| |
| |||||||
Log-Analyse und Auswertung: Mein laptop hacktWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
| |
12.12.2008, 09:55
| #1 |
 |  Mein laptop hackt So hallo ich hoffe diesmal mache ich alles richtig und bekomme keine gelbe karte. ich besitze einen Acer Laptop ASPIRE 7520. Habe meinen rechner für zwei wochen verliehen und als ich zurück gekommen bin und ihn wieder hatte, Hackt mein laptop der maßen das ich ihn aus dem fenster schmeißen könnte wenn er nicht knapp 1000€ gekostet hätte. habe mal ein HiJack Log-file gemacht in der Hoffnug das mir jemand helfen kann. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 09:45:53, on 12.12.2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v8.00 (8.00.6001.18241) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe C:\Acer\Empowering Technology\eAudio\eAudio.exe C:\Windows\System32\rundll32.exe C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Users\Mikey\AppData\Local\ffgdwvon.exe C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\system32\taskeng.exe C:\Windows\System32\rundll32.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Users\Mikey\AppData\Local\Temp\RtkBtMnt.exe C:\Program Files\StarOffice6.0\program\soffice.exe C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE C:\Program Files\Apoint2K\ApMsgFwd.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\conime.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://de.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*h**p://de.search.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://w*w.web.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://de.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://de.rd.yahoo.com/customize/ie/defaults/su/msgr9/*h**p://de.search.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://de.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*h**p://de.search.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://home.sweetim.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = h**p://de.rd.yahoo.com/customize/ie/defaults/su/msgr9/*h**p://de.search.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: AGSearchHook Class - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - C:\Program Files\AGI\common\agcutils.dll O1 - Hosts: ::1 localhost O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AGSearchHook Class - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - C:\Program Files\AGI\common\agcutils.dll O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe" O4 - HKLM\..\Run: [Skytel] Skytel.exe O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ffgdwvon] "c:\users\mikey\appdata\local\ffgdwvon.exe" ffgdwvon O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [Messenger (Yahoo!)] ~"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [Speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user') O4 - Startup: StarOffice 6.0.lnk = C:\Program Files\StarOffice6.0\program\quickstart.exe O4 - Global Startup: Empowering Technology Launcher.lnk = C:\Acer\Empowering Technology\eAPLauncher.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll O13 - Gopher Prefix: O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: AG Windows Service (AGWinService) - Unknown owner - C:\Program Files\AGI\common\win32\PythonService.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 10022 bytes |
|
12.12.2008, 10:20
| #2 |
| | Mein laptop hackt Hallo Mikey33,
__________________//für folgende Äußerungen übernehme ich keine Verantwortung, der Nutzer handelt auf eigene Gefahr.// Meiner Meinung nach kein Malware-Problem! Denke falscher Thread. Dein Autostart ist zugemüllt. Bitte unwichtige Programme deaktivieren. Ausführen->MSconfig->Systemstart, dann einiges deaktvieren, AV-Tool sollte aktiv bleiben. Hardware schaden? Evtl. Überhitzung? Zusätzlich kannste die Toolbars deinstallieren, sie sind große Sicherheitslücken, da diese supide programmiert wurden. Ich hab das Log nun nicht richtig gecheckt nur mal schnell online. Dort wird mir die O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll als schädlich ausgegeben, ist jedoch nicht sehr aussage kräftig dieser Onlinecheck! Wenn du möchtest kannste dies C:\Program Files\AskBarDis\bar\bin\askBar.dll bei Virustotal.com ja mal checken. Haste das SP1 für Vista schon installiert? Scheint mir nicht, ist aber empfehlenswert! Grüße HiTTi Geändert von HiTTi (12.12.2008 um 10:26 Uhr) |
|
12.12.2008, 15:15
| #3 | |||
  | Mein laptop hackt Moin
__________________Zitat:
 z.B. hier Zitat:
Deinstalliere bitte noch die Ask Toolbar. Überprüfe dein System bitte mit Navilog Zitat:
MFG
__________________ |
|
12.12.2008, 22:12
| #4 |
| | Mein laptop hackt Danke für euere hilfe. habe jetzt alle tools gelöscht und habe auch sp1 aufgespielt. fals ich vergesseb haben sollte ich habe das doffe Vista Home premium drauf was ich gerne wieder loshaben möchte und zum xp wieder gehe. aber vista sch.... war da schon drauf. und das ist das ergebnis von Navilog Search Navipromo version 3.7.0 began on 12.12.2008 at 22:00:42,55 !!! Warning, this report may include legitimate files/programs !!! !!! Post this report on the forum you are being helped !!! !!! Don't continue with removal unless instructed by an authorized helper !!! Fix running from C:\Program Files\navilog1 Updated on 10.12.2008 at 21h00 by IL-MAFIOSO Microsoft® Windows Vista™ Home Premium ( v6.0.6001 ) Service Pack 1 X86-based PC ( Multiprocessor Free : AMD Turion(tm) 64 X2 Mobile Technology TL-52 ) BIOS : PhoenixBIOS 4.0 Release 6.1 USER : Mikey ( Administrator ) BOOT : Normal boot Antivirus : Avira AntiVir PersonalEdition 8.0.1.30 (Activated) C:\ (Local Disk) - NTFS - Total:69 Go (Free:51 Go) D:\ (Local Disk) - NTFS - Total:69 Go (Free:68 Go) E:\ (CD or DVD) Search done in normal mode *** Searching for installed Software *** *** Search folders in "C:\Windows" *** *** Search folders in "C:\Program Files" *** *** Search folders in "c:\progra~2\micros~1\windows\startm~1\programs" *** *** Search folders in "c:\progra~2\micros~1\windows\startm~1" *** *** Search folders in "C:\ProgramData" *** *** Search folders in "c:\users\mikey\appdata\roaming\micros~1\windows\startm~1\programs" *** *** Search folders in "C:\Users\Mikey\AppData\Local\virtualstore\Program Files" *** *** Search folders in "C:\Users\Mikey\AppData\Roaming" *** *** Search with Catchme-rootkit/stealth malware detector by gmer *** for more info : http://w*w.gmer.net *** Search with GenericNaviSearch *** !!! Possibility of legitimate files in the result !!! !!! Must always be checked before manually deleting !!! * Scan in "C:\Windows\system32" * * Scan in "C:\Users\Mikey\AppData\Local\Microsoft" * * Scan in "C:\Users\Mikey\AppData\Local\virtualstore\windows\system32" * * Scan in "C:\Users\Mikey\AppData\Local" * *** Search files *** *** Search specific Registry keys *** !! Following keys are not certainly all infected !! HKEY_CURRENT_USER\Software\mc found ! *** Complementary Search *** (Search specific files) 1)Search new Instant Access files : 2)Heuristic Search : * In "C:\Windows\system32" : * In "C:\Users\Mikey\AppData\Local\Microsoft" : * In "C:\Users\Mikey\AppData\Local\virtualstore\windows\system32" : * In "C:\Users\Mikey\AppData\Local" : 3)Certificates Search : Egroup certificate not found ! Electronic-Group certificate found ! Montorgueil certificate not found ! OOO-Favorit certificate found ! Sunny-Day-Design-Ltd certificate not found ! 4)Search others known folders and files : *** Search completed on 12.12.2008 at 22:10:20,34 *** Geändert von Mikey33 (12.12.2008 um 22:17 Uhr) |
|
12.12.2008, 22:51
| #5 | ||
| | Mein laptop hackt Hallo Zitat:
MFG
__________________ Kein Support per PN - Bitte im Forum posten. Wenn du das Forum unterstützen möchtest Genitiv ins Wasser, weil es dativ ist   http://www.vivaconagua.org/ |
|
13.12.2008, 11:11
| #6 |
| | Mein laptop hackt Navipromo Removal version 3.7.0 started on 13.12.2008 at 11:07:42,31 Fix running from C:\Program Files\navilog1 Actual User Account : "Mikey" Updated on 10.12.2008 at 21h00 by IL-MAFIOSO Microsoft® Windows Vista™ Home Premium ( v6.0.6001 ) Service Pack 1 X86-based PC ( Multiprocessor Free : AMD Turion(tm) 64 X2 Mobile Technology TL-52 ) BIOS : PhoenixBIOS 4.0 Release 6.1 USER : Mikey ( Administrator ) BOOT : Normal boot Antivirus : Avira AntiVir PersonalEdition 8.0.1.30 (Activated) C:\ (Local Disk) - NTFS - Total:69 Go (Free:50 Go) D:\ (Local Disk) - NTFS - Total:69 Go (Free:68 Go) E:\ (CD or DVD) Cleanning Stage done in normal mode and not on reboot !! Results will not be optimised !! *** Searching, making backups and deleting files *** No Files entered !! *** Deleting folders in "C:\Windows" *** *** Deleting folders in "C:\Program Files" *** *** Deleting folders in "c:\progra~2\micros~1\windows\startm~1\programs" *** *** Deleting folders in "c:\progra~2\micros~1\windows\startm~1" *** *** Deleting folders in "C:\ProgramData" *** *** Deleting folders in c:\users\mikey\appdata\roaming\micros~1\windows\startm~1\programs *** *** Deleting folders in "C:\Users\Mikey\AppData\Local\virtualstore\Program Files" *** *** Deleting folders in "C:\Users\Mikey\AppData\Roaming" *** *** Deleting files *** *** Deleting temporary files *** Cleaning of C:\Windows\Temp done ! Cleaning of C:\Users\Mikey\AppData\Local\Temp done ! *** Complementary Search *** (Search specific files) 1)Deletion with backups new Instant Access files: 2)Heuristic search and deletion with backups : * In "C:\Windows\system32" * * In "C:\Users\Mikey\AppData\Local\Microsoft" * * In "C:\Users\Mikey\AppData\Local\virtualstore\windows\system32" * * In "C:\Users\Mikey\AppData\Local" * ffgdwvon.exe found ! Copy ffgdwvon.exe done ! ffgdwvon.exe deleted ! *** Copy Registry to Safebackup folder *** Backing up Registry done ! *** Cleaning Registry *** Registry cleaned *** Certificates *** Egroup Certificate not found ! Electronic-Group Certificate deleted ! Montorgueil Certificate not found ! OOO-Favorit Certificate deleted ! Sunny-Day-Design-Ltd Certificate not found ! *** Remaining Orphan Navipromo RUN keys *** !! Results temporarily not threated !! !! Following keys are not certainly all infected !! Keys found : [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ffgdwvon"="\"c:\\users\\mikey\\appdata\\local\\ffgdwvon.exe\" ffgdwvon" *** Search others known folders and files *** *** Cleaning stage complete on 13.12.2008 at 11:10:12,57 *** |
|
| Themen zu Mein laptop hackt |
| acer laptop, ad-aware, adobe, antivir, antivirus, ask toolbar, askbar, avg, avira, bho, defender, explorer, firefox, google, helper, hijackthis, hkus\s-1-5-18, internet, internet explorer, local\temp, log-file, mozilla, popup, rundll, software, symantec, system, temp, vista, windows, windows defender, windows sidebar |
Hybrid-Darstellung
