| |
| |||||||
Log-Analyse und Auswertung: 3 Trojaner eingefangen Namen sind dabei hijackthis dabei kleine Problemmeldung..Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
04.09.2009, 07:37
| #1 |
 |  3 Trojaner eingefangen Namen sind dabei hijackthis dabei kleine Problemmeldung..Schönen guten Morgen Leutz, Ich habe mir da ein "paar" Trojaner eingefangen die mich ziemlich stören... 1. Win32:Trojan-gen {Other} 2. JS:Obfuscated-CV [Trj] 3. Win32:FakeAV-Q... (Mehr von dem Namen zeigt mein Avast nicht an.) Aufjedenfall merke ich ganz stark dass mein PC immer langsamer wird und auch immer länger braucht um Dateien sowie Programme zu öffnen/laden usw... Das 2te Prob. ist (Ich weis nicht ob es von dem Trojaner kommt vermute es aber!) Er startet immer Internet Explorer irgendwelche komische Seiten kommen dann da.. :/ Benutze aber ausschließlich NUR Mozilla Firefox. Als es die ersten paar Tage so ging, dass ständig IE startete habe ich es geblockt. Und immerwieder wenn die Seite aufging hat sich mein Avast gemeldet und ein Standartprogramm von Vista anscheinend dass da ein Trojaner ist (Löschen/Quarantene(Container)/Ignorieren die Auswahl habe/Hatte ich) anfangs habe ich sofort auf Löschen geklickt was anscheinen nichts brachte und ich somit auch nicht wusste was für ein Virus es ist! Daher stecke ich es jetzt sofort in Quarantene. Dazu muss ich sagen, dass das alles anfing als ich mir ein Spiel Namens Aion (Beta Version auf der Offiziellen Seite) runterladen wollte. 6GB Download ständig neben dem Download haben sich meine Antivirr Programme gemeldet und da habe ich auf Löschen geklickt. Am Ende waren es von den 6GB Nurnoch ca. 4GB ?! Ich fragte mich weshalb? Dann sind mir noch so komische Programme im Ordner Programme aufgefallen die eine Blaue Schrift haben statt standart schwarz wenn man einen neuen Ordner z.B erstellt. Was haben die da zu suchen? Leider habe ich keine Ahnung von wonach ich genau suchen müsste um die zu Entfernen was leider von meiner Seite aus nicht ging.. Ich poste Euch am besten mal HijackThis dings da  Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 08:05:09, on 04.09.2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18294) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\hp\support\hpsysdrv.exe C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe C:\Windows\RtHDVCpl.exe C:\Windows\System32\rundll32.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Windows\system32\schtasks.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Windows\FixCamera.exe C:\Windows\system32\jusched.exe C:\Windows\vsnp2std.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe C:\Program Files\SweetIM\Messenger\SweetIM.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Users\HP\AppData\Local\aocqdr.exe C:\Windows\ehome\ehmsas.exe C:\Windows\system32\wbem\unsecapp.exe C:\hp\kbd\kbd.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=74&bd=Pavilion&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=74&bd=Pavilion&pf=desktop R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - - (no file) R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: ooVoo Toolbar - {A1FB2F9A-D35E-11DD-8935-E46A56D89593} - C:\Program Files\oovootb\oovoodx.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: ooVoo Toolbar - {A1FB2F9A-D35E-11DD-8935-E46A56D89593} - C:\Program Files\oovootb\oovoodx.dll O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [FixCamera] C:\Windows\FixCamera.exe O4 - HKLM\..\Run: [tsnp2std] C:\Windows\tsnp2std.exe O4 - HKLM\..\Run: [snp2std] C:\Windows\vsnp2std.exe O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [Monopod] C:\Users\HP\AppData\Local\Temp\b.exe O4 - HKCU\..\Run: [aocqdr] "c:\users\hp\appdata\local\aocqdr.exe" aocqdr O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - Global Startup: Magic-i Visual Effects.lnk = C:\Program Files\Hama\Hama Webcam Suite\Magic-i Visual Effects\Magic-i Visual Effects.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe O13 - Gopher Prefix: O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Google Update Service (gupdate1ca04f028fd9ce0) (gupdate1ca04f028fd9ce0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe End of file - 9757 bytes Ich wäre dankbar wenn Ihr mir weiterhelfen könntet. Lg Envil =) |
|
04.09.2009, 08:14
| #2 |
  | 3 Trojaner eingefangen Namen sind dabei hijackthis dabei kleine Problemmeldung.. Hallo Envil und
__________________ Um dir kompetent bei deinem Problem zur Seite stehen zu können, benötigen wir mehr Informationen. Bitte lies dir diese Anleitung durch und poste die erforderlichen Log Files.
__________________ |
|
04.09.2009, 09:11
| #3 |
| | 3 Trojaner eingefangen Namen sind dabei hijackthis dabei kleine Problemmeldung.. Der Log ist etwas zu lange damit ich den auf einmal Posten kann muss den in mehreren Threads einfügen Hoffe ist nicht so schlimm. Und danke dafür dass du dich so schnell gemeldet hast =)
__________________Logfile of random's system information tool 1.06 (written by random/random) Run by HP at 2009-09-04 10:05:14 Microsoft® Windows Vista™ Home Premium Service Pack 1 System drive C: has 254 GB (54%) free of 470 GB Total RAM: 2046 MB (38% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:05:27, on 04.09.2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18294) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\hp\support\hpsysdrv.exe C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe C:\Windows\RtHDVCpl.exe C:\Windows\System32\rundll32.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Windows\system32\schtasks.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Windows\FixCamera.exe C:\Windows\system32\jusched.exe C:\Windows\vsnp2std.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe C:\Program Files\SweetIM\Messenger\SweetIM.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Users\HP\AppData\Local\aocqdr.exe C:\Windows\ehome\ehmsas.exe C:\Windows\system32\wbem\unsecapp.exe C:\hp\kbd\kbd.exe C:\Windows\system32\conime.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\taskeng.exe C:\Program Files\Registry Mechanic\regmech.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Users\HP\Desktop\RSIT.exe C:\Program Files\Trend Micro\HijackThis\HP.exe |
|
04.09.2009, 09:12
| #4 |
| | 3 Trojaner eingefangen Namen sind dabei hijackthis dabei kleine Problemmeldung.. R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=74&bd=Pavilion&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=74&bd=Pavilion&pf=desktop R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - - (no file) R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: ooVoo Toolbar - {A1FB2F9A-D35E-11DD-8935-E46A56D89593} - C:\Program Files\oovootb\oovoodx.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: ooVoo Toolbar - {A1FB2F9A-D35E-11DD-8935-E46A56D89593} - C:\Program Files\oovootb\oovoodx.dll O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [FixCamera] C:\Windows\FixCamera.exe O4 - HKLM\..\Run: [tsnp2std] C:\Windows\tsnp2std.exe O4 - HKLM\..\Run: [snp2std] C:\Windows\vsnp2std.exe O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [Monopod] C:\Users\HP\AppData\Local\Temp\b.exe O4 - HKCU\..\Run: [aocqdr] "c:\users\hp\appdata\local\aocqdr.exe" aocqdr O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RMTray.exe /H O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - Global Startup: Magic-i Visual Effects.lnk = C:\Program Files\Hama\Hama Webcam Suite\Magic-i Visual Effects\Magic-i Visual Effects.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe O13 - Gopher Prefix: O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Google Update Service (gupdate1ca04f028fd9ce0) (gupdate1ca04f028fd9ce0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe -- End of file - 10116 bytes ======Scheduled tasks folder====== |
|
04.09.2009, 09:13
| #5 |
| | 3 Trojaner eingefangen Namen sind dabei hijackthis dabei kleine Problemmeldung.. C:\Windows\tasks\1-Click Maintenance.job C:\Windows\tasks\GoogleUpdateTaskMachineCore.job C:\Windows\tasks\GoogleUpdateTaskMachineUA.job C:\Windows\tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}] AskBar BHO - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-08-26 279944] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}] Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-06-04 1541416] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}] Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-04-07 501400] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live Anmelde-Hilfsprogramm - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A1FB2F9A-D35E-11DD-8935-E46A56D89593}] ooVoo Toolbar - C:\Program Files\oovootb\oovoodx.dll [2009-05-08 86016] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2009-03-13 2217856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}] Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}] SweetIM Toolbar Helper - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2009-05-20 1258808] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2009-03-13 2217856] {855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2008-12-09 958200] {3041d03e-fd4b-44e0-b742-2d9b88305f98} - Ask Toolbar - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-08-26 279944] {21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904] {A1FB2F9A-D35E-11DD-8935-E46A56D89593} - ooVoo Toolbar - C:\Program Files\oovootb\oovoodx.dll [2009-05-08 86016] {EEE6C35B-6118-11DC-9C72-001320C79847} - SweetIM Toolbar for Internet Explorer - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2009-05-20 1258808] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184] "hpsysdrv"=c:\hp\support\hpsysdrv.exe [2007-04-18 65536] "KBD"=C:\HP\KBD\KbdStub.EXE [2006-12-08 65536] "OsdMaestro"=C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe [2007-02-15 118784] "RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-01-15 4874240] "HP Health Check Scheduler"=c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2007-05-24 71176] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [] "SunJavaUpdateReg"=C:\Windows\system32\jureg.exe [2007-04-07 54936] ""= [] "NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-05-16 13535776] "NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-05-16 92704] "avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-08-17 81000] "HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840] "FixCamera"=C:\Windows\FixCamera.exe [2007-02-12 20480] "tsnp2std"=C:\Windows\tsnp2std.exe [2007-05-12 270336] "snp2std"=C:\Windows\vsnp2std.exe [2007-05-10 344064] "ArcSoft Connection Service"=C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2007-10-11 31232] "SweetIM"=C:\Program Files\SweetIM\Messenger\SweetIM.exe [2009-05-20 111928] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Launcher"=C:\Windows\SMINST\launcher.exe [2007-04-03 44168] "Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-08-03 419088] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952] "WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240] "Monopod"=C:\Users\HP\AppData\Local\Temp\b.exe [] "aocqdr"=c:\users\hp\appdata\local\aocqdr.exe [2009-09-03 258048] "RegistryMechanic"=C:\Program Files\Registry Mechanic\RMTray.exe [2008-07-03 812952] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup Magic-i Visual Effects.lnk - C:\Program Files\Hama\Hama Webcam Suite\Magic-i Visual Effects\Magic-i Visual Effects.exe [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableUIADesktopToggle"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] ======List of files/folders created in the last 1 months====== |
|
04.09.2009, 09:14
| #6 |
| | 3 Trojaner eingefangen Namen sind dabei hijackthis dabei kleine Problemmeldung.. 2009-09-04 10:05:14 ----D---- C:\rsit 2009-09-04 10:02:37 ----A---- C:\Windows\system32\msxml.dll 2009-09-04 10:02:36 ----A---- C:\Windows\system32\STKIT432.DLL 2009-09-04 10:02:33 ----D---- C:\Program Files\Registry Mechanic 2009-09-04 10:00:10 ----D---- C:\Users\HP\AppData\Roaming\Malwarebytes 2009-09-04 10:00:04 ----D---- C:\ProgramData\Malwarebytes 2009-09-04 10:00:04 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2009-09-04 08:04:40 ----D---- C:\Program Files\Trend Micro 2009-09-03 19:40:17 ----D---- C:\Program Files\Robby 2009-09-03 00:06:11 ----A---- C:\Windows\system32\Apphlpdm.dll 2009-09-03 00:06:08 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll 2009-08-27 15:08:46 ----A---- C:\Windows\system32\tzres.dll 2009-08-20 16:18:29 ----D---- C:\ProgramData\Blizzard Entertainment 2009-08-20 15:53:28 ----A---- C:\Windows\system32\BASSMOD.dll 2009-08-15 23:53:09 ----D---- C:\Users\HP\AppData\Roaming\MAGIX 2009-08-15 16:25:22 ----A---- C:\Windows\musicmaker.INI 2009-08-15 16:06:01 ----A---- C:\Windows\system32\msxml4a.dll 2009-08-15 16:03:32 ----A---- C:\Windows\system32\LMRTREND.dll 2009-08-15 16:03:32 ----A---- C:\Windows\system32\LMRT.dll 2009-08-15 16:03:31 ----A---- C:\Windows\system32\dxtmsft3.dll 2009-08-15 16:03:30 ----A---- C:\Windows\system32\unam4ie.exe 2009-08-15 16:03:27 ----A---- C:\Windows\system32\vidx16.dll 2009-08-15 16:03:27 ----A---- C:\Windows\system32\danim.dll 2009-08-15 16:03:26 ----A---- C:\Windows\system32\qcut.dll 2009-08-15 16:03:24 ----A---- C:\Windows\system32\w95inf32.dll 2009-08-15 16:03:24 ----A---- C:\Windows\system32\w95inf16.dll 2009-08-15 16:03:23 ----D---- C:\Windows\~dxmcab~ 2009-08-15 16:03:17 ----D---- C:\Program Files\MAGIX Online Druck Service 2009-08-15 16:03:12 ----A---- C:\Windows\system32\TTIC32.dll 2009-08-15 16:03:12 ----A---- C:\Windows\system32\TTI32.dll 2009-08-15 16:03:12 ----A---- C:\Windows\system32\STRING32.dll 2009-08-15 16:03:12 ----A---- C:\Windows\system32\mgxcdr.txt 2009-08-15 16:03:12 ----A---- C:\Windows\system32\mgxasio.dll 2009-08-15 16:03:12 ----A---- C:\Windows\system32\DLLTPO32.dll 2009-08-15 16:03:12 ----A---- C:\Windows\system32\DLLRES32.dll 2009-08-15 16:03:12 ----A---- C:\Windows\system32\DLLRD32.dll 2009-08-15 16:03:12 ----A---- C:\Windows\system32\DLLPTL32.dll 2009-08-15 16:03:12 ----A---- C:\Windows\system32\DLLPRJ32.dll 2009-08-15 16:03:12 ----A---- C:\Windows\system32\DLLPRF32.dll 2009-08-15 16:03:12 ----A---- C:\Windows\system32\DLLPNT32.dll 2009-08-15 16:03:12 ----A---- C:\Windows\system32\DLLMSC32.dll 2009-08-15 16:03:12 ----A---- C:\Windows\system32\DLLIX.dll 2009-08-15 16:03:12 ----A---- C:\Windows\system32\DLLISO32.dll 2009-08-15 16:03:12 ----A---- C:\Windows\system32\DLLIO32.dll 2009-08-15 16:03:12 ----A---- C:\Windows\system32\DLLIMG32.dll 2009-08-15 16:03:12 ----A---- C:\Windows\system32\DLLDRV32.dll 2009-08-15 16:03:12 ----A---- C:\Windows\system32\DLLDIR32.dll 2009-08-15 16:03:12 ----A---- C:\Windows\system32\DLLDEV32.dll 2009-08-15 16:03:12 ----A---- C:\Windows\system32\DLLCPY32.dll 2009-08-15 16:03:12 ----A---- C:\Windows\system32\DLLCDF32.dll 2009-08-15 16:03:12 ----A---- C:\Windows\system32\DLLCDA32.dll 2009-08-15 16:03:12 ----A---- C:\Windows\system32\DLLAV32.dll 2009-08-15 16:02:57 ----D---- C:\Program Files\Common Files\MAGIX Shared 2009-08-15 15:59:11 ----D---- C:\MAGIX 2009-08-15 15:59:10 ----D---- C:\Windows\system32\MAGIX 2009-08-15 15:59:10 ----A---- C:\Windows\system32\ROBOEX32.DLL 2009-08-15 15:59:09 ----A---- C:\Windows\system32\INETWH32.dll 2009-08-15 15:59:09 ----A---- C:\Windows\system32\HtmlWH.dll 2009-08-15 15:58:53 ----A---- C:\Windows\system32\mgxoschk.dll 2009-08-15 15:58:53 ----A---- C:\Windows\mgxoschk.ini 2009-08-14 19:50:14 ----D---- C:\Program Files\abcde 2009-08-14 19:08:45 ----D---- C:\Program Files\Schriftarten 2009-08-14 17:03:10 ----D---- C:\Program Files\Adobe Design Premium CS3 2009-08-14 16:47:47 ----D---- C:\Program Files\PSCS2 2009-08-13 21:53:54 ----A---- C:\Windows\system32\xfcodec.dll 2009-08-12 19:37:01 ----A---- C:\Windows\system32\atl.dll 2009-08-12 19:36:59 ----A---- C:\Windows\system32\wkssvc.dll 2009-08-12 19:36:56 ----A---- C:\Windows\system32\mstscax.dll 2009-08-12 19:36:53 ----A---- C:\Windows\system32\avifil32.dll 2009-08-12 19:36:44 ----A---- C:\Windows\system32\wmp.dll 2009-08-12 19:36:43 ----A---- C:\Windows\system32\wmpdxm.dll 2009-08-12 19:36:40 ----A---- C:\Windows\system32\spwmp.dll 2009-08-12 19:36:39 ----A---- C:\Windows\system32\dxmasf.dll 2009-08-12 19:36:38 ----A---- C:\Windows\system32\wmploc.DLL 2009-08-08 14:52:13 ----D---- C:\GAMIGO ======List of files/folders modified in the last 1 months====== 2009-09-04 10:05:25 ----D---- C:\Windows\Temp 2009-09-04 10:03:20 ----AD---- C:\ProgramData\TEMP 2009-09-04 10:03:00 ----D---- C:\Windows\System32 2009-09-04 10:02:33 ----RD---- C:\Program Files 2009-09-04 10:00:05 ----D---- C:\Windows\system32\drivers 2009-09-04 10:00:04 ----HD---- C:\ProgramData 2009-09-04 09:41:23 ----D---- C:\Users\HP\AppData\Roaming\vlc 2009-09-04 09:11:19 ----D---- C:\Windows\Prefetch 2009-09-04 08:44:18 ----D---- C:\World of Warcraft 2009-09-04 05:08:56 ----SHD---- C:\System Volume Information 2009-09-04 02:24:02 ----D---- C:\Windows\winsxs 2009-09-04 02:04:26 ----D---- C:\Windows 2009-09-04 02:02:14 ----D---- C:\Windows\SMINST 2009-09-04 02:02:13 ----D---- C:\Windows\Tasks 2009-09-04 02:02:09 ----D---- C:\Windows\system32\catroot 2009-09-04 02:02:02 ----D---- C:\Windows\system32\catroot2 2009-09-04 02:01:07 ----D---- C:\Windows\AppPatch 2009-09-04 01:42:23 ----D---- C:\Users\HP\AppData\Roaming\Skype 2009-09-04 00:07:16 ----D---- C:\Users\HP\AppData\Roaming\skypePM 2009-09-03 23:17:21 ----D---- C:\Program Files\Steam 2009-09-03 17:37:50 ----D---- C:\Windows\system32\Tasks 2009-09-02 03:09:31 ----D---- C:\Windows\Microsoft.NET 2009-09-02 03:02:59 ----SHD---- C:\Windows\Installer 2009-09-01 10:42:10 ----D---- C:\Program Files\Common Files\Steam 2009-08-28 13:12:13 ----D---- C:\Windows\rescache 2009-08-28 01:53:02 ----D---- C:\Windows\system32\de-DE 2009-08-26 18:49:25 ----D---- C:\Users\HP\AppData\Roaming\teamspeak2 2009-08-25 09:30:43 ----D---- C:\Users\HP\AppData\Roaming\Xfire 2009-08-20 15:50:46 ----D---- C:\Windows\system32\config 2009-08-19 14:52:42 ----D---- C:\ProgramData\Xfire 2009-08-19 04:49:47 ----D---- C:\Program Files\Mozilla Firefox 2009-08-18 14:58:12 ----D---- C:\Program Files\Xfire 2009-08-17 18:10:20 ----A---- C:\Windows\system32\aswBoot.exe 2009-08-15 23:58:04 ----HD---- C:\Program Files\InstallShield Installation Information 2009-08-15 19:00:17 ----D---- C:\Users\HP\AppData\Roaming\Adobe 2009-08-15 16:06:14 ----RSD---- C:\Windows\Fonts 2009-08-15 16:05:59 ----D---- C:\Windows\Help 2009-08-15 16:05:58 ----D---- C:\Program Files\Common Files\microsoft shared 2009-08-15 16:03:32 ----D---- C:\Windows\inf 2009-08-15 16:03:32 ----D---- C:\Program Files\Windows Media Player 2009-08-15 16:02:57 ----D---- C:\Program Files\Common Files 2009-08-14 02:44:24 ----D---- C:\Program Files\Common Files\Adobe 2009-08-13 14:39:01 ----D---- C:\Users\HP\AppData\Roaming\gtk-2.0 2009-08-13 03:02:45 ----D---- C:\Program Files\Windows Mail 2009-08-11 21:48:55 ----A---- C:\Windows\system32\PerfStringBackup.INI ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 ACEDRV05;ACEDRV05; \??\C:\Windows\system32\drivers\ACEDRV05.sys [2009-08-15 97792] R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2009-08-17 23152] R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2009-08-17 114768] R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2009-08-17 51376] R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2009-08-17 20560] R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2009-08-17 53328] R3 Afc;PPdus ASPI Shell; C:\Windows\system32\drivers\Afc.sys [2006-11-10 18688] R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect; C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2007-05-30 16640] R3 BCM43XV;Broadcom Extensible 802.11-Netzwerkadaptertreiber; C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 464384] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-01-15 2047576] R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys [2009-08-03 38160] R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2007-05-03 1065384] R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-05-16 7465312] R3 Ps2;PS2; C:\Windows\system32\DRIVERS\PS2.sys [2005-12-12 19072] R3 SNP2STD;USB2.0 PC Camera (SNP2STD); C:\Windows\system32\DRIVERS\snp2sxp.sys [2007-05-10 12179584] R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328] S1 kbdqhltl;kbdqhltl; \??\C:\Windows\system32\drivers\kbdqhltl.sys [2009-03-25 497664] S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632] S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2009-02-06 55280] S3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520] S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192] S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888] S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016] S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2007-10-11 51712] R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-08-17 18752] R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-08-17 138680] R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2007-05-24 61440] R2 LightScribeService;LightScribeService Direct Disc Labeling Service; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-07-25 79136] R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-05-16 118784] R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512] R2 TeamViewer4;TeamViewer 4; C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe [2009-06-25 185640] R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-08-17 254040] R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-08-17 352920] S2 gupdate1ca04f028fd9ce0;Google Update Service (gupdate1ca04f028fd9ce0); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-07-15 133104] S3 aspnet_state;ASP.NET-Zustandsdienst; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2009-03-23 34312] S3 fsssvc;Windows Live Family Safety; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360] S3 IDriverT;InstallDriver Table Manager; c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728] S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2009-08-31 316664] |
|
04.09.2009, 09:16
| #7 |
| | 3 Trojaner eingefangen Namen sind dabei hijackthis dabei kleine Problemmeldung.. Hier die Info List von RSIT info.txt logfile of random's system information tool 1.06 2009-09-04 10:05:38 ======Uninstall list====== -->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER AC3Filter (remove only)-->C:\Program Files\AC3Filter\uninstall.exe ActiveCheck component for HP Active Support Library-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E} Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe Adobe Reader 8.1.0 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A81000000003} Ask Toolbar-->"C:\Program Files\AskBarDis\unins000.exe" Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe" avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup Big Fish Games Client-->C:\Program Files\bfgclient\Uninstall.exe Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E} Counter-Strike: Source-->"C:\Program Files\Steam\steam.exe" steam://uninstall/240 Deep Paint-->C:\Program Files\Right Hemisphere\Deep Paint\unwise.exe DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN Favorit-->c:\users\hp\appdata\local\aiwaoka.bat File Renamer 1.7.1-->"C:\Program Files\Robby\Renamer\unins000.exe" Free YouTube to Mp3 Converter version 3.1-->"C:\Program Files\DVDVideoSoft\Free YouTube to Mp3 Converter\unins000.exe" Game Cam 2.3.4.41-->C:\Program Files\Game Cam V2\uninst.exe GIMP 2.6.6-->"C:\Program Files\GIMP-2.0\setup\unins000.exe" Google Chrome-->"C:\Program Files\Google\Chrome\Application\2.0.172.43\Installer\setup.exe" --uninstall --system-level Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29} Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll" Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} Half-Life 2: Deathmatch-->"C:\Program Files\Steam\steam.exe" steam://uninstall/320 hama PC-Webcam RW-250-->C:\Program Files\InstallShield Installation Information\{75438C0E-9925-412E-AD85-D0E71C6CE2ED}\setup.exe -runfromtemp -l0x0007 -removeonly -u Hama Webcam Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F0D5576-C383-4E5E-9906-0B47BECBB8B6}\Setup.exe" -l0x7 Hardware Diagnose Tools-->C:\Program Files\PC-Doctor 5 for Windows\uninst.exe HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT="" HP Active Support Library 32 bit components-->MsiExec.exe /I{6D3DB611-D5E8-4E4B-8952-0D3F549F9CC6} HP Active Support Library-->C:\Program Files\InstallShield Installation Information\{0A47BAFF-D4FF-4BD3-96CA-02A22EA62722}\setup.exe -runfromtemp -l0x0409 HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB5E289E-76BF-4251-9F3F-9B763F681AE0}\setup.exe" -l0x9 -removeonly HP Customer Feedback-->MsiExec.exe /I{9DBA770F-BF73-4D39-B1DF-6035D95268FC} HP Easy Setup - Frontend-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40F7AED3-0C7D-4582-99F6-484A515C73F2}\setup.exe" -l0x9 -removeonly HP On-Screen Cap/Num/Scroll Lock Indicator-->C:\Windows\system32\OsdRemove.exe HP Photosmart Essential 2.01-->C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat HP Picasso Media Center Add-In-->MsiExec.exe /I{55979C41-7D6A-49CC-B591-64AC1BBE2C8B} HP Total Care Advisor-->MsiExec.exe /X{0DDA7620-4F8B-43B3-8828-CA5EE292FA3B} HP Update-->MsiExec.exe /X{FE57DE70-95DE-4B64-9266-84DA811053DB} HPAsset component for HP Active Support Library-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367} ICQ Toolbar-->C:\Program Files\ICQ6Toolbar\ICQUnToolbar.exe ICQ6.5-->"C:\Program Files\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010} Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3} LastChaosGER-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{99A37AC7-E724-4621-B167-500B5A52B69C}\setup.exe" -l0x9 -removeonly MAGIX Foto Manager-->C:\MAGIX\Foto_Manager\instslct.exe MAGIX music maker 2006 deLuxe-->C:\MAGIX\mm2006_deLuxe\instslct.exe MAGIX Music Manager-->C:\MAGIX\Music_Manager\instslct.exe MAGIX Online Druck Service-->C:\PROGRA~1\MAGIXO~1\\UNWISE.EXE C:\PROGRA~1\MAGIXO~1\\INSTALL.LOG Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" McLoad Preinstaller-->C:\\Users\\HP\\AppData\\Roaming\\McLoad\\Uninstall-Mcload.exe Microsoft .NET Framework 1.1 Hotfix (KB929729)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M929729\M929729Uninstall.msp" Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 3.5 Language Pack SP1 - DEU-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - deu\setup.exe Microsoft .NET Framework 3.5 Language Pack SP1 - deu-->MsiExec.exe /I{052FDD78-A6EA-3187-8386-C82F4CA3A929} Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Microsoft Search Enhancement Pack-->MsiExec.exe /X{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7} Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8} Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5} Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB} Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7} Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C} Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4} Microsoft Works-->MsiExec.exe /I{4EA2F95F-A537-4D17-9E7F-6B3FF8D9BBE3} Mozilla Firefox (3.5.2)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} muvee autoProducer 6.0-->C:\Program Files\InstallShield Installation Information\{14AF024E-2E3B-49D0-A175-D1C1A06B155A}\setup.exe -runfromtemp -l0x0007 -removeonly Nancy Drew The White Wolf of Icicle Creek Demo-->"C:\Program Files\Steam\steam.exe" steam://uninstall/31970 Nero 8 Lite-->"C:\Program Files\Nero\unins000.exe" NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI ooVoo Toolbar (Remove Toolbar Only)-->C:\Program Files\oovootb\uninstall.exe ooVoo-->"C:\Program Files\InstallShield Installation Information\{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}\setup.exe" -runfromtemp -l0x0007 -removeonly Optimierte Multimedia-Tastatur-Lösung-->C:\HP\KBD\Install.exe /u Paint.NET v3.36-->MsiExec.exe /X{43602F34-1AA3-44FB-AEB2-D08C2C73743F} Python 2.5-->MsiExec.exe /I{0A2C5854-557E-48C8-835A-3B9F074BDCAA} Realtek High Definition Audio Driver-->RtlUpd.exe -r -m Registry Mechanic 8.0-->"C:\Program Files\Registry Mechanic\unins000.exe" /Log Roxio Activation Module-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0} Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Skype web features-->MsiExec.exe /I{8B53527D-BBB2-43A5-91D7-9ED772FD737F} Skype™ 4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36} SpellForce-->C:\PROGRA~1\JoWooD\SPELLF~1\unwise.exe C:\PROGRA~1\JoWooD\SPELLF~1\install.log Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3} SweetIM for Messenger 2.7-->MsiExec.exe /X{E848C9C0-E6FF-4A3F-9D67-AE53AC3628FE} SweetIM Toolbar for Internet Explorer 3.4-->MsiExec.exe /X{8C13BEE4-E7CE-4E46-BD13-8F41DAD00FEF} TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak2_RC2\unins000.exe" TeamViewer 4-->C:\Program Files\TeamViewer\Version4\uninstall.exe Testversion von Microsoft Office Home and Student 2007-->c:\hp\bin\MSOffice\uninst2.cmd Text-To-Speech-Runtime-->MsiExec.exe /X{7B3F0113-E63C-4D6D-AF19-111A3165CCA2} Uninstall 1.0.0.1-->"C:\Program Files\Common Files\DVDVideoSoft\unins000.exe" Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT="" VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B} VLC media player 1.0.0-->C:\Program Files\VideoLAN\VLC\uninstall.exe Windows Live Anmelde-Assistent-->MsiExec.exe /I{52B97218-98CB-4B8B-9283-D213C85E1AA4} Windows Live Call-->MsiExec.exe /I{5FC68772-6D56-41C6-9DF1-24E868198AE6} Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52} Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe Windows Live Essentials-->MsiExec.exe /I{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19} Windows Live Family Safety-->MsiExec.exe /X{54B1E5A3-1B29-4582-A226-172A1FC7BA6C} Windows Live Fotogalerie-->MsiExec.exe /X{119B7481-0216-40D2-A5CC-C3E1F461ECC1} Windows Live Mail-->MsiExec.exe /I{5A166C0B-9557-4364-A057-F946D674E6AC} Windows Live Messenger-->MsiExec.exe /X{837B6259-6FF5-4E66-87C1-A5A15ED36FF4} Windows Live Sync-->MsiExec.exe /X{ED636101-1959-4360-8BF7-209436E7DEE4} Windows Live Toolbar-->MsiExec.exe /X{70B7A167-0B88-445D-A3EA-97C73AA88CAC} Windows Live Writer-->MsiExec.exe /X{81821BF8-DA20-4F8C-AA87-F70A274828D4} Windows Live-Uploadtool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238} Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4} WinRAR-->C:\Program Files\WinRAR\uninstall.exe World of Warcraft-->C:\Program Files\Common Files\Blizzard Entertainment\WORLD OF WARCRAFT\Uninstall.exe Xfire (remove only)-->"C:\Program Files\Xfire\uninst.exe" Zip Motion Block Video codec (Remove Only)-->rundll32.exe setupapi,InstallHinfSection DefaultUninstall 132 C:\Windows\INF\ZMBV.INF ======Hosts File====== 127.0.0.1 localhost ======Security center information====== AV: avast! antivirus 4.8.1335 [VPS 090326-0] AS: Windows-Defender AS: avast! antivirus 4.8.1335 [VPS 090326-0] ======System event log====== Computer Name: HP-PC Event Code: 7036 Message: Dienst "WinHTTP-Web Proxy Auto-Discovery-Dienst" befindet sich jetzt im Status "Beendet". Record Number: 57224 Source Name: Service Control Manager Time Written: 20090904050926.000000-000 Event Type: Informationen User: Computer Name: HP-PC Event Code: 7036 Message: Dienst "WinHTTP-Web Proxy Auto-Discovery-Dienst" befindet sich jetzt im Status "Ausgeführt". Record Number: 57225 Source Name: Service Control Manager Time Written: 20090904061810.000000-000 Event Type: Informationen User: Computer Name: HP-PC Event Code: 7036 Message: Dienst "WinHTTP-Web Proxy Auto-Discovery-Dienst" befindet sich jetzt im Status "Beendet". Record Number: 57226 Source Name: Service Control Manager Time Written: 20090904063440.000000-000 Event Type: Informationen User: Computer Name: HP-PC Event Code: 7036 Message: Dienst "WinHTTP-Web Proxy Auto-Discovery-Dienst" befindet sich jetzt im Status "Ausgeführt". Record Number: 57227 Source Name: Service Control Manager Time Written: 20090904074726.000000-000 Event Type: Informationen User: Computer Name: HP-PC Event Code: 7036 Message: Dienst "WinHTTP-Web Proxy Auto-Discovery-Dienst" befindet sich jetzt im Status "Beendet". Record Number: 57228 Source Name: Service Control Manager Time Written: 20090904080356.000000-000 Event Type: Informationen User: =====Application event log===== Computer Name: HP-PC Event Code: 0 Message: Der Dienst wurde gestartet. Record Number: 5458 Source Name: HP Health Check Service Time Written: 20090904000402.000000-000 Event Type: Informationen User: Computer Name: HP-PC Event Code: 1 Message: Der Windows-Sicherheitscenterdienst wurde gestartet. Record Number: 5459 Source Name: SecurityCenter Time Written: 20090904000409.000000-000 Event Type: Informationen User: Computer Name: HP-PC Event Code: 8194 Message: Der Wiederherstellungspunkt wurde erfolgreich erstellt (Prozess = C:\Windows\System32\svchost.exe -k secsvcs; Beschreibung = Windows Defender Checkpoint). Record Number: 5460 Source Name: System Restore Time Written: 20090904000426.000000-000 Event Type: Informationen User: Computer Name: HP-PC Event Code: 8194 Message: Der Wiederherstellungspunkt wurde erfolgreich erstellt (Prozess = C:\Windows\System32\svchost.exe -k secsvcs; Beschreibung = Windows Defender Checkpoint). Record Number: 5461 Source Name: System Restore Time Written: 20090904000426.000000-000 Event Type: Informationen User: Computer Name: HP-PC Event Code: 5 Message: Unsupported service control request (see data below) Record Number: 5462 Source Name: LightScribeService Time Written: 20090904080533.000000-000 Event Type: Informationen User: =====Security event log===== Computer Name: HP-PC Event Code: 5038 Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen. Dateiname: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys Record Number: 11553 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090904080525.033227-000 Event Type: Überwachung gescheitert User: Computer Name: HP-PC Event Code: 5038 Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen. Dateiname: \Device\HarddiskVolume1\Program Files\Alwil Software\Avast4\Setup\INF\aswSP.sys Record Number: 11554 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090904080532.543227-000 Event Type: Überwachung gescheitert User: Computer Name: HP-PC Event Code: 5038 Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen. Dateiname: \Device\HarddiskVolume1\Program Files\Alwil Software\Avast4\Setup\INF\aswSP.sys Record Number: 11555 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090904080532.577227-000 Event Type: Überwachung gescheitert User: Computer Name: HP-PC Event Code: 5038 Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen. Dateiname: \Device\HarddiskVolume1\Program Files\Alwil Software\Avast4\Setup\INF\aswSP.sys Record Number: 11556 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090904080532.615227-000 Event Type: Überwachung gescheitert User: Computer Name: HP-PC Event Code: 5038 Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen. Dateiname: \Device\HarddiskVolume1\Program Files\Alwil Software\Avast4\Setup\INF\aswSP.sys Record Number: 11557 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090904080532.649227-000 Event Type: Überwachung gescheitert User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\hp\bin\Python;c:\Program Files\Common Files\Roxio Shared\DLLShared\;c:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\Common Files\DivX Shared\ "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC "PROCESSOR_ARCHITECTURE"=x86 "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "USERNAME"=SYSTEM "windir"=%SystemRoot% "PROCESSOR_LEVEL"=15 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 67 Stepping 3, AuthenticAMD "PROCESSOR_REVISION"=4303 "NUMBER_OF_PROCESSORS"=2 "PLATFORM"=HPD "PCBRAND"=Pavilion "OnlineServices"=Online-Dienste -----------------EOF----------------- |
|
04.09.2009, 10:24
| #8 |
| | 3 Trojaner eingefangen Namen sind dabei hijackthis dabei kleine Problemmeldung.. Sooo und hier das letzte: Malwarebytes' Anti-Malware 1.40 Datenbank Version: 2738 Windows 6.0.6001 Service Pack 1 04.09.2009 11:17:50 mbam-log-2009-09-04 (11-17-50).txt Scan-Methode: Vollständiger Scan (C:\|D:\|) Durchsuchte Objekte: 273142 Laufzeit: 1 hour(s), 1 minute(s), 45 second(s) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 8 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 2 Infizierte Dateien: 8 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CLASSES_ROOT\xml.xml (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\xml.xml.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Monopod (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\NordBull (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\aocqdr (Trojan.Agent.H) -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: C:\ProgramData\MPK (Refog.Keylogger) -> Quarantined and deleted successfully. C:\ProgramData\MPK\1 (Refog.Keylogger) -> Quarantined and deleted successfully. Infizierte Dateien: c:\Users\HP\AppData\Local\aocqdr.exe (Trojan.Agent.H) -> Delete on reboot. C:\Users\HP\AppData\Local\Temp\c.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\ProgramData\MPK\M0000 (Refog.Keylogger) -> Quarantined and deleted successfully. C:\ProgramData\MPK\S0000 (Refog.Keylogger) -> Quarantined and deleted successfully. C:\ProgramData\MPK\1\D0000 (Refog.Keylogger) -> Quarantined and deleted successfully. C:\ProgramData\MPK\1\S0000 (Refog.Keylogger) -> Quarantined and deleted successfully. C:\install.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Windows\Tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job (Trojan.Downloader) -> Quarantined and deleted successfully. |
|
04.09.2009, 15:47
| #9 |
| | 3 Trojaner eingefangen Namen sind dabei hijackthis dabei kleine Problemmeldung.. Du musst die Reihenfolge einhalten, Zuerst CCleaner, dann Malwarebytes und dann RSIT Bitte nochmal von vorne, les dir die Anleitungen hierzu durch ( siehe oben ) Hast du den keylogger installiert, oder haben auch noch andere Personen Zugriff auf deinen Rechner ? So wie es aussieht, scheint MAM einiges erwischt zu haben. Stellst du einige Veränderungen / Verbesserungen an deinem PC jetzt fest? Anschließend: Bitte lade dir GMER herunter und lasse dein System scannen, Poste das Ergebnis hier
__________________ Quidquid agis prudenter agas et respice finem Was auch immer du tust, tu es klug und bedenke die Folgen --------------------------------------------------------------------------------- Wenn ich nach 24 Stunden nicht antworte, bitte kurze PM Geändert von Redwulf (04.09.2009 um 16:00 Uhr) |
|
04.09.2009, 20:06
| #10 |
| | 3 Trojaner eingefangen Namen sind dabei hijackthis dabei kleine Problemmeldung.. Ja Internet Explorer startet nichtmehr automatisch die Programme usw.. Lassen sich wieder öffnen wie am 2ten Tag als ich mir den Pc gekauft habe..  Nach der Rheinfolge und dann nochmal alles hier rein ok werde ich machen. Und ein großes Danke an dich für deine Hilfe! //edit: Nein niemand hat noch Zugriff auf meinen PC |
|
04.09.2009, 21:25
| #11 |
| | 3 Trojaner eingefangen Namen sind dabei hijackthis dabei kleine Problemmeldung.. So auf ein neues =) Malwarebytes' Anti-Malware 1.40 Datenbank Version: 2738 Windows 6.0.6001 Service Pack 1 04.09.2009 22:19:58 mbam-log-2009-09-04 (22-19-58).txt Scan-Methode: Vollständiger Scan (C:\|D:\|) Durchsuchte Objekte: 267789 Laufzeit: 1 hour(s), 10 minute(s), 51 second(s) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) |
|
04.09.2009, 21:27
| #12 |
| | 3 Trojaner eingefangen Namen sind dabei hijackthis dabei kleine Problemmeldung.. Logfile of random's system information tool 1.06 (written by random/random) Run by HP at 2009-09-04 22:24:42 Microsoft® Windows Vista™ Home Premium Service Pack 1 System drive C: has 256 GB (54%) free of 470 GB Total RAM: 2046 MB (38% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:24:53, on 04.09.2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18294) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\hp\support\hpsysdrv.exe C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe C:\Windows\RtHDVCpl.exe C:\Windows\System32\rundll32.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Windows\FixCamera.exe C:\Windows\vsnp2std.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe C:\Program Files\SweetIM\Messenger\SweetIM.exe C:\Windows\ehome\ehtray.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\System32\mobsync.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\schtasks.exe C:\Windows\system32\jusched.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\hp\kbd\kbd.exe C:\Program Files\Steam\Steam.exe c:\program files\steam\steamapps\same42\counter-strike source\hl2.exe C:\Program Files\Steam\GameOverlayUI.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Users\HP\Desktop\RSIT.exe C:\Program Files\Trend Micro\HijackThis\HP.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=74&bd=Pavilion&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=74&bd=Pavilion&pf=desktop R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - - (no file) R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: ooVoo Toolbar - {A1FB2F9A-D35E-11DD-8935-E46A56D89593} - C:\Program Files\oovootb\oovoodx.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: ooVoo Toolbar - {A1FB2F9A-D35E-11DD-8935-E46A56D89593} - C:\Program Files\oovootb\oovoodx.dll O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [FixCamera] C:\Windows\FixCamera.exe O4 - HKLM\..\Run: [tsnp2std] C:\Windows\tsnp2std.exe O4 - HKLM\..\Run: [snp2std] C:\Windows\vsnp2std.exe O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RMTray.exe /H O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - Global Startup: Magic-i Visual Effects.lnk = C:\Program Files\Hama\Hama Webcam Suite\Magic-i Visual Effects\Magic-i Visual Effects.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe O13 - Gopher Prefix: O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Google Update Service (gupdate1ca04f028fd9ce0) (gupdate1ca04f028fd9ce0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe -- End of file - 9811 bytes ======Scheduled tasks folder====== C:\Windows\tasks\1-Click Maintenance.job C:\Windows\tasks\GoogleUpdateTaskMachineCore.job C:\Windows\tasks\GoogleUpdateTaskMachineUA.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}] AskBar BHO - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-08-26 279944] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}] Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-06-04 1541416] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}] Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-04-07 501400] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live Anmelde-Hilfsprogramm - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A1FB2F9A-D35E-11DD-8935-E46A56D89593}] ooVoo Toolbar - C:\Program Files\oovootb\oovoodx.dll [2009-05-08 86016] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2009-03-13 2217856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}] Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}] SweetIM Toolbar Helper - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2009-05-20 1258808] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2009-03-13 2217856] {855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2008-12-09 958200] {3041d03e-fd4b-44e0-b742-2d9b88305f98} - Ask Toolbar - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-08-26 279944] {21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904] {A1FB2F9A-D35E-11DD-8935-E46A56D89593} - ooVoo Toolbar - C:\Program Files\oovootb\oovoodx.dll [2009-05-08 86016] {EEE6C35B-6118-11DC-9C72-001320C79847} - SweetIM Toolbar for Internet Explorer - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2009-05-20 1258808] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184] "hpsysdrv"=c:\hp\support\hpsysdrv.exe [2007-04-18 65536] "KBD"=C:\HP\KBD\KbdStub.EXE [2006-12-08 65536] "OsdMaestro"=C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe [2007-02-15 118784] "RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-01-15 4874240] "HP Health Check Scheduler"=c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2007-05-24 71176] "SunJavaUpdateReg"=C:\Windows\system32\jureg.exe [2007-04-07 54936] ""= [] "NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-05-16 13535776] "NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-05-16 92704] "avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-08-17 81000] "HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840] "FixCamera"=C:\Windows\FixCamera.exe [2007-02-12 20480] "tsnp2std"=C:\Windows\tsnp2std.exe [2007-05-12 270336] "snp2std"=C:\Windows\vsnp2std.exe [2007-05-10 344064] "ArcSoft Connection Service"=C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2007-10-11 31232] "SweetIM"=C:\Program Files\SweetIM\Messenger\SweetIM.exe [2009-05-20 111928] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Launcher"=C:\Windows\SMINST\launcher.exe [2007-04-03 44168] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952] "WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240] "RegistryMechanic"=C:\Program Files\Registry Mechanic\RMTray.exe [2008-07-03 812952] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup Magic-i Visual Effects.lnk - C:\Program Files\Hama\Hama Webcam Suite\Magic-i Visual Effects\Magic-i Visual Effects.exe [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableUIADesktopToggle"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] |
|
04.09.2009, 21:28
| #13 |
| | 3 Trojaner eingefangen Namen sind dabei hijackthis dabei kleine Problemmeldung.. ======List of files/folders created in the last 1 months====== 2009-09-04 13:41:54 ----D---- C:\Windows\PreviewSoft 2009-09-04 13:41:48 ----A---- C:\Windows\ULEAD32.INI 2009-09-04 10:06:11 ----D---- C:\Program Files\CCleaner 2009-09-04 10:05:14 ----D---- C:\rsit 2009-09-04 10:02:37 ----A---- C:\Windows\system32\msxml.dll 2009-09-04 10:02:36 ----A---- C:\Windows\system32\STKIT432.DLL 2009-09-04 10:02:33 ----D---- C:\Program Files\Registry Mechanic 2009-09-04 10:00:10 ----D---- C:\Users\HP\AppData\Roaming\Malwarebytes 2009-09-04 10:00:04 ----D---- C:\ProgramData\Malwarebytes 2009-09-04 10:00:04 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2009-09-04 08:04:40 ----D---- C:\Program Files\Trend Micro 2009-09-03 19:40:17 ----D---- C:\Program Files\Robby 2009-09-03 00:06:11 ----A---- C:\Windows\system32\Apphlpdm.dll 2009-09-03 00:06:08 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll 2009-08-27 15:08:46 ----A---- C:\Windows\system32\tzres.dll 2009-08-20 16:18:29 ----D---- C:\ProgramData\Blizzard Entertainment 2009-08-20 15:53:28 ----A---- C:\Windows\system32\BASSMOD.dll 2009-08-15 23:53:09 ----D---- C:\Users\HP\AppData\Roaming\MAGIX 2009-08-15 16:25:22 ----A---- C:\Windows\musicmaker.INI 2009-08-15 16:06:01 ----A---- C:\Windows\system32\msxml4a.dll 2009-08-15 16:03:32 ----A---- C:\Windows\system32\LMRTREND.dll 2009-08-15 16:03:32 ----A---- C:\Windows\system32\LMRT.dll 2009-08-15 16:03:31 ----A---- C:\Windows\system32\dxtmsft3.dll 2009-08-15 16:03:30 ----A---- C:\Windows\system32\unam4ie.exe 2009-08-15 16:03:27 ----A---- C:\Windows\system32\vidx16.dll 2009-08-15 16:03:27 ----A---- C:\Windows\system32\danim.dll 2009-08-15 16:03:26 ----A---- C:\Windows\system32\qcut.dll 2009-08-15 16:03:24 ----A---- C:\Windows\system32\w95inf32.dll 2009-08-15 16:03:24 ----A---- C:\Windows\system32\w95inf16.dll 2009-08-15 16:03:23 ----D---- C:\Windows\~dxmcab~ 2009-08-15 16:03:17 ----D---- C:\Program Files\MAGIX Online Druck Service 2009-08-15 16:03:12 ----A---- C:\Windows\system32\TTIC32.dll 2009-08-15 16:03:12 ----A---- C:\Windows\system32\TTI32.dll 2009-08-15 16:03:12 ----A---- C:\Windows\system32\STRING32.dll 2009-08-15 16:03:12 ----A---- C:\Windows\system32\mgxcdr.txt 2009-08-15 16:03:12 ----A---- C:\Windows\system32\mgxasio.dll 2009-08-15 16:03:12 ----A---- C:\Windows\system32\DLLTPO32.dll 2009-08-15 16:03:12 ----A---- C:\Windows\system32\DLLRES32.dll 2009-08-15 16:03:12 ----A---- C:\Windows\system32\DLLRD32.dll 2009-08-15 16:03:12 ----A---- C:\Windows\system32\DLLPTL32.dll 2009-08-15 16:03:12 ----A---- C:\Windows\system32\DLLPRJ32.dll 2009-08-15 16:03:12 ----A---- C:\Windows\system32\DLLPRF32.dll 2009-08-15 16:03:12 ----A---- C:\Windows\system32\DLLPNT32.dll 2009-08-15 16:03:12 ----A---- C:\Windows\system32\DLLMSC32.dll 2009-08-15 16:03:12 ----A---- C:\Windows\system32\DLLIX.dll 2009-08-15 16:03:12 ----A---- C:\Windows\system32\DLLISO32.dll 2009-08-15 16:03:12 ----A---- C:\Windows\system32\DLLIO32.dll 2009-08-15 16:03:12 ----A---- C:\Windows\system32\DLLIMG32.dll 2009-08-15 16:03:12 ----A---- C:\Windows\system32\DLLDRV32.dll 2009-08-15 16:03:12 ----A---- C:\Windows\system32\DLLDIR32.dll 2009-08-15 16:03:12 ----A---- C:\Windows\system32\DLLDEV32.dll 2009-08-15 16:03:12 ----A---- C:\Windows\system32\DLLCPY32.dll 2009-08-15 16:03:12 ----A---- C:\Windows\system32\DLLCDF32.dll 2009-08-15 16:03:12 ----A---- C:\Windows\system32\DLLCDA32.dll 2009-08-15 16:03:12 ----A---- C:\Windows\system32\DLLAV32.dll 2009-08-15 16:02:57 ----D---- C:\Program Files\Common Files\MAGIX Shared 2009-08-15 15:59:11 ----D---- C:\MAGIX 2009-08-15 15:59:10 ----D---- C:\Windows\system32\MAGIX 2009-08-15 15:59:10 ----A---- C:\Windows\system32\ROBOEX32.DLL 2009-08-15 15:59:09 ----A---- C:\Windows\system32\INETWH32.dll 2009-08-15 15:59:09 ----A---- C:\Windows\system32\HtmlWH.dll 2009-08-15 15:58:53 ----A---- C:\Windows\system32\mgxoschk.dll 2009-08-15 15:58:53 ----A---- C:\Windows\mgxoschk.ini 2009-08-14 19:50:14 ----D---- C:\Program Files\abcde 2009-08-14 19:08:45 ----D---- C:\Program Files\Schriftarten 2009-08-14 17:03:10 ----D---- C:\Program Files\Adobe Design Premium CS3 2009-08-14 16:47:47 ----D---- C:\Program Files\PSCS2 2009-08-13 21:53:54 ----A---- C:\Windows\system32\xfcodec.dll 2009-08-12 19:37:01 ----A---- C:\Windows\system32\atl.dll 2009-08-12 19:36:59 ----A---- C:\Windows\system32\wkssvc.dll 2009-08-12 19:36:56 ----A---- C:\Windows\system32\mstscax.dll 2009-08-12 19:36:53 ----A---- C:\Windows\system32\avifil32.dll 2009-08-12 19:36:44 ----A---- C:\Windows\system32\wmp.dll 2009-08-12 19:36:43 ----A---- C:\Windows\system32\wmpdxm.dll 2009-08-12 19:36:40 ----A---- C:\Windows\system32\spwmp.dll 2009-08-12 19:36:39 ----A---- C:\Windows\system32\dxmasf.dll 2009-08-12 19:36:38 ----A---- C:\Windows\system32\wmploc.DLL 2009-08-08 14:52:13 ----D---- C:\GAMIGO ======List of files/folders modified in the last 1 months====== 2009-09-04 22:24:54 ----D---- C:\Windows\Prefetch 2009-09-04 22:24:23 ----D---- C:\Windows\Temp 2009-09-04 22:07:08 ----D---- C:\Users\HP\AppData\Roaming\Skype 2009-09-04 22:04:03 ----D---- C:\Program Files\Steam 2009-09-04 21:58:05 ----D---- C:\World of Warcraft 2009-09-04 21:07:36 ----D---- C:\Windows 2009-09-04 17:49:55 ----AD---- C:\ProgramData\TEMP 2009-09-04 17:39:43 ----D---- C:\Windows\SMINST 2009-09-04 16:03:42 ----D---- C:\Users\HP\AppData\Roaming\skypePM 2009-09-04 13:41:54 ----D---- C:\Windows\System32 2009-09-04 13:41:46 ----HD---- C:\Program Files\InstallShield Installation Information 2009-09-04 13:41:46 ----D---- C:\Program Files\Ulead Systems 2009-09-04 13:07:17 ----D---- C:\Users\HP\AppData\Roaming\vlc 2009-09-04 11:42:04 ----SHD---- C:\System Volume Information 2009-09-04 11:19:59 ----RD---- C:\Program Files 2009-09-04 11:19:59 ----D---- C:\Windows\system32\drivers 2009-09-04 11:17:50 ----HD---- C:\ProgramData 2009-09-04 11:17:50 ----D---- C:\Windows\Tasks 2009-09-04 10:29:19 ----SHD---- C:\Windows\Installer 2009-09-04 10:29:17 ----D---- C:\Windows\winsxs 2009-09-04 10:28:54 ----D---- C:\Program Files\Paint.NET 2009-09-04 10:28:49 ----RSD---- C:\Windows\assembly 2009-09-04 10:20:43 ----D---- C:\Windows\Debug 2009-09-04 02:02:09 ----D---- C:\Windows\system32\catroot 2009-09-04 02:02:02 ----D---- C:\Windows\system32\catroot2 2009-09-04 02:01:07 ----D---- C:\Windows\AppPatch 2009-09-03 17:37:50 ----D---- C:\Windows\system32\Tasks 2009-09-02 03:09:31 ----D---- C:\Windows\Microsoft.NET 2009-09-01 10:42:10 ----D---- C:\Program Files\Common Files\Steam 2009-08-28 13:12:13 ----D---- C:\Windows\rescache 2009-08-28 01:53:02 ----D---- C:\Windows\system32\de-DE 2009-08-26 18:49:25 ----D---- C:\Users\HP\AppData\Roaming\teamspeak2 2009-08-25 09:30:43 ----D---- C:\Users\HP\AppData\Roaming\Xfire 2009-08-20 15:50:46 ----D---- C:\Windows\system32\config 2009-08-19 14:52:42 ----D---- C:\ProgramData\Xfire 2009-08-19 04:49:47 ----D---- C:\Program Files\Mozilla Firefox 2009-08-18 14:58:12 ----D---- C:\Program Files\Xfire 2009-08-17 18:10:20 ----A---- C:\Windows\system32\aswBoot.exe 2009-08-15 19:00:17 ----D---- C:\Users\HP\AppData\Roaming\Adobe 2009-08-15 16:06:14 ----RSD---- C:\Windows\Fonts 2009-08-15 16:05:59 ----D---- C:\Windows\Help 2009-08-15 16:05:58 ----D---- C:\Program Files\Common Files\microsoft shared 2009-08-15 16:03:32 ----D---- C:\Windows\inf 2009-08-15 16:03:32 ----D---- C:\Program Files\Windows Media Player 2009-08-15 16:02:57 ----D---- C:\Program Files\Common Files 2009-08-14 02:44:24 ----D---- C:\Program Files\Common Files\Adobe 2009-08-13 14:39:01 ----D---- C:\Users\HP\AppData\Roaming\gtk-2.0 2009-08-13 03:02:45 ----D---- C:\Program Files\Windows Mail 2009-08-11 21:48:55 ----A---- C:\Windows\system32\PerfStringBackup.INI ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 ACEDRV05;ACEDRV05; \??\C:\Windows\system32\drivers\ACEDRV05.sys [2009-08-15 97792] R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2009-08-17 23152] R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2009-08-17 114768] R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2009-08-17 51376] R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2009-08-17 20560] R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2009-08-17 53328] R3 Afc;PPdus ASPI Shell; C:\Windows\system32\drivers\Afc.sys [2006-11-10 18688] R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect; C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2007-05-30 16640] R3 BCM43XV;Broadcom Extensible 802.11-Netzwerkadaptertreiber; C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 464384] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-01-15 2047576] R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2007-05-03 1065384] R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-05-16 7465312] R3 Ps2;PS2; C:\Windows\system32\DRIVERS\PS2.sys [2005-12-12 19072] R3 SNP2STD;USB2.0 PC Camera (SNP2STD); C:\Windows\system32\DRIVERS\snp2sxp.sys [2007-05-10 12179584] R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328] S1 kbdqhltl;kbdqhltl; \??\C:\Windows\system32\drivers\kbdqhltl.sys [2009-03-25 497664] S3 aajasnkj;aajasnkj; \??\C:\Users\HP\AppData\Local\Temp\aajasnkj.sys [] S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632] S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2009-02-06 55280] S3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520] S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192] S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888] S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016] S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2007-10-11 51712] R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-08-17 18752] R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-08-17 138680] R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2007-05-24 61440] R2 LightScribeService;LightScribeService Direct Disc Labeling Service; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-07-25 79136] R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-05-16 118784] R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512] R2 TeamViewer4;TeamViewer 4; C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe [2009-06-25 185640] R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-08-17 254040] R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-08-17 352920] R3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2009-08-31 316664] S2 gupdate1ca04f028fd9ce0;Google Update Service (gupdate1ca04f028fd9ce0); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-07-15 133104] S3 aspnet_state;ASP.NET-Zustandsdienst; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2009-03-23 34312] S3 fsssvc;Windows Live Family Safety; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360] S3 IDriverT;InstallDriver Table Manager; c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728] -----------------EOF----------------- //edit: Die C:\rsit\info.txt wurde keine geöffnet. |
|
04.09.2009, 21:39
| #14 |
| | 3 Trojaner eingefangen Namen sind dabei hijackthis dabei kleine Problemmeldung.. Soo nachdem ich GMER rutnergeladen habe und genauso ausgeführt habe, habe ich nach ca. 30sec eine Porblemmeldung bekommen dass diese Datei nicht richtig geht. Danach ca.2sec später habe ich bluescreen bekommen und mein pc ging down... Das Programm lass ich jetzt lieber mal. Vertraue dem nichtmehr :/ |
|
05.09.2009, 11:38
| #15 |
| | 3 Trojaner eingefangen Namen sind dabei hijackthis dabei kleine Problemmeldung.. Ok das passiert manchmal mit GMER ist aber kein Grund zur Besorgnis Versuche bitte ein anderes Programm Avira-AntiRootkit Tool: by Sunny Folgendes Tool auf den Desktop herunterladen -> Avira AntiRootkit Tool Das Tool entpacken und installieren über die setup.exe Danach das Programm starten und auf "Start Scan" klicken Nach dem Scan auf "View Report" klicken, den Text aus dem Editor kopieren (Strg+A -> Strg+C) und im Forum einfügen (Strg+V) Ich muss zunächst wissen ob ein rootkit vorhanden ist
__________________ Quidquid agis prudenter agas et respice finem Was auch immer du tust, tu es klug und bedenke die Folgen --------------------------------------------------------------------------------- Wenn ich nach 24 Stunden nicht antworte, bitte kurze PM |
|
| Themen zu 3 Trojaner eingefangen Namen sind dabei hijackthis dabei kleine Problemmeldung.. |
| adobe, antivirus, ask toolbar, askbar, avast, avast!, bho, defender, dll, entfernen, explorer, gupdate, hijack, hijackthis, internet, internet explorer, local\temp, mozilla, nvidia, pdf, programme, rundll, seiten, software, sweetim, system, temp, toolbars, trojaner, trojaner eingefangen, virus, vista, win32:trojan-gen, windows |
Linear-Darstellung
