Home » Viren, Trojaner & Malware Forum » Neues Notebook, Win32:DNSChanger-SF (Trojaner)!!! » Themenansicht
Neues Notebook, Win32:DNSChanger-SF (Trojaner)!!! |
||
|---|---|---|
| #0
| ||
|
30.03.2008, 21:07
Member
Beiträge: 13 |
||
 
|
|
|
|
30.03.2008, 22:59
Ehrenmitglied
 Beiträge: 29434 |
#2
Hallo.
wende bitte Combofix an + poste hier den report http://www.virus-protect.org/artikel/tools/combofix.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
31.03.2008, 14:38
Member
Themenstarter Beiträge: 13 |
#3
Hallo,
danke erstmal für die schnelle Antwort! Hab zuvor vorsichtshalber auch noch ne Formatierung gemacht. Problem ist nach Suchlauf das gleiche, allerdings bekam ich diesmal beim Hijackthis keine Fehlermeldungen. Hijackthis: (anschließend combofix report)Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 06:36:14, on 31.03.2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\RtHDVCpl.exe C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe C:\Program Files\Acer\Acer Arcade\PCMService.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Launch Manager\LManager.exe C:\Program Files\Avast4\ashDisp.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE C:\Users\ST\AppData\Local\Temp\RtkBtMnt.exe C:\Windows\system32\igfxext.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\system32\wuauclt.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://de.rd.yahoo.com/customize/ycomp/defaults/sp/*http://de.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.intl.acer.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de.intl.acer.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.intl.acer.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://de.rd.yahoo.com/customize/ycomp/defaults/su/*http://de.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O1 - Hosts: ::1 localhost O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll O3 - Toolbar: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe" O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [SetPanel] C:\Acer\APanel\APanel.cmd O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user') O4 - Global Startup: Empowering Technology Launcher.lnk = ? O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O20 - AppInit_DLLs: eNetHook.dll O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe O23 - Service: Automatisches LiveUpdate - Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast4\ashWebSv.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe O23 - Service: Symantec IS Kennwortprüfung (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 9046 bytes Nun das combofix: ComboFix 08-03-30.3 - ST 2008-03-31 14:13:50.1 - NTFSx86 Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.1031.18.183 [GMT 2:00] ausgeführt von:: C:\Users\ST\Desktop\ComboFix.exe * Neuer Wiederherstellungspunkt wurde erstellt . TimedOut: Windir.dat (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Windows\system32\x64 . ((((((((((((((((((((((( Dateien erstellt von 2008-02-28 bis 2008-03-31 )))))))))))))))))))))))))))))) . 2008-03-31 08:21 . 2007-05-09 13:34 16,437,832 --a------ C:\Windows\eRy.exe 2008-03-31 08:21 . 2006-03-09 04:58 1,060,424 --a------ C:\Windows\System32\WdfCoInstaller01000.dll 2008-03-31 08:21 . 2007-02-09 10:43 196,608 --a------ C:\Windows\System32\SynCtrl.dll 2008-03-31 08:21 . 2007-02-09 11:41 182,456 --a------ C:\Windows\System32\drivers\SynTP.sys 2008-03-31 08:21 . 2007-02-09 10:42 163,840 --a------ C:\Windows\System32\SynCOM.dll 2008-03-31 08:21 . 2007-02-09 10:50 143,360 --a------ C:\Windows\System32\SynTPAPI.dll 2008-03-31 08:21 . 2007-02-09 11:38 110,592 --a------ C:\Windows\System32\SynTPCo4.dll 2008-03-31 08:21 . 2007-01-15 14:28 336 --a------ C:\Windows\ACERTOURREMINDERRUN.REG 2008-03-31 08:21 . 2004-06-14 02:24 30 --a------ C:\Windows\SETPANEL.INI 2008-03-31 08:21 . 2008-03-31 08:21 3 --a------ C:\Windows\AFirst.cmd 2008-03-31 08:20 . 2002-11-14 16:32 55,808 --a------ C:\Windows\devcon.exe 2008-03-31 08:20 . 2008-03-30 22:35 1,550 --a------ C:\Windows\CLEANUP.CMD 2008-03-31 08:20 . 2004-10-01 22:32 92 --a------ C:\Windows\CLEANUP.INI 2008-03-31 08:20 . 2007-01-11 11:50 23 --a------ C:\Windows\System32\$Acer$.cmd 2008-03-31 06:35 . 2008-03-31 06:35 <DIR> d-------- C:\Program Files\Trend Micro 2008-03-31 03:06 . 2008-03-31 03:06 1,327,104 --a------ C:\Windows\System32\quartz.dll 2008-03-31 03:06 . 2008-03-31 03:06 223,232 --a------ C:\Windows\System32\WMASF.DLL 2008-03-31 03:06 . 2008-03-31 03:06 9,728 --a------ C:\Windows\System32\LAPRXY.DLL 2008-03-31 03:06 . 2008-03-31 03:06 2,048 --a------ C:\Windows\System32\asferror.dll 2008-03-31 03:05 . 2008-03-31 03:05 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll 2008-03-31 03:05 . 2008-03-31 03:05 1,686,528 --a------ C:\Windows\System32\gameux.dll 2008-03-31 03:05 . 2008-03-31 03:05 1,335,296 --a------ C:\Windows\System32\msxml6.dll 2008-03-31 03:05 . 2008-03-31 03:05 737,792 --a------ C:\Windows\System32\inetcomm.dll 2008-03-31 03:05 . 2008-03-31 03:05 84,480 --a------ C:\Windows\System32\INETRES.dll 2008-03-31 03:05 . 2008-03-31 03:05 2,048 --a------ C:\Windows\System32\msxml6r.dll 2008-03-31 03:04 . 2008-03-31 03:04 788,992 --a------ C:\Windows\System32\rpcrt4.dll 2008-03-31 03:04 . 2008-03-31 03:04 558,080 --a------ C:\Windows\System32\oleaut32.dll 2008-03-31 03:04 . 2008-03-31 03:04 130,048 --a------ C:\Windows\System32\drivers\srv2.sys 2008-03-31 03:04 . 2008-03-31 03:04 101,888 --a------ C:\Windows\System32\drivers\mrxsmb.sys 2008-03-31 03:04 . 2008-03-31 03:04 84,992 --a------ C:\Windows\System32\drivers\srvnet.sys 2008-03-31 03:04 . 2008-03-31 03:04 58,368 --a------ C:\Windows\System32\drivers\mrxsmb20.sys 2008-03-31 03:04 . 2008-03-31 03:04 11,776 --a------ C:\Windows\System32\sbunattend.exe 2008-03-31 03:03 . 2008-03-31 03:03 <DIR> d-------- C:\Program Files\MSXML 4.0 2008-03-31 03:03 . 2008-03-31 03:03 3,504,824 --a------ C:\Windows\System32\ntkrnlpa.exe 2008-03-31 03:02 . 2008-03-31 03:02 3,470,520 --a------ C:\Windows\System32\ntoskrnl.exe 2008-03-31 03:02 . 2008-03-31 03:02 2,048 --a------ C:\Windows\System32\tzres.dll 2008-03-31 03:01 . 2008-03-31 03:01 750,080 --a------ C:\Windows\System32\qmgr.dll 2008-03-30 23:43 . 2008-03-31 14:01 1,461,736 --a------ C:\Windows\System32\PerfStringBackup.INI 2008-03-30 23:03 . 2008-03-29 19:27 42,912 --a------ C:\Windows\System32\drivers\aswTdi.sys 2008-03-30 23:03 . 2008-03-29 19:29 23,152 --a------ C:\Windows\System32\drivers\aswRdr.sys 2008-03-30 23:02 . 2008-03-29 19:23 95,608 --a------ C:\Windows\System32\AvastSS.scr 2008-03-30 23:02 . 2008-03-29 19:31 75,856 --a------ C:\Windows\System32\drivers\aswSP.sys 2008-03-30 23:02 . 2008-03-29 19:35 20,560 --a------ C:\Windows\System32\drivers\aswFsBlk.sys 2008-03-30 23:01 . 2008-03-29 19:45 1,146,232 --a------ C:\Windows\System32\aswBoot.exe 2008-03-30 23:01 . 2004-01-09 10:13 380,928 --a------ C:\Windows\System32\actskin4.ocx 2008-03-30 23:01 . 2008-03-29 19:32 50,768 --a------ C:\Windows\System32\drivers\aswMonFlt.sys 2008-03-30 23:00 . 2008-03-30 23:01 <DIR> d-------- C:\Program Files\Avast4 2008-03-30 22:52 . 2008-03-30 22:52 1,712,984 --a------ C:\Windows\System32\wuaueng.dll 2008-03-30 22:52 . 2008-03-30 22:52 1,524,224 --a------ C:\Windows\System32\wucltux.dll 2008-03-30 22:52 . 2008-03-30 22:52 53,080 --a------ C:\Windows\System32\wuauclt.exe 2008-03-30 22:52 . 2008-03-30 22:52 43,352 --a------ C:\Windows\System32\wups2.dll 2008-03-30 22:51 . 2008-03-30 22:51 549,720 --a------ C:\Windows\System32\wuapi.dll 2008-03-30 22:51 . 2008-03-30 22:51 80,896 --a------ C:\Windows\System32\wudriver.dll 2008-03-30 22:51 . 2008-03-30 22:51 33,624 --a------ C:\Windows\System32\wups.dll 2008-03-30 22:50 . 2008-03-30 22:50 163,000 --a------ C:\Windows\System32\wuwebv.dll 2008-03-30 22:50 . 2008-03-30 22:50 31,232 --a------ C:\Windows\System32\wuapp.exe 2008-03-30 22:47 . 2008-03-30 22:47 92 --a------ C:\Windows\GridV.UNI 2008-03-30 22:41 . 2007-05-08 15:26 368,640 --a------ C:\Windows\System32\CheckD2DSystem.exe 2008-03-30 22:41 . 2006-11-12 11:54 327,680 --a------ C:\Windows\System32\Remove_eRecovery.exe 2008-03-30 22:41 . 2006-11-10 17:27 16,384 --a------ C:\Windows\System32\LauncheRyAgentUser.exe 2008-03-30 22:41 . 2005-12-09 09:12 16,384 --a------ C:\Windows\System32\ClearEvent.exe 2008-03-30 22:41 . 2006-02-24 11:28 552 --a------ C:\Windows\System32\setup.iss 2008-03-30 22:39 . 2008-03-30 22:39 <DIR> d-------- C:\Program Files\Launch Manager 2008-03-30 22:39 . 2008-03-30 22:39 83 --a------ C:\Windows\LManager.UNI 2008-03-30 22:37 . 2008-03-30 22:37 <DIR> d-------- C:\Program Files\Synaptics 2008-03-30 22:37 . 2008-03-30 22:37 0 --ah----- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01000.Wdf 2008-03-30 22:36 . 2008-03-30 22:36 <DIR> dr------- C:\Users\ST\Searches 2008-03-30 22:36 . 2008-03-30 22:36 <DIR> dr------- C:\Users\ST\Contacts 2008-03-30 22:35 . 2008-03-30 22:35 <DIR> d-------- C:\Windows\ACER 2008-03-30 22:35 . 2008-03-30 22:35 <DIR> d-------- C:\Program Files\Yahoo! 2008-03-30 22:35 . 2008-03-30 22:47 <DIR> d-------- C:\Program Files\Acer Inc 2008-03-30 22:35 . 2007-04-19 13:41 83,554,304 --a------ C:\Windows\System32\acer.scr 2008-03-30 22:35 . 2007-05-10 15:21 40,368,034 --a------ C:\Windows\System32\acer.exe 2008-03-30 22:35 . 2008-03-30 22:35 14,600 --a------ C:\Windows\System32\results.xml 2008-03-30 22:34 . 2008-03-30 22:36 <DIR> dr------- C:\Users\ST\Videos 2008-03-30 22:34 . 2008-03-30 22:36 <DIR> dr------- C:\Users\ST\Saved Games 2008-03-30 22:34 . 2008-03-30 22:36 <DIR> dr------- C:\Users\ST\Pictures 2008-03-30 22:34 . 2008-03-30 22:36 <DIR> dr------- C:\Users\ST\Music 2008-03-30 22:34 . 2008-03-30 22:36 <DIR> dr------- C:\Users\ST\Links 2008-03-30 22:34 . 2008-03-31 13:58 <DIR> dr------- C:\Users\ST\Downloads 2008-03-30 22:34 . 2008-03-31 06:36 <DIR> dr------- C:\Users\ST\Documents 2008-03-30 22:34 . 2008-03-30 22:34 <DIR> d--h----- C:\Users\ST\AppData 2008-03-30 22:30 . 2008-03-30 22:30 <DIR> dr------- C:\Windows\System32\config\systemprofile\Contacts . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-31 01:13 --------- d-----w C:\Program Files\Windows Sidebar 2008-03-31 01:05 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll 2008-03-31 01:05 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll 2008-03-31 01:05 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll 2008-03-31 01:05 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll 2008-03-30 21:31 --------- d-----w C:\Program Files\Norton Internet Security 2008-03-30 21:31 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-03-30 21:25 --------- d-----w C:\ProgramData\Symantec 2008-03-30 21:19 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF 2008-03-30 21:19 123,952 ----a-w C:\Windows\system32\drivers\SYMEVENT.SYS 2008-03-30 21:19 10,740 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT 2008-03-30 21:19 --------- d-----w C:\Program Files\Symantec 2008-03-30 20:35 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-03-30 20:31 --------- d-sh--w C:\ProgramData\Vorlagen 2008-03-30 20:31 --------- d-sh--w C:\ProgramData\Startmenü 2008-03-30 20:31 --------- d-sh--w C:\ProgramData\Favoriten 2008-03-30 20:31 --------- d-sh--w C:\ProgramData\Dokumente 2008-03-30 20:31 --------- d-sh--w C:\ProgramData\Anwendungsdaten 2008-03-30 20:31 --------- d-sh--w C:\Program Files\Gemeinsame Dateien 2006-11-02 12:48 174 --sha-w C:\Program Files\desktop.ini . (((((((((((((((((((((((((((( Autostart Punkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt. [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-03-31 03:04 1232896] "WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 14:34 2159104 C:\Windows\System32\oobefldr.dll] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-24 17:15 1006264] "RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 05:06 4669440 C:\Windows\RtHDVCpl.exe] "eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 16:33 457216] "PCMService"="C:\Program Files\Acer\Acer Arcade\PCMService.exe" [2007-06-21 18:25 155648] "Acer Tour"="" [] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 04:38 40048] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 06:39 107112] "osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2006-11-21 06:36 22696] "IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-05-25 04:31 142104] "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-05-25 04:31 154392] "Persistence"="C:\Windows\system32\igfxpers.exe" [2007-05-25 04:31 138008] "SetPanel"="C:\Acer\APanel\APanel.cmd" [ ] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-02-09 11:41 845360] "LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2007-07-16 07:51 768520] "WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 21:48 57344] "eRecoveryService"="" [] "Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-05-22 15:49 151552] "avast!"="C:\PROGRA~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-05-22 15:49 151552] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-08-24 17:44:20 535336] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=eNetHook.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{D1F7DD85-AF61-447C-B938-503473E5EE34}"= C:\Program Files\Acer\Acer Arcade\PowerCinema.exe:CyberLink PowerCinema "{F66DD536-9EAA-4763-B672-9F026F2B12AC}"= C:\Program Files\Acer\Acer Arcade\PCMService.exe:CyberLink PowerCinema Resident Program "{82F7EB0E-36D5-47A0-B1CF-D3F26A981EB7}"= C:\Program Files\Acer\Acer Arcade\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine "{6A428BDC-A688-450B-A47D-222850C9F56A}"= C:\Program Files\Acer\Acer Arcade\Kernel\DMS\CLMSService.exe:CyberLink Media Server "{0A09853D-26EB-4795-A229-C57B837A9BF9}"= C:\Program Files\Acer\HomeMedia\HomeMedia.exe:HomeMedia "{D5F43FB9-E3C8-4043-B9B3-ECABBC5308E1}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{5DDB42EA-DF56-443C-9831-CC97C4B8960F}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System] "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic| [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-04-25 16:34] R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-04-25 16:34] R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-04-25 16:34] R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-03-29 19:31] R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080325.002\IDSvix86.sys [2008-03-12 08:30] R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35] R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-03-29 19:32] R2 Automatisches LiveUpdate - Scheduler;Automatisches LiveUpdate - Scheduler;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2007-09-26 10:53] R2 eDataSecurity Service;eDSService.exe;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-04-25 16:34] R2 eNet Service;eNet Service;C:\Acer\Empowering Technology\eNet\eNet Service.exe [2007-05-22 15:00] R2 eSettingsService;eSettings Service;C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-05-10 14:05] R2 MobilityService;MobilityService;C:\Acer\Mobility Center\MobilityService.exe [2006-11-24 12:57] R2 WMIService;ePower Service;C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2007-05-16 22:15] R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-01-30 07:23] R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2007-06-18 12:03] R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-06-05 10:57] R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-05-22 06:28] R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2006-11-21 06:40] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc *Newly Created Service* - COMHOST . Inhalt des "geplante Tasks" Ordners "2008-03-30 21:32:33 C:\Windows\Tasks\Norton Internet Security - Vollständige Systemprüfung ausführen - ST.job" - C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeB/TASK: . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-31 14:18:39 Windows 6.0.6000 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostart Einträge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** . Zeit der Fertigstellung: 2008-03-31 14:20:04 ComboFix-quarantined-files.txt 2008-03-31 12:19:44 11 Verzeichnis(se), 39,459,454,976 Bytes frei 19 Verzeichnis(se), 39,348,023,296 Bytes frei . 2008-03-31 01:07:51 --- E O F --- Vielen Dank schon mal!!! |
|
|
|
|
|
|
31.03.2008, 14:58
Ehrenmitglied
Beiträge: 29434 |
#4
Hallo,
die Systemwiederherstellung hat nichts gebracht, es gibt weiterhin Viren auf dem Rechner. Das beste in dieser Situation (brandneuer Laptop) - lege die Vista-DVD ein ud setze das System in den Auslieferungszustand zurück. Dann sind erst mal alle Daten weg, aber auch die Viren... wenn Du den PC startest, die Taste fürs Boot drücken, anschließend DVD einlegen, im Bootmenü auf "von CD starten" einstellen. Anschließend startet der PC automatisch von CD. Dort kannst Du dann die Optionen eingeben: Windows reparieren, Windows neuinstallieren usw. Wenn Du die Festplatte formatierst, wird alles gelöscht und Windows neuinstalliert. dann wieder alle Treiber und Programme installieren usw... dann lädst du wieder den Avast usw. usw. http://www.virus-protect.org/avast.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
31.03.2008, 15:19
Member
Themenstarter Beiträge: 13 |
#5
Hallo,
leider habe ich genau das schon gemacht (PC formatiert und Vista neu aufgespielt. Hättest du noch ne andere Lösung? |
|
|
|
|
|
|
31.03.2008, 16:13
Ehrenmitglied
Beiträge: 29434 |
#6
scanne mit Kaspersky ...zeigt nur an, löscht nicht + poste den report
http://board.protecus.de/t8642.htm __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
31.03.2008, 16:50
Member
Themenstarter Beiträge: 13 |
#7
Leider machte er jedesmal wenn ich auf Start drücke,
ein leeres Fenster auf und es rührt sich nichts. Active x hat nicht nachgefragt. Sicherheitseinstellung hab ich auch verändert. Immer das gleiche. Ist das normal? Gibts ein anderes Programm oder ne andere Möglichkeit? |
|
|
|
|
|
|
31.03.2008, 18:41
Ehrenmitglied
Beiträge: 29434 |
#8
scanne, dann poste den report
http://virus-protect.org/artikel/tools/kaspersky.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
31.03.2008, 21:17
Member
Themenstarter Beiträge: 13 |
#9
das läßt er mich nicht installieren, sagt kaspersky kann nicht mehr ausgeführt werden.
kann man aus den anderen reports was rauslesen oder gibts noch ne Variante? |
|
|
|
|
|
|
31.03.2008, 23:20
Ehrenmitglied
Beiträge: 29434 |
#10
klappt es mit a-squared Anti-Malware ?
http://www.virus-protect.org/a2.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
31.03.2008, 23:29
Ehrenmitglied
 Beiträge: 6028 |
||
|
|
|
|
|
01.04.2008, 07:10
Member
Themenstarter Beiträge: 13 |
#12
So, danke hat diesmal geklappt. Er hat 2 Sachen gefunden, hab sie beseitigt und
den Report gemacht, häng auch nochmal das aktuelle HiJackthis ran: a-squared Anti-Malware - Version 3.1 Letztes Update: 31.03.2008 23:32:30 Scan Einstellungen: Objekte: Speicher, Traces, Cookies Archiv Scan: An Heuristik: An ADS Scan: An Scan Beginn: 01.04.2008 06:28:34 Key: HKEY_USERS\S-1-5-21-1999607512-1586420100-437570370-1000\software\kazaa gefunden: Trace.Registry.KaZaA C:\Users\ST\AppData\Roaming\Mozilla\Firefox\Profiles\d2sjw72j.default\cookies.txt:40 gefunden: Trace.TrackingCookie Gescannt Dateien: 3741 Traces: 316522 Cookies: 64 Prozesse: 73 Gefunden Dateien: 0 Traces: 1 Cookies: 1 Prozesse: 0 Registry Keys: 0 Scan Ende: 01.04.2008 06:33:19 Scan Zeit: 0:04:45 C:\Users\ST\AppData\Roaming\Mozilla\Firefox\Profiles\d2sjw72j.default\cookies.txt:40 Quarantäne Trace.TrackingCookie Key: HKEY_USERS\S-1-5-21-1999607512-1586420100-437570370-1000\software\kazaa Quarantäne Trace.Registry.KaZaA Quarantäne Dateien: 0 Traces: 1 Cookies: 1 HiJackthis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 06:53:16, on 01.04.2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16609) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe C:\Program Files\Acer\Acer Arcade\PCMService.exe C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Users\ST\AppData\Local\Temp\RtkBtMnt.exe C:\Program Files\Avast4\ashDisp.exe C:\Users\Public\Desktop\Kaspersky Lab Tool\setup_7.0.0.180_31.03.2008_19-32.exe C:\Program Files\a-squared Anti-Malware\a2guard.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Windows\system32\igfxsrvc.exe C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.intl.acer.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.intl.acer.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://de.rd.yahoo.com/customize/ycomp/defaults/su/*http://de.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O1 - Hosts: ::1 localhost O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe" O4 - HKLM\..\Run: [SetPanel] C:\Acer\APanel\APanel.cmd O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [AVP] "C:\Users\Public\Desktop\Kaspersky Lab Tool\setup_7.0.0.180_31.03.2008_19-32.exe" O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe" O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user') O4 - Global Startup: Empowering Technology Launcher.lnk = ? O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O20 - AppInit_DLLs: eNetHook.dll O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe O23 - Service: Automatisches LiveUpdate - Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast4\ashWebSv.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Symantec IS Kennwortprüfung (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe O23 - Service: setup_7.0.0.180_31.03.2008_19-32 - Kaspersky Lab - C:\Users\Public\Desktop\Kaspersky Lab Tool\setup_7.0.0.180_31.03.2008_19-32.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 9027 bytes |
|
|
|
|
|
|
01.04.2008, 09:55
Ehrenmitglied
Beiträge: 29434 |
#13
Hallo,
«« Start - Ausführen - Kopiere rein: Combofix /U - klicke "OK" «« mit dem HijackThis löschen ("fixen") Klicke: "Do a system scan only" Zitat O4 - HKLM\..\Run: [AVP] "C:\Users\Public\Desktop\Kaspersky Lab Tool\setup_7.0.0.180_31.03.2008_19-32.exe"Setze ein Häckchen in das Kästchen vor den genannten Eintrag der als zu "fixen" (löschen) empfohlen wurde) - keine anderen !! und wähle fix checked. + starte den Rechner neu. dann scanne noch mal mit deinen Virenscannern, am besten im abgesicherten modus. Soweit sollte es dann wieder o.k. sein. Jedenfalls..ich finde nichts und asquared auch nicht. __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
01.04.2008, 22:32
Member
Themenstarter Beiträge: 13 |
#14
Hallo,
jetzt hab ich nochmal u.a. mit asquared, avast und norton internet security gescannt (Abgesicherter Modus + Normal). Hat nichts gefunden. Jetzt würd ich mal das ServicePack 1 für Vista raufspulen, oder? Und danach wärs super von euch, meinen Hijackthis report nochmals zu kontrollieren. Oder Combo? Was wär besser? Müsste ich dann "clean" sein, oder kann da noch was vor sich hinschlummern? Die einzigen Probleme, die jetzt noch auftreten, dass ich mein Desktophintergrund nicht verändern kann (bleibt schwarz ) und mir mein Norton internet security den phising-schutz nicht aktivieren kann (vielleicht durch windows bereits aktiviert, kann das sein? Danke schon mal |
|
|
|
|
|
|
02.04.2008, 00:01
Ehrenmitglied
Beiträge: 29434 |
#15
Start -Ausführen - regedit
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 - in 0 ändern [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 - in 0 ändern [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile] "EnableFirewall"= 0 (0x0) - in 1 ändern - Firewall wird so aktiviert PC neustarten »» poste das log vom Silentrunner http://www.virus-protect.org/silentrunner.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!
bitte erst » hier kostenlos registrieren!!
Folgende Themen könnten Dich auch interessieren:
Copyright © 2024, Protecus.de - Protecus Team - Impressum / Mediadaten
bitte helft mir!!
Hab auf meinem neuen Laptop den Trojaner:
Win32
gefunden hat ihn der avast antivirus.
Benutze Windows Vista Basic
bei hijackthis hat ich folgendes Protokoll bekommen (inkl. 2 Fehlermeldungen, ich hoffe, das reicht):
Logfile of HijackThis v1.99.1
Scan saved at 21:04:48, on 30.03.2008
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Avast4\ashDisp.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\igfxsrvc.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Users\ST\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\ST\Desktop\Hijackthis\hijackthis_199\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://de.rd.yahoo.com/customize/ycomp/defaults/sp/*http://de.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.intl.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://de.rd.yahoo.com/customize/ycomp/defaults/su/*http://de.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [SetPanel] C:\Acer\APanel\APanel.cmd
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: eNetHook.dll
O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxdev.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: Automatisches LiveUpdate - Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Symantec IS Kennwortprüfung (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe