer\Empowering Technology\eDataSecurity\encryption.exe"="C:\Acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption"
"C:\Acer\Empowering Technology\eDataSecurity\decryption.exe"="C:\Acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

lonelyplanet 02.08.2009 21:57
Schritt 2

log.txt Teil 2

Code:

======List of files/folders created in the last 1 months======

2009-08-02 22:37:28 ----D---- C:\rsit
2009-08-02 21:54:02 ----A---- C:\Windows\system32\lsdelete.exe
2009-08-02 20:39:13 ----D---- C:\Program Files\HijackThis
2009-08-02 19:42:19 ----D---- C:\Users\M&M&M\AppData\Roaming\Intel
2009-08-02 19:42:18 ----D---- C:\ProgramData\Roaming
2009-08-02 19:41:03 ----D---- C:\Program Files\Cisco
2009-08-02 19:40:57 ----D---- C:\Program Files\Common Files\Intel
2009-08-02 19:40:48 ----D---- C:\ProgramData\Intel
2009-08-02 08:40:34 ----DC---- C:\Windows\system32\DRVSTORE
2009-08-02 08:39:58 ----HDC---- C:\ProgramData\{EF63305C-BAD7-4144-9208-D65528260864}
2009-08-02 08:39:48 ----D---- C:\Program Files\Lavasoft
2009-07-29 09:25:01 ----A---- C:\Windows\cadkasdeinst01.exe
2009-07-29 08:41:14 ----A---- C:\Windows\system32\mshtml.dll
2009-07-29 08:41:12 ----A---- C:\Windows\system32\ieframe.dll
2009-07-29 08:41:11 ----A---- C:\Windows\system32\urlmon.dll
2009-07-29 08:41:11 ----A---- C:\Windows\system32\ieui.dll
2009-07-29 08:41:10 ----A---- C:\Windows\system32\wininet.dll
2009-07-29 08:41:10 ----A---- C:\Windows\system32\ieencode.dll
2009-07-15 09:55:27 ----A---- C:\Windows\system32\t2embed.dll
2009-07-15 09:55:27 ----A---- C:\Windows\system32\lpk.dll
2009-07-15 09:55:27 ----A---- C:\Windows\system32\fontsub.dll
2009-07-15 09:55:27 ----A---- C:\Windows\system32\dciman32.dll
2009-07-15 09:55:27 ----A---- C:\Windows\system32\atmfd.dll
2009-07-03 23:17:01 ----D---- C:\Users\M&M&M\AppData\Roaming\Eltima Software
2009-07-03 23:16:54 ----D---- C:\Program Files\Eltima Software

======List of files/folders modified in the last 1 months======

2009-08-02 22:37:34 ----D---- C:\Windows\Temp
2009-08-02 21:55:12 ----D---- C:\Windows\Internet Logs
2009-08-02 21:54:02 ----D---- C:\Windows\System32
2009-08-02 20:39:13 ----RD---- C:\Program Files
2009-08-02 20:28:12 ----D---- C:\Program Files\Mozilla Firefox
2009-08-02 19:58:32 ----D---- C:\Windows\inf
2009-08-02 19:58:32 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-08-02 19:53:19 ----D---- C:\Windows
2009-08-02 19:42:43 ----SHD---- C:\Windows\Installer
2009-08-02 19:42:18 ----HD---- C:\ProgramData
2009-08-02 19:41:39 ----D---- C:\Windows\system32\drivers
2009-08-02 19:41:34 ----D---- C:\Windows\system32\catroot
2009-08-02 19:40:57 ----D---- C:\Program Files\Common Files
2009-08-02 19:40:48 ----D---- C:\Program Files\Intel
2009-08-02 19:40:25 ----SHD---- C:\System Volume Information
2009-08-02 19:38:01 ----RSD---- C:\Windows\assembly
2009-08-02 19:32:23 ----D---- C:\Users\M&M&M\AppData\Roaming\GlarySoft
2009-08-02 19:23:50 ----D---- C:\Windows\Tasks
2009-08-02 19:23:50 ----D---- C:\Program Files\Glary Utilities
2009-08-02 08:40:53 ----D---- C:\Windows\system32\Tasks
2009-07-29 13:03:09 ----D---- C:\Windows\winsxs
2009-07-29 09:19:55 ----D---- C:\Program Files\pdf24
2009-07-29 08:39:21 ----D---- C:\Windows\system32\catroot2
2009-07-28 12:43:45 ----A---- C:\Windows\win.ini
2009-07-26 10:47:00 ----D---- C:\Users\M&M&M\AppData\Roaming\FileZilla
2009-07-15 22:12:46 ----D---- C:\Windows\Debug
2009-07-15 19:22:41 ----D---- C:\Windows\Prefetch
2009-07-15 10:22:37 ----D---- C:\Program Files\Windows Mail
2009-07-07 17:10:56 ----A---- C:\Windows\system32\mrt.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [2009-02-13 11608]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 DritekPortIO;Dritek General Port I/O; \??\C:\PROGRA~1\LAUNCH~1\DPortIO.sys [2006-11-02 20112]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-06-09 28520]
R1 Vsdatant;Zone Alarm Firewall Driver; C:\Windows\system32\DRIVERS\vsdatant.sys [2008-03-03 279440]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; \??\C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl [2006-11-02 13560]
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2009-02-08 278728]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2009-03-24 55640]
R2 CVPNDRVA;Cisco Systems Inc. IPSec Driver; \??\C:\Windows\system32\Drivers\CVPNDRVA.sys [2007-04-03 306295]
R2 int15;int15; \??\C:\Acer\Empowering Technology\eRecovery\int15.sys [2006-12-07 76584]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2009-02-08 25416]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-01-23 42496]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-03-21 37376]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-01-30 8704]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-06-05 179712]
R3 CmBatt;Treiber für Microsoft-ACPI-Kontrollmethodenkompatible Batterie; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\Windows\system32\DRIVERS\DKbFltr.sys [2006-11-02 21264]
R3 DNE;Deterministic Network Enhancer Miniport; C:\Windows\system32\DRIVERS\dne2000.sys [2007-01-31 127376]
R3 enecir;ENE CIR Receiver; C:\Windows\system32\DRIVERS\enecir.sys [2007-03-07 32256]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2007-04-26 984064]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2007-04-26 208384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-07-10 1792792]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\DRIVERS\NTIDrvr.sys [2007-08-14 6144]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2007-07-25 7604256]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-11 89088]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2007-08-02 1749376]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-12-06 196400]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2007-04-26 660480]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-19 11264]
S3 ApfiltrService;Alps Pointing-device Filter Driver; C:\Windows\system32\DRIVERS\Apfiltr.sys [2007-06-14 154624]
S3 CVirtA;Cisco Systems VPN Adapter; C:\Windows\system32\DRIVERS\CVirtA.sys [2007-01-18 5275]
S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704]
S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 NETw3v32;Intel(R) PRO/Wireless 3945ABG-Adaptertreiber für Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-02 1781760]
S3 NETw4v32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-08-08 2226688]
S3 usbscan;USB-Scannertreiber; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-19 39936]
S3 WSVD;WSVD; \??\C:\Windows\system32\drivers\WSVD.sys [2006-09-19 80744]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ALaunchService;ALaunch Service; C:\Acer\ALaunch\ALaunchSvc.exe [2007-01-26 50688]
R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-06-09 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-06-09 185089]
R2 CVPND;Cisco Systems, Inc. VPN Service; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [2007-04-03 1516584]
R2 eDataSecurity Service;eDSService.exe; C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe [2007-04-25 457512]
R2 eLockService;eLock Service; C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [2007-03-14 24576]
R2 eNet Service;eNet Service; C:\Acer\Empowering Technology\eNet\eNet Service.exe [2007-05-22 135168]
R2 eRecoveryService;eRecovery Service; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [2007-02-13 53248]
R2 eSettingsService;eSettings Service; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-05-10 24576]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2008-10-16 860160]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2007-03-21 355096]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-07-03 1029456]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-01-17 61440]
R2 MobilityService;MobilityService; C:\Acer\Mobility Center\MobilityService.exe [2006-11-24 107008]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2008-10-16 466944]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2007-01-23 266343]
R2 vsmon;TrueVector Internet Monitor; C:\Windows\System32\ZoneLabs\vsmon.exe [2008-03-03 79400]
R2 WMIService;ePower Service; C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2007-09-14 167936]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-01-30 386560]
S2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S3 SandraDataSrv;SiSoftware Database Agent Service; C:\Program Files\Sandra Lite XII.SP1\Win32\RpcDataSrv.exe [2007-12-12 213176]
S3 SandraTheSrv;SiSoftware Sandra Agent Service; C:\Program Files\Sandra Lite XII.SP1\RpcSandraSrv.exe [2007-12-12 1253568]

-----------------EOF-----------------

lonelyplanet 02.08.2009 21:58
Schritt 3

Code:
Antivirus          Version          letzte aktualisierung          Ergebnis
a-squared        4.5.0.24        2009.08.02        -
AhnLab-V3        5.0.0.2        2009.08.01        -
AntiVir        7.9.0.238        2009.08.02        -
Antiy-AVL        2.0.3.7        2009.07.31        Worm/Win32.Mabezat.gen
Authentium        5.1.2.4        2009.08.02        -
Avast        4.8.1335.0        2009.08.02        -
AVG        8.5.0.406        2009.08.02        -
BitDefender        7.2        2009.08.02        -
CAT-QuickHeal        10.00        2009.07.30        -
ClamAV        0.94.1        2009.08.02        -
Comodo        1842        2009.08.02        -
DrWeb        5.0.0.12182        2009.08.02        -
eSafe        7.0.17.0        2009.07.30        Suspicious File
eTrust-Vet        31.6.6650        2009.08.01        -
F-Prot        4.4.4.56        2009.08.02        -
F-Secure        8.0.14470.0        2009.08.01        -
Fortinet        3.120.0.0        2009.08.02        -
GData        19        2009.08.02        -
Ikarus        T3.1.1.64.0        2009.08.02        -
Jiangmin        11.0.800        2009.08.02        -
K7AntiVirus        7.10.808        2009.08.01        -
Kaspersky        7.0.0.125        2009.08.02        -
McAfee        5696        2009.08.02        -
McAfee+Artemis        5696        2009.08.02        -
McAfee-GW-Edition        6.8.5        2009.08.02        -
Microsoft        1.4903        2009.08.02        -
NOD32        4299        2009.08.02        -
Norman        6.01.09        2009.07.31        -
nProtect        2009.1.8.0        2009.08.02        -
Panda        10.0.0.14        2009.08.02        -
PCTools        4.4.2.0        2009.08.02        -
Prevx        3.0        2009.08.02        -
Rising        21.40.62.00        2009.08.02        -
Sophos        4.44.0        2009.08.02        -
Sunbelt        3.2.1858.2        2009.08.02        -
Symantec        1.4.4.12        2009.08.02        -
TheHacker        6.3.4.3.375        2009.08.01        -
TrendMicro        8.950.0.1094        2009.07.31        -
VBA32        3.12.10.9        2009.08.02        -
ViRobot        2009.7.31.1863        2009.07.31        -
VirusBuster        4.6.5.0        2009.08.02        -
weitere Informationen
File size: 396288 bytes
MD5...: c4ca7416a6df6d95075f81d9e3b41ad1
SHA1..: 6ebbb54156e21ac20c27ca1fb8b3ddcacc919fa8
SHA256: 825fd88fe258b67759ca3b55063956510d65a536568b54ca8d2717efbe91cbc6
ssdeep: 6144:+CjUfQ7DbE66sVHdkyUkEYn+nVewn+ob/xIytqi20dcUSGreicGGSzMZY:+
CjUSbEAVG95YnNsr2ytL2cc3Gr1
PEiD..: UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
TrID..: File type identification
UPX compressed Win32 Executable (39.5%)
Win32 EXE Yoda's Crypter (34.3%)
Win32 Executable Generic (11.0%)
Win32 Dynamic Link Library (generic) (9.8%)
Generic Win/DOS Executable (2.5%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x142830
timedatestamp.....: 0x466838c1 (Thu Jun 07 16:56:33 2007)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
UPX0 0x1000 0xfc000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
UPX1 0xfd000 0x46000 0x45a00 7.93 8764d7eac0301131e6c79e4aa30317bf
.rsrc 0x143000 0x1b000 0x1ae00 4.69 5f1a0873640fcdb4a281dbf91049814f

( 2 imports )
> KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, ExitProcess
> MSVBVM60.DLL: -

( 0 exports )
PDFiD.: -
RDS...: NSRL Reference Data Set
-
ThreatExpert info: <a href='http://www.threatexpert.com/report.aspx?md5=c4ca7416a6df6d95075f81d9e3b41ad1' target='_blank'>http://www.threatexpert.com/report.aspx?md5=c4ca7416a6df6d95075f81d9e3b41ad1</a>
packers (Kaspersky): PE_Patch.UPX, UPX
packers (F-Prot): UPX
packers (Antiy-AVL): UPX 0.89.6 - 1.02 / 1.05 - 1.22

lonelyplanet 02.08.2009 21:59
Schritt 4

Code:
Acer Arcade Deluxe        CyberLink Corporation        08.02.2009        21,0MB
Acer Crystal Eye webcam        SUYIN        30.10.2007       
Acer Crystal Eye Webcam Video Class Camera        Suyin        31.10.2007       
Acer eAudio Management                10.02.2008        783,4MB
Acer eDataSecurity Management        HiTRUST Inc.        13.08.2007        30,0MB
Acer eLock Management        Acer Inc.        13.08.2007        11,3MB
Acer Empowering Technology        Acer Inc.        13.08.2007        141,3MB
Acer eNet Management        Acer Inc.        13.08.2007        8,81MB
Acer ePower Management        Acer Inc.        10.02.2008        16,1MB
Acer ePresentation Management        Acer Inc.        13.08.2007        2,30MB
Acer eSettings Management        Acer Inc.        13.08.2007        10,6MB
Acer GridVista                30.10.2007        1,50MB
Acer Mobility Center Plug-In        Acer Inc.        13.08.2007        5,56MB
Acer ScreenSaver        Acer Inc.        30.10.2007       
Acer Tour        Acer Inc.        13.08.2007        147,5MB
Activation Assistant for the 2007 Microsoft Office suites        Microsoft Corporation        30.10.2007        14,0MB
Ad-Aware        Lavasoft        01.08.2009        52,8MB
Adobe Flash Player 10 Plugin        Adobe Systems Incorporated        10.03.2009       
Adobe Flash Player ActiveX        Adobe Systems Incorporated        23.06.2008       
Adobe Reader 8.1.6        Adobe Systems Incorporated        22.06.2009        85,0MB
Adobe Shockwave Player        Adobe Systems, Inc.        21.02.2008       
ALPS Touch Pad Driver        Alps Electric        30.10.2007       
America's Army        U.S. Army        09.02.2009        1.986,3MB
Apple Software Update        Apple Inc.        13.02.2008        2,15MB
ArcSoft PhotoStudio 5.5        ArcSoft        10.03.2008        25,0MB
Ashampoo PowerUp 2009        Ashampoo GmbH & Co. KG        24.05.2009        16,3MB
Ashampoo WinOptimizer 5.10        Ashampoo GmbH & Co. KG        24.05.2009        40,0MB
Avira AntiVir Personal - Free Antivirus        Avira GmbH        28.05.2009        69,2MB
Big Kahuna Reef 2        Oberon Media        30.10.2007        74,1MB
Cake Mania        Oberon Media        30.10.2007        16,7MB
Canon Camera TWAIN Driver 6.0        Ihr Firmenname        10.02.2008       
Canon Camera TWAIN Driver 6.1        Canon        10.02.2008       
Canon Camera Window for ZoomBrowser EX        Canon        10.02.2008       
Canon CanoScan Toolbox 5.0                10.03.2008        8,88MB
Canon Internet Library for ZoomBrowser EX        Canon Inc.        10.02.2008       
Canon PhotoRecord                10.02.2008        99,5MB
Canon Utilities Easy-PhotoPrint EX                19.11.2008        208,6MB
Canon Utilities PhotoStitch 3.1        Canon        10.02.2008       
Canon Utilities RemoteCapture 2.7        Canon        10.02.2008       
Canon Utilities ZoomBrowser EX        CISRA        10.02.2008       
CanoScan 4400F                10.03.2008        3,92MB
CCleaner (remove only)        Piriform        24.05.2009        1,28MB
Cisco Systems VPN Client 5.0.00.0340        Cisco Systems, Inc.        14.07.2008        12,1MB
concept/design onlineTV 4        concept/design GmbH        07.08.2008        4,35MB
Dynasty        Oberon Media        30.10.2007        23,9MB
Favorit                28.07.2009       
FileZilla Client 3.0.11.1                21.07.2008        12,2MB
Galapago        Oberon Media        30.10.2007        41,8MB
Glary Utilities 2.14.0.711        Glarysoft Ltd        01.08.2009        15,5MB
HDAUDIO Soft Data Fax Modem with SmartCP                13.08.2007        1,02MB
HijackThis 2.0.2        TrendMicro        01.08.2009        0,78MB
ICQ6        ICQ        13.02.2008        44,3MB
Intel(R) Matrix Storage Manager                30.10.2007        1,79MB
Intel(R) PROSet/Wireless WiFi-Software        Intel(R) Corporation        01.08.2009        78,4MB
Java(TM) 6 Update 13        Sun Microsystems, Inc.        09.12.2008        94,4MB
Java(TM) 6 Update 3        Sun Microsystems, Inc.        10.02.2008        160,7MB
Java(TM) 6 Update 4        Sun Microsystems, Inc.        02.04.2008        137,7MB
Java(TM) 6 Update 5        Sun Microsystems, Inc.        09.04.2008        136,2MB
Java(TM) 6 Update 7        Sun Microsystems, Inc.        09.08.2008        136,2MB
Launch Manager                30.10.2007        2,23MB
Luxor 2        Oberon Media        30.10.2007        23,7MB
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU        Microsoft Corporation        01.08.2009        37,0MB
Microsoft .NET Framework 3.5 SP1        Microsoft Corporation        02.03.2009        27,8MB
Microsoft Encarta Enzyklopädie 2003        Microsoft Corporation        29.08.2008        560,7MB
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053        Microsoft Corporation        28.07.2009        0,25MB
Microsoft Visual C++ 2005 Redistributable        Microsoft Corporation        13.08.2007        0,41MB
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148        Microsoft Corporation        28.07.2009        0,19MB
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17        Microsoft Corporation        28.05.2009        0,58MB
Microsoft Works        Microsoft Corporation        09.06.2009        282,6MB
Microsoft Works 2003-Setup-Start                29.08.2008        6,62MB
Microsoft Works 7.0        Microsoft Corporation        29.08.2008        178,0MB
MotoGP 08 Demo        Capcom        07.02.2009        767,9MB
Mozilla Firefox (3.0.12)        Mozilla        21.07.2009        26,0MB
Mozilla Thunderbird (2.0.0.22)        Mozilla        25.06.2009        23,7MB
MSXML 4.0 SP2 (KB936181)        Microsoft Corporation        10.02.2008        1,27MB
MSXML 4.0 SP2 (KB941833)        Microsoft Corporation        12.02.2008        1,27MB
MSXML 4.0 SP2 (KB954430)        Microsoft Corporation        12.11.2008        1,28MB
Mystery Case Files - Prime Suspects        Oberon Media        30.10.2007        39,2MB
Mystery Case Files Ravenhearst        Oberon Media        30.10.2007        72,8MB
NTI Backup NOW! 4.7        NewTech Infosystems        13.08.2007        7,21MB
NTI CD & DVD-Maker        NewTech Infosystems        13.08.2007        40,2MB
NVIDIA Drivers                31.03.2008       
Nvu 1.0        Thorsten Fritz        26.02.2008        22,0MB
OpenOffice.org 3.0        OpenOffice.org        21.12.2008        333,0MB
Paint.NET v3.36        dotPDN LLC        11.10.2008       
pdf24        PDF24.org        13.03.2009        35,2MB
PowerProducer 3.72        CyberLink Corporation        30.10.2007        3,73MB
Presto! PageManager 7.15.14        NewSoft        10.03.2008        160,0MB
QuickTime        Apple Inc.        13.02.2008        77,5MB
RealPlayer        RealNetworks        13.02.2008        46,0MB
Realtek High Definition Audio Driver        Realtek Semiconductor Corp.        13.08.2007        15,2MB
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01                30.10.2007        1,93MB
RTL Biathlon 2008 (Demo)                07.02.2009        172,9MB
Sandlot Games Client Services        Sandlot Games        21.02.2008        1,30MB
ScanSoft OmniPage SE 4.0        Nuance Communications, Inc.        10.03.2008        154,2MB
Shockwave                29.08.2008       
SiSoftware Sandra Lite XII.SP1        SiSoftware        04.03.2008        28,7MB
Skype™ 3.6        Skype Technologies S.A.        13.02.2008        32,9MB
Star Defender 3        Oberon Media        30.10.2007        29,2MB
SWF & FLV Player 3.0 (build 3.0.33.5106)        Eltima Software        02.07.2009        3,40MB
Synaptics Pointing Device Driver        Synaptics        29.02.2008        13,7MB
Treasures of the Deep        Oberon Media        30.10.2007        28,1MB
Windows Live Anmelde-Assistent        Microsoft Corporation        05.05.2009        1,93MB
Windows Live Essentials        Microsoft Corporation        05.05.2009        44,0MB
Windows Live-Uploadtool        Microsoft Corporation        05.05.2009        0,22MB
Windows Media Player Firefox Plugin        Microsoft Corp        10.02.2008        0,29MB
Zattoo 3.3.4 Beta        Zattoo Inc.        24.05.2009        17,7MB
ZoneAlarm        Check Point, Inc        21.03.2008        10,8MB
Zuma Deluxe        Oberon Media        30.10.2007        7,79MB

kira 03.08.2009 06:14
hi

Punkt 3.:
http://www.trojaner-board.de/75992-s...tml#post453200
Ich möchte, dass die Ergebnisse die Dateiname auch beinhaltet!
Beispiel - das zu postende logfile von virustotal soll so wie hier aussehen :
Code:
Datei `hijlm.exe ` empfangen 2009.xx.xx xx:xx:xx (CET)
Antivirus        Version        letzte aktualisierung        Ergebnis
a-squared        4.0.0.73        2009.01.28        -
AhnLab-V3        5.0.0.2        2009.01.28        -
AntiVir        7.9.0.60        2009.01.28        -
Authentium        5.1.0.4        2009.01.27        -
Avast        4.8.1281.0        2009.01.27        -
AVG        8.0.0.229        2009.01.28        -

usw.
also bitte die Dateiüberprüfung wiederholen!

lonelyplanet 03.08.2009 10:10
Ich habe die hijlm.exe jetzt durch virustotal gejagt.

Code:
Datei hijlm.exe empfangen 2009.08.03 09:12:48 (UTC)
Status: Laden ... Wartend Warten Überprüfung Beendet Nicht gefunden Gestoppt
Ergebnis: 3/41 (7.32%)
       
Antivirus        Version        letzte aktualisierung        Ergebnis
a-squared        4.5.0.24        2009.08.03        -
AhnLab-V3        5.0.0.2        2009.08.01        -
AntiVir        7.9.0.238        2009.08.03        -
Antiy-AVL        2.0.3.7        2009.08.03        -
Authentium        5.1.2.4        2009.08.02        W32/Skintrim.1!Generic
Avast        4.8.1335.0        2009.08.02        -
AVG        8.5.0.406        2009.08.03        -
BitDefender        7.2        2009.08.03        -
CAT-QuickHeal        10.00        2009.08.03        -
ClamAV        0.94.1        2009.08.03        -
Comodo        1848        2009.08.03        -
DrWeb        5.0.0.12182        2009.08.03        -
eSafe        7.0.17.0        2009.07.30        -
eTrust-Vet        31.6.6650        2009.08.01        -
F-Prot        4.4.4.56        2009.08.02        W32/Skintrim.1!Generic
F-Secure        8.0.14470.0        2009.08.03        -
Fortinet        3.120.0.0        2009.08.03        -
GData        19        2009.08.03        -
Ikarus        T3.1.1.64.0        2009.08.03        -
Jiangmin        11.0.800        2009.08.03        -
K7AntiVirus        7.10.808        2009.08.01        -
Kaspersky        7.0.0.125        2009.08.03        -
McAfee        5696        2009.08.02        -
McAfee+Artemis        5696        2009.08.02        -
McAfee-GW-Edition        6.8.5        2009.08.03        Heuristic.BehavesLike.Win32.Dropper.H
Microsoft        1.4903        2009.08.03        -
NOD32        4300        2009.08.03        -
Norman        6.01.09        2009.07.31        -
nProtect        2009.1.8.0        2009.08.03        -
Panda        10.0.0.14        2009.08.02        -
PCTools        4.4.2.0        2009.08.02        -
Prevx        3.0        2009.08.03        -
Rising        21.41.01.00        2009.08.03        -
Sophos        4.44.0        2009.08.03        -
Sunbelt        3.2.1858.2        2009.08.03        -
Symantec        1.4.4.12        2009.08.03        -
TheHacker        6.3.4.3.375        2009.08.01        -
TrendMicro        8.950.0.1094        2009.08.03        -
VBA32        3.12.10.9        2009.08.03        -
ViRobot        2009.8.3.1865        2009.08.03        -
VirusBuster        4.6.5.0        2009.08.02        -

weitere Informationen

File size: 241664 bytes
MD5...: 4b2e955e42c28c2e4e153534b8e21a92
SHA1..: 53a3b205d379918d4895ca736602d6b3798b32ac
SHA256: 9650790e2abcb477273b6ae307f958ad31653d3500dc91ec1f7860a7617d8ff8
ssdeep: 6144:u1yDcNJ027DxNm6SOzZWGpHf07ByYEZDENduKEvdAyfeC9T:ukAJ023bmjO
VuyYEZDEvZElAU
PEiD..: Armadillo v1.71
TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x98c0
timedatestamp.....: 0x44094b2c (Sat Mar 04 08:09:16 2006)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x8ac6 0x9000 5.92 fa5c5138f4268792aadc2d2785181cba
.rdata 0xa000 0x2e6d2 0x2f000 7.40 b1c12fb58c0b3972def54f64477b5bbb
.data 0x39000 0xa40 0x1000 4.01 cb7b46effc05ee2c492b0a3973361eed
.rsrc 0x3a000 0xc10 0x1000 2.64 e2d4f938c6de67dbb3b1421dcc7bca37

( 3 imports )
> KERNEL32.dll: VirtualAlloc, GetCommandLineA, GetModuleHandleA, GetStartupInfoA
> USER32.dll: GetDC, SetTimer, IsWindow, InvalidateRect, EndDialog, CallWindowProcA, SendMessageA, GetClientRect, GetWindow, IsWindowEnabled, ShowWindow, DestroyWindow, SetCursor, ClientToScreen
> MSVCRT.dll: exit, _onexit, __dllonexit, _controlfp, _except_handler3, __set_app_type, __p__fmode, __p__commode, _adjust_fdiv, __setusermatherr, _initterm, __getmainargs, _acmdln, _XcptFilter, _exit

( 0 exports )
PDFiD.: -
RDS...: NSRL Reference Data Set
-
Ist dies die einzigste Datei welche ich überprüfen soll??

Danke

lonelyplanet 03.08.2009 10:14
Habe die hijlm.exe auch schon über Windows-Defender/Software Explorer deaktiviert, jedoch wird bei jedem Neustart eine neue hijlm.exe zusätzlich zu der alten deaktivierten dazugeladen.

kira 03.08.2009 22:01
hi

1.
Klick auf folgenden Link und lade dort die Datei "C:\Users\M&M&M\AppData\Local\hijlm.exe "für weitere Analyse hoch:-> uploadchannel

2.
→ lade Dir Navilog1 auf deinen Desktop herunter
→ starte per Doppelklick die Datei navilog1.exe,
→ wähle Spracheinstellungen - Deutsch (Wahl 4.)
→ dann die Anweisungen folgen
→ bei der nächsten Abfrage wählst du 1 - um den Suchlauf und die automatische Bereinigung zu starten und bestätige mit Enter
→ ansonsten nichts am Rechner machen
→ falls eine Virenwarnung v. dein Antivirenprogramm kommt, ignorieren, (wähle "Überspringen")
→ wenn der Scan fertig, der Computer wird neu gestartet und ein Log erstellt: C:\cleannavi.txt
→ poste dieses Logfile hier im Forum

*** Anleitung hier: Entfernung von Navipromo

3.
poste erneut:
Trend Micro HijackThis-Logfile

lonelyplanet 04.08.2009 09:31
2. Logfile Navilog1

Code:
Fix Navipromo version 4.0.1 begonnen am 04.08.2009 10:09:49,15

!!! Achtung, dieser Abschnitt kann legitime Dateien und Programme auflisten!!!
!!! Posten sie diesen Bericht im Forum, um ihn auswerten zu lassen !!!

Programm ausgefuehrt in: C:\Program Files\navilog1

Zuletzt von IL-MAFIOSO aktualisiert am 18.07.2009 um 11h00

Microsoft® Windows Vista™ Home Premium  ( v6.0.6002 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU    T5450  @ 1.66GHz )
BIOS : Default System BIOS
USER : M&M&M ( Administrator )
BOOT : Normal boot


Firewall  : ZoneAlarm Firewall 7.1.254.000 (Activated)

C:\ (Local Disk) - NTFS - Total:111 Go (Free:62 Go)
D:\ (Local Disk) - NTFS - Total:110 Go (Free:51 Go)
E:\ (CD or DVD)


Suche Im normalen Modus ausgefuehrt

Bereinigung beim Neustart des Rechners durchgefuehrt.


C:\Users\M\hijlm.exe entfernt!
C:\Users\M\hijlm.dat entfernt!
C:\Users\M\hijlm_nav.dat entfernt!
C:\Users\M\hijlm_navps.dat entfernt!
C:\Users\M\hijlm.bat entfernt!


Bereinigung in C:\Windows\Temp ausgefuehrt!


*** Sicherung der Registry im Ordner Safebackup ***

Sicherung der Registry erfolgreich abgeschlossen!

*** Bereingung der Registry ***


Fehler in der Anwendung Fixreg
Die Registry wurde nicht bereinigt!






*** Scan beendet 04.08.2009 10:24:43,70 ***

lonelyplanet 04.08.2009 09:34
3. HijackThis

Code:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:32:19, on 04.08.2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conime.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe
C:\Program Files\ZoneAlarm\zlclient.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\pdf24\PDFBackend.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe
C:\Users\M&M&M\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://de.rd.yahoo.com/customize/ycomp/defaults/sp/*http://de.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.schnellsucher.com/?t=Q0907291865&s=h
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.intl.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://de.rd.yahoo.com/customize/ycomp/defaults/su/*http://de.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [PLFSetL] C:\Windows\PLFSetL.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [WrtMon.exe] C:\Windows\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PDFPrint] "C:\Program Files\pdf24\PDFBackend.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\Sandra Lite XII.SP1\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\Sandra Lite XII.SP1\RpcSandraSrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9149 bytes

kira 04.08.2009 21:46
hi

Ok, sieht gut aus:)

dann räumen wir ein bisschen auf:

1.
- den Quarantäne Ordner überall leeren - Antivirus bzw Anti-Spy-Programm usw
- Navilog kannst deinstallieren

2.
alle Anwendungen schließen → Ordner für temporäre Dateien bitte leeren
lösche nur den Inhalt der Ordner, nicht die Ordner selbst! - Dateien, die noch in Benutzung sind,nicht löschbar.
c:\windows\temp
- anschließend den Papierkorb leeren

3.
reinige dein System mit Ccleaner:
  • "Cleaner"→ "Analysieren"→ Klick auf den Button "Start CCleaner"
  • "Registry""Fehler suchen"→ "Fehler beheben"→ "Alle beheben"
  • Starte dein System neu auf

4.
  • lade Dir SUPERAntiSpyware FREE Edition herunter.
  • installiere das Programm und update online.
  • starte SUPERAntiSpyware und klicke auf "Ihren Computer durchsuchen"
  • setze ein Häkchen bei "Kompletter Scan" und klicke auf "Weiter"
  • anschließend alle gefundenen Schadprogramme werden aufgelistet, bei alle Funde Häkchen setzen und mit "OK" bestätigen
  • auf "Weiter" klicken dann "OK" und auf "Fertig stellen"
  • um die Ergebnisse anzuzeigen: auf "Präferenzen" dann auf den "Statistiken und Protokolle" klicken
  • drücke auf "Protokoll anzeigen" - anschließend diesen Bericht bitte speichern und hier posten

5.
Den kompletten Rechner zu überprüfen (Systemprüfung ohne Säuberung) mit Kaspersky Online - Scanner - wähle "My Computer" aus:
im Internet Explorer:
- "Extras→ Internetoptionen→ Sicherheit":
- alles auf Standardstufe stellen
- Active X erlauben
- speichere die Ergebnis als *.txt Datei und poste das Logfile des Scans

lonelyplanet 05.08.2009 21:08
4. SUPERAntiSpyware FREE Edition

Code:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/05/2009 at 01:48 PM

Application Version : 4.27.1000

Core Rules Database Version : 4038
Trace Rules Database Version: 1978

Scan type      : Complete Scan
Total Scan Time : 00:49:15

Memory items scanned      : 764
Memory threats detected  : 0
Registry items scanned    : 7288
Registry threats detected : 5
File items scanned        : 34946
File threats detected    : 1

Registry Cleaner Trial
        HKCR\Install.Install
        HKCR\Install.Install\CLSID
        HKCR\Install.Install\CurVer
        HKCR\Install.Install.1
        HKCR\Install.Install.1\CLSID

Adware.Vundo/Variant-MSFake
        C:\PROGRAM FILES\NAVILOG1\REG.EXE
5. Kaspersky Online

Code:
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
 Wednesday, August 5, 2009
 Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 2 (build 6002)
 Kaspersky Online Scanner  version: 7.0.26.13
 Program database last update: Wednesday, August 05, 2009 19:03:49
 Records in database: 2583460
--------------------------------------------------------------------------------

Scan settings:
        Scan using the following database: extended
        Scan archives: yes
        Scan mail databases: yes

Scan area - My Computer:
        C:\
        D:\
        E:\

Scan statistics:
        Files scanned: 187315
        Threat name: 1
        Infected objects: 2
        Suspicious objects: 0
        Duration of the scan: 02:12:19


File name / Threat name / Threats count
C:\Users\M&M&M\AppData\Roaming\Thunderbird\Profiles\g21atmni.default\Mail\Local Folders\Inbox        Infected: Trojan.Win32.Agent.cnfj        1
C:\Users\M&M&M\AppData\Roaming\Thunderbird\Profiles\g21atmni.default\Mail\Local Folders\Trash        Infected: Trojan.Win32.Agent.cnfj        1

The selected area was scanned.

kira 06.08.2009 20:43
hi

1.
Code:
C:\Users\M&M&M\AppData\Roaming\Thunderbird\Profiles\g21atmni.default\Mail\Local Folders\Inbox        Infected: Trojan.Win32.Agent.cnfj        1
C:\Users\M&M&M\AppData\Roaming\Thunderbird\Profiles\g21atmni.default\Mail\Local Folders\Trash        Infected: Trojan.Win32.Agent.cnfj        1
am besten gehe wie folgt vor:
Starte dein Mailprogramm, lösche den Inhalt aus der Inbox und leere dann den Papierkorb deines Mail-Programms:
1. Mail aus Inbox löschen
2. Mülleimer leeren
3. Inbox komprimieren - (im Menü Datei, Alle Ordner des Kontos komprimieren)
Thunderbird - Ordner komprimieren

2.
- eventuell kannst Du noch dein Sytem mit mindestens 3 Onlinescanner prüfen/reinigen:
- Einstellungen Internet Explorer: Extras → Internetoptionen → Sicherheit → Stufe anpassen: alles auf Standardstufe stellen
- Active X erlauben
- nach jedem Scanvorgang starte dein system neu auf
- speichere und poste das Logfile des Scans - die Ergebnisse als*.txt Datei speichern
- Sollte es noch Probleme geben, teil es uns mit


Alle Zeitangaben in WEZ +1. Es ist jetzt 21:51 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131