Trojaner

Jea · 07.05.2005, 17:27

Hallo,

hatte mehrere Trojaner auf dem Rechner - und ich hoffe, ich hab sie jetzt entfernt.

Aber kann vielleicht trotzdem nochmal jemand schauen, ob hier alles stimmt.

Vielen Dank.

Logfile of HijackThis v1.99.1
Scan saved at 18:21:37, on 07.05.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
G:\Programme\F-Secure\Anti-Virus\fsgk32st.exe
G:\Programme\F-Secure\Anti-Virus\FSGK32.EXE
G:\Programme\F-Secure\backweb\4476822\program\fsbwsys.exe
G:\Programme\F-Secure\Common\FSMA32.EXE
G:\Programme\F-Secure\Anti-Virus\fssm32.exe
C:\Programme\Intel\Intel Application Accelerator\iaantmon.exe
G:\Programme\F-Secure\Common\FSMB32.EXE
G:\Programme\F-Secure\Common\FCH32.EXE
G:\Programme\F-Secure\Common\FAMEH32.EXE
G:\Programme\F-Secure\FSPC\fspc.exe
G:\Programme\F-Secure\FWES\Program\fsdfwd.exe
G:\Programme\F-Secure\Anti-Virus\fsav32.exe
C:\Programme\Java\j2re1.4.2_04\bin\jusched.exe
C:\Programme\Intel\Intel Application Accelerator\iaanotif.exe
C:\Programme\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Programme\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
G:\Lexmark\ACMonitor_X84-X85.exe
G:\Lexmark\AcBtnMgr_X84-X85.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
G:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
G:\Programme\F-Secure\Common\FSM32.EXE
G:\Programme\The Cleaner\tca.exe
G:\Programme\The Cleaner\tcm.exe
G:\Programme\TrojanHunter 3.5\THGuard.exe
C:\WINDOWS\system32\ctfmon.exe
G:\PROGRA~1\LASTMI~1.6\plmg.exe
G:\Programme\Spy Emergency 2005\SpyEmergency.exe
G:\Programme\F-Secure\FSGUI\fsguiexe.exe
F:\Photoloader 2.1G\Plauto.exe
C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis2\kernel.exe
C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis2\sc_watch.exe
C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis2\PROFIL~1.EXE
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Dokumente und Einstellungen\Jeannette\Eigene Dateien\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Programme\Adobe\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: BonusManager - {EC724CE5-D029-46A2-BAA7-7F88E154DFA0} - G:\Programme\BonusManager\BonusSpy.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Programme\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Programme\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Programme\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Programme\Gemeinsame Dateien\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Lexmark X84-X85 Button Monitor] g:\Lexmark\ACMonitor_X84-X85.exe
O4 - HKLM\..\Run: [Lexmark X84-X85 Button Manager] g:\Lexmark\AcBtnMgr_X84-X85.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [EM_EXEC] G:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MMTray] C:\Programme\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [F-Secure Manager] "G:\Programme\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "G:\Programme\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "G:\Programme\F-Secure\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [tcactive] G:\Programme\The Cleaner\tca.exe
O4 - HKLM\..\Run: [tcmonitor] G:\Programme\The Cleaner\tcm.exe
O4 - HKLM\..\Run: [THGuard] "G:\Programme\TrojanHunter 3.5\THGuard.exe"
O4 - HKLM\..\RunOnce: [SpybotSnD] "G:\Programme\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [plmg.exe] G:\PROGRA~1\LASTMI~1.6\plmg.exe /minimize
O4 - HKCU\..\Run: [SpyEmergency] "G:\Programme\Spy Emergency 2005\SpyEmergency.exe"
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = ?
O4 - Global Startup: Photo Loader resident.lnk = F:\Photoloader 2.1G\Plauto.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Artikel hinzufügen - file://c:\add.htm
O8 - Extra context menu item: eBay Powersuche - http://www.webtip.ch/cgi-bin/msiebutton/tracker.pl?adv
O8 - Extra context menu item: eBay Produktsuche - G:\Programme\Preispiraten 2.1.3\Buyertools Reminder\SearchEbay.htm
O8 - Extra context menu item: eBay Startseite - http://www.webtip.ch/cgi-bin/msiebutton/tracker.pl?heim
O8 - Extra context menu item: Mein eBay - http://www.webtip.ch/cgi-bin/msiebutton/tracker.pl?mein
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: Webfilter - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - G:\Programme\F-Secure\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - G:\Programme\F-Secure\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Website-&Liste anzeigen - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - G:\Programme\F-Secure\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F02} - G:\Programme\F-Secure\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Webseitenfilter &aussetzen - {200DB664-75B5-47c0-8B45-A44ACCF73F02} - G:\Programme\F-Secure\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F03} - G:\Programme\F-Secure\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Diese Website &sperren - {200DB664-75B5-47c0-8B45-A44ACCF73F03} - G:\Programme\F-Secure\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F04} - G:\Programme\F-Secure\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Diese Website &zulassen - {200DB664-75B5-47c0-8B45-A44ACCF73F04} - G:\Programme\F-Secure\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Preispiraten 2.1.3 - {86DE8B3B-1EB7-4386-84BD-EBE94348A913} - G:\Programme\Preispiraten 2.1.3\Preispiraten2\preispiraten2ie.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra button: Add bid - {866875B8-9855-48f8-BAAB-8002C325BE69} - G:\Programme\Last Minute Gebot 2.6\plmg.exe (HKCU)
O9 - Extra 'Tools' menuitem: Add bid - {866875B8-9855-48f8-BAAB-8002C325BE69} - G:\Programme\Last Minute Gebot 2.6\plmg.exe (HKCU)
O9 - Extra button: Klicke hier um das Projekt xp-AntiSpy zu unterstützen - {EC183B83-F809-41AD-B137-BF3A5B377660} - G:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O9 - Extra 'Tools' menuitem: Unterstützung für xp-AntiSpy - {EC183B83-F809-41AD-B137-BF3A5B377660} - G:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O12 - Plugin for .wav: C:\Programme\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab
O16 - DPF: {0EB73E39-8AD4-43E8-8FBA-0165C2CCDB8B} (GameControl Class) - http://www.midasplayer.com/midasa.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?link...67&clcid=0x409
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/tech...a/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/scanner/axscanner.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-24.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.de/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {6DB731A3-B074-4118-8B1C-32511C65D836} (FotovistaPhotoUploader.ctrFpu) - http://www.mypixmania.com/de/de/tools/activex/fpu.cab
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.euro.dell.com/global/...r/PROFILER.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/tech...a/SymAData.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...84/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{75156167-FC4E-42AE-9E94-790E58650766}: NameServer = 217.237.150.225 217.237.150.141
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: F-Secure Internet Security 2005 (BackWeb Plug-in - 4476822) - Unknown owner - G:\PROGRA~1\F-Secure\backweb\4476822\Program\SERVIC~1.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - G:\Programme\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - G:\Programme\F-Secure\backweb\4476822\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - G:\Programme\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - G:\Programme\F-Secure\FSPC\fshttps\fshttps.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - G:\Programme\F-Secure\Common\FSMA32.EXE
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Programme\Intel\Intel Application Accelerator\iaantmon.exe

Jea · 07.05.2005, 17:48

mit escan habe ich folgende Ergebnisse:

C:\WINDOWS\_MSRSTRT.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.

File C:\System Volume Information\_restore{08A5F15B-D5F0-4D17-893D-8B358608DCF6}\RP165\A0017550.EXE tagged as not-a-virus:RiskWare.Tool.KillApp.c. No Action Taken.

File C:\System Volume Information\_restore{08A5F15B-D5F0-4D17-893D-8B358608DCF6}\RP165\A0017551.EXE tagged as not-a-virus:RiskWare.Tool.KillApp.c. No Action Taken.

C:\System Volume Information\_restore{08A5F15B-D5F0-4D17-893D-8B358608DCF6}\RP165\A0017584.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.

C:\WINDOWS\_MSRSTRT.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.

G:\Lexmark\X84-X85Twain.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.

Sat May 07 16:33:11 2005 => Total Objects Scanned: 71162
Sat May 07 16:33:11 2005 => Total Virus(es) Found: 6
Sat May 07 16:33:11 2005 => Total Disinfected Files: 0
Sat May 07 16:33:11 2005 => Total Files Renamed: 0
Sat May 07 16:33:11 2005 => Total Deleted Objects: 0
Sat May 07 16:33:11 2005 => Total Errors: 92
Sat May 07 16:33:11 2005 => Time Elapsed: 01:02:39
Sat May 07 16:33:11 2005 => Virus Database Date: 2005/05/05
Sat May 07 16:33:11 2005 => Virus Database Count: 128422

Sat May 07 16:33:11 2005 => Scan Completed.

chaosman · 07.05.2005, 18:35

@Jea,

wechsle in den abgesicherten modus und fixe mit HJT
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
neu booten, neues HJT logfile posten

escan log ist ok

chaosman

Jea · 07.05.2005, 19:21

Hallo,

habe ich gemacht, hier der neue Logfile:

Logfile of HijackThis v1.99.1
Scan saved at 20:20:55, on 07.05.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
G:\Programme\F-Secure\Anti-Virus\fsgk32st.exe
G:\Programme\F-Secure\Anti-Virus\FSGK32.EXE
G:\Programme\F-Secure\backweb\4476822\program\fsbwsys.exe
G:\Programme\F-Secure\Common\FSMA32.EXE
G:\Programme\F-Secure\Anti-Virus\fssm32.exe
C:\Programme\Intel\Intel Application Accelerator\iaantmon.exe
G:\Programme\F-Secure\Common\FSMB32.EXE
G:\Programme\F-Secure\Common\FCH32.EXE
G:\Programme\F-Secure\Common\FAMEH32.EXE
G:\Programme\F-Secure\FSPC\fspc.exe
G:\Programme\F-Secure\Anti-Virus\fsav32.exe
G:\Programme\F-Secure\FWES\Program\fsdfwd.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Java\j2re1.4.2_04\bin\jusched.exe
C:\Programme\Intel\Intel Application Accelerator\iaanotif.exe
C:\Programme\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Programme\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programme\Gemeinsame Dateien\Sonic\Update Manager\sgtray.exe
G:\Lexmark\ACMonitor_X84-X85.exe
G:\Lexmark\AcBtnMgr_X84-X85.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
G:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
G:\Programme\F-Secure\Common\FSM32.EXE
G:\Programme\The Cleaner\tca.exe
G:\Programme\The Cleaner\tcm.exe
G:\Programme\TrojanHunter 3.5\THGuard.exe
C:\WINDOWS\system32\ctfmon.exe
G:\PROGRA~1\LASTMI~1.6\plmg.exe
G:\Programme\F-Secure\FSGUI\fsguiexe.exe
G:\Programme\Spy Emergency 2005\SpyEmergency.exe
F:\Photoloader 2.1G\Plauto.exe
C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis2\kernel.exe
C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis2\sc_watch.exe
C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis2\PROFIL~1.EXE
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Dokumente und Einstellungen\Jeannette\Eigene Dateien\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Programme\Adobe\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - G:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O3 - Toolbar: BonusManager - {EC724CE5-D029-46A2-BAA7-7F88E154DFA0} - G:\Programme\BonusManager\BonusSpy.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Programme\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Programme\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Programme\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Programme\Gemeinsame Dateien\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Lexmark X84-X85 Button Monitor] g:\Lexmark\ACMonitor_X84-X85.exe
O4 - HKLM\..\Run: [Lexmark X84-X85 Button Manager] g:\Lexmark\AcBtnMgr_X84-X85.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [EM_EXEC] G:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MMTray] C:\Programme\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [F-Secure Manager] "G:\Programme\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "G:\Programme\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "G:\Programme\F-Secure\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [tcactive] G:\Programme\The Cleaner\tca.exe
O4 - HKLM\..\Run: [tcmonitor] G:\Programme\The Cleaner\tcm.exe
O4 - HKLM\..\Run: [THGuard] "G:\Programme\TrojanHunter 3.5\THGuard.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [plmg.exe] G:\PROGRA~1\LASTMI~1.6\plmg.exe /minimize
O4 - HKCU\..\Run: [SpyEmergency] "G:\Programme\Spy Emergency 2005\SpyEmergency.exe"
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = ?
O4 - Global Startup: Photo Loader resident.lnk = F:\Photoloader 2.1G\Plauto.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Artikel hinzufügen - file://c:\add.htm
O8 - Extra context menu item: eBay Powersuche - http://www.webtip.ch/cgi-bin/msiebutton/tracker.pl?adv
O8 - Extra context menu item: eBay Produktsuche - G:\Programme\Preispiraten 2.1.3\Buyertools Reminder\SearchEbay.htm
O8 - Extra context menu item: eBay Startseite - http://www.webtip.ch/cgi-bin/msiebutton/tracker.pl?heim
O8 - Extra context menu item: Mein eBay - http://www.webtip.ch/cgi-bin/msiebutton/tracker.pl?mein
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: Webfilter - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - G:\Programme\F-Secure\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - G:\Programme\F-Secure\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Website-&Liste anzeigen - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - G:\Programme\F-Secure\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F02} - G:\Programme\F-Secure\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Webseitenfilter &aussetzen - {200DB664-75B5-47c0-8B45-A44ACCF73F02} - G:\Programme\F-Secure\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F03} - G:\Programme\F-Secure\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Diese Website &sperren - {200DB664-75B5-47c0-8B45-A44ACCF73F03} - G:\Programme\F-Secure\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F04} - G:\Programme\F-Secure\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Diese Website &zulassen - {200DB664-75B5-47c0-8B45-A44ACCF73F04} - G:\Programme\F-Secure\FSPC\fspcmsie.dll
O9 - Extra button: Preispiraten 2.1.3 - {86DE8B3B-1EB7-4386-84BD-EBE94348A913} - G:\Programme\Preispiraten 2.1.3\Preispiraten2\preispiraten2ie.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra button: Add bid - {866875B8-9855-48f8-BAAB-8002C325BE69} - G:\Programme\Last Minute Gebot 2.6\plmg.exe (HKCU)
O9 - Extra 'Tools' menuitem: Add bid - {866875B8-9855-48f8-BAAB-8002C325BE69} - G:\Programme\Last Minute Gebot 2.6\plmg.exe (HKCU)
O9 - Extra button: Klicke hier um das Projekt xp-AntiSpy zu unterstützen - {EC183B83-F809-41AD-B137-BF3A5B377660} - G:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O9 - Extra 'Tools' menuitem: Unterstützung für xp-AntiSpy - {EC183B83-F809-41AD-B137-BF3A5B377660} - G:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O12 - Plugin for .wav: C:\Programme\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab
O16 - DPF: {0EB73E39-8AD4-43E8-8FBA-0165C2CCDB8B} (GameControl Class) - http://www.midasplayer.com/midasa.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?link...67&clcid=0x409
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/tech...a/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/scanner/axscanner.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-24.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.de/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {6DB731A3-B074-4118-8B1C-32511C65D836} (FotovistaPhotoUploader.ctrFpu) - http://www.mypixmania.com/de/de/tools/activex/fpu.cab
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.euro.dell.com/global/...r/PROFILER.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/tech...a/SymAData.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...84/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{75156167-FC4E-42AE-9E94-790E58650766}: NameServer = 217.237.150.225 217.237.150.141
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: F-Secure Internet Security 2005 (BackWeb Plug-in - 4476822) - Unknown owner - G:\PROGRA~1\F-Secure\backweb\4476822\Program\SERVIC~1.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - G:\Programme\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - G:\Programme\F-Secure\backweb\4476822\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - G:\Programme\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - G:\Programme\F-Secure\FSPC\fshttps\fshttps.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - G:\Programme\F-Secure\Common\FSMA32.EXE
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Programme\Intel\Intel Application Accelerator\iaantmon.exe

chaosman · 07.05.2005, 19:24

@Jea
in dein logfile sehe ich nichts besonderes

chaosman

Jea · 07.05.2005, 20:18

ok, dankeschön.

07.05.2005, 19:24	#5
chaosman	Trojaner @Jea in dein logfile sehe ich nichts besonderes chaosman __________________ Bonus vir semper tiro

Trojaner

Log-Analyse und Auswertung: Trojaner

Trojaner

Trojaner

Trojaner

Trojaner

Trojaner

Trojaner