| |
| |||||||
Log-Analyse und Auswertung: Homepage gehackt, msn und icq password gehashed!Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
30.08.2008, 18:18
| #1 |
| |  Homepage gehackt, msn und icq password gehashed! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:08:40, on 30.08.2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16711) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Synaptics\SynTP\SynTPStart.exe C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe C:\Acer\Empowering Technology\eAudio\eAudio.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Launch Manager\QtZgAcer.EXE C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Winamp\winampa.exe C:\Windows\System32\rundll32.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Windows\System32\rundll32.exe C:\Windows\ehome\ehmsas.exe C:\Users\Matthias\AppData\Local\Temp\RtkBtMnt.exe C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\ICQ6\ICQ.exe C:\Program Files\Xfire\xfire.exe C:\Program Files\Gamers.IRC\mirc.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\conime.exe C:\Windows\SYSTEM32\WISPTIS.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de.intl.acer.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.intl.acer.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll O1 - Hosts: ::1 localhost O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: XTTBPos00 Class - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll O3 - Toolbar: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\de\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe" O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe" O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [Skytel] Skytel.exe O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - Global Startup: Acer VCM.lnk = ? O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Empowering Technology Launcher.lnk = ? O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O13 - Gopher Prefix: O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe O23 - Service: Automatisches LiveUpdate - Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing) O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Raw Socket Service (RS_Service) - Acer Inc. - C:\Program Files\Acer\Acer VCM\RS_Service.exe O23 - Service: TeamViewer 3 (TeamViewer) - TeamViewer GmbH - C:\Program Files\TeamViewer3\TeamViewer_Host.exe O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 12169 bytes also meine homepage wurde gehackt von einer gewissen Ma$€r hacka crew!...danach wurde auch mein msn und icq passwort geklaut...es waren nicht die selben! könnte es sein das ich einen trojaner oder einen keylogger auf dem pc habe? hab alles gescannt mit NOD32, avasti und kaspersky, doch ohne funde. hoster der homepage war webspell falls das was hilft! in meinem header wurde geschrieben "hacked over webspell by Ma$€r hacka crew" könnt ihr da was finden? |
|
30.08.2008, 18:21
| #2 | ||
 | Homepage gehackt, msn und icq password gehashed! Wenn dein ICQ-Passwort und dein MSN-Passwort schon geändert wurden sind , würde ich Dir jetzt schon zu Neuaufsetzen raten.
__________________Scanne aber erstmal mit Malwarebytes Anti-Malware. > Hier klicken Poste uns bitte den Bericht. EDIT: Den Eintrag mit HijackThis fixen: Zitat:
Zitat:
__________________ |
|
30.08.2008, 18:48
| #3 |
| | Homepage gehackt, msn und icq password gehashed! C:\Windows\PLFSet.dll
__________________AhnLab-V3 2008.8.29.0 2008.08.29 - AntiVir 7.8.1.23 2008.08.30 - Authentium 5.1.0.4 2008.08.30 - Avast 4.8.1195.0 2008.08.30 - AVG 8.0.0.161 2008.08.29 - BitDefender 7.2 2008.08.30 - CAT-QuickHeal 9.50 2008.08.29 - ClamAV 0.93.1 2008.08.30 - DrWeb 4.44.0.09170 2008.08.30 - eSafe 7.0.17.0 2008.08.28 - eTrust-Vet 31.6.6057 2008.08.29 - Ewido 4.0 2008.08.30 - F-Prot 4.4.4.56 2008.08.29 - F-Secure 7.60.13501.0 2008.08.30 - Fortinet 3.14.0.0 2008.08.30 - GData 19 2008.08.30 - Ikarus T3.1.1.34.0 2008.08.30 - K7AntiVirus 7.10.433 2008.08.30 - Kaspersky 7.0.0.125 2008.08.30 - McAfee 5373 2008.08.29 - Microsoft 1.3807 2008.08.25 - NOD32v2 3401 2008.08.30 - Norman 5.80.02 2008.08.29 - Panda 9.0.0.4 2008.08.30 - PCTools 4.4.2.0 2008.08.30 - Prevx1 V2 2008.08.30 - Rising 20.59.51.00 2008.08.30 - Sophos 4.33.0 2008.08.30 - Sunbelt 3.1.1592.1 2008.08.30 - Symantec 10 2008.08.30 - TheHacker 6.3.0.6.068 2008.08.30 - TrendMicro 8.700.0.1004 2008.08.29 - VBA32 3.12.8.4 2008.08.30 - ViRobot 2008.8.30.1357 2008.08.30 - VirusBuster 4.5.11.0 2008.08.30 - Webwasher-Gateway 6.6.2 2008.08.30 - weitere Informationen File size: 45056 bytes MD5...: c5ef9c7a3a18199cdfacea1da7286adb SHA1..: 738e979034cd26461b7148a566fc59a22dd1a70a SHA256: 182426aa1bfddc7f9254de003a73c277131c8b87aebb97857bb04cd39e770d00 SHA512: e41cd9782efd9331d6c06e0a8e3093556094cf9f299a959439ffb0bb235dd136 879ed792071efa8552360359fb5a564f4e823807657c637889c19112ffd478fc PEiD..: Armadillo v1.xx - v2.xx TrID..: File type identification Win32 Executable MS Visual C++ (generic) (65.2%) Win32 Executable Generic (14.7%) Win32 Dynamic Link Library (generic) (13.1%) Generic Win/DOS Executable (3.4%) DOS Executable Generic (3.4%) PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x10002061 timedatestamp.....: 0x462d79a7 (Tue Apr 24 03:29:43 2007) machinetype.......: 0x14c (I386) ( 5 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x53ea 0x6000 6.09 1799e9307a32faed501a351513fc2ca8 .rdata 0x7000 0xd2d 0x1000 4.79 3d5eeea4e8b9537e6657519412445f96 .data 0x8000 0x2500 0x1000 2.30 98021c4fbcd45fb9ef6c889f774a625d .rsrc 0xb000 0x3d0 0x1000 0.99 2731004299c55799c8205aa60b791845 .reloc 0xc000 0xcd8 0x1000 3.36 83c3ed74f3bdc16374b77fe69b823988 ( 5 imports ) > KERNEL32.dll: lstrcpyW, WideCharToMultiByte, GetSystemDefaultLCID, Sleep, CloseHandle, RtlUnwind, GetCommandLineA, GetVersion, ExitProcess, TerminateProcess, GetCurrentProcess, GetCurrentThreadId, TlsSetValue, TlsAlloc, TlsFree, SetLastError, TlsGetValue, GetLastError, SetHandleCount, GetStdHandle, GetFileType, GetStartupInfoA, DeleteCriticalSection, GetModuleFileNameA, FreeEnvironmentStringsA, FreeEnvironmentStringsW, GetEnvironmentStrings, GetEnvironmentStringsW, HeapDestroy, HeapCreate, VirtualFree, HeapFree, WriteFile, SetFilePointer, EnterCriticalSection, LeaveCriticalSection, InterlockedDecrement, InterlockedIncrement, InitializeCriticalSection, HeapAlloc, GetCPInfo, GetACP, GetOEMCP, VirtualAlloc, HeapReAlloc, GetProcAddress, LoadLibraryA, SetStdHandle, MultiByteToWideChar, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW, FlushFileBuffers > USER32.dll: DestroyWindow > ADVAPI32.dll: RegQueryValueExA, RegOpenKeyExA, RegCloseKey, RegSetValueExA > SHELL32.dll: ShellExecuteA > ole32.dll: CoCreateInstance, CoInitialize, CoUninitialize ( 2 exports ) PLFDefSetting, SetProc C:\Windows\system32\DRIVERS\xaudio.exe Antivirus Version letzte aktualisierung Ergebnis AhnLab-V3 2008.8.29.0 2008.08.29 - AntiVir 7.8.1.23 2008.08.30 - Authentium 5.1.0.4 2008.08.30 - Avast 4.8.1195.0 2008.08.30 - AVG 8.0.0.161 2008.08.29 - BitDefender 7.2 2008.08.30 - CAT-QuickHeal 9.50 2008.08.29 - ClamAV 0.93.1 2008.08.30 - DrWeb 4.44.0.09170 2008.08.30 - eSafe 7.0.17.0 2008.08.28 - eTrust-Vet 31.6.6057 2008.08.29 - Ewido 4.0 2008.08.30 - F-Prot 4.4.4.56 2008.08.29 - F-Secure 7.60.13501.0 2008.08.30 - Fortinet 3.14.0.0 2008.08.30 - GData 19 2008.08.30 - Ikarus T3.1.1.34.0 2008.08.30 - K7AntiVirus 7.10.433 2008.08.30 - Kaspersky 7.0.0.125 2008.08.30 - McAfee 5373 2008.08.29 - Microsoft 1.3807 2008.08.25 - NOD32v2 3401 2008.08.30 - Norman 5.80.02 2008.08.29 - Panda 9.0.0.4 2008.08.30 - PCTools 4.4.2.0 2008.08.30 - Prevx1 V2 2008.08.30 - Rising 20.59.51.00 2008.08.30 - Sophos 4.33.0 2008.08.30 - Sunbelt 3.1.1592.1 2008.08.30 - Symantec 10 2008.08.30 - TheHacker 6.3.0.6.068 2008.08.30 - TrendMicro 8.700.0.1004 2008.08.29 - VBA32 3.12.8.4 2008.08.30 - ViRobot 2008.8.30.1357 2008.08.30 - VirusBuster 4.5.11.0 2008.08.30 - Webwasher-Gateway 6.6.2 2008.08.30 - weitere Informationen File size: 386560 bytes MD5...: f82fc2c30a19442b95ae554215837c46 SHA1..: 4e8cc55b235f1f0ebce572c5a931d7d8528a0557 SHA256: 7cad611d660264bb22069148dc16601d3458d1372fc1de85bd004906e19d05b4 SHA512: 2f172a02330bd13625228f4d0e3ed598a6dbe9ae4dacae1b3076fbc85140ebaa b7a3ef0025e188b53d24f497df9f1f9e3212e538f2ecda1c3d4bd545533d6adc PEiD..: - TrID..: File type identification Win32 Executable MS Visual C++ (generic) (65.2%) Win32 Executable Generic (14.7%) Win32 Dynamic Link Library (generic) (13.1%) Generic Win/DOS Executable (3.4%) DOS Executable Generic (3.4%) PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x408bcb timedatestamp.....: 0x45bfa957 (Tue Jan 30 20:23:51 2007) machinetype.......: 0x14c (I386) ( 4 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x14b18 0x14c00 6.80 2df34dc15fb42f540d859b3d5f8cb7c7 .rdata 0x16000 0x47846 0x47a00 7.56 4976159c02e20e9a77f3a9fa45c586a7 .data 0x5e000 0x76c4 0x1800 3.61 745bd72de230ce1444c1d64a9d519985 .rsrc 0x66000 0x388 0x400 2.94 387f6639975bac48c7886e6f62f91a7b ( 4 imports ) > KERNEL32.dll: FormatMessageA, lstrlenA, LocalFree, GetModuleFileNameA, GetVersionExA, QueryPerformanceFrequency, WaitForSingleObject, CreateEventA, CreateFileA, ResetEvent, DeviceIoControl, WaitForMultipleObjects, GetLastError, Sleep, CancelIo, CloseHandle, SetEvent, FlushFileBuffers, WriteConsoleW, HeapFree, HeapAlloc, ExitThread, ResumeThread, CreateThread, GetProcAddress, GetModuleHandleA, ExitProcess, GetCommandLineA, GetProcessHeap, HeapDestroy, HeapCreate, VirtualFree, DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, VirtualAlloc, HeapReAlloc, RaiseException, WriteFile, GetStdHandle, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, InterlockedIncrement, SetLastError, GetCurrentThreadId, InterlockedDecrement, LoadLibraryA, InitializeCriticalSection, GetCPInfo, GetACP, GetOEMCP, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStringsW, SetHandleCount, GetFileType, GetStartupInfoA, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, RtlUnwind, HeapSize, SetFilePointer, GetConsoleCP, GetConsoleMode, MultiByteToWideChar, GetLocaleInfoA, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW, SetStdHandle, WriteConsoleA, GetConsoleOutputCP > ADVAPI32.dll: SetSecurityDescriptorDacl, SetServiceStatus, DeregisterEventSource, StartServiceCtrlDispatcherA, RegisterServiceCtrlHandlerA, OpenServiceA, ControlService, QueryServiceStatus, DeleteService, OpenSCManagerA, CreateServiceA, CloseServiceHandle, RegisterEventSourceA, ReportEventA, InitializeSecurityDescriptor > AVRT.dll: AvSetMmThreadCharacteristicsA, AvRevertMmThreadCharacteristics > ole32.dll: CoTaskMemFree, CoInitializeEx, CoUninitialize, CoCreateInstance ( 0 exports ) Malwarebytes läuft noch bisher 13 infiziert :S O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) wie fix ich das? vielen dank für die rasche antwort! |
|
30.08.2008, 19:31
| #4 |
| | Homepage gehackt, msn und icq password gehashed! Malwarebytes' Anti-Malware 1.25 Datenbank Version: 1098 Windows 6.0.6000 20:29:52 30.08.2008 mbam-log-08-30-2008 (20-29-52).txt Scan-Methode: Vollständiger Scan (C:\|D:\|) Durchsuchte Objekte: 149963 Laufzeit: 1 hour(s), 2 minute(s), 27 second(s) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 19 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 3 Infizierte Dateien: 9 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CLASSES_ROOT\contextprogram.browserwatcher (Adware.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\contextprogram.browserwatcher.1 (Adware.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\contextprogram.precachebrowserhost (Adware.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\contextprogram.precachebrowserhost.1 (Adware.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{018fe159-4a56-8237-0211-989634717eb4} (Adware.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{2f560603-a26f-c7e9-5e30-08dba79699c4} (Adware.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{bf798913-adc2-4304-2b4e-876f60917aab} (Adware.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{4c1aff62-c4fb-dc22-f1dd-20f26a27ec12} (Adware.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{926ea0f6-080a-0778-9569-cac35c7f03b8} (Adware.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{9f009604-ac89-957d-19a5-5815b478e169} (Adware.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\{e2010c89-dc4c-e7bf-aa56-e826b40072a0} (Adware.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\contextprogram (Adware.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Mirar (Adware.Mirar) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\ContextProgram (Adware.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\PlayMP3 (Adware.PlayMP3Z) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\ContextProgram.DLL (Adware.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fbrowsingadvisor_is1 (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: C:\Program Files\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully. C:\Program Files\FBrowserAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully. C:\Program Files\ContextProgram (Adware.Agent) -> Quarantined and deleted successfully. Infizierte Dateien: C:\Program Files\Mozilla Firefox\regxpcom.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully. C:\Program Files\FBrowsingAdvisor\XPCOMEvents.dll (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully. C:\Program Files\FBrowsingAdvisor\IXPCOMEvents.xpt (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully. C:\Program Files\FBrowsingAdvisor\Logo.png (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully. C:\Program Files\FBrowsingAdvisor\main.db (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully. C:\Program Files\FBrowsingAdvisor\unins000.dat (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully. C:\Program Files\FBrowsingAdvisor\unins000.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully. C:\Program Files\ContextProgram\pcre3.dll (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files\ContextProgram\uninstall.exe (Adware.Agent) -> Quarantined and deleted successfully. 31 infizierte sachen -.-´ so hier der log ich hoffe ihr könnt mir helfen aber muss ich wirklich mein system neuaufsetzten? |
|
| Themen zu Homepage gehackt, msn und icq password gehashed! |
| add-on, antivirus, bho, browser, drivers, eset nod32, firefox, google, helper, hijack, hijackthis, homepage, internet, internet explorer, kaspersky, launch, local\temp, logfile, mozilla, object, plug-in, pop-up-blocker, popup, registry, rundll, server, software, symantec, system, toolbars, trojaner, tuneup.defrag, urlsearchhook, vista, windows, windows defender, windows sidebar, windows\system32\drivers |
