iexplorer mehrfach im Hintergrund offen

hangach · 20.09.2009, 17:36

Danke für die schnellen Antworten. Habe die Punkte von Coverflows Liste abgearbeitet. Dabie habe ich AskBarDis deinstalliert. Weiter habe ich die Datei xwr21173.dll bei virustotal geprüft. Hier nun die Posts:

Code:

ATTFilter

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:28:34, on 20.09.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Analog Devices\Core\smax4pnp.exe
C:\Programme\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\ASUS\Six Engine\SixEngine.exe
C:\Programme\ASUS\AI Direct Link\AsShare.exe
C:\Programme\ASUS\Drive Xpert\DriveXpert.exe
C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\monitor.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programme\lg_fwupdate\fwupdate.exe
C:\PROGRA~3\CYBERL~1\INSTAN~1\Win2K\IBurn.exe
C:\Programme\Java\jre6\bin\jusched.exe
C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programme\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Programme\Cyberlink\Shared Files\brs.exe
C:\Programme\ASUS\Drive Xpert\SteelVine.exe
C:\Programme 2\CyberLink\PowerDVD\PDVDServ.exe
C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
C:\Programme\ASUS\AI Suite\AiNap\AiNap.exe
C:\Programme\LSoft Technologies Inc\Active@ Hard Disk Monitor\DiskMonitorService.exe
C:\Programme\EIZO\ScreenManager Pro for LCD\Lcdctrl.exe
C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe
C:\Programme 2\XAPP\apache\bin\httpd.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\Corel\Corel MediaOne\Corel Photo Downloader.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme 2\CyberLink\Power2Go\Power2GoExpress.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
C:\Programme\Microsoft LifeCam\MSCamS32.exe
C:\Programme 2\XAPP\mysql\bin\mysqld.exe
C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe
C:\Programme\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\Nero\Nero BackItUp 4\IoctlSvc.exe
C:\Programme 2\XAPP\apache\bin\httpd.exe
C:\WINDOWS\System32\PSIService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Programme\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
C:\Programme\Canon\CAL\CALMAIN.exe
C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Programme\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe
C:\Programme\Microsoft ActiveSync\Wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Programme 2\Pixela\ImageMixer\CameraMonitor.exe
C:\Programme\Windows Desktop Search\WindowsSearch.exe
C:\Programme\WinZip\WZQKPICK.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ch/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Programme\TechSmith\Snagit 9\SnagitBHO.dll
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: D - {1D73EAEA-1BA3-3CDF-A637-7EBD2F523CCF} - C:\WINDOWS\system32\xwr21173.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton Internet Security\Engine\16.7.2.11\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programme\TechSmith\Snagit 9\SnagitIEAddin.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Programme\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [Six Engine] "C:\Program Files\ASUS\Six Engine\SixEngine.exe" -r
O4 - HKLM\..\Run: [Launch Direct Link] "C:\Programme\ASUS\AI Direct Link\AsShare.exe"
O4 - HKLM\..\Run: [Launch As Cmd Runner] "C:\Programme\ASUS\AI Direct Link\AsCmd.exe" -reg
O4 - HKLM\..\Run: [Drive Xpert] C:\Programme\ASUS\Drive Xpert\DriveXpert.exe
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LGODDFU] C:\Programme\lg_fwupdate\fwupdate.exe blrun
O4 - HKLM\..\Run: [OSSelectorReinstall] C:\Programme\Gemeinsame Dateien\Acronis\Acronis Disk Director\oss_reinstall.exe
O4 - HKLM\..\Run: [InstantBurn] C:\PROGRA~3\CYBERL~1\INSTAN~1\Win2K\IBurn.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programme\Nero\Nero BackItUp 4\NBKeyScan.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Programme\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Programme\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Programme 2\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Programme 2\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [Ai Nap] "C:\Programme\ASUS\AI Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [QFan Help] "C:\Programme\ASUS\AI Suite\QFan3\QFanHelp.exe"
O4 - HKLM\..\Run: [Cpu Level Up help] "C:\Programme\ASUS\AI Suite\CpuLevelUpHelp.exe"
O4 - HKLM\..\Run: [ScreenManager Pro for LCD] C:\Programme\EIZO\ScreenManager Pro for LCD\Lcdctrl.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Programme\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Programme\Corel\Corel MediaOne\Corel Photo Downloader.exe" -startup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Power2GoExpress] "C:\Programme 2\CyberLink\Power2Go\Power2GoExpress.exe" /Startup
O4 - HKCU\..\Run: [AnyDVD] C:\Programme 2\Slysoft\Any DVD\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [DesktopMaestro] C:\Programme 2\Desktop Maestro\deskmech.exe /H
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: ColorVisionStartup.lnk = C:\Programme\ColorVision\Utility\ColorVisionStartup.exe
O4 - Global Startup: ImageMixer 3 SE Camera Monitor Ver.3.lnk = ?
O4 - Global Startup: Windows Search.lnk = C:\Programme\Windows Desktop Search\WindowsSearch.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programme\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: An vorhandenes PDF anfügen - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1235511136858
O16 - DPF: {680285A8-96D3-43DA-9D3D-51DD987D0B77} (NeroVersionCheckerControl Control) - http://www.nero.com/doc/NeroVersionCheckerControl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1235511212686
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-09.sun.com/s/ESD7/JSCDL/jdk/6u13-b03/jinstall-6u13-windows-i586-jc.cab?e=1238170939804&h=860f2d0d7b072e78a4a5af3ff2be3972/&filename=jinstall-6u13-windows-i586-jc.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Programme\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll
O23 - Service: 57xx SteelVine (57xx SteelVine Manager) - Unknown owner - C:\Programme\ASUS\Drive Xpert\SteelVine.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
O23 - Service: Active@ Disk Monitor - LSoft Technologies Inc - C:\Programme\LSoft Technologies Inc\Active@ Hard Disk Monitor\DiskMonitorService.exe
O23 - Service: Apache2.2 - Apache Software Foundation - C:\Programme 2\XAPP\apache\bin\httpd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programme\Canon\CAL\CALMAIN.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Programme 2\XAPP\FileZillaFTP\FileZillaServer.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c9ead3cb28d17e) (gupdate1c9ead3cb28d17e) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
O23 - Service: mysql - Unknown owner - C:\Programme 2\XAPP\mysql\bin\mysqld.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Programme\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Programme\Nero\Nero BackItUp 4\IoctlSvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\System32\PSIService.exe

--
End of file - 16462 bytes




Reulstate virustotal für xwr21173.dll

Datei xwr21173.dll empfangen 2009.09.20 16:16:22 (UTC)
Status: Beendet 

Ergebnis: 29/41 (70.73%)
 Filter Drucken der Ergebnisse  Antivirus Version letzte aktualisierung Ergebnis 
a-squared 4.5.0.24 2009.09.20 Trojan.Win32.Chepdu!IK 
AhnLab-V3 5.0.0.2 2009.09.19 Win-Trojan/Bho.172032.Z 
AntiVir 7.9.1.19 2009.09.18 TR/BHO.Gen 
Antiy-AVL 2.0.3.7 2009.09.18 Trojan/Win32.BHO.gen 
Authentium 5.1.2.4 2009.09.19 W32/Downloader.AU.gen!Eldorado 
Avast 4.8.1351.0 2009.09.19 Win32:Trojan-gen {Other} 
AVG 8.5.0.412 2009.09.20 Generic12.BNZX 
BitDefender 7.2 2009.09.20 Trojan.Generic.2203663 
CAT-QuickHeal 10.00 2009.09.19 Trojan.BHO.lxu 
ClamAV 0.94.1 2009.09.19 Trojan.BHO-4453 
Comodo 2381 2009.09.20 - 
DrWeb 5.0.0.12182 2009.09.20 - 
eSafe 7.0.17.0 2009.09.17 - 
eTrust-Vet 31.6.6746 2009.09.18 Win32/SillyBHO.CP 
F-Prot 4.5.1.85 2009.09.19 W32/Downloader.AU.gen!Eldorado 
F-Secure 8.0.14470.0 2009.09.20 Trojan.Win32.BHO.lxu 
Fortinet 3.120.0.0 2009.09.19 - 
GData 19 2009.09.20 Trojan.Generic.2203663 
Ikarus T3.1.1.72.0 2009.09.20 Trojan.Win32.Chepdu 
Jiangmin 11.0.800 2009.09.20 Trojan/BHO.bnz 
K7AntiVirus 7.10.849 2009.09.19 - 
Kaspersky 7.0.0.125 2009.09.20 Trojan.Win32.BHO.lxu 
McAfee 5747 2009.09.20 Cheppu 
McAfee+Artemis 5747 2009.09.20 Cheppu 
McAfee-GW-Edition 6.8.5 2009.09.20 Heuristic.LooksLike.Trojan.L 
Microsoft 1.5005 2009.09.20 Trojan:Win32/BHO.AO 
NOD32 4441 2009.09.19 Win32/BHO.LXU 
Norman 6.01.09 2009.09.18 - 
nProtect 2009.1.8.0 2009.09.20 Trojan/W32.BHO.172032.O 
Panda 10.0.2.2 2009.09.20 Adware/WebSearch 
PCTools 4.4.2.0 2009.09.20 - 
Prevx 3.0 2009.09.20 High Risk Worm 
Rising 21.47.62.00 2009.09.20 Trojan.Win32.BHO.fmg 
Sophos 4.45.0 2009.09.20 Troj/BHO-ME 
Sunbelt 3.2.1858.2 2009.09.20 - 
Symantec 1.4.4.12 2009.09.20 - 
TheHacker 6.5.0.2.012 2009.09.18 Trojan/BHO.lxu 
TrendMicro 8.950.0.1094 2009.09.20 - 
VBA32 3.12.10.10 2009.09.20 Trojan.Win32.BHO.lxu 
ViRobot 2009.9.18.1943 2009.09.18 - 
VirusBuster 4.6.5.0 2009.09.20 - 
weitere Informationen 
File size: 172032 bytes 
MD5   : 6633cdbb2bae2ab87c6e1ce904853835 
SHA1  : 03121b689fc0a3cb8ae2056231d1894f8bdf1466 
SHA256: d427097236885d36aeeb2cbf5da83c889b994dec677f235d6227228971fabf20 




Installierte Prgs

Acronis*Disk Director Suite
Acronis*True*Image*Home
Active@ Hard Disk Monitor
Adobe Creative Suite 3 Master Collection hinzufügen oder entfernen
Adobe Flash Player 10 ActiveX
Adobe Flash Player 9 Plugin
AI Direct Link
AI Suite
AnyDVD
Apple Mobile Device Support
Apple Software Update
AquaSoft DiaShow Studio 6
ASUSUpdate
Audacity 1.3.7 (Unicode)
Bonjour
Canon Camera Access Library
Canon Camera Support Core Library
Canon IJ Network Scan Utility
Canon IJ Network Tool
CANON IMAGE GATEWAY Registrierungsanleitung
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon Internet Library for ZoomBrowser EX
Canon MP Navigator 3.0
Canon MP600R
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities MyCamera
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
capella 2008
capella playAlong 2.5
capella-scan 6.1
CCleaner (remove only)
CD-LabelPrint
Corel MediaOne
CyberLink InstantBurn
CyberLink PowerDVD
Desktop Maestro 3.0
Drive Xpert
DVD Architect Pro 5.0
Exact Audio Copy 0.99pb5
Express Gate Updater
Google Earth
Google Earth Plugin
Google Updater
Hi-Def Suite
HijackThis 2.0.2
ImageMixer 3 SE Ver.3
IrfanView (remove only)
iTunes
Java(TM) 6 Update 13
LabelPrint
LG ODD Auto Firmware Update
LightScribe Optical Disc Kit
LightScribe System Software  1.14.17.1
MainConcept Reference 1.6.1
Marvell Miniport Driver
Marvell Network Configuration Utility
Microsoft .NET Compact Framework 3.5
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 German Language Pack
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
Microsoft .NET Framework 3.0 German Language Pack
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
Microsoft .NET Framework 3.5 SP1
Microsoft ActiveSync
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft LifeCam
Microsoft Office Enterprise 2007
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft-Basissmartcard-Kryptografiedienstanbieterpaket
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser (KB925673)
Nero 9
Nero BackItUp 4
Nero Move it
Norton Internet Security
NVIDIA Drivers
NVIDIA PhysX
PC Probe II
Photomatix Pro version 3.0
Power2Go 5.0
PowerBackup
PowerProducer
PTGui Pro 8.1.2
QuickTime
ScreenManager Pro for LCD
SeaTools for Windows
Security Update for Windows Search 4 - KB963093
Six Engine
Skype™ 4.0
Skype™ for Windows Mobile 3.0
Snagit 9.1
Sony DVD Architect Studio 4.5
SoundMAX
Spyder2express
Total Commander (Remove or Repair)
Ulead Burn.Now 4.5 SE
Ulead PhotoImpact 12
Update für Windows XP (KB943729)
Vegas Movie Studio Platinum 9.0
Virtual Cable Tester
Vuze
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0
Windows XP Service Pack 3
WinZip 11.1
XAMPP 1.7.1
Zattoo 3.3.4 Beta

Bin gespannt auf Antwort.

kira · 20.09.2009, 18:03

hi

Zitat:

Zitat von hangach

... Habe die Punkte von Coverflows Liste abgearbeitet.

wo sind die Ergebnisse/Logs

Schritt: 6-7-8...-> http://www.trojaner-board.de/77668-i...tml#post466911

hangach · 20.09.2009, 19:40

habe alle logfiles hintereinander gepostet. Wenn Du scrollst findest Du die Daten. Ist wohl nicht üblich so? Entschuldige!

kira · 20.09.2009, 19:51

nein..hier habe von Dir nur das neues HijackThis-Logfile, sonst nix

hangach · 20.09.2009, 20:20

ja wenn das so ist...versuche ich alle drei Posts separat zu schreiben. Komisch. wenn ich scrolle sehe ich nach dem HiJack Log den virustotal report und anschliessend alle meine installierten Progs.

Code:

ATTFilter

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:28:34, on 20.09.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Analog Devices\Core\smax4pnp.exe
C:\Programme\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\ASUS\Six Engine\SixEngine.exe
C:\Programme\ASUS\AI Direct Link\AsShare.exe
C:\Programme\ASUS\Drive Xpert\DriveXpert.exe
C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\monitor.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programme\lg_fwupdate\fwupdate.exe
C:\PROGRA~3\CYBERL~1\INSTAN~1\Win2K\IBurn.exe
C:\Programme\Java\jre6\bin\jusched.exe
C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programme\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Programme\Cyberlink\Shared Files\brs.exe
C:\Programme\ASUS\Drive Xpert\SteelVine.exe
C:\Programme 2\CyberLink\PowerDVD\PDVDServ.exe
C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
C:\Programme\ASUS\AI Suite\AiNap\AiNap.exe
C:\Programme\LSoft Technologies Inc\Active@ Hard Disk Monitor\DiskMonitorService.exe
C:\Programme\EIZO\ScreenManager Pro for LCD\Lcdctrl.exe
C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe
C:\Programme 2\XAPP\apache\bin\httpd.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\Corel\Corel MediaOne\Corel Photo Downloader.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme 2\CyberLink\Power2Go\Power2GoExpress.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
C:\Programme\Microsoft LifeCam\MSCamS32.exe
C:\Programme 2\XAPP\mysql\bin\mysqld.exe
C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe
C:\Programme\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\Nero\Nero BackItUp 4\IoctlSvc.exe
C:\Programme 2\XAPP\apache\bin\httpd.exe
C:\WINDOWS\System32\PSIService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Programme\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
C:\Programme\Canon\CAL\CALMAIN.exe
C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Programme\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe
C:\Programme\Microsoft ActiveSync\Wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Programme 2\Pixela\ImageMixer\CameraMonitor.exe
C:\Programme\Windows Desktop Search\WindowsSearch.exe
C:\Programme\WinZip\WZQKPICK.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ch/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Programme\TechSmith\Snagit 9\SnagitBHO.dll
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: D - {1D73EAEA-1BA3-3CDF-A637-7EBD2F523CCF} - C:\WINDOWS\system32\xwr21173.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton Internet Security\Engine\16.7.2.11\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programme\TechSmith\Snagit 9\SnagitIEAddin.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Programme\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [Six Engine] "C:\Program Files\ASUS\Six Engine\SixEngine.exe" -r
O4 - HKLM\..\Run: [Launch Direct Link] "C:\Programme\ASUS\AI Direct Link\AsShare.exe"
O4 - HKLM\..\Run: [Launch As Cmd Runner] "C:\Programme\ASUS\AI Direct Link\AsCmd.exe" -reg
O4 - HKLM\..\Run: [Drive Xpert] C:\Programme\ASUS\Drive Xpert\DriveXpert.exe
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LGODDFU] C:\Programme\lg_fwupdate\fwupdate.exe blrun
O4 - HKLM\..\Run: [OSSelectorReinstall] C:\Programme\Gemeinsame Dateien\Acronis\Acronis Disk Director\oss_reinstall.exe
O4 - HKLM\..\Run: [InstantBurn] C:\PROGRA~3\CYBERL~1\INSTAN~1\Win2K\IBurn.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programme\Nero\Nero BackItUp 4\NBKeyScan.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Programme\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Programme\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Programme 2\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Programme 2\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [Ai Nap] "C:\Programme\ASUS\AI Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [QFan Help] "C:\Programme\ASUS\AI Suite\QFan3\QFanHelp.exe"
O4 - HKLM\..\Run: [Cpu Level Up help] "C:\Programme\ASUS\AI Suite\CpuLevelUpHelp.exe"
O4 - HKLM\..\Run: [ScreenManager Pro for LCD] C:\Programme\EIZO\ScreenManager Pro for LCD\Lcdctrl.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Programme\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Programme\Corel\Corel MediaOne\Corel Photo Downloader.exe" -startup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Power2GoExpress] "C:\Programme 2\CyberLink\Power2Go\Power2GoExpress.exe" /Startup
O4 - HKCU\..\Run: [AnyDVD] C:\Programme 2\Slysoft\Any DVD\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [DesktopMaestro] C:\Programme 2\Desktop Maestro\deskmech.exe /H
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: ColorVisionStartup.lnk = C:\Programme\ColorVision\Utility\ColorVisionStartup.exe
O4 - Global Startup: ImageMixer 3 SE Camera Monitor Ver.3.lnk = ?
O4 - Global Startup: Windows Search.lnk = C:\Programme\Windows Desktop Search\WindowsSearch.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programme\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: An vorhandenes PDF anfügen - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1235511136858
O16 - DPF: {680285A8-96D3-43DA-9D3D-51DD987D0B77} (NeroVersionCheckerControl Control) - http://www.nero.com/doc/NeroVersionCheckerControl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1235511212686
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-09.sun.com/s/ESD7/JSCDL/jdk/6u13-b03/jinstall-6u13-windows-i586-jc.cab?e=1238170939804&h=860f2d0d7b072e78a4a5af3ff2be3972/&filename=jinstall-6u13-windows-i586-jc.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Programme\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll
O23 - Service: 57xx SteelVine (57xx SteelVine Manager) - Unknown owner - C:\Programme\ASUS\Drive Xpert\SteelVine.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
O23 - Service: Active@ Disk Monitor - LSoft Technologies Inc - C:\Programme\LSoft Technologies Inc\Active@ Hard Disk Monitor\DiskMonitorService.exe
O23 - Service: Apache2.2 - Apache Software Foundation - C:\Programme 2\XAPP\apache\bin\httpd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programme\Canon\CAL\CALMAIN.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Programme 2\XAPP\FileZillaFTP\FileZillaServer.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c9ead3cb28d17e) (gupdate1c9ead3cb28d17e) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
O23 - Service: mysql - Unknown owner - C:\Programme 2\XAPP\mysql\bin\mysqld.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Programme\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Programme\Nero\Nero BackItUp 4\IoctlSvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\System32\PSIService.exe

--
End of file - 16462 bytes

Resultate virustotal für xwr21173.dll

Code:

ATTFilter

Resultate virustotal für xwr21173.dll

Datei xwr21173.dll empfangen 2009.09.20 16:16:22 (UTC)
Status: Beendet 

Ergebnis: 29/41 (70.73%)
 Filter Drucken der Ergebnisse  Antivirus Version letzte aktualisierung Ergebnis 
a-squared 4.5.0.24 2009.09.20 Trojan.Win32.Chepdu!IK 
AhnLab-V3 5.0.0.2 2009.09.19 Win-Trojan/Bho.172032.Z 
AntiVir 7.9.1.19 2009.09.18 TR/BHO.Gen 
Antiy-AVL 2.0.3.7 2009.09.18 Trojan/Win32.BHO.gen 
Authentium 5.1.2.4 2009.09.19 W32/Downloader.AU.gen!Eldorado 
Avast 4.8.1351.0 2009.09.19 Win32:Trojan-gen {Other} 
AVG 8.5.0.412 2009.09.20 Generic12.BNZX 
BitDefender 7.2 2009.09.20 Trojan.Generic.2203663 
CAT-QuickHeal 10.00 2009.09.19 Trojan.BHO.lxu 
ClamAV 0.94.1 2009.09.19 Trojan.BHO-4453 
Comodo 2381 2009.09.20 - 
DrWeb 5.0.0.12182 2009.09.20 - 
eSafe 7.0.17.0 2009.09.17 - 
eTrust-Vet 31.6.6746 2009.09.18 Win32/SillyBHO.CP 
F-Prot 4.5.1.85 2009.09.19 W32/Downloader.AU.gen!Eldorado 
F-Secure 8.0.14470.0 2009.09.20 Trojan.Win32.BHO.lxu 
Fortinet 3.120.0.0 2009.09.19 - 
GData 19 2009.09.20 Trojan.Generic.2203663 
Ikarus T3.1.1.72.0 2009.09.20 Trojan.Win32.Chepdu 
Jiangmin 11.0.800 2009.09.20 Trojan/BHO.bnz 
K7AntiVirus 7.10.849 2009.09.19 - 
Kaspersky 7.0.0.125 2009.09.20 Trojan.Win32.BHO.lxu 
McAfee 5747 2009.09.20 Cheppu 
McAfee+Artemis 5747 2009.09.20 Cheppu 
McAfee-GW-Edition 6.8.5 2009.09.20 Heuristic.LooksLike.Trojan.L 
Microsoft 1.5005 2009.09.20 Trojan:Win32/BHO.AO 
NOD32 4441 2009.09.19 Win32/BHO.LXU 
Norman 6.01.09 2009.09.18 - 
nProtect 2009.1.8.0 2009.09.20 Trojan/W32.BHO.172032.O 
Panda 10.0.2.2 2009.09.20 Adware/WebSearch 
PCTools 4.4.2.0 2009.09.20 - 
Prevx 3.0 2009.09.20 High Risk Worm 
Rising 21.47.62.00 2009.09.20 Trojan.Win32.BHO.fmg 
Sophos 4.45.0 2009.09.20 Troj/BHO-ME 
Sunbelt 3.2.1858.2 2009.09.20 - 
Symantec 1.4.4.12 2009.09.20 - 
TheHacker 6.5.0.2.012 2009.09.18 Trojan/BHO.lxu 
TrendMicro 8.950.0.1094 2009.09.20 - 
VBA32 3.12.10.10 2009.09.20 Trojan.Win32.BHO.lxu 
ViRobot 2009.9.18.1943 2009.09.18 - 
VirusBuster 4.6.5.0 2009.09.20 - 
weitere Informationen 
File size: 172032 bytes 
MD5   : 6633cdbb2bae2ab87c6e1ce904853835 
SHA1  : 03121b689fc0a3cb8ae2056231d1894f8bdf1466 
SHA256: d427097236885d36aeeb2cbf5da83c889b994dec677f235d6227228971fabf20

Installierte Progs

Code:

ATTFilter

Installierte Prgs

Acronis*Disk Director Suite
Acronis*True*Image*Home
Active@ Hard Disk Monitor
Adobe Creative Suite 3 Master Collection hinzufügen oder entfernen
Adobe Flash Player 10 ActiveX
Adobe Flash Player 9 Plugin
AI Direct Link
AI Suite
AnyDVD
Apple Mobile Device Support
Apple Software Update
AquaSoft DiaShow Studio 6
ASUSUpdate
Audacity 1.3.7 (Unicode)
Bonjour
Canon Camera Access Library
Canon Camera Support Core Library
Canon IJ Network Scan Utility
Canon IJ Network Tool
CANON IMAGE GATEWAY Registrierungsanleitung
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon Internet Library for ZoomBrowser EX
Canon MP Navigator 3.0
Canon MP600R
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities MyCamera
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
capella 2008
capella playAlong 2.5
capella-scan 6.1
CCleaner (remove only)
CD-LabelPrint
Corel MediaOne
CyberLink InstantBurn
CyberLink PowerDVD
Desktop Maestro 3.0
Drive Xpert
DVD Architect Pro 5.0
Exact Audio Copy 0.99pb5
Express Gate Updater
Google Earth
Google Earth Plugin
Google Updater
Hi-Def Suite
HijackThis 2.0.2
ImageMixer 3 SE Ver.3
IrfanView (remove only)
iTunes
Java(TM) 6 Update 13
LabelPrint
LG ODD Auto Firmware Update
LightScribe Optical Disc Kit
LightScribe System Software  1.14.17.1
MainConcept Reference 1.6.1
Marvell Miniport Driver
Marvell Network Configuration Utility
Microsoft .NET Compact Framework 3.5
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 German Language Pack
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
Microsoft .NET Framework 3.0 German Language Pack
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
Microsoft .NET Framework 3.5 SP1
Microsoft ActiveSync
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft LifeCam
Microsoft Office Enterprise 2007
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft-Basissmartcard-Kryptografiedienstanbieterpaket
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser (KB925673)
Nero 9
Nero BackItUp 4
Nero Move it
Norton Internet Security
NVIDIA Drivers
NVIDIA PhysX
PC Probe II
Photomatix Pro version 3.0
Power2Go 5.0
PowerBackup
PowerProducer
PTGui Pro 8.1.2
QuickTime
ScreenManager Pro for LCD
SeaTools for Windows
Security Update for Windows Search 4 - KB963093
Six Engine
Skype™ 4.0
Skype™ for Windows Mobile 3.0
Snagit 9.1
Sony DVD Architect Studio 4.5
SoundMAX
Spyder2express
Total Commander (Remove or Repair)
Ulead Burn.Now 4.5 SE
Ulead PhotoImpact 12
Update für Windows XP (KB943729)
Vegas Movie Studio Platinum 9.0
Virtual Cable Tester
Vuze
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0
Windows XP Service Pack 3
WinZip 11.1
XAMPP 1.7.1
Zattoo 3.3.4 Beta

ich hoffe das klappt nun.

kira · 20.09.2009, 20:52

hi

1.
starte HijackThis--> wähle: "config -> misc tools --> delete a file on reboot"--> wähle die zu löschende datei - sehe der Inhalt dieser Code-Box (Text kopieren und einfügen, oder "Durchsuchen"), die frage zum neustart mit JA beantworten

Code:

ATTFilter


 C:\WINDOWS\system32\xwr21173.dll

2.
Falls noch existiert:
Schliesse alle Programme einschliesslich Internet Explorer und fixe mit Hijackthis die Einträge aus der nachfolgenden Codebox (HijackThis starten→ "Do a system scan only"→ Einträge auswählen→ Häckhen setzen→ "Fix checked"klicken→ PC neu aufstarten):

Code:

ATTFilter

O2 - BHO: D - {1D73EAEA-1BA3-3CDF-A637-7EBD2F523CCF} - C:\WINDOWS\system32\xwr21173.dll

3.

lade Dir SUPERAntiSpyware FREE Edition herunter.
installiere das Programm und update online.
starte SUPERAntiSpyware und klicke auf "Ihren Computer durchsuchen"
setze ein Häkchen bei "Kompletter Scan" und klicke auf "Weiter"
anschließend alle gefundenen Schadprogramme werden aufgelistet, bei alle Funde Häkchen setzen und mit "OK" bestätigen
auf "Weiter" klicken dann "OK" und auf "Fertig stellen"
um die Ergebnisse anzuzeigen: auf "Präferenzen" dann auf den "Statistiken und Protokolle" klicken
drücke auf "Protokoll anzeigen" - anschließend diesen Bericht bitte speichern und hier posten

4.
Zur Nachkontrolle poste erneut:
Trend Micro HijackThis-Logfile - Keine offenen Fenster, solang bis HijackThis läuft!!

- Punkt

fehlt noch:-> http://www.trojaner-board.de/77668-i...tml#post466911

hangach · 20.09.2009, 22:15

Hier die Logfiles:

SuperAntispyware

Code:

ATTFilter

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/20/2009 at 11:05 PM

Application Version : 4.29.1002

Core Rules Database Version : 4112
Trace Rules Database Version: 2052

Scan type       : Complete Scan
Total Scan Time : 00:49:45

Memory items scanned      : 835
Memory threats detected   : 0
Registry items scanned    : 7610
Registry threats detected : 0
File items scanned        : 57683
File threats detected     : 3

Adware.Tracking Cookie
	C:\Dokumente und Einstellungen\Christoph\Cookies\christoph@doubleclick[2].txt
	

Adware.XML Parser-AIE/Crypt
	C:\SYSTEM VOLUME INFORMATION\_RESTORE{8F1D14A6-7B41-40C1-936D-2C985DD34F14}\RP189\A0044200.DLL
	C:\WINDOWS\SYSTEM32\WR21173.DLL

Filelist kann ich nicht posten, da file zuviele Zeichen enthält ca. 50000. Ich werde es in 2 Hälfen posten.

20.09.2009, 19:51	#4
kira /// Helfer-Team	iexplorer mehrfach im Hintergrund offen nein..hier habe von Dir nur das neues HijackThis-Logfile, sonst nix

iexplorer mehrfach im Hintergrund offen

Log-Analyse und Auswertung: iexplorer mehrfach im Hintergrund offen