| |
| |||||||
Mülltonne: TrojanSPM u.a.Windows 7 Beiträge, die gegen unsere Regeln verstoßen haben, solche, die die Welt nicht braucht oder sonstiger Müll landet hier in der Mülltonne... |
01.06.2006, 09:14
| #1 |
| |  TrojanSPM u.a. Hallo, ich bekam gerade die Meldung TrojanSPM /X zu haben. Keine ahnung was zu tun ist. Könnt ihr mir helfen? Ich habe schonmal so ein HijackThis Log erstellt: Logfile of HijackThis v1.99.1 Scan saved at 10:54:39, on 01.06.2006 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE I:\Roxio\WinOnCD 5 PE\DirectCD\DirectCD.exe I:\Dell\AccessDirect\dadapp.exe i:\Dell\AccessDirect\DadTray.exe I:\Java\jre1.5.0_06\bin\jusched.exe I:\Mindjet\MindManager 6\MMReminderService.exe C:\WINDOWS\System32\ctfmon.exe I:\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe I:\Google\Google Desktop Search\GoogleDesktop.exe I:\Hamster\Hamster.exe C:\WINDOWS\System32\Ati2evxx.exe I:\Google\Google Desktop Search\GoogleDesktopIndex.exe I:\Google\Google Desktop Search\GoogleDesktopDisplay.exe I:\Google\Google Desktop Search\GoogleDesktopCrawl.exe I:\Mozilla Thunderbird\thunderbird.exe I:\Mozilla Firefox\firefox.exe I:\Macromedia\Dreamweaver 8\Dreamweaver.exe C:\WINDOWS\SSTEM~1\netdde.exe C:\WINDOWS\System32\wbem\wmiapsrv.exe C:\WINDOWS\System32\atmclk.exe C:\WINDOWS\System32\dcomcfg.exe C:\WINDOWS\system32\rundll32.exe C:\Programme\Internet Explorer\iexplore.exe i:\Spyware Doctor\sdhelp.exe i:\Spyware Doctor\swdoctor.exe i:\WinRAR\WinRAR.exe C:\DOKUME~1\name\LOKALE~1\Temp\Rar$EX00.518\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = prosearching.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = h**p://www.2020search.com/search/9884/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = prosearching.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = prosearching.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = h**p://www.2020search.com/search/9884/search.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = h**p://www.2020search.com/search/9884/search.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = h**p://www.acdsystems.com/support/onlineregistration/index R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = www-cache.ub.uni-heidelberg.de:8080 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - I:\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Windows Resources - {2D38A51A-23C9-48a1-A33C-48675AA2B494} - C:\WINDOWS\winres.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - i:\SPYWAR~1\tools\iesdsg.dll O2 - BHO: Nothing - {6ab7158b-4bff-4160-ad7d-4d622df548cf} - C:\WINDOWS\System32\hp100.tmp O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - i:\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: CmjBrowserHelperObject Object - {AC41D38F-B56D-40AD-94E0-B493D130C959} - i:\Mindjet\MindManager 6\Mm6InternetExplorer.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - i:\SPYWAR~1\tools\iesdpb.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp O4 - HKLM\..\Run: [AdaptecDirectCD] "i:\Roxio\WinOnCD 5 PE\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [DadApp] i:\Dell\AccessDirect\dadapp.exe O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] i:\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [MMReminderService] i:\Mindjet\MindManager 6\MMReminderService.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [ShellToys-VirtualDrives] "i:\CFi\ShellToys\vdrive.exe" -start O4 - HKCU\..\Run: [pdfSaver3] "i:\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe" O4 - HKCU\..\Run: [Active Desktop Calendar] I:\Active Desktop Calendar\ADC.exe O4 - HKCU\..\Run: [Google Desktop Search] "i:\\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKCU\..\Run: [Owir] "C:\WINDOWS\SSTEM~1\netdde.exe" -vt mt O4 - Startup: Hamster.lnk = I:\Hamster\Hamster.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader - Schnellstart.lnk = I:\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = I:\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://i:\MICROS~1\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - i:\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - i:\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - i:\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: Send to Mindjet MindManager - {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - i:\Mindjet\MindManager 6\Mm6InternetExplorer.dll O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O15 - Trusted Zone: *.flingstone.com O15 - Trusted Zone: *.i-lookup.com O15 - Trusted Zone: *.offshoreclicks.com O15 - Trusted Zone: *.teensguru.com O15 - Trusted Zone: *.xxxtoolbar.com O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} - h**p://www.mt-download.com/MediaTicketsInstaller.cab?refid=5071 O17 - HKLM\System\CCS\Services\Tcpip\..\{87F7A95B-9A36-4CE8-9439-6B67CA4FDB70}: NameServer = 194.25.2.219,192.76.144.66,195.182.96.29 O20 - Winlogon Notify: winpez32 - C:\WINDOWS\SYSTEM32\winpez32.dll O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - i:\Spyware Doctor\sdhelp.exe Wäre total dankbar für Tips! ascii20 |
|
01.06.2006, 11:29
| #2 |
| entlassen   |  TrojanSPM u.a. einfach mal hier nachlesen, dann klappts auch mit der hilfe
__________________http://www.trojaner-board.de/extra/impressum.html#NUB GUA |
| Themen zu TrojanSPM u.a. |
| active desktop, adobe, adobe reader, bho, desktop, dll, excel, explorer, firefox, google, helfen, helper, hijack, hijackthis, hijackthis log, internet, internet explorer, log, microsoft, monitor, mozilla, mozilla firefox, mozilla thunderbird, pc tools spyware doctor, programme, rundll, software, spyware, system, temp, tracker, windows, windows xp |
Linear-Darstellung
