| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: tmpf01.exe unkaputtbarer trojanerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
14.01.2005, 18:24
| #1 |
| |  tmpf01.exe unkaputtbarer trojaner hilfe leute! hab seit ein paar tagen irgendwen auf meinem rechner der mir dauern tmpfXX.exe dateien erstellt . avg erkennt die dann schon aber nicht den ursprung. hier mal mein hijack-logfile: Logfile of HijackThis v1.99.0 Scan saved at 18:15:54, on 14.01.2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\AGRSMMSG.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\Programme\AVPersonal\AVWUPSRV.EXE C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\System32\tcpsvcs.exe C:\Programme\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Programme\Adobe\Acrobat 5.0\Distillr\AcroTray.exe C:\Programme\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\System32\tmpf03.exe C:\Programme\WinRAR\WinRAR.exe C:\DOKUME~1\Andreas\LOKALE~1\Temp\Rar$EX00.584\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://s-redirect.com/?a=2&b=p454 R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://s-redirect.com/?a=2&b=p454 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://s-redirect.com/?a=2&b=p454 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://s-redirect.com/?a=2&b=p454 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.web.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://s-redirect.com/?a=2&b=p454 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://s-redirect.com/?a=2&b=p454 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://s-redirect.com/?a=2&b=p454 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://s-redirect.com/?a=2&b=p454 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://s-redirect.com/?a=2&b=p454 R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://s-redirect.com/?a=2&b=p454 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/ O2 - BHO: biObj Class - {000006B1-19B5-414A-849F-2A3C64AE6939} - C:\WINDOWS\bi.dll (file missing) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {BA5AE86A-4E77-4485-A902-FFDF620BE3DD} - C:\WINDOWS\System32\elnii.dll (file missing) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [Cpqset] C:\Programme\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [sys] regedit -s sysdll.reg O4 - HKLM\..\Run: [Zone Labs Client] C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [SysTime] C:\WINDOWS\System32\systime.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [Setup experation] C:\WINDOWS\svchost.exe O4 - HKCU\..\Run: [AddClass] C:\WINDOWS\AddClass.exe O4 - HKCU\..\Run: [winlogon] c:\windows\winlogon.exe O4 - HKCU\..\Run: [System Update] C:\WINDOWS\System\webcheck.exe O4 - Startup: AcrobatAssistent.lnk = C:\Programme\Adobe\Acrobat 5.0\Distillr\AcroTray.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com O15 - Trusted Zone: *.blazefind.com O15 - Trusted Zone: *.clickspring.net O15 - Trusted Zone: *.flingstone.com O15 - Trusted Zone: *.mt-download.com O15 - Trusted Zone: *.my-internet.info O15 - Trusted Zone: *.searchbarcash.com O15 - Trusted Zone: *.searchmiracle.com O15 - Trusted Zone: *.skoobidoo.com O15 - Trusted Zone: *.slotch.com O15 - Trusted Zone: *.windupdates.com O15 - Trusted Zone: *.xxxtoolbar.com O15 - Trusted Zone: *.blazefind.com (HKLM) O15 - Trusted Zone: *.clickspring.net (HKLM) O15 - Trusted Zone: *.flingstone.com (HKLM) O15 - Trusted Zone: *.mt-download.com (HKLM) O15 - Trusted Zone: *.my-internet.info (HKLM) O15 - Trusted Zone: *.searchbarcash.com (HKLM) O15 - Trusted Zone: *.searchmiracle.com (HKLM) O15 - Trusted Zone: *.skoobidoo.com (HKLM) O15 - Trusted Zone: *.slotch.com (HKLM) O15 - Trusted Zone: *.windupdates.com (HKLM) O15 - Trusted Zone: *.xxxtoolbar.com (HKLM) O15 - Trusted IP range: 213.159.117.133 O15 - Trusted IP range: 213.159.117.133 (HKLM) O16 - DPF: {14A3221B-1678-1982-A355-7263B1281987} - ms-its:mhtml:file://c:\nosuch.mht!http://www.awmdabest.com/dlt/397.chm::/file.exe O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1096375424205 O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - C:\WINDOWS\System32\vbsys2 (file missing) O23 - Service: Adobe LM Service - Unknown - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir Service - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AntiVir Update - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE O23 - Service: SoundMAX Agent Service - Analog Devices, Inc. - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe helft mir! danke cratchy |
| Themen zu tmpf01.exe unkaputtbarer trojaner |
| .exe, .inf, 1.exe, adobe, alert, antivir, antivir update, avg, bho, dateien, explorer, file missing, hijackthis, hotkey, internet, internet explorer, microsoft, monitor, programme, regedit, server, software, system, system32, systemcheck, temp, trojane, trojaner, update, windows, windows xp |
Baum-Darstellung