|
Log-Analyse und Auswertung: winA56.tmp.exeWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
24.06.2007, 23:42 | #1 |
| winA56.tmp.exe Hallo, ich habe mir wohl was gefangen. Vielen Dank für eure Hilfe. Anbei das Log: Logfile of HijackThis v1.99.1 Scan saved at 00:31:37, on 25.06.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Drivers\trcboot.exe C:\Program Files\IBM\Personal Communications\PCS_AGNT.EXE C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe C:\Program Files\IBM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe C:\Program Files\c4ebreg\c4ebreg.exe c:\sdwork\issimsvc.exe C:\notes\ntmulti.exe C:\PROGRA~1\AT&TNE~1\NetCfgSv.EXE C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe c:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe C:\WINDOWS\System32\TPHDEXLG.EXE C:\WINDOWS\system32\Drivers\ldlcserv.exe C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe C:\WINDOWS\Explorer.EXE C:\Program Files\c4ebreg\isamtray.exe C:\Program Files\IBM\Personal Communications\tpam.exe C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe C:\WINDOWS\system32\RunDll32.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\IBM\IPM Client Migration Utility\ipmcmu.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~2\SYMANT~2\VPTray.exe C:\Program Files\IBM\My Help\plugins\com.ibm.myhelp.common_1.2.24\pmonmh.exe C:\Program Files\FreePDF_XP\fpassist.exe C:\WINDOWS\TEMP\winA56.tmp.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe C:\Program Files\IBM\Bluetooth Software\BTTray.exe C:\Program Files\IBM\My Help\MyHelp.exe C:\Program Files\IBM\My Help\jre\bin\myhelpw.exe C:\__save\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.googele.de R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://w3.ibm.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://w3.ibm.com/download/standardsoftware/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;<local> R3 - URLSearchHook: Multi_Media_Germany toolbar - {dac6ed64-8dd1-4ab8-aedf-b97892d28ffe} - C:\Program Files\Multi_Media_Germany\tbMult.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {48D10B74-3A75-476F-BD1E-9EF074DAF4B2} - C:\WINDOWS\system32\ljhig.dll (file missing) O2 - BHO: Multi_Media_Germany toolbar - {dac6ed64-8dd1-4ab8-aedf-b97892d28ffe} - C:\Program Files\Multi_Media_Germany\tbMult.dll O2 - BHO: (no name) - {EB9F03A2-9346-4903-A539-8AC72812C9B7} - C:\WINDOWS\system32\wvuspqn.dll O3 - Toolbar: Multi_Media_Germany toolbar - {dac6ed64-8dd1-4ab8-aedf-b97892d28ffe} - C:\Program Files\Multi_Media_Germany\tbMult.dll O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [ISAMTray] "C:\Program Files\c4ebreg\isamtray.exe" O4 - HKLM\..\Run: [stgclean] c:\sdwork\w32main2.exe /cleanup O4 - HKLM\..\Run: [Tpam.exe] "C:\Program Files\IBM\Personal Communications\tpam.exe" O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor O4 - HKLM\..\Run: [BLOG] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper O4 - HKLM\..\Run: [MyHelpService] "C:\Program Files\IBM\My Help\plugins\com.ibm.myhelp.installer\service\delayStart.exe" O4 - HKLM\..\Run: [ISSI EZUpdate Service] "c:\sdwork\issimsvc.exe" O4 - HKLM\..\Run: [ipmcmu] c:\Program Files\IBM\IPM Client Migration Utility\ipmcmu.exe "c:\Program Files\IBM\IPM Client Migration Utility" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\SYMANT~2\VPTray.exe O4 - HKLM\..\Run: [C4EBReg] "C:\Program Files\c4ebreg\c4ebreg.exe" /q O4 - HKLM\..\Run: [pmonmh] C:\Program Files\IBM\My Help\plugins\\com.ibm.myhelp.common_1.2.24/pmonmh.exe O4 - HKLM\..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe O4 - HKLM\..\Run: [avp] C:\WINDOWS\TEMP\winA56.tmp.exe O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe O4 - HKLM\..\Run: [Profile] C:\PROGRAM FILES\THINKPAD\CONNECTUTILITIES\utility\ac423_profile.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Lotus QuickStart.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\IBM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IBM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IBM\Bluetooth Software\btsendto_ie.htm O14 - IERESET.INF: START_PAGE_URL=http://w3.ibm.com O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121293151687 O16 - DPF: {9519B2A2-6592-4E41-8290-D0298459270C} (LNWebAssist Class) - http://w3.ibm.com/bluepages/scripts/lnwebassist.cab O16 - DPF: {A4B28810-11A2-4956-82D1-B2DCBA4B2AFD} (gpwsx.plugin) - http://w3.ibm.com/tools/print/plugin/gpwsx.cab O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = IBM.COM O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = IBM.COM O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing) O20 - Winlogon Notify: atmgrtok - atmgrtok.dll (file missing) O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll O20 - Winlogon Notify: pcsinst - C:\WINDOWS\SYSTEM32\pcsinst.dll O20 - Winlogon Notify: tpfnf2 - C:\WINDOWS\SYSTEM32\notifyf2.dll O20 - Winlogon Notify: tphotkey - C:\WINDOWS\SYSTEM32\tphklock.dll O20 - Winlogon Notify: winjpq32 - C:\WINDOWS\SYSTEM32\winjpq32.dll O20 - Winlogon Notify: wvuspqn - C:\WINDOWS\SYSTEM32\wvuspqn.dll O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe O23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe (file missing) O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe O23 - Service: AppnNode - IBM Corporation - C:\WINDOWS\system32\Drivers\appnnode.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe (file missing) O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\IBM\Bluetooth Software\bin\btwdins.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe (file missing) O23 - Service: IBM Standard Asset Manager Service (ISAMSvc) - IBM Global Services - C:\Program Files\c4ebreg\c4ebreg.exe O23 - Service: ISSI EZUpdate (ISSIMon) - IBM Global Services - c:\sdwork\issimsvc.exe O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe O23 - Service: IBM Enterprise Extender (ldlcserv) - IBM Corporation - C:\WINDOWS\system32\Drivers\ldlcserv.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\notes\ntmulti.exe O23 - Service: My Help (MyHelp) - Unknown owner - C:\Program Files\IBM\My Help\plugins\com.ibm.myhelp.installer\service\MyHelpService.exe O23 - Service: Network Configuration Service (NetCfgSvr) - AT&T - C:\PROGRA~1\AT&TNE~1\NetCfgSv.EXE O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: SAVRoam (SavRoam) - symantec - c:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe (file missing) O23 - Service: IBM Trace Facility (TrcBoot) - IBM Corporation - C:\WINDOWS\system32\Drivers\trcboot.exe |
25.06.2007, 08:00 | #2 |
/// AVZ-Toolkit Guru | winA56.tmp.exe Hallo Jannes. Dein Rechner ist ja total zugemüllt.
__________________Update bitte den IE auf Version 7 auch wenn du einen anderen Browser benutzt. Dann rate ich dir dazu den Rechner neuaufzusetzten und danach etwas pfleglicher mit ihm durch's Netz zu spazieren.. In meiner Signatur findest du einen Link wie du das anstellen solltest. Wenn du aus irgentwelchen triftigen Gründen nicht neuaufsetzten wollen/können dann mache bitte folgendes: -Deaktiviere die Systemwiederherstellunf auf allen Laufwerken. -Update Norton -Sauge dir folgende Programme: +SmitFraudFix (Anleitung ausdrucken) +Download VundoFix 6.5.0 (Anleitung ausdrucken) +Ad-Aware +SpyBot-Search & Destroy 1.4 +CWShredder 2.19 +Pocket KillBox +CCleaner +eScan/MWAVE. Anleitung in meiner Signatur verlinkt. Drucke sie dir aus und lade dir das Prog sowie die find.bat herunter. -Installiere AdAware und Spybot und update die Signaturen. -Ziehe alle Netzwerkstecker deines Rechners. -Folge den Anleitungen zu SmitFraudFix und VundoFix. Lasse beide solange laufen bis nichts mehr gefunden wird. -Lasse CWS laufen. -Dann lässt du cClenaer etwas aufräumen. -Danach wechsel bitte in den abgesicherten Modus und lasse AdAware, Spybot und Norton scannen. -Lasse CCleaner wieder laufen und wechsel danach in den normalen Modus. -Dort lässt du nochmal alle vier Progs laufen. -Dann führe den eScan durch und poste das logFile sowie ein neues HJT log. Gruß Undoreal
__________________ |
Themen zu winA56.tmp.exe |
adobe, antivirus, avp, bho, dll, drivers, excel, explorer, firewall, help, helper, hijack, hijackthis, internet, internet explorer, lenovo, log, microsoft, registry, rundll, security, software, symantec, system, temp, urlsearchhook, windows, windows xp, windows\system32\drivers, windows\temp |