|
Mülltonne: Hab Adware/Trojaner,Mailskinner,wie entfernen=?Windows 7 Beiträge, die gegen unsere Regeln verstoßen haben, solche, die die Welt nicht braucht oder sonstiger Müll landet hier in der Mülltonne... |
04.10.2007, 07:23 | #1 |
| Hab Adware/Trojaner,Mailskinner,wie entfernen=? Hab Trojaner,die Logfile von Hijackthis: Logfile of HijackThis v1.99.1 Scan saved at 08:22:25, on 04.10.2007 Platform: Unknown Windows (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Kaspersky Lab\Kaspersky Security Suite V\avp.exe C:\Program Files\a-squared Anti-Malware\a2guard.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Orbitdownloader\orbitdm.exe C:\Program Files\FastStone Capture\FSCapture.exe C:\Program Files\Orbitdownloader\orbitnet.exe C:\Windows\System32\mobsync.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\conime.exe C:\Users\Web-Man\AppData\Local\Temp\Temp2_hijackthis.zip\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Web Explorer R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IE7Pro\IE7Pro.dll O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Security Suite V\avp.exe" O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe" /d=60 O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - Startup: FastStone Capture.lnk = C:\Program Files\FastStone Capture\FSCapture.exe O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202 O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7Pro\IE7Pro.dll O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7Pro\IE7Pro.dll O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Statistik für Web-Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite V\scieplugin.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll O11 - Options group: [INTERNATIONAL] International* O13 - Gopher Prefix: O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/de-at/wlscctrl2.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\r3hook.dll O20 - Winlogon Notify: klogon - C:\Windows\system32\klogon.dll O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Kaspersky Personal Security Suite V (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite V\avp.exe" -r (file missing) O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: O&O CleverCache Agent (OOCleverCacheAgent) - O&O Software GmbH - C:\Program Files\OO Software\CleverCache\ooccag.exe O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe O23 - Service: Stealth Service Helper (StealthInjectorService) - Softwareentwicklung Remus - C:\Program Files\ArchiCrypt Stealth 4\IJStealth4Svc.exe O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing) |
04.10.2007, 08:56 | #2 |
| Hab Adware/Trojaner,Mailskinner,wie entfernen=? Morgen und Herzlich Willkommen im Trojaner-Board
__________________in deinem derzeitigen Logfile kann ich keine deutliche Malware entdecken. Da du Vista benutzt, beachte bitte 3 Dinge beim Erstellen eine HijackThis-Logfiles: 1) Benutze bitte die aktuellste Version (2.02). 2) Entzippe die ausführbare Datei in einen seperaten Ordner bevor du Sie ausführst. (sowieso) 3) Beschreibe dein Problem bitte so genau wie möglich und nicht im Vorbeirennen an der Tastatur (sowieso) Um so weniger Infos du uns gibst, um so länger dauert deine Bereinigung Mach also bitte folgendes: * HijackThis - Scan - Lade dir das Tool hier runter -> Hijackthis 2.02 Final - Entpacke es in einen seperaten Ordner und benenne es um (z.b. C:\Programme\HijackThis\pruefung.com) - Führe die Datei aus und bestätige die Warnung mit "ok" - Wähle die Option "Do a System Scan and save a logfile" - poste den kompletten Inhalt des entstehenden LogFiles ->Entferne persönliche Informationen sowie aktive Links * MWAV (eScan) - Free Antivirus -Lies dir folgende Anleitung genau durch und arbeite sie ab -> Anleitung eScan Wichtig: Poste im Anschluss das Ergebnis mit Hilfe der *find.bat'. (rechte Maustaste auf den LINK 'find.bat' , dann "Ziel Speichern unter" -> Desktop) * F-Secure Blacklight – Rootkitscanner: - hier runterladen F-Secure Blacklight - mit F-Secure dein System nach Rootkits scannen lassen - Poste im Anschluss das Ergebnis des Reportes (die Datei wird im selben Ordner wie das Tool gespeichert) mfg Cleriker |
Themen zu Hab Adware/Trojaner,Mailskinner,wie entfernen=? |
ad-aware, adobe, appinit_dlls, avg, bho, defender, downloader, entfernen, explorer, firefox, hijack, hijackthis, internet, internet explorer, kaspersky, local\temp, logfile, magix, mozilla, mozilla firefox, pdf, personal security, preferences, security, security suite, software, spyware terminator, svchost.exe, system, temp, trojaner, unknown file in winsock lsp, wie entfernen, windows, windows defender, windows sidebar, wmp |