Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Homepage gehackt, msn und icq password gehashed!

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 30.08.2008, 19:18   #1
BelliCus
 
Homepage gehackt, msn und icq password gehashed! - Standard

Homepage gehackt, msn und icq password gehashed!



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:08:40, on 30.08.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Winamp\winampa.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\Matthias\AppData\Local\Temp\RtkBtMnt.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\ICQ6\ICQ.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\Gamers.IRC\mirc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\conime.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.intl.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: XTTBPos00 Class - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\de\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Global Startup: Acer VCM.lnk = ?
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: Automatisches LiveUpdate - Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Raw Socket Service (RS_Service) - Acer Inc. - C:\Program Files\Acer\Acer VCM\RS_Service.exe
O23 - Service: TeamViewer 3 (TeamViewer) - TeamViewer GmbH - C:\Program Files\TeamViewer3\TeamViewer_Host.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 12169 bytes







also meine homepage wurde gehackt von einer gewissen Ma$€r hacka crew!...danach wurde auch mein msn und icq passwort geklaut...es waren nicht die selben! könnte es sein das ich einen trojaner oder einen keylogger auf dem pc habe? hab alles gescannt mit NOD32, avasti und kaspersky, doch ohne funde.
hoster der homepage war webspell falls das was hilft!
in meinem header wurde geschrieben "hacked over webspell by Ma$€r hacka crew" könnt ihr da was finden?

Alt 30.08.2008, 19:21   #2
Sternensucht
 
Homepage gehackt, msn und icq password gehashed! - Standard

Homepage gehackt, msn und icq password gehashed!



Wenn dein ICQ-Passwort und dein MSN-Passwort schon geändert wurden sind , würde ich Dir jetzt schon zu Neuaufsetzen raten.
Scanne aber erstmal mit Malwarebytes Anti-Malware.
> Hier klicken

Poste uns bitte den Bericht.

EDIT: Den Eintrag mit HijackThis fixen:
Zitat:
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
Und diese Dateien bei Virustotal hochladen und Bericht posten:
Zitat:
C:\Windows\PLFSet.dll
C:\Windows\system32\DRIVERS\xaudio.exe
__________________

__________________

Alt 30.08.2008, 19:48   #3
BelliCus
 
Homepage gehackt, msn und icq password gehashed! - Standard

Homepage gehackt, msn und icq password gehashed!



C:\Windows\PLFSet.dll


AhnLab-V3 2008.8.29.0 2008.08.29 -
AntiVir 7.8.1.23 2008.08.30 -
Authentium 5.1.0.4 2008.08.30 -
Avast 4.8.1195.0 2008.08.30 -
AVG 8.0.0.161 2008.08.29 -
BitDefender 7.2 2008.08.30 -
CAT-QuickHeal 9.50 2008.08.29 -
ClamAV 0.93.1 2008.08.30 -
DrWeb 4.44.0.09170 2008.08.30 -
eSafe 7.0.17.0 2008.08.28 -
eTrust-Vet 31.6.6057 2008.08.29 -
Ewido 4.0 2008.08.30 -
F-Prot 4.4.4.56 2008.08.29 -
F-Secure 7.60.13501.0 2008.08.30 -
Fortinet 3.14.0.0 2008.08.30 -
GData 19 2008.08.30 -
Ikarus T3.1.1.34.0 2008.08.30 -
K7AntiVirus 7.10.433 2008.08.30 -
Kaspersky 7.0.0.125 2008.08.30 -
McAfee 5373 2008.08.29 -
Microsoft 1.3807 2008.08.25 -
NOD32v2 3401 2008.08.30 -
Norman 5.80.02 2008.08.29 -
Panda 9.0.0.4 2008.08.30 -
PCTools 4.4.2.0 2008.08.30 -
Prevx1 V2 2008.08.30 -
Rising 20.59.51.00 2008.08.30 -
Sophos 4.33.0 2008.08.30 -
Sunbelt 3.1.1592.1 2008.08.30 -
Symantec 10 2008.08.30 -
TheHacker 6.3.0.6.068 2008.08.30 -
TrendMicro 8.700.0.1004 2008.08.29 -
VBA32 3.12.8.4 2008.08.30 -
ViRobot 2008.8.30.1357 2008.08.30 -
VirusBuster 4.5.11.0 2008.08.30 -
Webwasher-Gateway 6.6.2 2008.08.30 -
weitere Informationen
File size: 45056 bytes
MD5...: c5ef9c7a3a18199cdfacea1da7286adb
SHA1..: 738e979034cd26461b7148a566fc59a22dd1a70a
SHA256: 182426aa1bfddc7f9254de003a73c277131c8b87aebb97857bb04cd39e770d00
SHA512: e41cd9782efd9331d6c06e0a8e3093556094cf9f299a959439ffb0bb235dd136
879ed792071efa8552360359fb5a564f4e823807657c637889c19112ffd478fc
PEiD..: Armadillo v1.xx - v2.xx
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x10002061
timedatestamp.....: 0x462d79a7 (Tue Apr 24 03:29:43 2007)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x53ea 0x6000 6.09 1799e9307a32faed501a351513fc2ca8
.rdata 0x7000 0xd2d 0x1000 4.79 3d5eeea4e8b9537e6657519412445f96
.data 0x8000 0x2500 0x1000 2.30 98021c4fbcd45fb9ef6c889f774a625d
.rsrc 0xb000 0x3d0 0x1000 0.99 2731004299c55799c8205aa60b791845
.reloc 0xc000 0xcd8 0x1000 3.36 83c3ed74f3bdc16374b77fe69b823988

( 5 imports )
> KERNEL32.dll: lstrcpyW, WideCharToMultiByte, GetSystemDefaultLCID, Sleep, CloseHandle, RtlUnwind, GetCommandLineA, GetVersion, ExitProcess, TerminateProcess, GetCurrentProcess, GetCurrentThreadId, TlsSetValue, TlsAlloc, TlsFree, SetLastError, TlsGetValue, GetLastError, SetHandleCount, GetStdHandle, GetFileType, GetStartupInfoA, DeleteCriticalSection, GetModuleFileNameA, FreeEnvironmentStringsA, FreeEnvironmentStringsW, GetEnvironmentStrings, GetEnvironmentStringsW, HeapDestroy, HeapCreate, VirtualFree, HeapFree, WriteFile, SetFilePointer, EnterCriticalSection, LeaveCriticalSection, InterlockedDecrement, InterlockedIncrement, InitializeCriticalSection, HeapAlloc, GetCPInfo, GetACP, GetOEMCP, VirtualAlloc, HeapReAlloc, GetProcAddress, LoadLibraryA, SetStdHandle, MultiByteToWideChar, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW, FlushFileBuffers
> USER32.dll: DestroyWindow
> ADVAPI32.dll: RegQueryValueExA, RegOpenKeyExA, RegCloseKey, RegSetValueExA
> SHELL32.dll: ShellExecuteA
> ole32.dll: CoCreateInstance, CoInitialize, CoUninitialize

( 2 exports )
PLFDefSetting, SetProc

C:\Windows\system32\DRIVERS\xaudio.exe

Antivirus Version letzte aktualisierung Ergebnis
AhnLab-V3 2008.8.29.0 2008.08.29 -
AntiVir 7.8.1.23 2008.08.30 -
Authentium 5.1.0.4 2008.08.30 -
Avast 4.8.1195.0 2008.08.30 -
AVG 8.0.0.161 2008.08.29 -
BitDefender 7.2 2008.08.30 -
CAT-QuickHeal 9.50 2008.08.29 -
ClamAV 0.93.1 2008.08.30 -
DrWeb 4.44.0.09170 2008.08.30 -
eSafe 7.0.17.0 2008.08.28 -
eTrust-Vet 31.6.6057 2008.08.29 -
Ewido 4.0 2008.08.30 -
F-Prot 4.4.4.56 2008.08.29 -
F-Secure 7.60.13501.0 2008.08.30 -
Fortinet 3.14.0.0 2008.08.30 -
GData 19 2008.08.30 -
Ikarus T3.1.1.34.0 2008.08.30 -
K7AntiVirus 7.10.433 2008.08.30 -
Kaspersky 7.0.0.125 2008.08.30 -
McAfee 5373 2008.08.29 -
Microsoft 1.3807 2008.08.25 -
NOD32v2 3401 2008.08.30 -
Norman 5.80.02 2008.08.29 -
Panda 9.0.0.4 2008.08.30 -
PCTools 4.4.2.0 2008.08.30 -
Prevx1 V2 2008.08.30 -
Rising 20.59.51.00 2008.08.30 -
Sophos 4.33.0 2008.08.30 -
Sunbelt 3.1.1592.1 2008.08.30 -
Symantec 10 2008.08.30 -
TheHacker 6.3.0.6.068 2008.08.30 -
TrendMicro 8.700.0.1004 2008.08.29 -
VBA32 3.12.8.4 2008.08.30 -
ViRobot 2008.8.30.1357 2008.08.30 -
VirusBuster 4.5.11.0 2008.08.30 -
Webwasher-Gateway 6.6.2 2008.08.30 -
weitere Informationen
File size: 386560 bytes
MD5...: f82fc2c30a19442b95ae554215837c46
SHA1..: 4e8cc55b235f1f0ebce572c5a931d7d8528a0557
SHA256: 7cad611d660264bb22069148dc16601d3458d1372fc1de85bd004906e19d05b4
SHA512: 2f172a02330bd13625228f4d0e3ed598a6dbe9ae4dacae1b3076fbc85140ebaa
b7a3ef0025e188b53d24f497df9f1f9e3212e538f2ecda1c3d4bd545533d6adc
PEiD..: -
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x408bcb
timedatestamp.....: 0x45bfa957 (Tue Jan 30 20:23:51 2007)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x14b18 0x14c00 6.80 2df34dc15fb42f540d859b3d5f8cb7c7
.rdata 0x16000 0x47846 0x47a00 7.56 4976159c02e20e9a77f3a9fa45c586a7
.data 0x5e000 0x76c4 0x1800 3.61 745bd72de230ce1444c1d64a9d519985
.rsrc 0x66000 0x388 0x400 2.94 387f6639975bac48c7886e6f62f91a7b

( 4 imports )
> KERNEL32.dll: FormatMessageA, lstrlenA, LocalFree, GetModuleFileNameA, GetVersionExA, QueryPerformanceFrequency, WaitForSingleObject, CreateEventA, CreateFileA, ResetEvent, DeviceIoControl, WaitForMultipleObjects, GetLastError, Sleep, CancelIo, CloseHandle, SetEvent, FlushFileBuffers, WriteConsoleW, HeapFree, HeapAlloc, ExitThread, ResumeThread, CreateThread, GetProcAddress, GetModuleHandleA, ExitProcess, GetCommandLineA, GetProcessHeap, HeapDestroy, HeapCreate, VirtualFree, DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, VirtualAlloc, HeapReAlloc, RaiseException, WriteFile, GetStdHandle, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, InterlockedIncrement, SetLastError, GetCurrentThreadId, InterlockedDecrement, LoadLibraryA, InitializeCriticalSection, GetCPInfo, GetACP, GetOEMCP, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStringsW, SetHandleCount, GetFileType, GetStartupInfoA, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, RtlUnwind, HeapSize, SetFilePointer, GetConsoleCP, GetConsoleMode, MultiByteToWideChar, GetLocaleInfoA, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW, SetStdHandle, WriteConsoleA, GetConsoleOutputCP
> ADVAPI32.dll: SetSecurityDescriptorDacl, SetServiceStatus, DeregisterEventSource, StartServiceCtrlDispatcherA, RegisterServiceCtrlHandlerA, OpenServiceA, ControlService, QueryServiceStatus, DeleteService, OpenSCManagerA, CreateServiceA, CloseServiceHandle, RegisterEventSourceA, ReportEventA, InitializeSecurityDescriptor
> AVRT.dll: AvSetMmThreadCharacteristicsA, AvRevertMmThreadCharacteristics
> ole32.dll: CoTaskMemFree, CoInitializeEx, CoUninitialize, CoCreateInstance

( 0 exports )



Malwarebytes läuft noch bisher 13 infiziert :S


O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
wie fix ich das?

vielen dank für die rasche antwort!
__________________

Alt 30.08.2008, 20:31   #4
BelliCus
 
Homepage gehackt, msn und icq password gehashed! - Standard

Homepage gehackt, msn und icq password gehashed!



Malwarebytes' Anti-Malware 1.25
Datenbank Version: 1098
Windows 6.0.6000

20:29:52 30.08.2008
mbam-log-08-30-2008 (20-29-52).txt

Scan-Methode: Vollständiger Scan (C:\|D:\|)
Durchsuchte Objekte: 149963
Laufzeit: 1 hour(s), 2 minute(s), 27 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 19
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 3
Infizierte Dateien: 9

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\contextprogram.browserwatcher (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\contextprogram.browserwatcher.1 (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\contextprogram.precachebrowserhost (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\contextprogram.precachebrowserhost.1 (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{018fe159-4a56-8237-0211-989634717eb4} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2f560603-a26f-c7e9-5e30-08dba79699c4} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{bf798913-adc2-4304-2b4e-876f60917aab} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4c1aff62-c4fb-dc22-f1dd-20f26a27ec12} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{926ea0f6-080a-0778-9569-cac35c7f03b8} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{9f009604-ac89-957d-19a5-5815b478e169} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{e2010c89-dc4c-e7bf-aa56-e826b40072a0} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\contextprogram (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Mirar (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ContextProgram (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\PlayMP3 (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\ContextProgram.DLL (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fbrowsingadvisor_is1 (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
C:\Program Files\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowserAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\ContextProgram (Adware.Agent) -> Quarantined and deleted successfully.

Infizierte Dateien:
C:\Program Files\Mozilla Firefox\regxpcom.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\XPCOMEvents.dll (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\IXPCOMEvents.xpt (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\Logo.png (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\main.db (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\unins000.dat (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\unins000.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\ContextProgram\pcre3.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\ContextProgram\uninstall.exe (Adware.Agent) -> Quarantined and deleted successfully.


31 infizierte sachen -.-´
so hier der log ich hoffe ihr könnt mir helfen
aber muss ich wirklich mein system neuaufsetzten?

Antwort

Themen zu Homepage gehackt, msn und icq password gehashed!
add-on, antivirus, bho, browser, drivers, eset nod32, firefox, google, helper, hijack, hijackthis, homepage, internet, internet explorer, kaspersky, launch, local\temp, logfile, mozilla, object, plug-in, pop-up-blocker, popup, registry, rundll, server, software, symantec, system, toolbars, trojaner, tuneup.defrag, urlsearchhook, vista, windows, windows defender, windows sidebar, windows\system32\drivers



Ähnliche Themen: Homepage gehackt, msn und icq password gehashed!


  1. Show-Password Virus gefunden
    Plagegeister aller Art und deren Bekämpfung - 03.12.2014 (15)
  2. Ads_by_Show-Password - Malware nervige Werbung
    Log-Analyse und Auswertung - 15.10.2014 (11)
  3. AOL Email gehackt? Password zurückgesetzt, nicht änderbar
    Plagegeister aller Art und deren Bekämpfung - 15.03.2014 (9)
  4. Password Assistant entfernen
    Anleitungen, FAQs & Links - 25.11.2013 (2)
  5. Show-Password Addon - nervige Werbeeinblendungen
    Plagegeister aller Art und deren Bekämpfung - 22.11.2013 (9)
  6. TrueCrypt Abfrage Password falsch eingegeben
    Überwachung, Datenschutz und Spam - 01.11.2013 (16)
  7. Trojaner... Dropper, Agent, Password-Stealer etc!
    Plagegeister aller Art und deren Bekämpfung - 18.07.2010 (1)
  8. Links werden umgeleitet, AV Webseiten und Programme funktionieren nicht mehr, Homepage gehackt
    Plagegeister aller Art und deren Bekämpfung - 13.07.2010 (12)
  9. Password List
    Plagegeister aller Art und deren Bekämpfung - 18.01.2010 (7)
  10. Account Password ausgelesen, Trojaner o.ä
    Plagegeister aller Art und deren Bekämpfung - 01.08.2009 (1)
  11. RAR password recovery
    Mülltonne - 07.06.2009 (6)
  12. Password Stealer ??
    Mülltonne - 23.11.2008 (0)
  13. Ungewolltes PayPal Password
    Log-Analyse und Auswertung - 05.08.2008 (1)
  14. password verloren
    Mülltonne - 26.07.2007 (1)
  15. Homepage gehackt! Bitte um Logfile Auswertung
    Log-Analyse und Auswertung - 09.06.2006 (6)
  16. Password für netzwerk?
    Netzwerk und Hardware - 02.02.2006 (6)
  17. Opera Password Manager (Wand)
    Überwachung, Datenschutz und Spam - 29.06.2003 (5)

Zum Thema Homepage gehackt, msn und icq password gehashed! - Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:08:40, on 30.08.2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16711) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe - Homepage gehackt, msn und icq password gehashed!...
Archiv
Du betrachtest: Homepage gehackt, msn und icq password gehashed! auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.