Netz-Treff

Nachricht aus dem Archiv

Flow [Gast] schrieb am 06.May.2010, 23:14:37 in der Kategorie pc.security

Virus? Trojaner?

Alle Schritte befolgt!

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:13:32, on 06.05.2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\\Windows\\system32\\Dwm.exe
C:\\Windows\\Explorer.EXE
C:\\Windows\\system32\\taskhost.exe
C:\\Program Files\\Avira\\AntiVir Desktop\\avgnt.exe
C:\\Program Files\\WinTV\\EPG Services\\System\\EPGClient.exe
C:\\Program Files\\Java\\jre6\\bin\\jusched.exe
C:\\Program Files\\PixelPlanet\\PdfPrinter 6\\PdfPrinterMonitor.exe
C:\\Program Files\\Windows Sidebar\\sidebar.exe
C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\reader_sl.exe
C:\\Program Files\\WinTV\\Ir.exe
C:\\Program Files\\Microsoft Office\\Office14\\ONENOTEM.EXE
C:\\Program Files\\Internet Explorer\\IELowutil.exe
C:\\Program Files\\Mozilla Firefox\\firefox.exe
C:\\Program Files\\Trend Micro\\HiJackThis\\HiJackThis.exe

R1 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = http://start.icq.com/
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Search,SearchAssistant =
R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Search,CustomizeSearch =
R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Toolbar,LinksFolderName =
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\\Program Files\\ICQ6Toolbar\\ICQToolBar.dll
R3 - URLSearchHook: DVDVideoSoft Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\\Program Files\\DVDVideoSoft\\tbDVDV.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\\Program Files\\Adobe\\Acrobat 7.0\\ActiveX\\AcroIEHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\\Program Files\\Microsoft\\Search Enhancement Pack\\Search Helper\\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\\PROGRA~2\\MIF5BA~1\\Office14\\GROOVEEX.DLL
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\\Program Files\\Common Files\\Microsoft Shared\\Windows Live\\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\\PROGRA~2\\MIF5BA~1\\Office14\\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\\Program Files\\Java\\jre6\\bin\\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\\Program Files\\Windows Live\\Toolbar\\wltcore.dll
O2 - BHO: DVDVideoSoft Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\\Program Files\\DVDVideoSoft\\tbDVDV.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\\Program Files\\Windows Live\\Toolbar\\wltcore.dll
O3 - Toolbar: DVDVideoSoft Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\\Program Files\\DVDVideoSoft\\tbDVDV.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\\Program Files\\ICQ6Toolbar\\ICQToolBar.dll
O4 - HKLM\\..\\Run: [avgnt] \"C:\\Program Files\\Avira\\AntiVir Desktop\\avgnt.exe\" /min
O4 - HKLM\\..\\Run: [BCSSync] \"C:\\Program Files\\Microsoft Office\\Office14\\BCSSync.exe\" /DelayServices
O4 - HKLM\\..\\Run: [EPGServiceTool] C:\\PROGRA~2\\WinTV\\EPG Services\\System\\EPGClient.exe
O4 - HKLM\\..\\Run: [SunJavaUpdateSched] \"C:\\Program Files\\Java\\jre6\\bin\\jusched.exe\"
O4 - HKLM\\..\\Run: [PixelPlanet PdfPrinter-Monitor] \"C:\\Program Files\\PixelPlanet\\PdfPrinter 6\\PdfPrinterMonitor.exe\"
O4 - HKLM\\..\\Run: [ApplyEsf-eDocPrintPro] \"C:\\Program Files\\Common Files\\MAYComputer\\eDocPrintPro\\\\ApplyEsf.exe\"
O4 - HKLM\\..\\Run: [Malwarebytes Anti-Malware (reboot)] \"C:\\Program Files\\Malwarebytes\' Anti-Malware\\mbam.exe\" /runcleanupscript
O4 - HKCU\\..\\Run: [Skype] \"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized
O4 - HKCU\\..\\Run: [Sidebar] C:\\Program Files\\Windows Sidebar\\sidebar.exe /autoRun
O4 - HKCU\\..\\Run: [ICQ] \"C:\\Program Files\\ICQ7.0\\ICQ.exe\" silent loginmode=4
O4 - HKCU\\..\\Run: [HowsepianCitibank] c:\\users\\andrejs\\desktop\\bewerbungsunterlagen und prsäentation\\bewerbungsunterlagen\\bewerbungsprozess 091113\\bereits beworben\\citibankandrej.exe
O4 - HKCU\\..\\RunServices: [SetupInstallShield] c:\\users\\andrejs\\appdata\\local\\temp\\temp1_utility_driver_tew444ub_60228.zip\\cd\\utility\\installshieldsetup.exe
O4 - Startup: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk = C:\\Program Files\\Microsoft Office\\Office14\\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\reader_sl.exe
O4 - Global Startup: AutoStart IR.lnk = C:\\Program Files\\WinTV\\Ir.exe
O4 - Global Startup: TEW-444UB Wireless Client Utility.lnk = ?
O8 - Extra context menu item: An OneNote s&enden - res://C:\\PROGRA~2\\MIF5BA~1\\Office14\\ONBttnIE.dll/105
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\\PROGRA~2\\MIF5BA~1\\Office14\\EXCEL.EXE/3000
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\\Program Files\\Windows Live\\Writer\\WriterBrowserExtension.dll
O9 - Extra \'Tools\' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\\Program Files\\Windows Live\\Writer\\WriterBrowserExtension.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\\Program Files\\Microsoft Office\\Office14\\ONBttnIE.dll
O9 - Extra \'Tools\' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\\Program Files\\Microsoft Office\\Office14\\ONBttnIE.dll
O9 - Extra button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\\Program Files\\Microsoft Office\\Office14\\ONBttnIELinkedNotes.dll
O9 - Extra \'Tools\' menuitem: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\\Program Files\\Microsoft Office\\Office14\\ONBttnIELinkedNotes.dll
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\\Program Files\\ICQ7.0\\ICQ.exe
O9 - Extra \'Tools\' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\\Program Files\\ICQ7.0\\ICQ.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\\PROGRA~2\\COMMON~1\\Skype\\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\MSOXMLMF.DLL
O23 - Service: AccSys WLAN Control Service (accvssvc) - AccSys GmbH - C:\\Program Files\\Common Files\\AccSys\\AccVSSvc.exe
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\\Windows\\system32\\acs.exe
O23 - Service: AMD External Events Utility - AMD - C:\\Windows\\system32\\atiesrxx.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\\Program Files\\Avira\\AntiVir Desktop\\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\\Program Files\\Avira\\AntiVir Desktop\\avguard.exe
O23 - Service: PixelPlanet easyPDF SDK 6 Loader (bepldr6PixelPlanetService) - Unknown owner - C:\\Program Files\\Common Files\\BCL Technologies\\PixelPlanet6\\bepldr.exe
O23 - Service: EPGService - Hauppauge Computer Works - C:\\PROGRA~2\\WinTV\\EPG Services\\System\\EPGService.exe
O23 - Service: Google Update Service (gupdate1ca6e7ff061f724) (gupdate1ca6e7ff061f724) - Google Inc. - C:\\Program Files\\Google\\Update\\GoogleUpdate.exe
O23 - Service: ICQ Service - Unknown owner - C:\\Program Files\\ICQ6Toolbar\\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\\Program Files\\Common Files\\InstallShield\\Driver\\1150\\Intel 32\\IDriverT.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\\Windows\\system32\\GameMon.des.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\\Program Files\\Common Files\\Protexis\\License Service\\PsiService_2.exe

--
End of file - 8456 bytes

Virus? Trojaner? Flow [Gast] - 06.May.2010, 21:15:56 - (pc.security)
- Virus? Trojaner? Hausdoc - 06.May.2010, 21:21:59
  - Virus? Trojaner? Flow [Gast] - 06.May.2010, 21:54:33
    - Virus? Trojaner? Hausdoc - 06.May.2010, 21:57:56
      - Virus? Trojaner? Flow [Gast] - 06.May.2010, 23:14:37
        Virus? Trojaner? cosinus - 07.May.2010, 12:02:11
        Virus? Trojaner? Flow [Gast] - 07.May.2010, 18:31:34
        Virus? Trojaner? Flow [Gast] - 07.May.2010, 18:32:01
        Virus? Trojaner? cosinus - 07.May.2010, 22:34:13
        Virus? Trojaner? Hausdoc - 07.May.2010, 18:59:23
        Virus? Trojaner? Berny - 06.May.2010, 23:56:44