Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: hijackthis, bitte weiterhelfen

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 29.07.2009, 16:10   #1
Iron Maik
 
hijackthis, bitte weiterhelfen - Ausrufezeichen

hijackthis, bitte weiterhelfen



moin,
ich hab auch seit kurzem das problem, dass sich das internet manchmal alleine öffnet (mit seiten die ich nicht kenne).
ich dachte mir, dass es nicht normal ist also hab ich gegoogelt.
ich bin auf verschiedene foren gestoßen. ich habe gelesen, dass man HijackThis benutzten soll, nur ich hab keine ahnung wie man diese "malware" erkennt (hab absolut keine ahnung in diesem gebiet).

ich hoffe ihr könnte mir da jetzt mal weiter helfen.

hab schon mit antivir, spaybot und ad-aware ausprobiert aber ich weiß nicht ob jetzt alles weg ist (ich denke mal nicht).

schaut mal drüber und gebt mir bitte eine rückmeldung

Code:
ATTFilter
C:\Windows\PixArt\Pac207\Monitor.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files (x86)\ICQ6.5\ICQ.exe
C:\Users\Public\Games\World of Warcraft\BackgroundDownloader.exe
C:\Program Files (x86)\Internet Explorer\ieuser.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWow64\Macromed\Flash\FlashUtil10b.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Update 3400C] C:\sj652\hpupdate.exe 3400C
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Monopod] C:\Users\Kiam\AppData\Local\Temp\a.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe
O13 - Gopher Prefix: 
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Avira AntiVir Personal - Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c9dabf2b5a7d1b) (gupdate1c9dabf2b5a7d1b) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version4\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - Unknown owner - C:\Windows\System32\TuneUpDefragService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - Unknown owner - C:\Windows\System32\TUProgSt.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
         
ich hoffe, dass ich es so richtig gemacht hab

ich danke jetzt schonmal

Geändert von Iron Maik (29.07.2009 um 16:14 Uhr) Grund: kleinen fehler behoben

Alt 29.07.2009, 16:38   #2
Chris4You
 
hijackthis, bitte weiterhelfen - Standard

hijackthis, bitte weiterhelfen



Hi,

das HJ-Log ist nicht vollständig, es fehlt der Anfang und das Ende...
Damit können wir nicht erkennen was für ein Os (OperatingSystem) Du hast..
Hast Du auf der Rechner schon was gelöscht bzw. wurde was von Antivir gelöscht?
Es fehlen einige Dateien...

Bitte folgende Files prüfen:

Dateien Online überprüfen lassen:
  • Suche die Seite Virtustotal auf, klicke auf den Button „Durchsuchen“ und suche folgende Datei/Dateien:
Code:
ATTFilter
C:\Users\Kiam\AppData\Local\Temp\a.exe
C:\sj652\hpupdate.exe
         
  • Lade nun nacheinander jede/alle Datei/Dateien hoch, und warte bis der Scan vorbei ist. (kann bis zu 2 Minuten dauern.)
  • Poste im Anschluss das Ergebnis der Auswertung, alles abkopieren und in einen Beitrag einfügen.
  • Wichtig: Auch die Größenangabe sowie den HASH mit kopieren!

chris
__________________

__________________

Alt 29.07.2009, 16:56   #3
Iron Maik
 
hijackthis, bitte weiterhelfen - Standard

hijackthis, bitte weiterhelfen



hi,
ok ich hoffe jetzt ist alles dabei, wenn nicht weiß ich cniht was ich falsch mach

Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:49:41, on 29.07.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18248)
Boot mode: Normal

Running processes:
C:\Windows\PixArt\Pac207\Monitor.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files (x86)\ICQ6.5\ICQ.exe
C:\Users\Public\Games\World of Warcraft\BackgroundDownloader.exe
C:\Program Files (x86)\Internet Explorer\ieuser.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Update 3400C] C:\sj652\hpupdate.exe 3400C
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Monopod] C:\Users\Kiam\AppData\Local\Temp\a.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe
O13 - Gopher Prefix: 
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Avira AntiVir Personal - Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c9dabf2b5a7d1b) (gupdate1c9dabf2b5a7d1b) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version4\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - Unknown owner - C:\Windows\System32\TuneUpDefragService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - Unknown owner - C:\Windows\System32\TUProgSt.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10156 bytes
         
- C:\Users\Kiam\AppData\Local\Temp\a.exe hab ich gestern schon gelöscht (aber ist noch im papierkorb)

- hab ich mir als treiber für mein scanner geladen funktioniert aber nicht.
ich hab es auch bei Virtustotal durchlaufen lassen.

Code:
ATTFilter
a-squared 4.5.0.24 2009.07.29 - 
AhnLab-V3 5.0.0.2 2009.07.28 - 
AntiVir 7.9.0.234 2009.07.29 - 
Antiy-AVL 2.0.3.7 2009.07.29 - 
Authentium 5.1.2.4 2009.07.28 - 
Avast 4.8.1335.0 2009.07.28 - 
AVG 8.5.0.387 2009.07.29 - 
BitDefender 7.2 2009.07.29 - 
CAT-QuickHeal 10.00 2009.07.28 - 
ClamAV 0.94.1 2009.07.29 - 
Comodo 1804 2009.07.29 - 
DrWeb 5.0.0.12182 2009.07.29 - 
eSafe 7.0.17.0 2009.07.29 - 
eTrust-Vet 31.6.6645 2009.07.29 - 
F-Prot 4.4.4.56 2009.07.28 - 
F-Secure 8.0.14470.0 2009.07.29 - 
Fortinet 3.120.0.0 2009.07.29 - 
GData 19 2009.07.29 - 
Ikarus T3.1.1.64.0 2009.07.29 - 
Jiangmin 11.0.800 2009.07.29 - 
K7AntiVirus 7.10.805 2009.07.29 - 
Kaspersky 7.0.0.125 2009.07.29 - 
McAfee 5691 2009.07.28 - 
McAfee+Artemis 5691 2009.07.28 - 
McAfee-GW-Edition 6.8.5 2009.07.29 - 
Microsoft 1.4903 2009.07.29 - 
NOD32 4288 2009.07.29 - 
Norman 6.01.09 2009.07.29 - 
nProtect 2009.1.8.0 2009.07.29 - 
Panda 10.0.0.14 2009.07.28 - 
PCTools 4.4.2.0 2009.07.29 - 
Prevx 3.0 2009.07.29 - 
Rising 21.40.24.00 2009.07.29 - 
Sophos 4.44.0 2009.07.29 - 
Sunbelt 3.2.1858.2 2009.07.29 - 
Symantec 1.4.4.12 2009.07.29 - 
TheHacker 6.3.4.3.377 2009.07.29 - 
TrendMicro 8.950.0.1094 2009.07.29 - 
VBA32 3.12.10.9 2009.07.29 - 
ViRobot 2009.7.29.1859 2009.07.29 - 
VirusBuster 4.6.5.0 2009.07.29 - 
weitere Informationen 
File size: 32768 bytes 
MD5...: 3433b7a0e4fe492560705bdf8f866122 
SHA1..: 40a99fc41ea15730ce3974013a03683f00423eb2 
SHA256: ef7b1e7bce827d1da202b6f5e0ed57b81cb8964a8f4b1aa0cfbede88ec06f8f6 
ssdeep: 384:g/VkDD7HVrLLHsqA3r1eNKJDaG2r5ang1+yby:SVM5rsXrTJD12r6gzy
 
PEiD..: Armadillo v1.71 
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%) 
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x2e7f
timedatestamp.....: 0x3c5b0994 (Fri Feb 01 21:33:08 2002)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x21d2 0x3000 4.75 76cd328479912623163064018ff5f18a
.rdata 0x4000 0x138a 0x2000 3.61 fce0ed9552fac821945c73f445444239
.data 0x6000 0x4a8 0x1000 1.71 45e59819142df0404ae1c15a038cf822
.rsrc 0x7000 0x1000 0x1000 3.54 591ee82f5afc4190b90f2c548e1c0a21

( 7 imports ) 
> newdev.dll: UpdateDriverForPlugAndPlayDevicesA
> MFC42.DLL: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -
> MSVCRT.dll: _mbsicmp, _except_handler3, __set_app_type, __p__fmode, __p__commode, _adjust_fdiv, __setusermatherr, _initterm, __getmainargs, _acmdln, _XcptFilter, _exit, _onexit, __dllonexit, _mbsnbcpy, _mbsstr, _mbsnbcat, malloc, free, fopen, exit, _mbsrchr, __CxxFrameHandler, _strtime, _strdate, vfprintf, fgetpos, _setmbcp, _controlfp, fseek, fclose
> KERNEL32.dll: CloseHandle, lstrcatA, GetShortPathNameA, WaitForSingleObject, GetVersionExA, GetModuleHandleA, GetModuleFileNameA, GetCurrentProcess, FreeLibrary, SetEvent, GetWindowsDirectoryA, LoadLibraryA, GetLastError, lstrcpyA, DeleteFileA, Sleep, TerminateProcess, OpenProcess, lstrlenA, GetStartupInfoA, GetProcAddress, CreateEventA
> USER32.dll: GetSysColor, DrawIcon, GetClientRect, GetSystemMenu, AppendMenuA, ExitWindowsEx, SendMessageA, GetParent, LoadStringA, PostMessageA, GetWindowThreadProcessId, EnumWindows, EnableWindow, KillTimer, CreateWindowExA, SetTimer, CloseWindow, MsgWaitForMultipleObjects, PeekMessageA, GetSystemMetrics, FindWindowA, IsIconic, RegisterClassA, DefWindowProcA, LoadIconA
> GDI32.dll: CreateFontA
> ADVAPI32.dll: OpenProcessToken, RegCloseKey, AdjustTokenPrivileges, LookupPrivilegeValueA, RegEnumKeyExA, RegQueryValueExA, RegDeleteValueA, RegOpenKeyExA, RegSetValueExA

( 0 exports ) 
 
PDFiD.: - 
RDS...: NSRL Reference Data Set
-
         
wenn ich was vergessen hab dann bitte nochmal sagen oder sagen was ich falsch machen

danke
__________________

Geändert von Iron Maik (29.07.2009 um 16:59 Uhr) Grund: ...

Alt 29.07.2009, 17:15   #4
Iron Maik
 
hijackthis, bitte weiterhelfen - Standard

hijackthis, bitte weiterhelfen



und da hab ich gleich noch eine frage

ich hab gerade 2x desktop.ini hab (die wahrscheinlich durch das sichbar machen aufgedacht sind)

wozu sind die?
inhalt ist:

Code:
ATTFilter
[.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21799
         
-> erstellt am Donnerstag, 2. November 2006, 17:24:55
geändert am Montag, 21. Januar 2008, 05:21:14
(da hatte ich noch keinen computer gehabt O.o)

Code:
ATTFilter
[.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21769
IconResource=%SystemRoot%\system32\imageres.dll,-183
         
-> erstellt am Dienstag, 10. März 2009, 17:32:43
geändert am Dienstag, 10. März 2009, 17:32:50

Alt 30.07.2009, 07:29   #5
Chris4You
 
hijackthis, bitte weiterhelfen - Standard

hijackthis, bitte weiterhelfen



Hi,

das sind Dateien vom System die in jedem Ordner zu finden sind und sein Aussehen bestimmen (aus den Ressourcen-Dlls werden Icon 189 angezeigt)...
Du kannst die angegebenen Ressourcen-Dlls (shell32.dll, imageres.dll) bei virustotal prüfen lassen...

Hijackthis, fixen:
öffne das HijackThis -- Button "scan" -- vor den nachfolgenden Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten
Beim fixen müssen alle Programme geschlossen sein!
Code:
ATTFilter
O4 - HKCU\..\Run: [Monopod] C:\Users\Kiam\AppData\Local\Temp\a.exe
O4 - HKLM\..\Run: [HP Update 3400C] C:\sj652\hpupdate.exe 3400C
         
RSIT
Random's System Information Tool (RSIT) von random/random liest Systemdetails aus und erstellt ein aussagekräftiges Logfile.

* Lade Random's System Information Tool (RSIT) herunter http://filepony.de/download-rsit/
* speichere es auf Deinem Desktop.
* Starte mit Doppelklick die RSIT.exe.
* Klicke auf Continue, um die Nutzungsbedingungen zu akzeptieren.
* Wenn Du HijackThis nicht installiert hast, wird RSIT das für Dich herunterladen und installieren.
* In dem Fall bitte auch die Nutzungsbedingungen von Trend Micro (http://de.trendmicro.com/de/home) für HJT akzeptieren "I accept".
* Wenn Deine Firewall fragt, bitte RSIT erlauben, ins Netz zu gehen.
* Der Scan startet automatisch, RSIT checkt nun einige wichtige System-Bereiche und produziert Logfiles als Analyse-Grundlage.
* Wenn der Scan beendet ist, werden zwei Logfiles erstellt und in Deinem Editor geöffnet.
* Bitte poste den Inhalt von C:\rsit\log.txt und C:\rsit\info.txt (<= minimiert) hier in den Thread.

chris

__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Alt 30.07.2009, 11:52   #6
Iron Maik
 
hijackthis, bitte weiterhelfen - Standard

hijackthis, bitte weiterhelfen



erstmal danke für deine antwort

zweitens ich weiß nicht ob es was mit dem
Code:
ATTFilter
C:\sj652\hpupdate.exe
         
fixen gebracht hat, weil nach dem neustart es wieder aufgerufen wurde.

naja ich denke das wird sich dann raustellen.

ich hab deinen anweisungen befolgt

Alt 30.07.2009, 11:56   #7
Iron Maik
 
hijackthis, bitte weiterhelfen - Standard

hijackthis, bitte weiterhelfen



log.txt
Code:
ATTFilter
Logfile of random's system information tool 1.06 (written by random/random)
Run by Kiam at 2009-07-30 11:39:36
Microsoft® Windows Vista™ Ultimate  Service Pack 1
System drive C: has 187 GB (39%) free of 477 GB
Total RAM: 4094 MB (63% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:39:39, on 30.07.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18294)
Boot mode: Normal

Running processes:
C:\Windows\msa.exe
C:\Windows\PixArt\Pac207\Monitor.exe
C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
C:\Program Files (x86)\Internet Explorer\ieuser.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\ICQ6.5\ICQ.exe
C:\Users\Kiam\Desktop\RSIT.exe
C:\Program Files (x86)\Trend Micro\HijackThis\Kiam.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) - {EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Update 3400C] C:\sj652\hpupdate.exe 3400C
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Monopod] C:\Users\Kiam\AppData\Local\Temp\a.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe
O13 - Gopher Prefix: 
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Avira AntiVir Personal - Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c9dabf2b5a7d1b) (gupdate1c9dabf2b5a7d1b) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version4\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - Unknown owner - C:\Windows\System32\TuneUpDefragService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - Unknown owner - C:\Windows\System32\TUProgSt.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
         

Alt 30.07.2009, 11:57   #8
Iron Maik
 
hijackthis, bitte weiterhelfen - Standard

hijackthis, bitte weiterhelfen



log.txt (2.hälfte)
Code:
ATTFilter
--
End of file - 10630 bytes

======Scheduled tasks folder======

C:\Windows\tasks\1-Klick-Wartung.job
C:\Windows\tasks\Ad-Aware Update (Weekly).job
C:\Windows\tasks\Google Software Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job
C:\Windows\tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~2\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Anmelde-Hilfsprogramm - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-05-22 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2009-03-12 35840]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avgnt"=C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]
"NeroFilterCheck"=C:\Windows\system32\NeroCheck.exe [2001-07-09 155648]
"SunJavaUpdateSched"=C:\Program Files (x86)\Java\jre6\bin\jusched.exe [2009-03-12 148888]
"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"HP Update 3400C"=C:\sj652\hpupdate.exe [2002-02-01 32768]
"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2009-05-26 413696]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-05-20 98304]
"TkBellExe"=C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe [2009-07-10 198160]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"=C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe []
"Sony Ericsson PC Suite"=C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe [2009-04-01 405504]
"msnmsgr"=~C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe /background []
"SpybotSD TeaTimer"=C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2009-01-26 2144088]
"Monopod"=C:\Users\Kiam\AppData\Local\Temp\a.exe []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=
"NoActiveDesktopChanges"=
"ForceActiveDesktopOn"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f771fa90-4f63-11de-8255-00183705b062}]
shell\Auto\command - Ghost.pif
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Ghost.pif


======File associations======

.reg - open - "regedit.exe" "%1"

======List of files/folders created in the last 1 months======

2009-07-30 11:39:36 ----D---- C:\rsit
2009-07-30 11:13:36 ----A---- C:\Windows\dd_ATL90SP1_KB973924MSI6C30.txt
2009-07-30 11:13:35 ----A---- C:\Windows\dd_ATL90SP1_KB973924UI6C30.txt
2009-07-30 11:13:26 ----A---- C:\Windows\dd_ATL80SP1_KB973923UI6C12.txt
2009-07-30 11:13:26 ----A---- C:\Windows\dd_ATL80SP1_KB973923MSI6C12.txt
2009-07-30 11:13:00 ----A---- C:\Windows\dd_ATL80SP1_KB973923MSI6BBA.txt
2009-07-30 11:12:59 ----A---- C:\Windows\dd_ATL80SP1_KB973923UI6BBA.txt
2009-07-29 15:00:11 ----D---- C:\Program Files (x86)\Trend Micro
2009-07-29 13:40:07 ----HDC---- C:\ProgramData\{EF63305C-BAD7-4144-9208-D65528260864}
2009-07-29 13:40:03 ----D---- C:\ProgramData\Lavasoft
2009-07-29 13:40:03 ----D---- C:\Program Files (x86)\Lavasoft
2009-07-29 13:16:35 ----D---- C:\ProgramData\Spybot - Search & Destroy
2009-07-29 13:16:35 ----D---- C:\Program Files (x86)\Spybot - Search & Destroy
2009-07-29 12:12:33 ----A---- C:\Windows\system32\mshtml.dll
2009-07-29 12:12:32 ----A---- C:\Windows\system32\occache.dll
2009-07-29 12:12:31 ----A---- C:\Windows\system32\ieframe.dll
2009-07-29 12:12:30 ----A---- C:\Windows\system32\wininet.dll
2009-07-29 12:12:30 ----A---- C:\Windows\system32\urlmon.dll
2009-07-29 12:12:29 ----A---- C:\Windows\system32\iertutil.dll
2009-07-29 12:12:28 ----A---- C:\Windows\system32\mstime.dll
2009-07-29 12:12:28 ----A---- C:\Windows\system32\msfeeds.dll
2009-07-29 12:12:28 ----A---- C:\Windows\system32\jsproxy.dll
2009-07-29 12:12:28 ----A---- C:\Windows\system32\ieUnatt.exe
2009-07-29 12:12:28 ----A---- C:\Windows\system32\ieencode.dll
2009-07-29 12:12:28 ----A---- C:\Windows\system32\iedkcs32.dll
2009-07-29 12:12:28 ----A---- C:\Windows\system32\ieaksie.dll
2009-07-28 22:07:49 ----A---- C:\Windows\NeroDigital.ini
2009-07-28 22:06:44 ----D---- C:\Temp
2009-07-28 22:05:13 ----D---- C:\Program Files (x86)\ImTOO
2009-07-28 21:47:30 ----A---- C:\Windows\msa.exe
2009-07-26 20:31:35 ----A---- C:\Windows\iun6002.exe
2009-07-26 20:28:42 ----A---- C:\Windows\DesertCombat  Setup Log.txt
2009-07-22 12:59:47 ----D---- C:\Windows\Minidump
2009-07-15 11:34:19 ----A---- C:\Windows\system32\t2embed.dll
2009-07-15 11:34:19 ----A---- C:\Windows\system32\fontsub.dll
2009-07-15 11:34:19 ----A---- C:\Windows\system32\dciman32.dll
2009-07-15 11:34:19 ----A---- C:\Windows\system32\atmfd.dll
2009-07-10 15:42:53 ----A---- C:\Windows\system32\rmoc3260.dll
2009-07-10 15:42:48 ----A---- C:\Windows\system32\pndx5032.dll
2009-07-10 15:42:48 ----A---- C:\Windows\system32\pndx5016.dll
2009-07-10 15:42:47 ----D---- C:\Program Files (x86)\Common Files\xing shared
2009-07-10 15:42:35 ----A---- C:\Windows\system32\pncrt.dll
2009-07-10 15:42:32 ----D---- C:\Program Files (x86)\Common Files\Real
2009-07-10 15:42:31 ----D---- C:\Users\Kiam\AppData\Roaming\Real
2009-07-07 01:52:29 ----D---- C:\ProgramData\BVRP Software
2009-07-07 01:51:50 ----A---- C:\ProgramData\hpeEDB9.dll
2009-07-07 01:51:46 ----D---- C:\ProgramData\Sony Ericsson
2009-07-07 01:51:46 ----D---- C:\Program Files (x86)\Sony Ericsson
2009-07-07 01:11:59 ----D---- C:\Program Files (x86)\Sony Ericsson USB

======List of files/folders modified in the last 1 months======

2009-07-30 11:39:29 ----D---- C:\Windows\Temp
2009-07-30 11:30:53 ----D---- C:\Windows\Tasks
2009-07-30 11:21:21 ----D---- C:\Windows\SysWOW64
2009-07-30 11:21:21 ----D---- C:\Windows\System32
2009-07-30 11:21:21 ----D---- C:\Program Files (x86)\Internet Explorer
2009-07-30 11:14:38 ----D---- C:\Windows\winsxs
2009-07-30 11:13:43 ----SHD---- C:\Windows\Installer
2009-07-30 11:13:43 ----SHD---- C:\Config.Msi
2009-07-30 11:13:43 ----D---- C:\Windows
2009-07-30 11:12:52 ----SHD---- C:\System Volume Information
2009-07-30 11:08:19 ----RD---- C:\Program Files (x86)
2009-07-29 13:50:41 ----HD---- C:\ProgramData
2009-07-29 13:40:42 ----D---- C:\Windows\Prefetch
2009-07-27 14:57:43 ----D---- C:\ProgramData\TrackMania
2009-07-23 13:38:59 ----D---- C:\Program Files (x86)\Messenger Plus! Live
2009-07-22 20:43:47 ----D---- C:\Windows\inf
2009-07-21 20:19:26 ----SHD---- C:\$Recycle.Bin
2009-07-21 20:18:56 ----RD---- C:\Users
2009-07-16 10:09:59 ----D---- C:\Program Files (x86)\Windows Mail
2009-07-16 10:09:39 ----D---- C:\ProgramData\Microsoft Help
2009-07-15 20:14:24 ----A---- C:\Windows\DUMP28d4.tmp
2009-07-13 12:10:38 ----SD---- C:\Users\Kiam\AppData\Roaming\Microsoft
2009-07-11 13:28:23 ----D---- C:\Users\Kiam\AppData\Roaming\uTorrent
2009-07-10 15:42:47 ----D---- C:\Program Files (x86)\Common Files
2009-07-10 15:42:35 ----RD---- C:\Program Files
2009-07-07 01:51:46 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2009-07-03 18:49:00 ----D---- C:\Windows\LiveKernelReports
2009-07-01 00:57:03 ----D---- C:\Users\Kiam\AppData\Roaming\TeamViewer

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 CSC;Offline Files Driver; C:\Windows\system32\drivers\csc.sys []
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys []
R3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\Windows\system32\drivers\AtiHdmi.sys []
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys []
R3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys []
R3 ksthunk;Kernel Streaming Thunks; C:\Windows\system32\drivers\ksthunk.sys []
R3 RTL8169;Realtek 8169-NT-Treiber; C:\Windows\system32\DRIVERS\Rtlh64.sys []
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys []
S2 TBPanel;TBPanel; C:\Windows\system32\drivers\TBPanel.sys []
S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys []
S3 dump_wmimmc;dump_wmimmc; \??\C:\Program Files (x86)\Gpotato\Flyff\GameGuard\dump_wmimmc.sys []
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys []
S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys []
S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys []
S3 NPPTNT2;NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [2005-01-04 4682]
S3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys []
S3 PAC207;SoC PC-Camera; C:\Windows\system32\DRIVERS\PFC027.SYS []
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM); C:\Windows\system32\DRIVERS\s0016bus.sys []
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\s0016mdfl.sys []
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\s0016mdm.sys []
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\s0016mgmt.sys []
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS); C:\Windows\system32\DRIVERS\s0016nd5.sys []
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\s0016obex.sys []
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM); C:\Windows\system32\DRIVERS\s0016unic.sys []
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys []
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys []
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe []
R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Planer; C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2009-07-03 1029456]
R2 MySQL;MySQL; C:\Program Files (x86)\MySQL\MySQL Server 5.0\bin\mysqld-nt --defaults-file=C:\Program Files (x86)\MySQL\MySQL Server 5.0\my.ini MySQL []
R2 PnkBstrB;PnkBstrB; C:\Windows\system32\PnkBstrB.exe [2009-04-24 107832]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 TeamViewer4;TeamViewer 4; C:\Program Files (x86)\TeamViewer\Version4\TeamViewer_Service.exe [2009-02-27 185640]
R2 TuneUp.ProgramStatisticsSvc;@%SystemRoot%\System32\TUProgSt.exe,-1; C:\Windows\System32\TUProgSt.exe []
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2008-01-21 21504]
S2 gupdate1c9dabf2b5a7d1b;Google Update Service (gupdate1c9dabf2b5a7d1b); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-05-22 133104]
S2 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-22 183280]
S2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe []
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2008-07-27 93184]
S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe []
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-03-10 654848]
S3 fsssvc;Windows Live Family Safety; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2008-01-21 19968]
S3 TuneUp.Defrag;@%SystemRoot%\System32\TuneUpDefragService.exe,-1; C:\Windows\System32\TuneUpDefragService.exe []
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2008-01-21 21504]
S3 usprserv;User Privilege Service; C:\Windows\System32\svchost.exe [2008-01-21 21504]
S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe []

-----------------EOF-----------------
         

Alt 30.07.2009, 12:00   #9
Iron Maik
 
hijackthis, bitte weiterhelfen - Standard

hijackthis, bitte weiterhelfen



info.txt
Code:
ATTFilter
info.txt logfile of random's system information tool 1.06 2009-07-30 11:39:41

======Uninstall list======

-->C:\Program Files (x86)\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Program Files (x86)\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\Windows\UNNeroVision.exe /UNINSTALL
-->C:\Windows\UNNMP.exe /UNINSTALL
-->MsiExec /X{AC54E544-3E42-443C-A91D-A00A6974C592}
3D-Fahrschule Demo-->"C:\Program Files (x86)\3D-Fahrschule Demo\uninstall.exe"
3DMark Vantage-->C:\Program Files (x86)\InstallShield Installation Information\{C40C3C3D-97CF-44B5-836C-766E374464B3}\setup.exe -runfromtemp -l0x0009 -removeonly
3DMark06-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{7F3AD00A-1819-4B15-BB7D-08B3586336D7}\setup.exe" -l0x9  -removeonly
7-Zip 4.65-->"C:\Program Files (x86)\7-Zip\Uninstall.exe"
Ad-Aware-->"C:\ProgramData\{EF63305C-BAD7-4144-9208-D65528260864}\Ad-AwareAE.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\ProgramData\{EF63305C-BAD7-4144-9208-D65528260864}\Ad-AwareAE.exe
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Recommended Settings-->MsiExec.exe /I{73B5D990-04EA-4751-B10F-5534770B91F2}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Extra Settings-->MsiExec.exe /I{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Flash Player 10 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->C:\Program Files (x86)\Common Files\Adobe\Installers\5f143314a5d434c8511097393d17397\Setup.exe
Adobe Photoshop CS3-->MsiExec.exe /I{29F05234-DCBB-4FE0-88DC-5160C9250312}
Adobe Reader 9.1.1 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A91000000001}
Adobe Setup-->MsiExec.exe /I{F01F79AD-1F47-4685-AE4E-CCFA4EA9FF7C}
Adobe Shockwave Player 11.5-->"C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe"
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ASIO4ALL-->C:\Program Files (x86)\ASIO4ALL v2\uninstall.exe
Avira AntiVir Personal - Free Antivirus-->C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
Battlefield 1942-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}\Setup.exe" -l0x7 
Brothers in Arms: Hell's Highway-->C:\Program Files (x86)\Ubisoft\Gearbox Software\Brothers in Arms - Hell's Highway\Binaries\uninst.exe
Bus-Simulator 2008 Demo-->"C:\Program Files (x86)\Bus-Simulator 2008 Demo\unins000.exe"
Call of Duty(R) 2-->C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{D0A05794-48C2-4424-A15A-9F20FCFDD374} /l2057 
Cartoonist 1.3-->"C:\Program Files (x86)\Cartoonist\unins000.exe"
Catalyst Control Center - Branding-->MsiExec.exe /I{D3B1C799-CB73-42DE-BA0F-2344793A095C}
Cheating-Death 4.33.4-->C:\Program Files (x86)\Cheating-Death\UninstCD.exe
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Collab-->C:\Program Files (x86)\Image-Line\Collab\uninstall.exe
DesertCombat  0.7-->C:\Windows\iun6002.exe "C:\Program Files (x86)\EA GAMES\Battlefield 1942\DesertCombat.ini"
DEVIL MAY CRY 4-->MsiExec.exe /I{D4E5A687-797D-44B1-8F96-4FD7A24166A9}
DivX Codec-->C:\Program Files (x86)\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files (x86)\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files (x86)\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Program Files (x86)\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->C:\Program Files (x86)\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Euro Truck Simulator-->C:\Program Files (x86)\Euro Truck Simulator\Uninstal_EuroTruckSimulator.exe
EXPERTool 7.0-->"C:\Program Files (x86)\EXPERTool\unins000.exe"
Far Cry 2-->"C:\Program Files (x86)\InstallShield Installation Information\{F2835483-37F2-4123-B4FE-0E77D58447F2}\setup.exe" -runfromtemp -l0x0007 -removeonly
FL Studio 8-->C:\Program Files (x86)\Image-Line\FL Studio 8\uninstall.exe
floAt's Mobile Agent 2-->"C:\Program Files (x86)\FMA 2\unins000.exe"
Free YouTube Download 2.2-->"C:\Program Files (x86)\DVDVideoSoft\Free YouTube Download\unins000.exe"
Free YouTube to Mp3 Converter version 3.1-->"C:\Program Files (x86)\DVDVideoSoft\Free YouTube to Mp3 Converter\unins000.exe"
Futuremark SystemInfo-->C:\Program Files (x86)\InstallShield Installation Information\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}\setup.exe -runfromtemp -l0x0009 -removeonly
Gears of War-->C:\Program Files (x86)\InstallShield Installation Information\{1170D24F-42B7-40CF-AA1B-6395CE562354}\setup.exe -runfromtemp -l0x0407
Google Chrome-->"C:\Program Files (x86)\Google\Chrome\Application\2.0.172.37\Installer\setup.exe" --uninstall --system-level
Google Earth-->MsiExec.exe /X{CC016F21-3970-11DE-B878-005056806466}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google Updater-->"C:\Program Files (x86)\Google\Google Updater\GoogleUpdater.exe" -uninstall
HijackThis 2.0.2-->"C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->c:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall  /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->c:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {08155812-0202-4D5F-A7FF-12A2782DC548} /qb+ REBOOTPROMPT=""
ICQ6.5-->"C:\Program Files (x86)\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly
Icy Tower v1.4-->"c:\games\icytower1.4\unins000.exe"
IL Download Manager-->C:\Program Files (x86)\Image-Line\Downloader\uninstall.exe
ImTOO 3GP Video Converter-->C:\Program Files (x86)\ImTOO\3GP Video Converter 3\Uninstall.exe
IsoBuster 2.5-->"C:\Program Files (x86)\Smart Projects\IsoBuster\Uninst\unins000.exe"
Java(TM) 6 Update 12-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216012FF}
Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}
McLoad Preinstaller-->C:\\Users\\Kiam\\AppData\\Roaming\\McLoad\\Uninstall-Mcload.exe
Messenger Plus! Live-->"C:\Program Files (x86)\Messenger Plus! Live\Uninstall.exe"
Microsoft Flight Simulator X Demo-->C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{B98A34C0-A6A2-4087-B272-557C1C6D0A07} 
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{20DEB77C-21D6-4D22-BB47-233E47613D57}
Microsoft Halo Trial-->"C:\Program Files (x86)\Microsoft Games\Halo Trial\UNINSTAL.EXE" /runtemp /addremove
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {E64BA721-2310-4B55-BE5A-2925F9706192}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-002A-0407-1000-0000000FF1CE} /uninstall {26454C26-D259-4543-AA60-3189E09C5F76}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0407-0000-0000000FF1CE} /uninstall {26454C26-D259-4543-AA60-3189E09C5F76}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00BA-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office Access MUI (German) 2007-->MsiExec.exe /X{90120000-0015-0407-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (German) 2007-->MsiExec.exe /X{90120000-0016-0407-0000-0000000FF1CE}
Microsoft Office Groove MUI (German) 2007-->MsiExec.exe /X{90120000-00BA-0407-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (German) 2007-->MsiExec.exe /X{90120000-0044-0407-0000-0000000FF1CE}
Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}
Microsoft Office OneNote MUI (German) 2007-->MsiExec.exe /X{90120000-00A1-0407-0000-0000000FF1CE}
Microsoft Office Outlook Connector-->MsiExec.exe /I{95120000-0120-0407-0000-0000000FF1CE}
Microsoft Office Outlook MUI (German) 2007-->MsiExec.exe /X{90120000-001A-0407-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (German) 2007-->MsiExec.exe /X{90120000-0018-0407-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Italian) 2007-->MsiExec.exe /X{90120000-001F-0410-0000-0000000FF1CE}
Microsoft Office Proofing (German) 2007-->MsiExec.exe /X{90120000-002C-0407-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0410-0000-0000000FF1CE} /uninstall {322296D4-1EAE-4030-9FBC-D2787EB25FA2}
Microsoft Office Publisher MUI (German) 2007-->MsiExec.exe /X{90120000-0019-0407-0000-0000000FF1CE}
Microsoft Office Shared MUI (German) 2007-->MsiExec.exe /X{90120000-006E-0407-0000-0000000FF1CE}
Microsoft Office Word MUI (German) 2007-->MsiExec.exe /X{90120000-001B-0407-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
MySQL Server 5.0-->MsiExec.exe /I{DBACBFE4-F79E-4AFB-A7C3-463555B8446B}
Nero Suite-->C:\Program Files (x86)\Common Files\Ahead\Uninstall\setup.exe /uninstall
NVIDIA Photoshop Plug-ins-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{23F79416-CAD1-41BF-99A3-040F6C814AAA}\setup.exe" -l0x9 
NVIDIA PhysX v8.10.13-->MsiExec.exe /X{AC54E544-3E42-443C-A91D-A00A6974C592}
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
PoiZone-->C:\Program Files (x86)\Image-Line\PoiZone\uninstall.exe
PremiumSoft Navicat 8.0 Lite for MySQL-->"C:\Program Files (x86)\PremiumSoft\Navicat 8.0 Lite MySQL\unins000.exe"
PunkBuster Services-->C:\Windows\system32\pbsvc.exe -u
QuickTime Alternative 2.8.0-->"C:\Program Files (x86)\QuickTime Alternative\unins000.exe"
QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
RealPlayer-->C:\Program Files (x86)\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|12.0
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB969679)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C66E4A6C-6E07-4C63-8CCD-2493B5087C73}
Security Update for Microsoft Office Excel 2007 (KB969682)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C03803BD-745A-46F8-8557-817DED578780}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office Publisher 2007 (KB969693)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7BE67088-1EB3-4569-8E75-DDAFBF61BC4E}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
Sniper Elite-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{A979B2D8-E3EE-4523-A26C-4AF0A6809280}\setup.exe" 
Sony ACID Music Studio 7.0-->MsiExec.exe /X{A74C1699-4BCE-433F-82D6-F11207A0581B}
Sony ACID XPress 5.0a-->MsiExec.exe /X{12F4BE69-6614-41D3-BB3B-DF7F921DF2BB}
Sony Ericsson PC Suite 5.009.00-->"C:\Program Files (x86)\InstallShield Installation Information\{2FFE93F0-BB72-4E52-8761-354D1AAA9387}\ISAdmin.exe" -runfromtemp -l0x0009 -removeonly
Spybot - Search & Destroy-->"C:\Program Files (x86)\Spybot - Search & Destroy\unins000.exe"
SweetIM for Messenger 2.7-->MsiExec.exe /X{E848C9C0-E6FF-4A3F-9D67-AE53AC3628FE}
SweetIM Toolbar for Internet Explorer 3.4-->MsiExec.exe /X{8C13BEE4-E7CE-4E46-BD13-8F41DAD00FEF}
TeamViewer 4-->C:\Program Files (x86)\TeamViewer\Version4\uninstall.exe
TmNationsForever-->"C:\Program Files (x86)\TmNationsForever\unins000.exe"
Toxic Biohazard-->C:\Program Files (x86)\Image-Line\Toxic Biohazard\uninstall.exe
TuneUp Utilities 2009-->MsiExec.exe /I{55A29068-F2CE-456C-9148-C869879E2357}
UltraStar 0.6.2-->"C:\Program Files (x86)\UltraStar\uninstall.exe"
Uninstall 1.0.0.1-->"C:\Program Files (x86)\Common Files\DVDVideoSoft\unins000.exe"
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->c:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office Outlook 2007 (KB969907)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {74F98B24-AFBD-4800-9BD6-87D349B5C462}
Update for Outlook 2007 Junk Email Filter (kb971933)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {53C200F4-3B4B-49A5-8539-2C61F1A88CA2}
Update für Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0407-0000-0000000FF1CE} /uninstall {BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}
Update für Microsoft Office Outlook 2007 Help (KB963677)-->msiexec /package {90120000-001A-0407-0000-0000000FF1CE} /uninstall {F6828576-6F79-470D-AB50-69D1BBADBD30}
Update für Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0407-0000-0000000FF1CE} /uninstall {EA160DA3-E9B5-4D03-A518-21D306665B96}
Update für Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0407-0000-0000000FF1CE} /uninstall {38472199-D7B6-4833-A949-10E4EE6365A1}
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
VLC media player 0.9.9-->C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe
Web Photo Album 0.9 Beta-->"C:\Program Files (x86)\Web Photo Album\unins000.exe"
Windows Live Anmelde-Assistent-->MsiExec.exe /I{52B97218-98CB-4B8B-9283-D213C85E1AA4}
Windows Live Call-->MsiExec.exe /I{5FC68772-6D56-41C6-9DF1-24E868198AE6}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files (x86)\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}
Windows Live Fotogalerie-->MsiExec.exe /X{119B7481-0216-40D2-A5CC-C3E1F461ECC1}
Windows Live Mail-->MsiExec.exe /I{5A166C0B-9557-4364-A057-F946D674E6AC}
Windows Live Messenger-->MsiExec.exe /X{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}
Windows Live OneCare safety scanner-->"C:\Program Files (x86)\Windows Live Safety Center\UnInstall.exe"
Windows Live OneCare safety scanner-->MsiExec.exe /X{FE0646A7-19D0-41B4-A2BB-2C35D644270D}
Windows Live Sync-->MsiExec.exe /X{ED636101-1959-4360-8BF7-209436E7DEE4}
Windows Live Writer-->MsiExec.exe /X{81821BF8-DA20-4F8C-AA87-F70A274828D4}
Windows Live-Uploadtool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
WinRAR-->C:\Program Files (x86)\WinRAR\uninstall.exe
World of Warcraft-->C:\Program Files (x86)\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe
XAMPP 1.6.8-->"c:\xampp\uninstall.exe"

======Security center information======

AS: Spybot - Search and Destroy
AS: Lavasoft Ad-Watch Live!
AS: Windows Defender

======System event log======

Computer Name: Kiam-PC
Event Code: 7036
Message: Dienst "Windows Media Player-Netzwerkfreigabedienst" befindet sich jetzt im Status "Ausgeführt".
Record Number: 45332
Source Name: Service Control Manager
Time Written: 20090730093101.000000-000
Event Type: Informationen
User: 

Computer Name: Kiam-PC
Event Code: 7036
Message: Dienst "SSTP-Dienst" befindet sich jetzt im Status "Ausgeführt".
Record Number: 45333
Source Name: Service Control Manager
Time Written: 20090730093109.000000-000
Event Type: Informationen
User: 

Computer Name: Kiam-PC
Event Code: 7036
Message: Dienst "Telefonie" befindet sich jetzt im Status "Ausgeführt".
Record Number: 45334
Source Name: Service Control Manager
Time Written: 20090730093109.000000-000
Event Type: Informationen
User: 

Computer Name: Kiam-PC
Event Code: 7036
Message: Dienst "RAS-Verbindungsverwaltung" befindet sich jetzt im Status "Ausgeführt".
Record Number: 45335
Source Name: Service Control Manager
Time Written: 20090730093109.000000-000
Event Type: Informationen
User: 

Computer Name: Kiam-PC
Event Code: 7036
Message: Dienst "Windows Modules Installer" befindet sich jetzt im Status "Beendet".
Record Number: 45336
Source Name: Service Control Manager
Time Written: 20090730093427.000000-000
Event Type: Informationen
User: 

=====Application event log=====

Computer Name: Kiam-PC
Event Code: 0
Message: 
Record Number: 10958
Source Name: gusvc
Time Written: 20090730092723.000000-000
Event Type: Informationen
User: 

Computer Name: Kiam-PC
Event Code: 4101
Message: Die Windows-Lizenz wurde überprüft.
Record Number: 10959
Source Name: Microsoft-Windows-Winlogon
Time Written: 20090730093052.000000-000
Event Type: Informationen
User: 

Computer Name: Kiam-PC
Event Code: 6000
Message: Der Winlogon-Benachrichtigungsabonnent <SessionEnv> war nicht verfügbar, um das Benachrichtigungsereignis zu verarbeiten.
Record Number: 10960
Source Name: Microsoft-Windows-Winlogon
Time Written: 20090730093052.000000-000
Event Type: Informationen
User: 

Computer Name: Kiam-PC
Event Code: 9016
Message: Der Desktopfenster-Manager wurde nicht gestartet, da bei einer Analyse der Hardware und der Konfiguration festgestellt wurde, dass keine ausreichende Leistung zu erwarten ist.
Record Number: 10961
Source Name: Desktop Window Manager
Time Written: 20090730093054.000000-000
Event Type: Informationen
User: 

Computer Name: Kiam-PC
Event Code: 1
Message: Der Zertifikatdiensteclient wurde erfolgreich gestartet.
Record Number: 10962
Source Name: Microsoft-Windows-CertificateServicesClient
Time Written: 20090730093056.509820-000
Event Type: Informationen
User: Kiam-PC\Kiam
         

Alt 30.07.2009, 12:01   #10
Iron Maik
 
hijackthis, bitte weiterhelfen - Standard

hijackthis, bitte weiterhelfen



info.txt (2.hälfte)

Code:
ATTFilter
=====Security event log=====

Computer Name: Kiam-PC
Event Code: 4672
Message: Einer neuen Anmeldung wurden besondere Rechte zugewiesen.

Antragsteller:
	Sicherheits-ID:		S-1-5-18
	Kontoname:		SYSTEM
	Kontodomäne:		NT-AUTORITÄT
	Anmelde-ID:		0x3e7

Berechtigungen:		SeAssignPrimaryTokenPrivilege
			SeTcbPrivilege
			SeSecurityPrivilege
			SeTakeOwnershipPrivilege
			SeLoadDriverPrivilege
			SeBackupPrivilege
			SeRestorePrivilege
			SeDebugPrivilege
			SeAuditPrivilege
			SeSystemEnvironmentPrivilege
			SeImpersonatePrivilege
Record Number: 13126
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090730092420.058820-000
Event Type: Überwachung erfolgreich
User: 

Computer Name: Kiam-PC
Event Code: 4648
Message: Anmeldeversuch mit expliziten Anmeldeinformationen.

Antragsteller:
	Sicherheits-ID:		S-1-5-18
	Kontoname:		KIAM-PC$
	Kontodomäne:		WORKGROUP
	Anmelde-ID:		0x3e7
	Anmelde-GUID:		{00000000-0000-0000-0000-000000000000}

Konto, dessen Anmeldeinformationen verwendet wurden:
	Kontoname:		Kiam
	Kontodomäne:		Kiam-PC
	Anmelde-GUID:		{00000000-0000-0000-0000-000000000000}

Zielserver:
	Zielservername:	localhost
	Weitere Informationen:	localhost

Prozessinformationen:
	Prozess-ID:		0x184
	Prozessname:		C:\Windows\System32\winlogon.exe

Netzwerkinformationen:
	Netzwerkadresse:	127.0.0.1
	Port:			0

Dieses Ereignis wird bei einem Anmeldeversuch durch einen Prozess generiert, wenn ausdrücklich die Anmeldeinformationen des Kontos angegeben werden.  Dies ist normalerweise der Fall in Batch-Konfigurationen, z. B. bei geplanten Aufgaben oder wenn der Befehl "runas" verwendet wird.
Record Number: 13127
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090730093051.166420-000
Event Type: Überwachung erfolgreich
User: 

Computer Name: Kiam-PC
Event Code: 4624
Message: Ein Konto wurde erfolgreich angemeldet.

Antragsteller:
	Sicherheits-ID:		S-1-5-18
	Kontoname:		KIAM-PC$
	Kontodomäne:		WORKGROUP
	Anmelde-ID:		0x3e7

Anmeldetyp:			2

Neue Anmeldung:
	Sicherheits-ID:		S-1-5-21-1250136514-2600124232-2571549852-1000
	Kontoname:		Kiam
	Kontodomäne:		Kiam-PC
	Anmelde-ID:		0x13bc5a
	Anmelde-GUID:		{00000000-0000-0000-0000-000000000000}

Prozessinformationen:
	Prozess-ID:		0x184
	Prozessname:		C:\Windows\System32\winlogon.exe

Netzwerkinformationen:
	Arbeitsstationsname:	KIAM-PC
	Quellnetzwerkadresse:	127.0.0.1
	Quellport:		0

Detaillierte Authentifizierungsinformationen:
	Anmeldeprozess:		User32 
	Authentifizierungspaket:	Negotiate
	Übertragene Dienste:	-
	Paketname (nur NTLM):	-
	Schlüssellänge:		0

Dieses Ereignis wird beim Erstellen einer Anmeldesitzung generiert. Es wird auf dem Computer generiert, auf den zugegriffen wurde.

Die Antragstellerfelder geben das Konto auf dem lokalen System an, von dem die Anmeldung angefordert wurde. Dies ist meistens ein Dienst wie der Serverdienst oder ein lokaler Prozess wie "Winlogon.exe" oder "Services.exe".

Das Anmeldetypfeld gibt den jeweiligen Anmeldetyp an. Die häufigsten Typen sind 2 (interaktiv) und 3 (Netzwerk).

Die Felder für die neue Anmeldung geben das Konto an, für das die Anmeldung erstellt wurde, d. h. das angemeldete Konto.

Die Netzwerkfelder geben die Quelle einer Remoteanmeldeanforderung an. der Arbeitsstationsname ist nicht immer verfügbar und kann in manchen Fällen leer bleiben.

Die Felder für die Authentifizierungsinformationen enthalten detaillierte Informationen zu dieser speziellen Anmeldeanforderung.
	 - Die Anmelde-GUID ist ein eindeutiger Bezeichner, der verwendet werden kann, um dieses Ereignis mit einem KDC-Ereignis zu korrelieren.
	- Die übertragenen Dienste geben an, welche Zwischendienste an der Anmeldeanforderung beteiligt waren.
	- Der Paketname gibt das in den NTLM-Protokollen verwendete Unterprotokoll an.
	- Die Schlüssellänge gibt die Länge des generierten Sitzungsschlüssels an. Wenn kein Sitzungsschlüssel angefordert wurde, ist dieser Wert 0.
Record Number: 13128
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090730093051.166420-000
Event Type: Überwachung erfolgreich
User: 

Computer Name: Kiam-PC
Event Code: 4624
Message: Ein Konto wurde erfolgreich angemeldet.

Antragsteller:
	Sicherheits-ID:		S-1-5-18
	Kontoname:		KIAM-PC$
	Kontodomäne:		WORKGROUP
	Anmelde-ID:		0x3e7

Anmeldetyp:			2

Neue Anmeldung:
	Sicherheits-ID:		S-1-5-21-1250136514-2600124232-2571549852-1000
	Kontoname:		Kiam
	Kontodomäne:		Kiam-PC
	Anmelde-ID:		0x13bc82
	Anmelde-GUID:		{00000000-0000-0000-0000-000000000000}

Prozessinformationen:
	Prozess-ID:		0x184
	Prozessname:		C:\Windows\System32\winlogon.exe

Netzwerkinformationen:
	Arbeitsstationsname:	KIAM-PC
	Quellnetzwerkadresse:	127.0.0.1
	Quellport:		0

Detaillierte Authentifizierungsinformationen:
	Anmeldeprozess:		User32 
	Authentifizierungspaket:	Negotiate
	Übertragene Dienste:	-
	Paketname (nur NTLM):	-
	Schlüssellänge:		0

Dieses Ereignis wird beim Erstellen einer Anmeldesitzung generiert. Es wird auf dem Computer generiert, auf den zugegriffen wurde.

Die Antragstellerfelder geben das Konto auf dem lokalen System an, von dem die Anmeldung angefordert wurde. Dies ist meistens ein Dienst wie der Serverdienst oder ein lokaler Prozess wie "Winlogon.exe" oder "Services.exe".

Das Anmeldetypfeld gibt den jeweiligen Anmeldetyp an. Die häufigsten Typen sind 2 (interaktiv) und 3 (Netzwerk).

Die Felder für die neue Anmeldung geben das Konto an, für das die Anmeldung erstellt wurde, d. h. das angemeldete Konto.

Die Netzwerkfelder geben die Quelle einer Remoteanmeldeanforderung an. der Arbeitsstationsname ist nicht immer verfügbar und kann in manchen Fällen leer bleiben.

Die Felder für die Authentifizierungsinformationen enthalten detaillierte Informationen zu dieser speziellen Anmeldeanforderung.
	 - Die Anmelde-GUID ist ein eindeutiger Bezeichner, der verwendet werden kann, um dieses Ereignis mit einem KDC-Ereignis zu korrelieren.
	- Die übertragenen Dienste geben an, welche Zwischendienste an der Anmeldeanforderung beteiligt waren.
	- Der Paketname gibt das in den NTLM-Protokollen verwendete Unterprotokoll an.
	- Die Schlüssellänge gibt die Länge des generierten Sitzungsschlüssels an. Wenn kein Sitzungsschlüssel angefordert wurde, ist dieser Wert 0.
Record Number: 13129
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090730093051.166420-000
Event Type: Überwachung erfolgreich
User: 

Computer Name: Kiam-PC
Event Code: 4672
Message: Einer neuen Anmeldung wurden besondere Rechte zugewiesen.

Antragsteller:
	Sicherheits-ID:		S-1-5-21-1250136514-2600124232-2571549852-1000
	Kontoname:		Kiam
	Kontodomäne:		Kiam-PC
	Anmelde-ID:		0x13bc5a

Berechtigungen:		SeSecurityPrivilege
			SeTakeOwnershipPrivilege
			SeLoadDriverPrivilege
			SeBackupPrivilege
			SeRestorePrivilege
			SeDebugPrivilege
			SeSystemEnvironmentPrivilege
			SeImpersonatePrivilege
Record Number: 13130
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090730093051.166420-000
Event Type: Überwachung erfolgreich
User: 

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files (x86)\Common Files\DivX Shared\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Smart Projects\IsoBuster
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=AMD64 Family 15 Model 67 Stepping 3, AuthenticAMD
"PROCESSOR_REVISION"=4303
"NUMBER_OF_PROCESSORS"=2
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\34FB5F65-FFEB-4B61-BF0E-A6A76C450FAA\TraceFormat
"DFSTRACINGON"=FALSE
"CLASSPATH"=.;C:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------
         

Alt 30.07.2009, 12:12   #11
Iron Maik
 
hijackthis, bitte weiterhelfen - Standard

hijackthis, bitte weiterhelfen



antivir hat mir gerade eine meldung gegeben

Code:
ATTFilter
 
C:\Windows\msa.exe
Ist das Trojanische Pferd TR/Fakealert.146432
         
nach dem ich auch löschen geklickt hab kommt nach sehr kurzer zeit wieder die selbe meldung!

Geändert von Iron Maik (30.07.2009 um 12:19 Uhr) Grund: ...

Alt 30.07.2009, 12:33   #12
Chris4You
 
hijackthis, bitte weiterhelfen - Standard

hijackthis, bitte weiterhelfen



Hi,

Bitte folgende Files prüfen:

Dateien Online überprüfen lassen:
  • Suche die Seite Virtustotal auf, klicke auf den Button „Durchsuchen“ und suche folgende Datei/Dateien:
Code:
ATTFilter
C:\Windows\msa.exe
c:\windows\system32\Ghost.pif <- Wurmverdacht!
C:\Windows\iun6002.exe
         
  • Lade nun nacheinander jede/alle Datei/Dateien hoch, und warte bis der Scan vorbei ist. (kann bis zu 2 Minuten dauern.)
  • Poste im Anschluss das Ergebnis der Auswertung, alles abkopieren und in einen Beitrag einfügen.
  • Wichtig: Auch die Größenangabe sowie den HASH mit kopieren!

Tools downloaden, installieren (MAM & updaten), vom Netz trennen und das hier abarbeiten!

Also:
Anleitung Avenger (by swandog46)

1.) Lade dir das Tool Avenger und speichere es auf dem Desktop:



2.) Das Programm so einstellen wie es auf dem Bild zu sehen ist.

Kopiere nun folgenden Text in das weiße Feld:
(bei -> "input script here")


Code:
ATTFilter
Files to delete:
C:\Windows\msa.exe
C:\sj652\hpupdate.exe
C:\Users\Kiam\AppData\Local\Temp\a.exe
C:\Windows\tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job
C:\Windows\tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job
c:\windows\system32\Ghost.pif
c:\windows\Ghost.pif

Folders to delete:
C:\Users\Kiam\AppData\Local\Temp
         
3.) Schliesse nun alle Programme (vorher notfalls abspeichern!) und Browser-Fenster, nach dem Ausführen des Avengers wird das System neu gestartet.

4.) Um den Avenger zu starten klicke auf -> Execute
Dann bestätigen mit "Yes" das der Rechner neu startet!

5.) Nachdem das System neu gestartet ist, findest du hier einen Report vom Avenger -> C:\avenger.txt
Öffne die Datei mit dem Editor und kopiere den gesamten Text in deinen Beitrag hier am Trojaner-Board.


Hijackthis, fixen:
öffne das HijackThis -- Button "scan" -- vor den nachfolgenden Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten
Beim fixen müssen alle Programme geschlossen sein!
Code:
ATTFilter
R3 - URLSearchHook: (no name) - {EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)
O4 - HKLM\..\Run: [HP Update 3400C] C:\sj652\hpupdate.exe 3400C
O4 - HKCU\..\Run: [Monopod] C:\Users\Kiam\AppData\Local\Temp\a.exe
         
MAM:
Malwarebytes Antimalware (MAM).
Anleitung&Download hier: http://www.trojaner-board.de/51187-m...i-malware.html
Fullscan und alles bereinigen lassen! Log posten.

GMER:
Gmer:
http://www.trojaner-board.de/74908-a...t-scanner.html
Den Downloadlink findest Du links oben (www.gmer.net/files), dort dann
auf den Button "Download EXE", dabei wird ein zufälliger Name generiert (den und den Pfad wo Du sie gespeichert hast bitte merken).
Starte GMER und schaue, ob es schon was meldet. Macht es das, bitte alle Fragen mit "nein" beantworten, auf den Reiter "rootkit" gehen, wiederum die Frage mit "nein" beantworten und mit Hilfe von copy den Bericht in den Thread einfügen. Meldet es so nichts, gehe auf den Reiter Rootkit und mache einen Scan. Ist dieser beendet, wähle Copy und füge den Bericht ein.

Chris
__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Alt 30.07.2009, 14:33   #13
Iron Maik
 
hijackthis, bitte weiterhelfen - Standard

hijackthis, bitte weiterhelfen



ich hoffe ich hab alles richtig gemacht.

zu
Code:
ATTFilter
C:\Windows\msa.exe
c:\windows\system32\Ghost.pif <- Wurmverdacht!
C:\Windows\iun6002.exe
         
für die msa.exe wird mir gesagt, dass ich keine recht hab.
ghost.pif ist garnicht vorhanden finde ich nciht, die "suchfunktion" hat es auch nciht gefunden.

iun6002.exe :
Code:
ATTFilter
Antivirus Version letzte aktualisierung Ergebnis 
AhnLab-V3 5.0.0.2 2009.07.30 - 
AntiVir 7.9.0.234 2009.07.30 - 
Antiy-AVL 2.0.3.7 2009.07.30 - 
Authentium 5.1.2.4 2009.07.29 - 
Avast 4.8.1335.0 2009.07.29 - 
AVG 8.5.0.387 2009.07.30 - 
BitDefender 7.2 2009.07.30 - 
CAT-QuickHeal 10.00 2009.07.30 - 
ClamAV 0.94.1 2009.07.30 - 
Comodo 1812 2009.07.30 - 
DrWeb 5.0.0.12182 2009.07.30 - 
eSafe 7.0.17.0 2009.07.29 - 
eTrust-Vet 31.6.6647 2009.07.30 - 
F-Prot 4.4.4.56 2009.07.29 - 
F-Secure 8.0.14470.0 2009.07.30 - 
Fortinet 3.120.0.0 2009.07.30 - 
GData 19 2009.07.30 - 
Ikarus T3.1.1.64.0 2009.07.30 - 
Jiangmin 11.0.800 2009.07.30 - 
K7AntiVirus 7.10.805 2009.07.29 - 
Kaspersky 7.0.0.125 2009.07.30 - 
McAfee 5692 2009.07.29 - 
McAfee+Artemis 5692 2009.07.29 - 
McAfee-GW-Edition 6.8.5 2009.07.30 - 
Microsoft 1.4903 2009.07.30 - 
NOD32 4290 2009.07.30 - 
Norman 6.01.09 2009.07.29 - 
nProtect 2009.1.8.0 2009.07.30 - 
Panda 10.0.0.14 2009.07.30 - 
PCTools 4.4.2.0 2009.07.29 - 
Prevx 3.0 2009.07.30 - 
Rising 21.40.32.00 2009.07.30 - 
Sophos 4.44.0 2009.07.30 - 
Sunbelt 3.2.1858.2 2009.07.29 - 
Symantec 1.4.4.12 2009.07.30 - 
TheHacker 6.3.4.3.378 2009.07.30 - 
TrendMicro 8.950.0.1094 2009.07.30 - 
VBA32 3.12.10.9 2009.07.30 - 
ViRobot 2009.7.30.1861 2009.07.30 - 
VirusBuster 4.6.5.0 2009.07.29 - 
weitere Informationen 
File size: 729088 bytes 
MD5...: 80e41fbc33b6d5a605e53787de767048 
SHA1..: dbf29b5f3a440bc38633de39f853ee7d73523682 
SHA256: af3ba3406b220c70b855f98b2f5ffae87ff302e4abd03e967db346d75e0fb4d8 
ssdeep: 12288:vpVgMjjZ6JvlAbDNuuGQx+yHqiDlgo2RxDnrceelv38GXKeauh0lobpA8:
v1x1HqiDlgboT//X3auxpA
 
PEiD..: Armadillo v1.71 
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%) 
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x5e905
timedatestamp.....: 0x3fb4ddab (Fri Nov 14 13:50:35 2003)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x83fee 0x84000 6.53 158c89f31f44c80fe31ceca9fb519df2
.rdata 0x85000 0x17f0e 0x18000 4.54 149a2b9760497a5270a82fc8e7464a0d
.data 0x9d000 0x1191c 0xe000 5.12 e21946808edf2e036ff480ec33bfde55
.rsrc 0xaf000 0x6778 0x7000 3.64 bf40d9f04b7f1f56903940535f80dee0

( 14 imports ) 
> WINMM.dll: waveOutGetNumDevs
> VERSION.dll: VerLanguageNameA, GetFileVersionInfoA, GetFileVersionInfoSizeA, VerQueryValueA
> KERNEL32.dll: GetCPInfo, GetOEMCP, RtlUnwind, RaiseException, HeapFree, HeapAlloc, HeapReAlloc, GetTimeZoneInformation, GetSystemTime, GetLocalTime, ExitProcess, GetStartupInfoA, GetCommandLineA, GetACP, HeapSize, SetUnhandledExceptionFilter, GetEnvironmentVariableA, GlobalFlags, HeapCreate, VirtualFree, VirtualAlloc, IsBadWritePtr, LCMapStringA, LCMapStringW, UnhandledExceptionFilter, FreeEnvironmentStringsW, GetEnvironmentStringsW, SetHandleCount, GetStdHandle, GetFileType, GetStringTypeA, GetStringTypeW, IsBadCodePtr, SetStdHandle, CompareStringA, CompareStringW, SetEnvironmentVariableA, SetErrorMode, LocalReAlloc, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSection, GetVersion, GetCurrentThreadId, GlobalGetAtomNameA, GlobalAddAtomA, GlobalFindAtomA, GlobalDeleteAtom, LockResource, FindResourceA, LoadResource, SystemTimeToFileTime, GetFileTime, FileTimeToSystemTime, WideCharToMultiByte, InterlockedDecrement, GetFullPathNameA, MoveFileA, UnlockFile, LockFile, FlushFileBuffers, DuplicateHandle, DosDateTimeToFileTime, LocalFileTimeToFileTime, SetFileTime, GetTickCount, IsBadStringPtrA, FileTimeToLocalFileTime, FileTimeToDosDateTime, lstrcmpiA, LocalAlloc, LocalLock, LocalUnlock, GlobalReAlloc, IsDBCSLeadByte, lstrcatA, TlsGetValue, IsBadReadPtr, TlsFree, TlsSetValue, TlsAlloc, MultiByteToWideChar, GetPrivateProfileIntA, GlobalMemoryStatus, GetVolumeInformationA, GetComputerNameA, MoveFileExA, WritePrivateProfileStringA, GetPrivateProfileStringA, TerminateProcess, Sleep, GetDiskFreeSpaceA, lstrcmpA, GetCurrentDirectoryA, LoadLibraryExA, GetLogicalDriveStringsA, GetShortPathNameA, CopyFileA, FormatMessageA, LocalFree, CreateProcessA, GetPrivateProfileSectionNamesA, GetPrivateProfileSectionA, GlobalAlloc, GlobalLock, GlobalHandle, GlobalUnlock, GlobalFree, GetCurrentThread, GetCurrentProcess, GetWindowsDirectoryA, GetSystemDirectoryA, GetSystemDefaultLangID, GetDriveTypeA, MulDiv, InterlockedIncrement, FindNextFileA, FindFirstFileA, FindClose, RemoveDirectoryA, SetCurrentDirectoryA, CreateDirectoryA, GetFileAttributesA, SetFileAttributesA, WriteFile, ReadFile, CreateFileA, GetFileSize, SetFilePointer, SetEndOfFile, DeleteFileA, GetTempPathA, GetTempFileNameA, lstrcpyA, lstrlenA, lstrcpynA, ExpandEnvironmentStringsA, GetProcessVersion, GetModuleFileNameA, OpenProcess, CloseHandle, GetModuleHandleA, LoadLibraryA, GetProcAddress, GetEnvironmentStrings, FreeEnvironmentStringsA, GetCurrentProcessId, FreeLibrary, GetVersionExA, GetLastError, SetLastError, HeapDestroy
> USER32.dll: UnpackDDElParam, ReuseDDElParam, SetMenu, LoadMenuA, DestroyMenu, ReleaseCapture, TranslateAcceleratorA, LoadAcceleratorsA, SetRectEmpty, GetMessageA, ValidateRect, GetCursorPos, PtInRect, FillRect, DrawFocusRect, GrayStringA, DrawTextA, TabbedTextOutA, EndPaint, BeginPaint, ClientToScreen, GetMenuCheckMarkDimensions, LoadBitmapA, GetMenuState, ModifyMenuA, SetMenuItemBitmaps, CheckMenuItem, EnableMenuItem, MapWindowPoints, GetSysColor, GetFocus, AdjustWindowRectEx, ScreenToClient, EqualRect, DeferWindowPos, BeginDeferWindowPos, CopyRect, EndDeferWindowPos, IsWindowVisible, UnregisterClassA, GetTopWindow, GetCapture, WinHelpA, GetMenu, GetMenuItemCount, GetSubMenu, GetMenuItemID, GetKeyState, SetWindowsHookExA, CallNextHookEx, GetClassLongA, BringWindowToTop, GetPropA, CallWindowProcA, RemovePropA, GetMessageTime, GetMessagePos, GetLastActivePopup, GetForegroundWindow, GetWindow, SystemParametersInfoA, GetWindowPlacement, SetActiveWindow, CreateDialogIndirectParamA, GetParent, SetFocus, IsWindowEnabled, ShowWindow, MoveWindow, GetDlgCtrlID, IsDialogMessageA, SendDlgItemMessageA, GetDlgItem, UnhookWindowsHookEx, GetWindowTextLengthA, LoadStringA, WaitForInputIdle, SetDlgItemTextA, SetWindowTextA, SetForegroundWindow, EndDialog, DialogBoxParamA, GetActiveWindow, GetClassNameA, CharUpperA, OemToCharA, CharNextA, CharPrevA, CharUpperBuffA, SetCursor, IsIconic, DrawIcon, DestroyIcon, ExitWindowsEx, LoadCursorA, UpdateWindow, RedrawWindow, GetDesktopWindow, GetWindowTextA, EnumWindows, GetWindowThreadProcessId, PostMessageA, ShowOwnedPopups, GetSysColorBrush, SetPropA, SetWindowPos, MessageBoxA, MsgWaitForMultipleObjects, GetSystemMetrics, EnableWindow, InvalidateRect, GetClientRect, GetDC, ReleaseDC, GetWindowRect, LoadIconA, SendMessageTimeoutA, TranslateMessage, DispatchMessageA, PeekMessageA, PostQuitMessage, IsWindow, GetWindowLongA, DefWindowProcA, SetWindowLongA, GetClassInfoA, RegisterClassA, CreateWindowExA, SendMessageA, DestroyWindow, wsprintfA, RegisterWindowMessageA, GetNextDlgTabItem
> GDI32.dll: SetViewportExtEx, OffsetViewportOrgEx, SetViewportOrgEx, SetMapMode, SelectObject, RestoreDC, SaveDC, CreateCompatibleDC, BitBlt, Escape, ExtTextOutA, TextOutA, RectVisible, PtVisible, ScaleWindowExtEx, SetWindowExtEx, DeleteObject, StretchDIBits, RealizePalette, SelectPalette, Rectangle, GetDeviceCaps, CreateFontA, CreateBitmap, SetTextColor, GetClipBox, GetBkColor, SetBkColor, SetBkMode, CreateICA, DeleteDC, GetTextMetricsA, RemoveFontResourceA, CreatePalette, GetStockObject, AddFontResourceA, CreateSolidBrush, CreateFontIndirectA, GetObjectA, ScaleViewportExtEx
> comdlg32.dll: GetFileTitleA, GetOpenFileNameA, GetSaveFileNameA
> WINSPOOL.DRV: DocumentPropertiesA, OpenPrinterA, ClosePrinter
> ADVAPI32.dll: GetServiceDisplayNameA, RegOpenKeyExA, RegCreateKeyExA, RegDeleteValueA, RegDeleteKeyA, LookupPrivilegeValueA, AdjustTokenPrivileges, LookupAccountSidA, GetUserNameA, OpenThreadToken, OpenProcessToken, GetTokenInformation, AllocateAndInitializeSid, EqualSid, FreeSid, UnlockServiceDatabase, OpenSCManagerA, EnumServicesStatusA, QueryServiceStatus, ControlService, StartServiceA, DeleteService, CloseServiceHandle, CreateServiceA, OpenServiceA, RegCloseKey, RegConnectRegistryA, RegEnumValueA, RegEnumKeyExA, RegQueryInfoKeyA, RegSetValueExA, RegQueryValueExA
> SHELL32.dll: DragFinish, SHChangeNotify, ShellExecuteA, SHBrowseForFolderA, SHGetFileInfoA, SHGetSpecialFolderLocation, SHGetPathFromIDListA, SHGetMalloc, DragQueryFileA
> COMCTL32.dll: -
> ole32.dll: CoInitialize, CoUninitialize, CoCreateInstance
> OLEAUT32.dll: -, -
> WSOCK32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -
> NETAPI32.dll: Netbios

( 0 exports ) 
 
PDFiD.: - 
RDS...: NSRL Reference Data Set
-
         

Alt 30.07.2009, 14:34   #14
Iron Maik
 
hijackthis, bitte weiterhelfen - Standard

hijackthis, bitte weiterhelfen



ich hoffe du meinst das, weil ich unter deine angabe nichts gefunden hab nur dies:

Code:
ATTFilter
================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2009-07-30 09:08
[~] Preparing to execute queued commands
[~] Deleting file: C:\Program Files (x86)\SweetIM\Messenger\default.xml
[~] Deleting file: C:\Program Files (x86)\SweetIM\Messenger\mgAdaptersProxy.dll
[~] Deleting file: C:\Program Files (x86)\SweetIM\Messenger\mgAIMAuto.dll
[~] Deleting file: C:\Program Files (x86)\SweetIM\Messenger\mgAIMMessengerAdapter.dll
[~] Deleting file: C:\Program Files (x86)\SweetIM\Messenger\mgArchive.dll
[~] Deleting file: C:\Program Files (x86)\SweetIM\Messenger\mgcommon.dll
[~] Deleting file: C:\Program Files (x86)\SweetIM\Messenger\mgcommunication.dll
[~] Deleting file: C:\Program Files (x86)\SweetIM\Messenger\mgconfig.dll
[~] Deleting file: C:\Program Files (x86)\SweetIM\Messenger\mgFlashPlayer.dll
[~] Deleting file: C:\Program Files (x86)\SweetIM\Messenger\mghooking.dll
[~] Deleting file: C:\Program Files (x86)\SweetIM\Messenger\mgICQAuto.dll
[~] Deleting file: C:\Program Files (x86)\SweetIM\Messenger\mgICQMessengerAdapter.dll
[~] Deleting file: C:\Program Files (x86)\SweetIM\Messenger\mgIEPlayer.dll
[~] Deleting file: C:\Program Files (x86)\SweetIM\Messenger\mglogger.dll
[~] Deleting file: C:\Program Files (x86)\SweetIM\Messenger\mgMediaPlayer.dll
[~] Deleting file: C:\Program Files (x86)\SweetIM\Messenger\mgMsnAuto.dll
[~] Deleting file: C:\Program Files (x86)\SweetIM\Messenger\mgMsnMessengerAdapter.dll
[~] Deleting file: C:\Program Files (x86)\SweetIM\Messenger\mgsimcommon.dll
[~] Deleting file: C:\Program Files (x86)\SweetIM\Messenger\mgSweetIM.dll
[~] Deleting file: C:\Program Files (x86)\SweetIM\Messenger\mgUpdateSupport.dll
[~] Deleting file: C:\Program Files (x86)\SweetIM\Messenger\mgxml_wrapper.dll
[~] Deleting file: C:\Program Files (x86)\SweetIM\Messenger\mgYahooAuto.dll
[~] Deleting file: C:\Program Files (x86)\SweetIM\Messenger\mgYahooMessengerAdapter.dll
[~] Deleting file: C:\Program Files (x86)\SweetIM\Messenger\msvcp71.dll
[~] Deleting file: C:\Program Files (x86)\SweetIM\Messenger\msvcr71.dll
[~] Deleting file: C:\Program Files (x86)\SweetIM\Messenger\resources\images\AudibleButton.png
[~] Deleting file: C:\Program Files (x86)\SweetIM\Messenger\resources\images\DisplayPicturesButton.png
[~] Deleting file: C:\Program Files (x86)\SweetIM\Messenger\resources\images\EmoticonButton.png
[~] Deleting file: C:\Program Files (x86)\SweetIM\Messenger\resources\images\NudgeButton.png
[~] Deleting file: C:\Program Files (x86)\SweetIM\Messenger\resources\images\SoundFxButton.png
[~] Deleting file: C:\Program Files (x86)\SweetIM\Messenger\resources\images\WinksButton.png
[~] Deleting file: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
[~] Deleting file: C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\ClearHist.exe
[~] Deleting file: C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\conf\logger.xml
[~] Deleting file: C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\default.xml
[~] Deleting file: C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgcommon.dll
[~] Deleting file: C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgconfig.dll
[~] Deleting file: C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
[~] Deleting file: C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mghooking.dll
[~] Deleting file: C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mglogger.dll
[~] Deleting file: C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgsimcommon.dll
[~] Deleting file: C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
[~] Deleting file: C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgxml_wrapper.dll
[~] Deleting file: C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\msvcp71.dll
[~] Deleting file: C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\msvcr71.dll
[~] Deleting file: C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\about.html
[~] Deleting file: C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\affid.dat
[~] Deleting file: C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\basis.xml
[~] Deleting file: C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\clear-history.png
[~] Deleting file: C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\content-notifier-anim-over.gif
[~] Deleting file: C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\content-notifier-anim.gif
[~] Deleting file: C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\content-notifier.js
[~] Deleting file: C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\dating.png
[~] Deleting file: C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\dictionary.png
[~] Deleting file: C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\eye_icon.png
[~] Deleting file: C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\eye_icon_over.png
[~] Deleting file: C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\e_cards.png
[~] Deleting file: C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\find.png
[~] Deleting file: C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\free_stuff.png
[~] Deleting file: C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\games.png
[~] Deleting file: C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\glitter.png
[~] Deleting file: C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\google.png
[~] Deleting file: C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\help.png
[~] Deleting file: C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\highlight.png
[~] Deleting file: C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\live.png
[~] Deleting file: C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\locales.xml
[~] Deleting file: C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\logo_16x16.png
[~] Deleting file: C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\logo_21x18.png
[~] Deleting file: C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\logo_32x32.png
[~] Deleting file: C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\logo_about.png
[~] Deleting file: C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\more-search-providers.png
[~] Deleting file: C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\music.png
[~] Deleting file: C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\news.png
[~] Deleting file: C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\photos.png
[~] Deleting file: C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\search-current-site.png
[~] Deleting file: C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\shopping.png
[~] Deleting file: C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\SmileySmile.png
[~] Deleting file: C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\SmileyWink.png
[~] Deleting file: C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\sweetim_text.png
[~] Deleting file: C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\toolbar.xml
[~] Deleting file: C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\version.txt
[~] Deleting file: C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\video.png
[~] Deleting file: C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\web-search.png
[~] Deleting file: C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\yahoo.png
[~] Deleting file: C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer
[~] Deleting file: C:\Program Files (x86)\SweetIM\Toolbars
[~] Deleting file: C:\Program Files (x86)\SweetIM\Messenger
[~] Deleting file: C:\Program Files (x86)\SweetIM
[~] Deleting file: c:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\conf\adapter.xml
[~] Deleting file: c:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\conf\autoupdate.xml
[~] Deleting file: c:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\conf\logger.xml
[~] Deleting file: c:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\conf\messages.xml
[~] Deleting file: c:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\conf\sweetim.xml
[~] Deleting file: c:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\conf\sweetimapp.xml
[~] Deleting file: c:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\conf\users\387548360\content_update_notification.xml
[~] Deleting file: c:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\conf\users\387548360\emoticons_shortcut.xml
[~] Deleting file: c:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\conf\users\387548360\lastuse_Emoticons.xml
[~] Deleting file: c:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\conf\users\387548360\lastuse_SpecialFX.xml
[~] Deleting file: c:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\conf\users\387548360\lastuse_Winks.xml
[~] Deleting file: c:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\conf\users\387548360\user_config.xml
[~] Deleting file: c:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\conf\users\maik-dr-bamba@hotmail.de\content_update_notification.xml
[~] Deleting file: c:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\conf\users\maik-dr-bamba@hotmail.de\emoticons_shortcut.xml
[~] Deleting file: c:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\conf\users\maik-dr-bamba@hotmail.de\lastuse_Audibles.xml
[~] Deleting file: c:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\conf\users\maik-dr-bamba@hotmail.de\lastuse_Emoticons.xml
[~] Deleting file: c:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\conf\users\maik-dr-bamba@hotmail.de\lastuse_SoundFX.xml
[~] Deleting file: c:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\conf\users\maik-dr-bamba@hotmail.de\user_config.xml
[~] Deleting file: c:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\conf\users\main_user_config.xml
[~] Deleting file: c:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\00010106.dat
[~] Deleting file: c:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\0001081A.dat
[~] Deleting file: c:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\00010859.dat
[~] Deleting file: c:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\00010894.dat
[~] Deleting file: c:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\00010895.dat
[~] Deleting file: c:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\000108A9.dat
[~] Deleting file: c:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\000108AA.dat
[~] Deleting file: c:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\000108BE.dat
[~] Deleting file: c:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\000108DF.dat
[~] Deleting file: c:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\00010908.dat
[~] Deleting file: c:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\0001090A.dat
[~] Deleting file: c:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\0001093E.dat
[~] Deleting file: c:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\00010947.dat
[~] Deleting file: c:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\00010948.dat
[~] Deleting file: c:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\00010950.dat
[~] Deleting file: c:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\00010952.dat
[~] Deleting file: c:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\00010968.dat
[~] Deleting file: c:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\00010970.dat
[~] Deleting file: c:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\00010987.dat
[~] Deleting file: c:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\0001098B.dat
[~] Deleting file: c:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\00010995.dat
[~] Deleting file: c:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\00020111.dat
[~] Deleting file: c:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\00020114.dat
[~] Deleting file: c:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\0002013F.dat
[~] Deleting file: c:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\00020167.dat
[~] Deleting file: c:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\0002020B.dat
[~] Deleting file: c:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\00030045.dat
[~] Deleting file: c:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\000300A1.dat
[~] Deleting file: c:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\000300A5.dat
[~] Deleting file: c:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\000300A7.dat
[~] Deleting file: c:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\000300A9.dat
[~] Deleting file: c:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\000300AC.dat
[~] Deleting file: c:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\000300AD.dat
[~] Deleting file: c:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\000300AF.dat
[~] Deleting file: c:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\000300B9.dat
[~] Deleting file: c:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\000300CD.dat
[~] Deleting file: c:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\000300D6.dat
[~] Deleting file: c:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\000300D7.dat
[~] Deleting file: c:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\0004001F.dat
[~] Deleting file: c:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\00040024.dat
[~] Deleting file: c:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\00040028.dat
[~] Deleting file: c:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\0004002B.dat
[~] Deleting file: c:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\00040052.dat
[~] Deleting file: c:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\000400C3.dat
[~] Deleting file: c:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\000400C4.dat
[~] Deleting file: c:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\000400DA.dat
[~] Deleting file: c:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\000400FB.dat
[~] Deleting file: c:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\00040136.dat
[~] Deleting file: c:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\0004013F.dat
[~] Deleting file: c:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\00040144.dat
[~] Deleting file: c:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\00050004.dat
[~] Deleting file: c:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\00060137.dat
[~] Deleting file: c:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\0008000B.dat
[~] Deleting file: c:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\00080014.dat
[~] Deleting file: c:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\00080017.dat
[~] Deleting file: c:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\0008001A.dat
[~] Deleting file: c:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\0008003F.dat
[~] Deleting file: c:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\00080054.dat
[~] Deleting file: c:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\0008005C.dat
[~] Deleting file: c:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\00080060.dat
[~] Deleting file: c:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\00080062.dat
[~] Deleting file: c:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\00080077.dat
[~] Deleting file: c:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\00080086.dat
[~] Deleting file: c:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\000800DE.dat
[~] Deleting file: c:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\000800E6.dat
[~] Deleting file: c:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\000800EB.dat
[~] Deleting file: c:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\01050007.dat
[~] Deleting file: c:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\cache_indx.dat
[~] Deleting file: c:\program files (x86)\sweetim\messenger\mgadaptersproxy.dll
[~] Deleting file: c:\program files (x86)\sweetim\messenger\sweetim.exe
[~] Deleting file: c:\program files (x86)\sweetim\messenger\mgupdatesupport.dll
[~] Deleting file: c:\program files (x86)\sweetim\messenger\mgcommunication.dll
[~] Deleting file: c:\program files (x86)\sweetim\messenger\mgieplayer.dll
[~] Deleting file: c:\program files (x86)\sweetim\messenger\mgcommon.dll
[~] Deleting file: c:\program files (x86)\sweetim\messenger\mghooking.dll
[~] Deleting file: c:\program files (x86)\sweetim\messenger\mgxml_wrapper.dll
[~] Deleting file: c:\program files (x86)\sweetim\messenger\mgconfig.dll
[~] Deleting file: c:\program files (x86)\sweetim\messenger\mgmsnmessengeradapter.dll
[~] Deleting file: c:\program files (x86)\sweetim\messenger\mgmsnauto.dll
[~] Deleting file: c:\program files (x86)\sweetim\messenger\mgsweetim.dll
[~] Deleting file: c:\program files (x86)\sweetim\messenger\mgflashplayer.dll
[~] Deleting file: c:\program files (x86)\sweetim\messenger\mgarchive.dll
[~] Deleting file: c:\program files (x86)\sweetim\messenger\mgsimcommon.dll
[~] Deleting file: c:\program files (x86)\sweetim\toolbars\internet explorer\mgtoolbarie.dll
[~] Deleting file: c:\program files (x86)\sweetim\toolbars\internet explorer\mgsimcommon.dll
[~] Deleting file: c:\program files (x86)\sweetim\toolbars\internet explorer\mgcommon.dll
[~] Deleting file: c:\program files (x86)\sweetim\toolbars\internet explorer\mgconfig.dll
[~] Deleting file: c:\program files (x86)\sweetim\toolbars\internet explorer\mgxml_wrapper.dll
[~] Deleting file: c:\program files (x86)\sweetim\toolbars\internet explorer\mghooking.dll
[~] Deleting file: C:\Users\Kiam\Desktop\Neuer Ordner\SweetImSetup.exe
[~] Finished processing queued commands


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2009-07-30 09:23


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2009-07-30 10:55


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2009-07-30 11:02
         

Alt 30.07.2009, 14:36   #15
Iron Maik
 
hijackthis, bitte weiterhelfen - Standard

hijackthis, bitte weiterhelfen



mbam.log
Code:
ATTFilter
Malwarebytes' Anti-Malware 1.39
Datenbank Version: 2529
Windows 6.0.6001 Service Pack 1

30.07.2009 14:03:52
mbam-log-2009-07-30 (14-03-52).txt

Scan-Methode: Vollständiger Scan (C:\|)
Durchsuchte Objekte: 345723
Laufzeit: 43 minute(s), 42 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 3
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 2
Infizierte Verzeichnisse: 0
Infizierte Dateien: 7

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\Monopod (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NordBull (Malware.Trace) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Monopod (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Windows\Tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\Kiam\AppData\Local\microsoft\Windows\temporary internet files\Low\Content.IE5\N3VS5XNE\avenger[1].exe (Trojan.Agnet) -> Quarantined and deleted successfully.
c:\Users\Kiam\Desktop\avenger.exe (Trojan.Agnet) -> Quarantined and deleted successfully.
c:\Users\Kiam\Desktop\neuer ordner\cryptload_1.0.4[1]\cryptload_1.0.4\router\fritz!box\nc.exe (PuP.Keylogger) -> Quarantined and deleted successfully.
c:\Users\Kiam\Desktop\neuer ordner\cryptload_1.0.4\router\fritz!box\nc.exe (PuP.Keylogger) -> Quarantined and deleted successfully.
c:\Users\Kiam\Desktop\neuer ordner\sony_acid_music_studio_7_inc_keygen\sony acid music studio 7 inc keygen\keygen.exe (Backdoor.SDBot) -> Quarantined and deleted successfully.
         

Antwort

Themen zu hijackthis, bitte weiterhelfen
ad-aware, adobe, alles weg, antivir, antivirus, avg, avgnt, avgnt.exe, avira, bho, bonjour, browser, computer, explorer, google update, gupdate, hijack, hijackthis, internet, internet explorer, local\temp, malware, nvidia, problem, safer networking, security, seiten, senden, software, syswow64, temp, tuneup.defrag, tuprogst.exe, windows, öffnet



Ähnliche Themen: hijackthis, bitte weiterhelfen


  1. infizierten Rechner im Netz gehabt. Verdacht auf Malware auf eigenen Laptop.Könnt ihr mir weiterhelfen?
    Plagegeister aller Art und deren Bekämpfung - 11.06.2014 (55)
  2. Wer kann mir weiterhelfen???
    Mülltonne - 12.09.2008 (0)
  3. Bitte um Rat/hijackthis-log
    Log-Analyse und Auswertung - 09.03.2008 (2)
  4. Kann mir jemand mit diesem Log weiterhelfen
    Log-Analyse und Auswertung - 17.02.2008 (3)
  5. Help trojan-downloader.bat.ftp. virus!!! Kann mir jemand bitte weiterhelfen??
    Log-Analyse und Auswertung - 28.12.2007 (2)
  6. wer kann mir weiterhelfen
    Plagegeister aller Art und deren Bekämpfung - 04.10.2007 (21)
  7. Bitte wer hilft beim auswertenLogfile of HijackThis v1.99.1Logfile of HijackThis v1.9
    Log-Analyse und Auswertung - 23.02.2007 (1)
  8. Bitte Bitte Bitte Bitte HiJackThis Log File überprüfen!!!
    Mülltonne - 13.01.2007 (0)
  9. Bitte ansehen und weiterhelfen
    Mülltonne - 09.11.2006 (1)
  10. Könnte bitte mal jemand die HiJackThis Log File durchsehen bitte?!
    Log-Analyse und Auswertung - 22.03.2006 (6)
  11. Hijackthis...vielleicht kann mir jemand weiterhelfen?
    Log-Analyse und Auswertung - 07.03.2006 (2)
  12. HiJackThis Log-File; Wer kann mir weiterhelfen ?
    Log-Analyse und Auswertung - 16.02.2006 (12)
  13. Kann mir jemand weiterhelfen?
    Log-Analyse und Auswertung - 16.11.2005 (2)
  14. Kann mir hier mal einer weiterhelfen?
    Log-Analyse und Auswertung - 11.04.2005 (2)
  15. wer kann mir bitte weiterhelfen?
    Plagegeister aller Art und deren Bekämpfung - 04.01.2005 (19)
  16. bitte kann mir da jemand weiterhelfen?
    Log-Analyse und Auswertung - 31.12.2004 (1)
  17. Hilfe- schon wieder ein Trojaner- wer kann mir weiterhelfen?!?
    Plagegeister aller Art und deren Bekämpfung - 09.11.2004 (7)

Zum Thema hijackthis, bitte weiterhelfen - moin, ich hab auch seit kurzem das problem, dass sich das internet manchmal alleine öffnet (mit seiten die ich nicht kenne). ich dachte mir, dass es nicht normal ist also - hijackthis, bitte weiterhelfen...
Archiv
Du betrachtest: hijackthis, bitte weiterhelfen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.