hab grad ma aus spaß den TuneUp Process Manager gestartet und mir angeschaut was für dateien alle geäffnet sin und dabei ist mir volgende aufgefallen:
MPFSERVICE.exe (Geöffnet vo: Internet-Wurm "Agobot" (MPFSERVICE.exe))
Hab dann ma n bissl nach der datei und dem wurm gegoogelt, und dabei bin ich nur auf Viren bzw tronjaner beschreibungen gestoßen. muss ich mir jetzt sorgen machen dass mein pc von nem trojaner befallen ist oder is des irgend was anderes, weil der rechner läuft 1a (also ohne probs!!!)
hab hier auch ma meine hijackthis.log, kp ob ihr des braucht (kenn mich damit null aus)
Quellcode
- Logfile of HijackThis v1.99.1
- Scan saved at 18:46:28, on 11.02.2006
- Platform: Windows XP SP2 (WinNT 5.01.2600)
- MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
- Running processes:
- C:\WINDOWS\System32\smss.exe
- C:\WINDOWS\system32\winlogon.exe
- C:\WINDOWS\system32\services.exe
- C:\WINDOWS\system32\lsass.exe
- C:\WINDOWS\system32\Ati2evxx.exe
- C:\WINDOWS\system32\svchost.exe
- C:\WINDOWS\System32\svchost.exe
- C:\Programme\Intel\Wireless\Bin\EvtEng.exe
- C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
- C:\Programme\Intel\Wireless\Bin\ZcfgSvc.exe
- C:\Programme\Intel\Wireless\Bin\WLKeeper.exe
- C:\WINDOWS\system32\Ati2evxx.exe
- C:\WINDOWS\Explorer.EXE
- C:\WINDOWS\system32\spoolsv.exe
- C:\WINDOWS\eHome\ehRecvr.exe
- C:\WINDOWS\eHome\ehSched.exe
- c:\programme\mcafee.com\agent\mcdetect.exe
- c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
- C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
- C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
- c:\programme\mcafee.com\vso\mcvsshld.exe
- C:\PROGRA~1\mcafee.com\vso\mcvsescn.exe
- c:\programme\mcafee.com\agent\mcagent.exe
- C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
- C:\Programme\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
- C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
- C:\WINDOWS\system32\dllhost.exe
- C:\Programme\Apoint\Apoint.exe
- C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
- C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe
- C:\Programme\Dell\QuickSet\quickset.exe
- C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
- C:\Programme\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
- C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
- C:\Programme\Apoint\Apntex.exe
- C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
- C:\WINDOWS\System32\svchost.exe
- C:\WINDOWS\system32\svchost.exe
- c:\PROGRA~1\mcafee.com\vso\mcshield.exe
- c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
- C:\Programme\Internet Explorer\iexplore.exe
- C:\Programme\WinRAR\WinRAR.exe
- C:\DOKUME~1\Jake\LOKALE~1\Temp\Rar$EX05.578\HijackThis.exe
- R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
- R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com
- R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com
- R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer
- O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
- O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\programme\mcafee\spamkiller\mcapfbho.dll
- O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
- O4 - HKLM\..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe
- O4 - HKLM\..\Run: [ATIPTA] "C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe"
- O4 - HKLM\..\Run: [IntelWireless] C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
- O4 - HKLM\..\Run: [Dell QuickSet] C:\Programme\Dell\QuickSet\quickset.exe
- O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
- O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
- O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
- O4 - HKLM\..\Run: [VirusScan Online] C:\Programme\McAfee.com\VSO\mcvsshld.exe
- O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
- O4 - HKLM\..\Run: [OASClnt] C:\Programme\McAfee.com\VSO\oasclnt.exe
- O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Programme\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
- O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
- O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
- O4 - HKLM\..\Run: [AnyDVD] C:\Programme\SlySoft\AnyDVD\AnyDVD.exe
- O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
- O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_03\bin\npjpi142_03.dll
- O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_03\bin\npjpi142_03.dll
- O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\programme\mcafee\spamkiller\mcapfbho.dll
- O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\programme\mcafee\spamkiller\mcapfbho.dll
- O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
- O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQ\ICQLite.exe
- O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQ\ICQLite.exe
- O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
- O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
- O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
- O17 - HKLM\System\CCS\Services\Tcpip\..\{3F60DFB6-14CE-4A80-9EA5-4B38D538D128}: NameServer = 192.168.178.1
- O17 - HKLM\System\CCS\Services\Tcpip\..\{4EDAC218-A330-4F70-B450-9927266587FD}: NameServer = 192.168.178.1
- O20 - Winlogon Notify: IntelWireless - C:\Programme\Intel\Wireless\Bin\LgNotify.dll
- O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
- O23 - Service: EvtEng - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe
- O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\programme\mcafee.com\agent\mcdetect.exe
- O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
- O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
- O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
- O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
- O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
- O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Programme\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
- O23 - Service: RegSrvc - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
- O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
- O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe
- O23 - Service: WLANKEEPER - Intel® Corporation - C:\Programme\Intel\Wireless\Bin\WLKeeper.exe
freu mich über jede hilfe von euch!!
Mfg