MIC [Gast] schrieb am 04.May.2010, 11:46:59 in der Kategorie pc.security
TR/Crypt.XPAC.Gen
Hallo,
mein Virenscanner meldet mir eine infizierte Datei. Ich habe jetzt einen hijack this Protokoll erstellt. Kann mir jemand helfen?
Vielen Dank
MIC
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:36:32, on 04.05.2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
C:\\Program Files (x86)\\EgisTec\\MyWinLocker 3\\x86\\mwlDaemon.exe
C:\\Program Files (x86)\\Intel\\Intel Matrix Storage Manager\\IAAnotif.exe
C:\\Windows\\PLFSetI.exe
C:\\Program Files (x86)\\Secuties\\Data Security\\SdwMon32.exe
C:\\Program Files (x86)\\Secuties\\Data Security\\SdwTray.exe
C:\\Program Files (x86)\\Acer\\Acer VCM\\AcerVCM.exe
C:\\Program Files (x86)\\EgisTec Egis Software Update\\EgisUpdate.exe
C:\\Program Files (x86)\\OpenOffice.org 3\\program\\soffice.exe
C:\\Program Files (x86)\\OpenOffice.org 3\\program\\soffice.bin
C:\\Program Files (x86)\\NewTech Infosystems\\Acer Backup Manager\\BackupManagerTray.exe
C:\\Program Files (x86)\\Launch Manager\\LManager.exe
C:\\Program Files (x86)\\ScanSoft\\PaperPort\\pptd40nt.exe
C:\\Program Files (x86)\\Brother\\Brmfcmon\\BrMfcWnd.exe
C:\\Program Files (x86)\\FreePDF_XP\\fpassist.exe
C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe
C:\\Program Files (x86)\\Avira\\AntiVir Desktop\\avgnt.exe
C:\\Program Files (x86)\\Brother\\ControlCenter3\\brccMCtl.exe
C:\\Program Files (x86)\\Brother\\Brmfcmon\\BrMfcmon.exe
C:\\Program Files (x86)\\Verbindungsassistent\\Verbindungsassistent.exe
C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe
C:\\Program Files (x86)\\CyberLink\\PowerDVD8\\PDVD8Serv.exe
C:\\Program Files (x86)\\TerraTec\\TerraTec Home Cinema\\CinergyDvr.exe
C:\\Users\\MiCu\\Software\\Foxmail\\Foxmail.exe
C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe
C:\\Program Files (x86)\\FreeCommander\\FreeCommander.exe
C:\\Program Files (x86)\\Trend Micro\\HijackThis\\HijackThis.exe
R1 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_4810t&r=27360410x716l03c8z1j5t48i1b553
R1 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2442941
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_4810t&r=27360410x716l03c8z1j5t48i1b553
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_4810t&r=27360410x716l03c8z1j5t48i1b553
R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Search,SearchAssistant =
R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Search,CustomizeSearch =
R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Local Page = C:\\Windows\\SysWOW64\\blank.htm
R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Toolbar,LinksFolderName =
R3 - URLSearchHook: Soft-Search Toolbar - {09e55ba0-f9c6-4b81-82df-46853f6f7b3f} - C:\\Program Files (x86)\\Soft-Search\\tbSoft.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Soft-Search Toolbar - {09e55ba0-f9c6-4b81-82df-46853f6f7b3f} - C:\\Program Files (x86)\\Soft-Search\\tbSoft.dll
O2 - BHO: SuggestMeYesBHO - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\\Program Files (x86)\\AutocompletePro\\AutocompletePro.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\\Program Files (x86)\\Common Files\\Microsoft Shared\\Windows Live\\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\\Program Files (x86)\\Google\\Google Toolbar\\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\\Program Files (x86)\\Google\\GoogleToolbarNotifier\\5.5.4723.1820\\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\\Program Files (x86)\\Java\\jre6\\bin\\jp2ssv.dll
O3 - Toolbar: TerraTec Home Cinema - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\\PROGRA~2\\TerraTec\\TERRAT~1\\THCDES~1.DLL
O3 - Toolbar: Soft-Search Toolbar - {09e55ba0-f9c6-4b81-82df-46853f6f7b3f} - C:\\Program Files (x86)\\Soft-Search\\tbSoft.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\\Program Files (x86)\\Google\\Google Toolbar\\GoogleToolbar_32.dll
O4 - HKLM\\..\\Run: [Adobe Reader Speed Launcher] \"C:\\Program Files (x86)\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe\"
O4 - HKLM\\..\\Run: [NortonOnlineBackupReminder] \"C:\\Program Files (x86)\\Symantec\\Norton Online Backup\\Activation\\NobuActivation.exe\" UNATTENDED
O4 - HKLM\\..\\Run: [BackupManagerTray] \"C:\\Program Files (x86)\\NewTech Infosystems\\Acer Backup Manager\\BackupManagerTray.exe\" -h -k
O4 - HKLM\\..\\Run: [EgisTecLiveUpdate] \"C:\\Program Files (x86)\\EgisTec Egis Software Update\\EgisUpdate.exe\"
O4 - HKLM\\..\\Run: [StartCCC] \"C:\\Program Files (x86)\\ATI Technologies\\ATI.ACE\\Core-Static\\CLIStart.exe\" MSRun
O4 - HKLM\\..\\Run: [LManager] C:\\Program Files (x86)\\Launch Manager\\LManager.exe
O4 - HKLM\\..\\Run: [RemoteControl8] \"c:\\Program Files (x86)\\CyberLink\\PowerDVD8\\PDVD8Serv.exe\"
O4 - HKLM\\..\\Run: [SSBkgdUpdate] \"C:\\Program Files (x86)\\Common Files\\Scansoft Shared\\SSBkgdUpdate\\SSBkgdupdate.exe\" -Embedding -boot
O4 - HKLM\\..\\Run: [PaperPort PTD] \"C:\\Program Files (x86)\\ScanSoft\\PaperPort\\pptd40nt.exe\"
O4 - HKLM\\..\\Run: [IndexSearch] \"C:\\Program Files (x86)\\ScanSoft\\PaperPort\\IndexSearch.exe\"
O4 - HKLM\\..\\Run: [PPort11reminder] \"C:\\Program Files (x86)\\ScanSoft\\PaperPort\\Ereg\\Ereg.exe\" -r \"C:\\ProgramData\\ScanSoft\\PaperPort\\11\\Config\\Ereg\\Ereg.ini\"
O4 - HKLM\\..\\Run: [BrMfcWnd] C:\\Program Files (x86)\\Brother\\Brmfcmon\\BrMfcWnd.exe /AUTORUN
O4 - HKLM\\..\\Run: [ControlCenter3] C:\\Program Files (x86)\\Brother\\ControlCenter3\\brctrcen.exe /autorun
O4 - HKLM\\..\\Run: [FreePDF Assistant] C:\\Program Files (x86)\\FreePDF_XP\\fpassist.exe
O4 - HKLM\\..\\Run: [SunJavaUpdateSched] \"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\"
O4 - HKLM\\..\\Run: [avgnt] \"C:\\Program Files (x86)\\Avira\\AntiVir Desktop\\avgnt.exe\" /min
O4 - HKLM\\..\\Run: [Adobe ARM] \"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\"
O4 - HKCU\\..\\Run: [Data Security SdwMon32] C:\\Program Files (x86)\\Secuties\\Data Security\\SdwMon32.exe /run
O4 - HKCU\\..\\Run: [Data Security SystemTray] C:\\PROGRA~2\\Secuties\\DATASE~1\\SDWTRAY.EXE
O4 - HKCU\\..\\Run: [swg] \"C:\\Program Files (x86)\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe\"
O4 - HKUS\\S-1-5-19\\..\\Run: [Sidebar] %ProgramFiles%\\Windows Sidebar\\Sidebar.exe /autoRun (User \'LOKALER DIENST\')
O4 - HKUS\\S-1-5-19\\..\\RunOnce: [mctadmin] C:\\Windows\\System32\\mctadmin.exe (User \'LOKALER DIENST\')
O4 - HKUS\\S-1-5-20\\..\\Run: [Sidebar] %ProgramFiles%\\Windows Sidebar\\Sidebar.exe /autoRun (User \'NETZWERKDIENST\')
O4 - HKUS\\S-1-5-20\\..\\RunOnce: [mctadmin] C:\\Windows\\System32\\mctadmin.exe (User \'NETZWERKDIENST\')
O4 - Startup: OpenOffice.org 3.2.lnk = C:\\Program Files (x86)\\OpenOffice.org 3\\program\\quickstart.exe
O4 - Global Startup: Acer VCM.lnk = ?
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\\Program Files\\WIDCOMM\\Bluetooth Software\\btsendto_ie_ctx.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\\PROGRA~2\\MICROS~3\\Office12\\EXCEL.EXE/3000
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\\Program Files\\WIDCOMM\\Bluetooth Software\\btsendto_ie.htm
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\\Program Files (x86)\\Windows Live\\Writer\\WriterBrowserExtension.dll
O9 - Extra \'Tools\' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\\Program Files (x86)\\Windows Live\\Writer\\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\\PROGRA~2\\MICROS~3\\Office12\\ONBttnIE.dll
O9 - Extra \'Tools\' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\\PROGRA~2\\MICROS~3\\Office12\\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\\PROGRA~2\\MICROS~3\\Office12\\REFIEBAR.DLL
O9 - Extra button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\\Program Files\\WIDCOMM\\Bluetooth Software\\btsendto_ie.htm
O9 - Extra \'Tools\' menuitem: Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\\Program Files\\WIDCOMM\\Bluetooth Software\\btsendto_ie.htm
O13 - Gopher Prefix:
O17 - HKLM\\System\\CCS\\Services\\Tcpip\\..\\{78AFA497-D610-46D1-9D10-B14DAB4C9FBF}: NameServer = 212.23.97.3 212.23.97.2
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\\Program Files (x86)\\Acer\\Acer VCM\\Skype4COM.dll
O23 - Service: @%SystemRoot%\\system32\\Alg.exe,-112 (ALG) - Unknown owner - C:\\Windows\\System32\\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\\Windows\\system32\\atiesrxx.exe (file missing)
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\\Program Files (x86)\\Avira\\AntiVir Desktop\\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\\Program Files (x86)\\Avira\\AntiVir Desktop\\avguard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\\Program Files\\WIDCOMM\\Bluetooth Software\\btwdins.exe
O23 - Service: cyberJack PC/SC COM Service (cjpcsc) - REINER SCT - C:\\Windows\\SysWOW64\\cjpcsc.exe
O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\\Program Files (x86)\\Launch Manager\\dsiwmis.exe
O23 - Service: @%SystemRoot%\\system32\\efssvc.dll,-100 (EFS) - Unknown owner - C:\\Windows\\System32\\lsass.exe (file missing)
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\\Program Files\\Acer\\Acer PowerSmart Manager\\ePowerSvc.exe
O23 - Service: @%systemroot%\\system32\\fxsresm.dll,-118 (Fax) - Unknown owner - C:\\Windows\\system32\\fxssvc.exe (file missing)
O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\\Program Files (x86)\\Acer\\Registration\\GregHSRW.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\\Program Files (x86)\\Google\\Update\\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\\Program Files (x86)\\Google\\Common\\Google Updater\\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\\Program Files (x86)\\Intel\\Intel Matrix Storage Manager\\IAANTMon.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\\Windows\\system32\\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\\Windows\\System32\\msdtc.exe (file missing)
O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\\Program Files (x86)\\EgisTec\\MyWinLocker 3\\x86\\\\MWLService.exe
O23 - Service: @%SystemRoot%\\System32\\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\\Windows\\system32\\lsass.exe (file missing)
O23 - Service: NMSAccess - Unknown owner - C:\\Program Files (x86)\\CDBurnerXP\\NMSAccessU.exe
O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\\Program Files (x86)\\NewTech Infosystems\\Acer Backup Manager\\IScheduleSvc.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\\Program Files (x86)\\NewTech Infosystems\\NTI Backup Now 5\\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\\Program Files (x86)\\NewTech Infosystems\\NTI Backup Now 5\\SchedulerSvc.exe
O23 - Service: Acer ODD Power Service (ODDPwrSvc) - Acer Incorporated - C:\\Program Files\\Acer\\Optical Drive Power Management\\ODDPWRSvc.exe
O23 - Service: @%systemroot%\\system32\\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\\Windows\\system32\\lsass.exe (file missing)
O23 - Service: @%systemroot%\\system32\\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\\Windows\\system32\\locator.exe (file missing)
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\\Program Files (x86)\\Acer\\Acer VCM\\RS_Service.exe
O23 - Service: @%SystemRoot%\\system32\\samsrv.dll,-1 (SamSs) - Unknown owner - C:\\Windows\\system32\\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\\system32\\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\\Windows\\System32\\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\\system32\\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\\Windows\\System32\\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\\system32\\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\\Windows\\system32\\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\\system32\\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\\Windows\\system32\\UI0Detect.exe (file missing)
O23 - Service: Updater Service - Acer - C:\\Program Files\\Acer\\Acer Updater\\UpdaterService.exe
O23 - Service: @%SystemRoot%\\system32\\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\\Windows\\system32\\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\\system32\\vds.exe,-100 (vds) - Unknown owner - C:\\Windows\\System32\\vds.exe (file missing)
O23 - Service: @%systemroot%\\system32\\vssvc.exe,-102 (VSS) - Unknown owner - C:\\Windows\\system32\\vssvc.exe (file missing)
O23 - Service: @%systemroot%\\system32\\wbengine.exe,-104 (wbengine) - Unknown owner - C:\\Windows\\system32\\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\\system32\\wbem\\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\\Windows\\system32\\wbem\\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\\Windows Media Player\\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\\Program Files (x86)\\Windows Media Player\\wmpnetwk.exe (file missing)
O23 - Service: WTGService - Unknown owner - C:\\Program Files (x86)\\Verbindungsassistent\\WTGService.exe
--
End of file - 14126 bytes
Archiv