Trojaner-Board - Web Antivirenprogramm zeigt 68 Infekte an

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - Web Antivirenprogramm zeigt 68 Infekte an (https://www.trojaner-board.de/57891-web-antivirenprogramm-zeigt-68-infekte.html)

crazaD

14.08.2008 21:24

Web Antivirenprogramm zeigt 68 Infekte an

Hi also ich kenne mich nicht so gut mit Computern aus, habe auch schon im Inet gesucht aber nichts relevantes gefunden deswegen wende ich mich jetzt an euch. Es fing alles damit an das mein Laptop vor ein paar Tagen immer eine Cpu-Auslastung von 100% hatte. Ich suchte im Taskmanager nach einem Grund dafür und dieser zeigte einen Prozess cmd.exe an der soviel verbrauchte. Ich habe dann danach im Internet gesucht und diesen Prozess schließlich beendet. Im Internet stand viel das dies ein Trojaner wäre und so. Da hab i mir adaware besorgt und dies laufen lassen die fand auch einige Infekte die ich dann entfernte. Danach liess ich noch andere Programme laufen die fanden aber auch nichts mehr. Nun ist es aber so wenn i Firefox öffne kommt es vor, dass einfach eine Seite aufspringt die sagt mein Pc wäre verseucht und so diese Seite macht dann auch einen Test und findet auch Infekte. Dann steht da "alles entfernen" also hab i mal darauf geklickt und dann gabs eine Datei zum herunterladen was ich dann auch machte. Als i die Anwendung installieren wollte wurde mir angezeigt das das programm ein Problem hätte. Könnt ihr mir sagen was mit meinem laptop los ist und was ich machen kann?

Anti-Virus

15.08.2008 11:14

Also ich weiss nich was davon zuhalten ist aber dazu weiss ich nichts so genau es kann sein das er dir ein Anti-virus Programm rein holen wollte denke ich mal War die Seite mit dem Test eine Anti-viren Seite ??:confused:

mit dem 100% auslastung fällt mir auch nichts ein

:hallo:

trojan-death

15.08.2008 13:09

Du hast einen ziemlich grossen Fehler gemacht:headbang:
Wirst du nicht misstrauisch, wenn du auf einmal auf eine Seite gelockt wirst, die dir ein Programm zum entfernen angeblicher Malware verhelfen sollte???
Erstelle als erstes ein Hijackthis Logfile:daumenhoc

Ps. lade in Zukunft einfach auf keine Fall Programme runter die Versprechen Malware von deinem System entfernen zu können:daumenhoc

crazaD

15.08.2008 23:57

Ja das hatte ich mir danach auch irgendwie gedacht aber da war es schon zu spät...
Hier die Logfile:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:55:22, on 16.08.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Users\Daniel\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.911.3380\GoogleToolbarNotifier.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Mozilla Firefox\firefox.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.iesearch.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.intl.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ALaunch] C:\Acer\ALaunch\AlaunchClient.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\khfEWNdB.dll,#1
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE"
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire\Corel PhotoDownloader.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ClipIncSrvTray] "C:\Program Files\Tobit ClipInc\Player\ClipIncTray.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.911.3380\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Daniel\AppData\Local\Temp\urqRKaWp.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Daniel\AppData\Local\Temp\fccaXRLE.dll,c
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ClipIncSrvTray] "C:\Program Files\Tobit ClipInc\Player\ClipIncTray.exe"
O4 - HKCU\..\Run: [8c2877c1] rundll32.exe "C:\Users\Daniel\AppData\Local\Temp\wnvnyedi.dll",b
O4 - HKCU\..\Run: [BM8f1b445d] Rundll32.exe "C:\Users\Daniel\AppData\Local\Temp\eykhwpdu.dll",s
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: SETAUDIO.EXE
O4 - Global Startup: SETRES.EXE
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Öffnen mit WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: ClipInc 001 (ClipInc001) - Unknown owner - C:\Program Files\Tobit ClipInc\Server\ClipInc-Server.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SiteAdvisor-Dienst (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10774 bytes

trojan-death

16.08.2008 10:46

Ok, soweit so schlecht:aplaus: Du hast ne Menge drauf

Bitte lass als erstes Malwarebytes laufen, lösche alles was er findet und poste das Log.
Poste danach bitte auch ein frisches Hijackthis Log:daumenhoc

crazaD

16.08.2008 18:21

also als erstes die log von antimalwar:

Malwarebytes' Anti-Malware 1.24
Datenbank Version: 1057
Windows 6.0.6001 Service Pack 1

19:04:04 16.08.2008
mbam-log-8-16-2008 (19-04-04).txt

Scan-Methode: Vollständiger Scan (C:\|D:\|)
Durchsuchte Objekte: 106417
Laufzeit: 2 hour(s), 30 minute(s), 52 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 1
Infizierte Registrierungsschlüssel: 7
Infizierte Registrierungswerte: 6
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 2
Infizierte Dateien: 27

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
C:\Users\Daniel\AppData\Local\Temp\fccaXRLE.dll (Trojan.Vundo) -> Delete on reboot.

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\CLSID\{57df73c0-833c-48b7-9146-1e18930d57ff} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\experthelper.pornpro_bho (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\experthelper.pornpro_bho.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{eb6ec5d7-7d19-a8c7-d607-f0993bf94a9f} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\MS Juan (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cmds (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msserver (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\8c2877c1 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{57df73c0-833c-48b7-9146-1e18930d57ff} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msserver (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bm8f1b445d (Trojan.Agent) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
C:\Program Files\FBrowserAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Windows\System32\kBin02 (Trojan.Agent) -> Quarantined and deleted successfully.

Infizierte Dateien:
C:\Users\Daniel\AppData\Local\Temp\fccaXRLE.dll (Trojan.Vundo) -> Delete on reboot.
C:\Users\Daniel\AppData\Local\Temp\awturOHB.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Daniel\AppData\Local\Temp\tlijsqjp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\khfEWNdB.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\regxpcom.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Users\Daniel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W4L868ZF\kb456456[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Daniel\AppData\Local\Temp\urqRHbYq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Daniel\AppData\Local\Temp\vtUomMCu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Daniel\AppData\Local\Temp\xsowosyi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Daniel\AppData\Local\Temp\jkkIYpnL.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Daniel\AppData\Local\Temp\lkqejxxb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Daniel\AppData\Local\Temp\mlJAtTkL.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Daniel\AppData\Local\Temp\siqxipqk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Daniel\AppData\Local\Temp\tmp0000cc72 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Daniel\AppData\Local\Temp\tmp0000e10b (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Daniel\AppData\Local\Temp\tmp0000e9e1 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Daniel\AppData\Local\Temp\tmp0000fa84 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Daniel\AppData\Local\Temp\tmp0000fc38 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Daniel\AppData\Local\Temp\tmp00020ede (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Daniel\AppData\Local\Temp\cbXNEXNH.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Daniel\AppData\Local\Temp\cbXOEtUL.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Daniel\AppData\Local\Temp\neimorhf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Daniel\AppData\Local\Temp\qqkqkxop.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\hgGvssPH.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\wextract.exe (Adware.Buzus) -> Quarantined and deleted successfully.
C:\Users\Daniel\AppData\Local\Temp\eykhwpdu.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.

und dann die log von hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:15:03, on 16.08.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Tobit ClipInc\Player\ClipIncTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.911.3380\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Tobit ClipInc\Player\ClipIncTray.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\Daniel\AppData\Local\Temp\RtkBtMnt.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Tobit ClipInc\Player\clipinc-player.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.iesearch.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.intl.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ALaunch] C:\Acer\ALaunch\AlaunchClient.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE"
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire\Corel PhotoDownloader.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ClipIncSrvTray] "C:\Program Files\Tobit ClipInc\Player\ClipIncTray.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.911.3380\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ClipIncSrvTray] "C:\Program Files\Tobit ClipInc\Player\ClipIncTray.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: SETAUDIO.EXE
O4 - Global Startup: SETRES.EXE
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Öffnen mit WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: ClipInc 001 (ClipInc001) - Unknown owner - C:\Program Files\Tobit ClipInc\Server\ClipInc-Server.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SiteAdvisor-Dienst (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10298 bytes

trojan-death

18.08.2008 22:06

Ok

Erstmal Entschuldigung das ich mich erst jetzt wieder melde:(
Hatte deine Post irgendwie über sehen.

Anleitung Avenger (by swandog46)

1.) Lade dir das Tool Avenger und speichere es auf dem Desktop:

2.) Kopiere nun folgenden Text in das weiße Feld: (bei -> "input script here")

Code:

files to delete:

C:\Windows\PLFSetI.exe

3.) Schliesse nun alle Programme (vorher notfalls abspeichern!) und Browser-Fenster, nach dem ausführen des Avengers wird das System neu gestartet.

4.) Um den Avenger zu starten klicke auf -> Execute
Dann bestätigen mit "Yes" das der Rechner neu startet!

5.) Nachdem das System neu gestartet ist, findest du hier einen Report vom Avenger -> C:\avenger.txt
Öffne die Datei mit dem Editor und kopiere den gesamten Text in deinen Beitrag hier am Trojaner-Board.

Dateien Online überprüfen lassen:

Als erstes versteckte Dateien anzeigen lassen! (nur Punkt 1 durchführen!)

Suche die Seite Virtustotal auf, klicke auf den Button „Durchsuchen“ und suche folgende Datei/Dateien:

Code:

SETAUDIO.EXE

SETRES.EXE

Lade nun nacheinander jede/alle Datei/Dateien hoch, und warte bis der Scan vorbei ist. (kann bis zu 2 Minuten dauern.)

Poste im Anschluss das Ergebnis der Auswertung, alles abkopieren und in einen Beitrag einfügen.

Wichtig: Auch die Größenangabe sowie den HASH mit kopieren!

Den Pfad der Dateien kann ich dir leider nicht sagen, aber mit der Suchfunktion wirst du denn sicher herausbekommen:daumenhoc
Dann bitte neues HJT Logfile posten:daumenhoc

crazaD

20.08.2008 16:25

Ja und i dachte schon es wäre alles weg^^
also hier die logfile von anvenger:

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\Windows\PLFSetI.exe" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

crazaD

20.08.2008 16:39

also den 2ten punkt hab i mal gemacht weiss aber jetzt nicht ob es so ganz korrekt ist hier schon mal die file der ersten Datei:

Datei SETRES.EXE empfangen 2008.08.20 17:29:30 (CET)
Status: Laden ... Wartend Warten Überprüfung Beendet Nicht gefunden Gestoppt
Ergebnis: 0/34 (0%)
Laden der Serverinformationen...
Ihre Datei wartet momentan auf Position: 1.
Geschätzte Startzeit is zwischen 38 und 55 Sekunden.
Dieses Fenster bis zum Abschluss des Scans nicht schließen.
Der Scanner, welcher momentan Ihre Datei bearbeitet ist momentan gestoppt. Wir warten einige Sekunden um Ihr Ergebnis zu erstellen.
Falls Sie längern als fünf Minuten warten, versenden Sie bitte die Datei erneut.
Ihre Datei wird momentan von VirusTotal überprüft,
Ergebnisse werden sofort nach der Generierung angezeigt.
Filter Filter
Drucken der Ergebnisse Drucken der Ergebnisse
Datei existiert nicht oder dessen Lebensdauer wurde überschritten
Dienst momentan gestoppt. Ihre Datei befindet sich in der Warteschlange (position: ). Diese wird abgearbeitet, wenn der Dienst wieder startet.

SIe können auf einen automatischen reload der homepage warten, oder ihre email in das untere formular eintragen. Klicken Sie auf "Anfragen", damit das System sie benachrichtigt wenn die Überprüfung abgeschlossen ist.
Email:

Antivirus Version letzte aktualisierung Ergebnis
AhnLab-V3 2008.8.19.0 2008.08.20 -
AntiVir 7.8.1.23 2008.08.20 -
Authentium 5.1.0.4 2008.08.20 -
Avast 4.8.1195.0 2008.08.20 -
AVG 8.0.0.161 2008.08.20 -
BitDefender 7.2 2008.08.20 -
CAT-QuickHeal 9.50 2008.08.20 -
ClamAV 0.93.1 2008.08.19 -
DrWeb 4.44.0.09170 2008.08.20 -
eSafe 7.0.17.0 2008.08.20 -
eTrust-Vet 31.6.6037 2008.08.20 -
Ewido 4.0 2008.08.20 -
F-Prot 4.4.4.56 2008.08.19 -
Fortinet 3.14.0.0 2008.08.20 -
GData 2.0.7306.1023 2008.08.20 -
Ikarus T3.1.1.34.0 2008.08.20 -
K7AntiVirus 7.10.421 2008.08.19 -
Kaspersky 7.0.0.125 2008.08.20 -
McAfee 5364 2008.08.19 -
Microsoft 1.3807 2008.08.20 -
NOD32v2 3371 2008.08.20 -
Norman 5.80.02 2008.08.20 -
Panda 9.0.0.4 2008.08.19 -
PCTools 4.4.2.0 2008.08.20 -
Rising 20.58.22.00 2008.08.20 -
Sophos 4.32.0 2008.08.20 -
Sunbelt 3.1.1564.1 2008.08.20 -
Symantec 10 2008.08.20 -
TheHacker 6.3.0.5.054 2008.08.19 -
TrendMicro 8.700.0.1004 2008.08.20 -
VBA32 3.12.8.3 2008.08.20 -
ViRobot 2008.8.20.1342 2008.08.20 -
VirusBuster 4.5.11.0 2008.08.20 -
Webwasher-Gateway 6.6.2 2008.08.20 -
weitere Informationen
File size: 20480 bytes
MD5...: 92d5161bbd78b16304e548ca26221cbf
SHA1..: e96b91a51629e6e0ee9fe75b4105c50dd9d2a3fb
SHA256: 515e4c381622b1917b6c017283f95872a066401eab38c675d7f0f876626d4996
SHA512: dba486be970e413459abf43823423f9e0292a1735002a91f84660dcb6f1b320c
d06d78699640e36bb1d99404e56e66efd4fad1fa8cd8d2ba074d1c5bdfe53abd
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x403c1e
timedatestamp.....: 0x47f594b7 (Fri Apr 04 02:38:47 2008)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x2000 0x1c24 0x2000 4.94 55d439f7383fab4f649c41273591ee34
.rsrc 0x4000 0x698 0x1000 1.49 a557a648d603176cc958c5d105443f9f
.reloc 0x6000 0xc 0x1000 0.01 989d36cc7bc8f864a7fabddb27f25c1c

( 1 imports )
> mscoree.dll: _CorExeMain

( 0 exports )

und dann die 2:

Datei SETAUDIO.EXE empfangen 2008.08.20 17:35:56 (CET)
Status: Laden ... Wartend Warten Überprüfung Beendet Nicht gefunden Gestoppt
Ergebnis: 0/35 (0%)
Laden der Serverinformationen...
Ihre Datei wartet momentan auf Position: 3.
Geschätzte Startzeit is zwischen 54 und 77 Sekunden.
Dieses Fenster bis zum Abschluss des Scans nicht schließen.
Der Scanner, welcher momentan Ihre Datei bearbeitet ist momentan gestoppt. Wir warten einige Sekunden um Ihr Ergebnis zu erstellen.
Falls Sie längern als fünf Minuten warten, versenden Sie bitte die Datei erneut.
Ihre Datei wird momentan von VirusTotal überprüft,
Ergebnisse werden sofort nach der Generierung angezeigt.
Filter Filter
Drucken der Ergebnisse Drucken der Ergebnisse
Datei existiert nicht oder dessen Lebensdauer wurde überschritten
Dienst momentan gestoppt. Ihre Datei befindet sich in der Warteschlange (position: ). Diese wird abgearbeitet, wenn der Dienst wieder startet.

SIe können auf einen automatischen reload der homepage warten, oder ihre email in das untere formular eintragen. Klicken Sie auf "Anfragen", damit das System sie benachrichtigt wenn die Überprüfung abgeschlossen ist.
Email:

Antivirus Version letzte aktualisierung Ergebnis
AhnLab-V3 2008.8.19.0 2008.08.20 -
AntiVir 7.8.1.23 2008.08.20 -
Authentium 5.1.0.4 2008.08.20 -
Avast 4.8.1195.0 2008.08.20 -
AVG 8.0.0.161 2008.08.20 -
BitDefender 7.2 2008.08.20 -
CAT-QuickHeal 9.50 2008.08.20 -
ClamAV 0.93.1 2008.08.19 -
DrWeb 4.44.0.09170 2008.08.20 -
eSafe 7.0.17.0 2008.08.20 -
eTrust-Vet 31.6.6037 2008.08.20 -
Ewido 4.0 2008.08.20 -
F-Prot 4.4.4.56 2008.08.19 -
Fortinet 3.14.0.0 2008.08.20 -
GData 2.0.7306.1023 2008.08.20 -
Ikarus T3.1.1.34.0 2008.08.20 -
K7AntiVirus 7.10.421 2008.08.19 -
Kaspersky 7.0.0.125 2008.08.20 -
McAfee 5364 2008.08.19 -
Microsoft 1.3807 2008.08.20 -
NOD32v2 3371 2008.08.20 -
Norman 5.80.02 2008.08.20 -
Panda 9.0.0.4 2008.08.19 -
PCTools 4.4.2.0 2008.08.20 -
Prevx1 V2 2008.08.20 -
Rising 20.58.22.00 2008.08.20 -
Sophos 4.32.0 2008.08.20 -
Sunbelt 3.1.1564.1 2008.08.20 -
Symantec 10 2008.08.20 -
TheHacker 6.3.0.5.054 2008.08.19 -
TrendMicro 8.700.0.1004 2008.08.20 -
VBA32 3.12.8.3 2008.08.20 -
ViRobot 2008.8.20.1342 2008.08.20 -
VirusBuster 4.5.11.0 2008.08.20 -
Webwasher-Gateway 6.6.2 2008.08.20 -
weitere Informationen
File size: 20480 bytes
MD5...: c1c0e3e2363a729fa44337da1c0f292a
SHA1..: 13a5e6c3adb245f7e48bb0c4529ae57b919717c4
SHA256: 9b3206a74b240f9fbe9e2649ee896d1534a035e5beb0fe44fba192788dce6a89
SHA512: d357e76b33b61d72f194e4b4aec24dfd6f70cb88f5adec472246d991b1e8f9a6
6f3ef2b5faa9417f49fc2103f5c96d8affc7e1ef3e6834a80b8ace89ff75163f
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x403bfe
timedatestamp.....: 0x47f59462 (Fri Apr 04 02:37:22 2008)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x2000 0x1c04 0x2000 4.93 4e3f70740e379cef9355103c078abd1c
.rsrc 0x4000 0x698 0x1000 1.49 a557a648d603176cc958c5d105443f9f
.reloc 0x6000 0xc 0x1000 0.01 ffb85ed2418710a5cd33bca59799c333

( 1 imports )
> mscoree.dll: _CorExeMain

( 0 exports )

I hoffe du kannst was damit anfangen

crazaD

20.08.2008 16:40

Und dann natürlich noch die Hjt Logfile:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:40:13, on 20.08.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\conime.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Users\Daniel\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.911.3380\GoogleToolbarNotifier.exe
C:\Program Files\Tobit ClipInc\Player\ClipIncTray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Tobit ClipInc\Player\clipinc-player.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.iesearch.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.intl.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ALaunch] C:\Acer\ALaunch\AlaunchClient.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE"
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire\Corel PhotoDownloader.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ClipIncSrvTray] "C:\Program Files\Tobit ClipInc\Player\ClipIncTray.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.911.3380\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ClipIncSrvTray] "C:\Program Files\Tobit ClipInc\Player\ClipIncTray.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: SETAUDIO.EXE
O4 - Global Startup: SETRES.EXE
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Öffnen mit WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: ClipInc 001 (ClipInc001) - Unknown owner - C:\Program Files\Tobit ClipInc\Server\ClipInc-Server.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SiteAdvisor-Dienst (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10544 bytes

trojan-death

20.08.2008 17:55

Zitat:

Zitat von crazaD (Beitrag 364397)

I hoffe du kannst was damit anfangen

Naja eigentlich ehe weniger...
Die Ergebnisse bei VirusTotal sagen nicht allzu viel aus:rolleyes: (Kannst du ja zwar nix dafür)
Hast du das Hijackthis Log nach dem Einsatz von The Avenger gemacht? So wie es aussieht nicht... Könntest du bitte jetzt nochmals ein frisches posten? Danke
Dann wäre ich noch froh wenn du die Anleitung von RunScanner durchmachen könntest und mir das Log postest:daumenhoc

crazaD

20.08.2008 18:29

also eig hab i die danach gemacht da steht ja auch das Datum von heute und die uhrzeitr von eben
aber i mach jetzt noch ne neue und poste die

crazaD

20.08.2008 18:30

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:29:36, on 20.08.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\conime.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Users\Daniel\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.911.3380\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Acer GameZone\Backspin Billiards\Launch.exe
C:\Program Files\Acer GameZone\Backspin Billiards\Backspin.exe
C:\Program Files\Acer GameZone\Backspin Billiards\Backspin.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Tobit ClipInc\Player\ClipIncTray.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.iesearch.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.intl.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ALaunch] C:\Acer\ALaunch\AlaunchClient.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE"
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire\Corel PhotoDownloader.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ClipIncSrvTray] "C:\Program Files\Tobit ClipInc\Player\ClipIncTray.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.911.3380\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ClipIncSrvTray] "C:\Program Files\Tobit ClipInc\Player\ClipIncTray.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: SETAUDIO.EXE
O4 - Global Startup: SETRES.EXE
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Öffnen mit WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: ClipInc 001 (ClipInc001) - Unknown owner - C:\Program Files\Tobit ClipInc\Server\ClipInc-Server.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SiteAdvisor-Dienst (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10729 bytes

und dann mach i jetzt noch den anderen scan

trojan-death

20.08.2008 18:38

OK

Lösche bitte noch mit The Avenger folgende Datei (gib im weissen feld folgendes ein):

Zitat:

files to delete:
C:\Windows\PLFSetI.exe

Nach diesem Vorgang neustarten und nochmals ein frisches HJT Log posten:daumenhoc

crazaD

20.08.2008 18:40

Code:

Runscanner logfile http://www.runscanner.net 
 

* = signed file

- = file not found
 

General info

------------

Computer name : DANIEL-PC

Creation time : 20.08.2008 19:35:52

Hosts <> 127.0.0.1 : 0

Hosts file location : %SystemRoot%\System32\drivers\etc

IE version : 7.0.6001.18000

OS : Windows Vista (TM) Home Premium

OS Build : 6001

OS SP : Service Pack 1

RunScanner Version : 1.7.0.0

User Language : Deutsch (Deutschland)

User rights : Administrator

Windows folder : C:\Windows
 

Running processes

-----------------

  C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)

  C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)

  C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.)

  C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe (Acer Inc.)

  C:\Acer\Empowering Technology\eNet\eNet Service.exe (Acer Inc.)

  C:\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)

* C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)

  C:\Acer\ALaunch\ALaunchSvc.exe

* C:\Windows\system32\services.exe (Microsoft Corporation)

  C:\Acer\Mobility Center\MobilityService.exe

* C:\Windows\system32\taskeng.exe (Microsoft Corporation)

* C:\Windows\system32\taskeng.exe (Microsoft Corporation)

  C:\Program Files\Acer GameZone\Backspin Billiards\Backspin.exe

  C:\Program Files\Acer GameZone\Backspin Billiards\Backspin.exe

* C:\Windows\system32\csrss.exe (Microsoft Corporation)

* C:\Windows\system32\csrss.exe (Microsoft Corporation)

* C:\Program Files\Tobit ClipInc\Server\ClipInc-Server.exe

* C:\Windows\system32\conime.exe (Microsoft Corporation)

  C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe (CyberLink Corp.)

* C:\Windows\system32\Dwm.exe (Microsoft Corporation)

  C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)

* C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)

* C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

  C:\Program Files\Acer GameZone\Backspin Billiards\Launch.exe (Oberon Media Inc.)

* C:\Program Files\Google\GoogleToolbarNotifier\1.2.911.3380\GoogleToolbarNotifier.exe (Google Inc.)

* C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

* C:\Windows\system32\svchost.exe (Microsoft Corporation)

* C:\Windows\System32\svchost.exe (Microsoft Corporation)

* C:\Windows\system32\svchost.exe (Microsoft Corporation)

* C:\Windows\system32\svchost.exe (Microsoft Corporation)

* C:\Windows\system32\svchost.exe (Microsoft Corporation)

* C:\Windows\system32\svchost.exe (Microsoft Corporation)

* C:\Windows\system32\svchost.exe (Microsoft Corporation)

* C:\Windows\System32\svchost.exe (Microsoft Corporation)

* C:\Windows\System32\svchost.exe (Microsoft Corporation)

* C:\Windows\system32\svchost.exe (Microsoft Corporation)

* C:\Windows\System32\svchost.exe (Microsoft Corporation)

* C:\Windows\system32\svchost.exe (Microsoft Corporation)

* C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)

* C:\Program Files\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)

* C:\Windows\system32\lsass.exe (Microsoft Corporation)

* C:\Windows\system32\lsm.exe (Microsoft Corporation)

  C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)

* C:\Program Files\McAfee\MSK\MskSrver.exe (McAfee, Inc.)

* c:\PROGRA~1\mcafee.com\agent\mcagent.exe (McAfee, Inc.)

* c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe (McAfee, Inc.)

* C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)

* c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee, Inc.)

* C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)

* C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (McAfee, Inc.)

* C:\Windows\ehome\ehmsas.exe (Microsoft Corporation)

* C:\Windows\ehome\ehtray.exe (Microsoft Corporation)

* C:\Windows\system32\SearchIndexer.exe (Microsoft Corporation)

* C:\Windows\system32\SLsvc.exe (Microsoft Corporation)

* C:\Windows\system32\DRIVERS\xaudio.exe (Conexant Systems, Inc.)

  C:\Acer\Empowering Technology\eAudio\eAudio.exe (CyberLink)

  C:\Windows\system32\PSIService.exe

* C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (McAfee, Inc.)

* C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)

  C:\Users\Daniel\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)

  C:\Program Files\CyberLink\Shared Files\RichVideo.exe

* C:\Users\Daniel\AppData\Local\Temp\Temp1_runscanner.zip\RunScanner.exe (Runscanner.net)

* C:\Program Files\SiteAdvisor\6261\SAService.exe

  C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe

* C:\Windows\system32\wbem\unsecapp.exe (Microsoft Corporation)

* C:\Program Files\SiteAdvisor\6261\SiteAdv.exe

* C:\Windows\System32\spoolsv.exe (Microsoft Corporation)

* C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)

* C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)

* C:\Program Files\Tobit ClipInc\Player\ClipIncTray.exe (Tobit.Software)

* C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

* audiodg.exe (Microsoft Corporation)

* C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)

* C:\Program Files\Windows Media Player\wmplayer.exe (Microsoft Corporation)

* C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)

* C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

* c:\windows\System32\smss.exe (Microsoft Corporation)

* C:\Windows\system32\winlogon.exe (Microsoft Corporation)

* C:\Windows\Explorer.EXE (Microsoft Corporation)

* C:\Windows\System32\rundll32.exe (Microsoft Corporation)

* C:\Windows\System32\rundll32.exe (Microsoft Corporation)

* C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)

* C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)

* C:\Windows\system32\wininit.exe (Microsoft Corporation)

* C:\Windows\system32\wbem\wmiprvse.exe (Microsoft Corporation)

* C:\Windows\system32\wbem\wmiprvse.exe (Microsoft Corporation)

  C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer)
 

Unrated items

-------------

002 * C:\Program Files\Tobit ClipInc\Player\ClipIncTray.exe (Tobit.Software)

002   C:\Acer\Empowering Technology\eAudio\eAudio.exe (CyberLink)

002   C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe (Egis Incorporated)

002 * C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE (Dritek System Inc.)

002 * C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)

002   C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe (CyberLink Corp.)

002 * C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE (Corel Corporation)

002   C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)

002 * C:\Program Files\SiteAdvisor\6261\SiteAdv.exe

002   C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated)

003 * C:\Program Files\Tobit ClipInc\Player\ClipIncTray.exe (Tobit.Software)

005   C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe (Acer Inc.)

005   C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SETRES.EXE

005   C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SETAUDIO.EXE

006   C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe (Acer Inc.)

006   C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SETAUDIO.EXE

006   C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SETRES.EXE

010   C:\Acer\ALaunch\ALaunchSvc.exe (ALaunch Service)

010 * C:\Program Files\Tobit ClipInc\Server\ClipInc-Server.exe (ClipInc 001)

010   C:\Program Files\CyberLink\Shared Files\RichVideo.exe (Cyberlink RichVideo Service(CRVS))

010   C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (eDataSecurity Service)

010   C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (eLock Service)

010   C:\Acer\Empowering Technology\eNet\eNet Service.exe (eNet Service)

010   C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (ePower Service)

010   C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (eRecovery Service)

010   C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe (eSettings Service)

010   C:\Program Files\Common Files\LightScribe\LSSrvc.exe (LightScribeService Direct Disc Labeling Service)

010 * C:\Program Files\McAfee\MSK\MskSrver.exe (McAfee Anti-Spam Service)

010 * c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe (McAfee Network Agent)

010 * C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee Personal Firewall Service)

010 * c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service)

010 * C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (McAfee Real-time Scanner)

010 * C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe (McAfee Scanner)

010 * C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe (McAfee Services)

010 * C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (McAfee SystemGuards)

010   C:\Acer\Mobility Center\MobilityService.exe (MobilityService)

010   C:\Windows\system32\PSIService.exe (ProtexisLicensing)

010 * C:\Program Files\SiteAdvisor\6261\SAService.exe (SiteAdvisor-Dienst)

011 * C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796})

011 * C:\Windows\system32\DRIVERS\DKbFltr.sys (Dritek Keyboard Filter Driver)

011 * C:\Acer\Empowering Technology\eRecovery\int15.sys (int15)

011 * C:\Windows\system32\drivers\mfeavfk.sys (McAfee Inc. mfeavfk)

011 * C:\Windows\system32\drivers\mfebopk.sys (McAfee Inc. mfebopk)

011 * C:\Windows\system32\drivers\mfehidk.sys (McAfee Inc. mfehidk)

011 * C:\Windows\system32\drivers\mferkdk.sys (McAfee Inc. mferkdk)

011 * C:\Windows\system32\drivers\mfesmfk.sys (McAfee Inc. mfesmfk)

011 * C:\Windows\System32\Drivers\Mpfp.sys (MPFP)

011 * C:\Windows\system32\DRIVERS\psdfilter.sys (PSDFilter)

011 * C:\Windows\system32\DRIVERS\PSDNServ.sys (PSDNServ)

011 * C:\Windows\system32\DRIVERS\PSDVdisk.sys (PSDVdisk)

011 * C:\Windows\system32\DRIVERS\SynTP.sys (Synaptics TouchPad Driver)

011   C:\Windows\system32\DRIVERS\NTIDrvr.sys (Upper Class Filter Driver)

031   C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) {0A9007C0-4076-11D3-8789-0000F8105754}

031 * C:\Program Files\SiteAdvisor\6261\SiteAdv.dll {3A5DC592-7723-4EAA-9EE6-AF4222BCF879}

041   C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) {5CBE3B7C-1E47-477e-A7DD-396DB0476E29}

041 * C:\Program Files\SiteAdvisor\6261\SiteAdv.dll {0BF43445-2F28-4351-9252-17FE6E806AA0}

041 * C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) {EF99BD32-C1FB-11D2-892F-0090271D4F88}

042   GUID / CLSID not found {08B0E5C0-4FCB-11CF-AAA5-00401C608501}

042   GUID / CLSID not found {2670000A-7350-4f3c-8081-5663EE0C6C49}

042   GUID / CLSID not found {92780B25-18CC-41C8-B9BE-3C9C571A8263}

044   C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) {5CBE3B7C-1E47-477E-A7DD-396DB0476E29}

052   GUID / CLSID not found {7E853D72-626A-48EC-A868-BA8D5E23E045}

052 * c:\PROGRA~1\mcafee\msk\mcapbho.dll {377C180E-6F0E-4D4C-980F-F45BD3D40CF4}

052 * C:\Program Files\SiteAdvisor\6261\SiteAdv.dll {089FD14D-132B-48FC-8861-0048AE113215}

052 * C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.) {7DB2D5A0-7241-4E79-B68D-6309F01C5231}

052 * C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) {02478D38-C3F9-4efb-9B51-7695ECA05670}

061 * C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Incorporated) {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}

062   C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll (Adobe Systems, Inc.) {F9DB5320-233E-11D1-9F84-707F02C10627}

073   AppleSoftwareUpdate.job : C:\Program Files\Apple Software Update\SoftwareUpdate.exe (Apple Computer, Inc.)

073   McDefragTask.job : c:\PROGRA~1\mcafee\mqc\QcConsol.exe (McAfee, Inc.)

073   McQcTask.job : c:\PROGRA~1\mcafee\mqc\QcConsol.exe (McAfee, Inc.)

100   Default_Page_URL HKLM : http://de.intl.acer.yahoo.com

100   Start Page HKCU : http://www.iesearch.com/

100   Start Page HKLM : http://de.intl.acer.yahoo.com

105   Nach Microsoft E&xel exportieren : res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

105   Öffnen mit WordPerfect : C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta

171   C:\Windows\System32\acer.scr

173 * C:\Acer\Empowering Technology\eDataSecurity\x86\eDSshellExt.dll (Egis Incorporated.) {29FF7AB0-BE34-4992-A30B-53A9D86EE239}

173 * c:\PROGRA~1\mcafee\VIRUSS~1\mcctxmnu.dll (McAfee, Inc.) {01576F39-90DE-4D6E-A068-5B20C22BAAEE}

221 * C:\Acer\Empowering Technology\eDataSecurity\x86\eDSshellExt.dll (Egis Incorporated.) {29FF7AB0-BE34-4992-A30B-53A9D86EE239}

221 * c:\PROGRA~1\mcafee\VIRUSS~1\mcctxmnu.dll (McAfee, Inc.) {01576F39-90DE-4D6E-A068-5B20C22BAAEE}

225 * c:\PROGRA~1\mcafee\VIRUSS~1\mcctxmnu.dll (McAfee, Inc.) {01576F39-90DE-4D6E-A068-5B20C22BAAEE}

225 * c:\PROGRA~1\mcafee\VIRUSS~1\mcctxmnu.dll (McAfee, Inc.) {01576F39-90DE-4D6E-A068-5B20C22BAAEE}

227 * C:\Acer\Empowering Technology\eDataSecurity\x86\eDSshellExt.dll (Egis Incorporated.) {29FF7AB0-BE34-4992-A30B-53A9D86EE239}

227 * C:\Program Files\WordPerfect Office X3\Programs\PFSE130.DLL (Corel Corporation) {C0E10002-0028-0006-C0E1-C0E1C0E1C0E1}

231   C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll (Adobe Systems, Inc.) PDF Column Info

241 * C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Incorporated) {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}
 

Missing files

-------------

002 C:\Acer\ALaunch\AlaunchClient.exe

002 C:\Program Files\Corel\Corel Snapfire\Corel PhotoDownloader.exe

002 C:\Windows\PLFSetI.exe

011 c:\windows\system32\DRIVERS\ipinip.sys

011 c:\windows\system32\DRIVERS\nwlnkflt.sys

011 c:\windows\system32\DRIVERS\nwlnkfwd.sys

011 c:\windows\system32\drivers\usbstor.sys

032 rdpclip

061 epm-po.dll

trojan-death

20.08.2008 18:48

Ok gut:daumenhoc

Lass zum Schluss noch eScan nochmals alles checken und dann sollte es das gewesen sein:daumenhoc
Ausser du hast noch irgendwelche Probleme natürlich

crazaD

20.08.2008 18:52

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Error: file "C:\Windows\PLFSetI.exe" not found!
Deletion of file "C:\Windows\PLFSetI.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Completed script processing.

*******************

Finished! Terminate.

das ist die neue log von avenger und dann noch die von hjt:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:50:37, on 20.08.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\conime.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Users\Daniel\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.911.3380\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.iesearch.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.intl.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ALaunch] C:\Acer\ALaunch\AlaunchClient.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE"
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire\Corel PhotoDownloader.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ClipIncSrvTray] "C:\Program Files\Tobit ClipInc\Player\ClipIncTray.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.911.3380\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ClipIncSrvTray] "C:\Program Files\Tobit ClipInc\Player\ClipIncTray.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: SETAUDIO.EXE
O4 - Global Startup: SETRES.EXE
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Öffnen mit WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: ClipInc 001 (ClipInc001) - Unknown owner - C:\Program Files\Tobit ClipInc\Server\ClipInc-Server.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SiteAdvisor-Dienst (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10569 bytes

und dann mach i das auch noch ^^

trojan-death

20.08.2008 19:02

Zum Schluss noch etwas kleines...

Fixe noch mit Hijackthis folgende Einträge:

Zitat:

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - Global Startup: SETAUDIO.EXE
O4 - Global Startup: SETRES.EXE

Nun wars das wirklich:daumenhoc

crazaD

20.08.2008 19:03

also iwie geht das mit dem escan nicht bekomm die datei nicht heruntergeladen...

trojan-death

20.08.2008 19:05

Zitat:

Zitat von crazaD (Beitrag 364470)

also iwie geht das mit dem escan nicht bekomm die datei nicht heruntergeladen...

Mit keinem der Links????

crazaD

20.08.2008 19:17

scheint jetzt doch zu gehen nur wird was dauern

crazaD

20.08.2008 21:01

So endlich ist das fertig und leider wurde noch en virus gefunden aber sieh selbst:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Header
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
find.bat Version 2008.03.07

Microsoft Windows [Version 6.0.6001]
Bootmodus: Normal

eScan Version: 10.0.5
Sprache: German
C:\Users\Daniel\AppData\Local\Temp\MWAV.LOG

~~~~~~~~~~~
Dateien
~~~~~~~~~~~
~~~~ Infected files
~~~~~~~~~~~
Datei C:\Acer\Empowering Technology\eDataSecurity\nstdata.exe infiziert durch den Virus "NULL.Corrupted"! Maßnahme ergriffen: Keine Maßnahme ergriffen.
~~~~~~~~~~~
~~~~ Tagged files
~~~~~~~~~~~
~~~~~~~~~~~
~~~~ Offending files
~~~~~~~~~~~
~~~~~~~~~~~
~~~~ Spyware (Vorsicht: Oft Fehlalarm!)
~~~~~~~~~~~
eScan AntiVirus und Antispyware Toolkit.
Antiviren- und Antispywaredatenbanken werden heruntergeladen...
eScan AntiVirus und Antispyware Toolkit.
Scannen Spyware: Deaktiviert
~~~~~~~~~~~
Ordner
~~~~~~~~~~~
~~~~~~~~~~~
Registry
~~~~~~~~~~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Diverses
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~
laufende Prozesse - commandline
~~~~~~~~~~~~~~~~~~~~~~
System Idle Process -
System -
smss.exe -
csrss.exe -
wininit.exe -
csrss.exe -
services.exe -
lsass.exe -
lsm.exe -
svchost.exe -
svchost.exe -
svchost.exe -
svchost.exe -
svchost.exe -
svchost.exe -
audiodg.exe -
SLsvc.exe -
svchost.exe -
winlogon.exe -
svchost.exe -
aawservice.exe -
spoolsv.exe -
svchost.exe -
ALaunchSvc.exe -
ClipInc-Server.exe -
eDSService.exe -
eLockServ.exe -
eNet Service.exe -
IAANTmon.exe -
LSSrvc.exe -
McProxy.exe -
Mcshield.exe -
MobilityService.exe -
MpfSrv.exe -
msksrver.exe -
svchost.exe -
PSIService.exe -
RichVideo.exe -
SAService.exe -
svchost.exe -
svchost.exe -
SearchIndexer.exe -
XAudio.exe -
eRecoveryService.exe -
dwm.exe - "C:\Windows\system32\Dwm.exe"
taskeng.exe - taskeng.exe {90A203BA-19CA-4702-839E-2AEB4CA5BA63}
capuserv.exe -
explorer.exe - C:\Windows\Explorer.EXE
ePowerSvc.exe -
WmiPrvSE.exe -
WmiPrvSE.exe -
unsecapp.exe -
MSASCui.exe - "C:\Program Files\Windows Defender\MSASCui.exe" -hide
SynTPStart.exe - "C:\Program Files\Synaptics\SynTP\SynTPStart.exe"
eDSLoader.exe - "C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe"
eAudio.exe - "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
mcagent.exe - "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
SiteAdv.exe - "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
IAAnotif.exe - "C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe"
RtHDVCpl.exe - "C:\Windows\RtHDVCpl.exe"
rundll32.exe - "C:\Windows\System32\rundll32.exe" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
rundll32.exe - rundll32 NVSVC.DLL,nvsvcInitialize
mcmscsvc.exe -
QtZgAcer.EXE -
SynTPEnh.exe -
PMVService.exe - "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
jusched.exe - "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
RtkBtMnt.exe - C:\Users\Daniel\AppData\Local\Temp\RtkBtMnt.exe
sidebar.exe - "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
ehtray.exe - "C:\Windows\ehome\ehtray.exe"
GoogleToolbarNotifier.exe - "C:\Program Files\Google\GoogleToolbarNotifier\1.2.911.3380\GoogleToolbarNotifier.exe"
wmpnscfg.exe - "C:\Program Files\Windows Media Player\wmpnscfg.exe"
Acer.Empowering.Framework.Supervisor.exe - "C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe"
wmpnetwk.exe -
taskeng.exe -
ehmsas.exe - C:\Windows\ehome\ehmsas.exe -Embedding
sidebar.exe - C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
ePower_DMC.exe - "C:\Acer\Empowering Technology\ePower\ePower_DMC.exe"
SearchProtocolHost.exe -
SearchFilterHost.exe -
cmd.exe - cmd /c ""C:\Users\Daniel\Downloads\find.bat" "
conime.exe - C:\Windows\system32\conime.exe
cscript.exe - cscript C:\escan\prclst.vbs //nologo
~~~~~~~~~~~~~~~~~~~~~~
Scanfehler
~~~~~~~~~~~~~~~~~~~~~~
ERROR!!! Invalid Entry {2b45bd21-71f8-4c8c-a87a-7eeb25a1a3e0} = epm-po.dll (in key SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved). No Action Taken.
ERROR!!! Invalid Entry ALaunch = C:\Acer\ALaunch\AlaunchClient.exe (in key SOFTWARE\Microsoft\Windows\CurrentVersion\Run). No Action Taken.
ERROR!!! Invalid Entry Corel Photo Downloader = C:\Program Files\Corel\Corel Snapfire\Corel PhotoDownloader.exe (in key SOFTWARE\Microsoft\Windows\CurrentVersion\Run). No Action Taken.
ERROR!!! Invalid Entry system32\DRIVERS\ipinip.sys in SYSTEM\CurrentControlSet\Services\IpInIp. Action Taken: No Action Taken.
ERROR!!! Invalid Entry system32\DRIVERS\nwlnkflt.sys in SYSTEM\CurrentControlSet\Services\NwlnkFlt. Action Taken: No Action Taken.
ERROR!!! Invalid Entry system32\DRIVERS\nwlnkfwd.sys in SYSTEM\CurrentControlSet\Services\NwlnkFwd. Action Taken: No Action Taken.
ERROR!!! Invalid Entry \SystemRoot\system32\drivers\usbstor.sys in SYSTEM\CurrentControlSet\Services\USBSTOR. Action Taken: No Action Taken.
Result: ERROR!!! File C:\Avenger\backup-20.08.2008-19.45.50,07.zip: Scanning Failure!!!
ERROR!!! ScanFile fails for C:\Avenger\backup-20.08.2008-19.45.50,07.zip
Result: ERROR!!! File C:\Avenger\backup.zip: Scanning Failure!!!
ERROR!!! ScanFile fails for C:\Avenger\backup.zip
ERROR!!! ScanFile fails for C:\Boot\BCD
ERROR!!! ScanFile fails for C:\Boot\BCD.LOG
ERROR!!! ScanFile fails for C:\DRV\BTW\Win32\Data1.cab
ERROR!!! ScanFile fails for C:\DRV\BTW\Win64\Data1.cab
ERROR!!! ScanFile fails for C:\MSOCache\ALLUSE~1\{90120~1\OfficeLR.cab
ERROR!!! ScanFile fails for C:\MSOCache\ALLUSE~1\{91120~1\HomeSrWW.cab
ERROR!!! ScanFile fails for C:\pagefile.sys
Result: ERROR!!! File C:\Program Files\Acer GameZone\Jewel Quest Solitaire\vorbis.dll is Not Scanned
Result: ERROR!!! File C:\Program Files\Acer GameZone\Jewel Quest Solitaire\vorbisfile.dll is Not Scanned
Result: ERROR!!! File C:\Program Files\ICQ6\ConfigFiles\TopSearches.7z: Scanning Failure!!!
ERROR!!! ScanFile fails for C:\PROGRA~1\ICQ6\CONFIG~1\TOPSEA~1.7Z
Result: ERROR!!! File C:\Program Files\ICQ6\ConfigFiles\TopSearchesDe.7z: Scanning Failure!!!
ERROR!!! ScanFile fails for C:\PROGRA~1\ICQ6\CONFIG~1\TOPSEA~2.7Z
ERROR!!! ScanFile fails for C:\PROGRA~1\Java\JRE16~1.0_0\lib\rt.jar
Result: ERROR!!! File C:\Program Files\McAfee.com\Agent\uninst\screm.ui: Scanning Failure!!!
ERROR!!! ScanFile fails for C:\PROGRA~1\McAfee.com\Agent\uninst\screm.ui
ERROR!!! ScanFile fails for C:\PROGRA~1\MICROS~3\WKSv7std.sbt
ERROR!!! ScanFile fails for C:\PROGRA~1\WORDPE~1\CabsDE\QPHelp.cab
ERROR!!! ScanFile fails for C:\PROGRA~1\WORDPE~1\CabsDE\WPHelp.cab
ERROR!!! ScanFile fails for C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\04ef4e34e7194e72f76d9e9c493e25c2_207d61cd-6a9e-4c7c-9590-35bb89879912
ERROR!!! ScanFile fails for C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\0f49fc282f9247d39ace5a894a9d5037_207d61cd-6a9e-4c7c-9590-35bb89879912
ERROR!!! ScanFile fails for C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\1628915b70ed0f650d2608bf52c121ac_207d61cd-6a9e-4c7c-9590-35bb89879912
ERROR!!! ScanFile fails for C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\277b3a3b8b6e4c56042a93021c47ace8_207d61cd-6a9e-4c7c-9590-35bb89879912
ERROR!!! ScanFile fails for C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3c0ce322068e84f646b64258576c30e6_207d61cd-6a9e-4c7c-9590-35bb89879912
ERROR!!! ScanFile fails for C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\410cfc026ffc6154b174deae05f53d97_207d61cd-6a9e-4c7c-9590-35bb89879912
ERROR!!! ScanFile fails for C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\415f24982f9b321bab21a9823fd21045_207d61cd-6a9e-4c7c-9590-35bb89879912
ERROR!!! ScanFile fails for C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\4375e5ff27e83f18d817ee192d3a2a62_207d61cd-6a9e-4c7c-9590-35bb89879912
ERROR!!! ScanFile fails for C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5cb26c2ef1362a33a2adddbb238c9558_207d61cd-6a9e-4c7c-9590-35bb89879912
ERROR!!! ScanFile fails for C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6d665b36419868bc18cee842724dabee_207d61cd-6a9e-4c7c-9590-35bb89879912
ERROR!!! ScanFile fails for C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6d8bd5b5485c75d20cb25034acfde890_207d61cd-6a9e-4c7c-9590-35bb89879912
ERROR!!! ScanFile fails for C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\76c60010ef8f96bd7f64a0e757eb3688_207d61cd-6a9e-4c7c-9590-35bb89879912
ERROR!!! ScanFile fails for C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\7781b9f6eb180bef873b3515b2662e7c_207d61cd-6a9e-4c7c-9590-35bb89879912
ERROR!!! ScanFile fails for C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\7ad6cd3d9b6fe9d82d57076ffa518194_207d61cd-6a9e-4c7c-9590-35bb89879912
ERROR!!! ScanFile fails for C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\83005110c973782b05cb87fff74b72c9_207d61cd-6a9e-4c7c-9590-35bb89879912
ERROR!!! ScanFile fails for C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8c2752bbcdd39c802bfb8d8fbdf10089_207d61cd-6a9e-4c7c-9590-35bb89879912
ERROR!!! ScanFile fails for C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\aa5d9e46dadff8eaa95cb52ff883558d_207d61cd-6a9e-4c7c-9590-35bb89879912
ERROR!!! ScanFile fails for C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\abfe1c8475ceabadfda0499869ddf4e6_207d61cd-6a9e-4c7c-9590-35bb89879912
ERROR!!! ScanFile fails for C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ae22551328d3178feabb3c91354dc0a6_207d61cd-6a9e-4c7c-9590-35bb89879912
ERROR!!! ScanFile fails for C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\af269cad715708590394fa858809ac42_207d61cd-6a9e-4c7c-9590-35bb89879912
ERROR!!! ScanFile fails for C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d8ef438f11cd58771cb75a2ce04a01c9_207d61cd-6a9e-4c7c-9590-35bb89879912
ERROR!!! ScanFile fails for C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e2a4cb7a6e7e8498fa7395fca8e1ab39_207d61cd-6a9e-4c7c-9590-35bb89879912
ERROR!!! ScanFile fails for C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e772fe347a73bcdf84d5747b0f99161e_207d61cd-6a9e-4c7c-9590-35bb89879912
ERROR!!! ScanFile fails for C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e776e851497f0c85ef7919fa5084bf72_207d61cd-6a9e-4c7c-9590-35bb89879912
ERROR!!! ScanFile fails for C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ea36f59a7ebbbde9049ec853bfabafe3_207d61cd-6a9e-4c7c-9590-35bb89879912
ERROR!!! ScanFile fails for C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ef8de252f74ed252cba6f22113d7401c_207d61cd-6a9e-4c7c-9590-35bb89879912
ERROR!!! ScanFile fails for C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f0f1610fc921ba2ad900405c74dbf8e5_207d61cd-6a9e-4c7c-9590-35bb89879912
ERROR!!! ScanFile fails for C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f3cd3236ad1368417cf1460f8e535012_207d61cd-6a9e-4c7c-9590-35bb89879912
ERROR!!! ScanFile fails for C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\fb0ee13a6d7db171aa6f24c04ce7289f_207d61cd-6a9e-4c7c-9590-35bb89879912
Result: ERROR!!! File C:\Users\Daniel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P0EDJIH2\MCF_Ravenhearst-setup[1].exe is Not Scanned
Result: ERROR!!! File C:\Users\Daniel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P0EDJIH2\tiks_texas_holdem-setup[1].exe is Not Scanned
ERROR!!! ScanFile fails for C:\Users\Daniel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RXN2X5XJ\???????????????
ERROR!!! ScanFile fails for C:\Users\Daniel\AppData\Local\Microsoft\Windows\UsrClass.dat
ERROR!!! ScanFile fails for C:\Users\Daniel\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1
Result: ERROR!!! File C:\Users\Daniel\AppData\Roaming\Engelmann Media\MyTube Downloader\HDX4VideoSites.dll is Not Scanned
ERROR!!! ScanFile fails for C:\Users\Daniel\NTUSER.DAT
ERROR!!! ScanFile fails for C:\Users\Daniel\ntuser.dat.LOG1
ERROR!!! ScanFile fails for C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
ERROR!!! ScanFile fails for C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
ERROR!!! ScanFile fails for C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
ERROR!!! ScanFile fails for C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
ERROR!!! ScanFile fails for C:\Windows\System32\catroot2\edb.log
ERROR!!! ScanFile fails for C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
ERROR!!! ScanFile fails for C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
ERROR!!! ScanFile fails for C:\Windows\System32\config\COMPONENTS
ERROR!!! ScanFile fails for C:\Windows\System32\config\COMPONENTS.LOG1
ERROR!!! ScanFile fails for C:\Windows\System32\config\DEFAULT
ERROR!!! ScanFile fails for C:\Windows\System32\config\DEFAULT.LOG1
ERROR!!! ScanFile fails for C:\Windows\System32\config\RegBack\COMPONENTS
ERROR!!! ScanFile fails for C:\Windows\System32\config\RegBack\DEFAULT
ERROR!!! ScanFile fails for C:\Windows\System32\config\RegBack\SAM
ERROR!!! ScanFile fails for C:\Windows\System32\config\RegBack\SECURITY
ERROR!!! ScanFile fails for C:\Windows\System32\config\RegBack\SOFTWARE
ERROR!!! ScanFile fails for C:\Windows\System32\config\RegBack\SYSTEM
ERROR!!! ScanFile fails for C:\Windows\System32\config\SAM
ERROR!!! ScanFile fails for C:\Windows\System32\config\SAM.LOG1
ERROR!!! ScanFile fails for C:\Windows\System32\config\SECURITY
ERROR!!! ScanFile fails for C:\Windows\System32\config\SECURITY.LOG1
ERROR!!! ScanFile fails for C:\Windows\System32\config\SOFTWARE
ERROR!!! ScanFile fails for C:\Windows\System32\config\SOFTWARE.LOG1
ERROR!!! ScanFile fails for C:\Windows\System32\config\SYSTEM
ERROR!!! ScanFile fails for C:\Windows\System32\config\SYSTEM.LOG1
ERROR!!! ScanFile fails for C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl
ERROR!!! ScanFile fails for C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl
ERROR!!! ScanFile fails for C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl
ERROR!!! ScanFile fails for C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl
~~~~~~~~~~~~~~~~~~~~~~
Hosts-Datei
~~~~~~~~~~~~~~~~~~~~~~
DataBasePath: %SystemRoot%\System32\drivers\etc
Zeilen die nicht dem Standard entsprechen:
C:\Windows\System32\drivers\etc\hosts:
C:\Windows\System32\drivers\etc\hosts:127.0.0.1 localhost
C:\Windows\System32\drivers\etc\hosts:::1 localhost
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Statistiken:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Zahl der gescannten Objekte: 105797
Zahl der kritischen Objekte: 1
Zahl der desinfizierten Objekte: 0
Zahl der umbenannten Dateien: 0
Zahl der gelöschten Objekte: 0
Zahl der Fehler: 17
Zeit verstrichen: 00:51:58
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan-Optionen
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Speicherüberprüfung: Aktiviert
Registrierungsdatenbank-Überprüfung: Aktiviert
Überprüfung des Startordners: Aktiviert
Überprüfung des Systemordners: Aktiviert
Überprüfung der Dienste: Aktiviert
Überprüfung der Laufwerke: Deaktiviert
Überprüfung aller Laufwerke:Aktiviert
Überprüfung der Ordner: Deaktiviert

Batchstart: 21:58:32,19
Batchende: 21:58:46,61

trojan-death

21.08.2008 12:08

Ok

Kannst du die Datei/Virus den eScan gefunden hat mal bei VirusTotal hochladen und ein neues HJT Log posten? Danke:daumenhoc

Glaube aber das wars...

crazaD

21.08.2008 12:30

Wenn i die Datei bei Virustotal hochladen will kommt das:

0 bytes size received / Se ha recibido un archivo vacio

crazaD

21.08.2008 18:53

geht noch immer net....

trojan-death

21.08.2008 18:55

Bei Jotti?

crazaD

21.08.2008 18:59

das gleiche:

The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file

trojan-death

21.08.2008 19:06

Wie siehts aus wenn du deinen guard und deine firewall kurz für diesen Vorgang abschaltest

erty	21.08.2008 20:59

die NULL.Corrupted Meldungen von escan taugen gar nix --> ignorieren

edit:
das soll nicht heißen, dass die nstdata.exe ok ist

trojan-death

22.08.2008 21:59

Zitat:

Zitat von erty (Beitrag 364841)

die NULL.Corrupted Meldungen von escan taugen gar nix --> ignorieren

edit:
das soll nicht heißen, dass die nstdata.exe ok ist

Darum will ich ja das er sie scannt:daumenhoc

crazaD

24.08.2008 11:17

Also ich hatte die Firewall und den guard eigentlich alles ausgeschaltet aber kommt noch immer die gleiche meldung...

trojan-death

24.08.2008 11:21

Kannst du sie mir per schicken?
Bitte in einem Passwort geschützen zip file:daumenhoc

crazaD

24.08.2008 11:24

du meinst per mail?

trojan-death

24.08.2008 11:25

:Boogie:

Genau

crazaD

24.08.2008 11:31

dann warte noch was muss mir noch en zip manager besorgen

crazaD

24.08.2008 16:06

und dann bräucht ich deine mail addy noch

crazaD

31.08.2008 12:45

also ist soweit alles von meinem pc runter?

Wenn ja dann vielen vielen dank und Respekt das du das fertig bekommen hast alleine hätt ich en ausm Fenster geschmissen xD

trojan-death

31.08.2008 16:31

Jep, sollte alles i.O. sein...
Oder hast du noch Probleme?

crazaD

01.09.2008 10:14

Nee hab keine Probleme mehr dann vielen Dank für die Hilfe!

Aber was war denn mit der Datei die ich dir geschickt hatte?

trojan-death

01.09.2008 20:54

Ist i.O.;)

Alle Zeitangaben in WEZ +1. Es ist jetzt 07:01 Uhr.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132