|
Mülltonne: Bitte mal anschauen, ich hab/hatte vom Netpumper nen TrojanerWindows 7 Beiträge, die gegen unsere Regeln verstoßen haben, solche, die die Welt nicht braucht oder sonstiger Müll landet hier in der Mülltonne... |
17.09.2006, 15:47 | #1 |
| Bitte mal anschauen, ich hab/hatte vom Netpumper nen TrojanerCode:
ATTFilter Logfile of HijackThis v1.99.1 Scan saved at 16:41:34, on 17.09.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5700.0007) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Programme\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\rundll32.exe C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\rundll32.exe C:\Programme\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\RocketDock\RocketDock.exe C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe C:\Programme\AntiVir PersonalEdition Classic\sched.exe C:\Programme\AntiVir PersonalEdition Classic\avguard.exe C:\Programme\xampp\apache\bin\apache.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe C:\WINDOWS\system32\crypserv.exe C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe C:\WINDOWS\system32\GEARSEC.EXE C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLService.exe C:\Programme\xampp\mysql\bin\mysqld-nt.exe C:\Programme\xampp\apache\bin\apache.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Dokumente und Einstellungen\admin\Desktop\DOWNLOADS\Sicherheit\HijackThis.exe C:\Programme\Maxthon\Maxthon.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.de/ie R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.de R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de.yahoo.com/fsc/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID} R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.de R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.google.de R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.de/keyword/%s R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = IE7 @ NEONET Media O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_08\bin\ssv.dll O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\PROGRA~1\DAP\dapiebar.dll O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [CnxTrApp] rundll32.exe "C:\Programme\Conexant\Conexant USB Network\CnxTrApp.dll",AppEntry -REG "Conexant\Conexant USB Network" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [RocketDock] "C:\Programme\RocketDock\RocketDock.exe" O4 - Startup: Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_08\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_08\bin\ssv.dll O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835 O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1131546192379 O16 - DPF: {A8482EAF-A1F3-4934-AE3F-56EB195A50BF} (DeskUpdate - Activex Control) - http://support.fujitsu-siemens.de/DeskUpdate/isapi/activex.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{4B296382-087C-4E9D-8945-F61E668E11B1}: NameServer = 217.65.24.98 212.80.224.161 O20 - Winlogon Notify: OdysseyClient - C:\WINDOWS\ O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apache2 - Unknown owner - C:\Programme\xampp\apache\bin\apache.exe" -k runservice (file missing) O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\system32\GEARSEC.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: mysql - Unknown owner - C:\Programme\xampp\mysql\bin\mysqld-nt.exe O23 - Service: NBService - Nero AG - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe mfg |
17.09.2006, 18:13 | #2 |
entlassen | Bitte mal anschauen, ich hab/hatte vom Netpumper nen Trojaner einfach mal hier nachlesen, dann klappts auch mit der hilfe
__________________http://www.trojaner-board.de/extra/impressum.html#NUB regel nr. 5 lege ich dir besonders ans herz GUA |
Themen zu Bitte mal anschauen, ich hab/hatte vom Netpumper nen Trojaner |
abgesicherten modus, adobe, antivir, avg, avira, bho, cyberlink, desktop, einstellungen, excel, explorer, hijack, hijackthis, iexplore.exe, internet, internet explorer, launch, logfile, problem, rundll, sicherheit, software, system, trojane, trojaner, tuneup utilities, usb, vista, windows, windows xp |