| |
| |||||||
Mülltonne: Virus/Trojaner?Windows 7 Beiträge, die gegen unsere Regeln verstoßen haben, solche, die die Welt nicht braucht oder sonstiger Müll landet hier in der Mülltonne... |
17.11.2008, 09:11
| #1 |
 |  Virus/Trojaner? Hallo Trojaner-Board-Team, ich hoffe Ihr könnt mir wieder helfen. Ich habe eine Internetseite besucht um Infos über ein Soundtrack zu nem Film zu bekommen. Danach meldete sich mein Symantec AntiVirus in 5-Min Takt und blockte ein Trojaner nach dem Anderen. Ich hab den Symantec scan laufen lassen und nun nun erscheinen keine Meldungen mehr. Aber ich bin mir da noch sehr unsicher. Gruß Patrick Mein Logfile: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 08:45:54, on 17.11.2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Portrait Displays\HP Display Assistant\DTSRVC.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Hewlett-Packard\PC COE 3\OV CMS\radexecd.exe C:\Program Files\Hewlett-Packard\PC COE 3\OV CMS\radsched.exe C:\Program Files\Hewlett-Packard\PC COE 3\OV CMS\Radstgms.exe C:\Program Files\Symantec AntiVirus\SavRoam.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe C:\Program Files\Hewlett-Packard\PC COE\IDA.EXE C:\WINDOWS\AGRSMMSG.exe C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\Portrait Displays\HP Display Assistant\DTHtml.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe C:\Program Files\NETGEAR\WG511v2\WG511v2.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://athp.germany.hp.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.web.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://athp.hp.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Hewlett-Packard R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost:6464 O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6 \DragToDisc\DrgToDsc.exe" O4 - HKLM\..\Run: [IDA] C:\Program Files\Hewlett-Packard\PC COE\IDA.EXE O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3 \hpztsb09.exe O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [DT Task] C:\Program Files\Portrait Displays\HP Display Assistant\DTHtml.exe -startup_folder O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0 \Reader\Reader_sl.exe" O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2 \Application Launcher\Application Launcher.exe" /startoptions O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe O4 - Global Startup: NETGEAR WG511v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG511v2 \WG511v2.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2 \OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2 \OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32 \Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6 \ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://athp.hp.com O15 - Trusted Zone: http://ie.config.asia.compaq.com O15 - Trusted Zone: http://ie.config.eur.compaq.com O15 - Trusted Zone: http://ie.config.im.hou.compaq.com O15 - Trusted Zone: http://ie.config.jp.compaq.com O15 - Trusted Zone: http://*.compaq.com O15 - Trusted Zone: *.cpqcorp.net O15 - Trusted Zone: http://*.dcu.org O15 - Trusted Zone: http://ie.config.ecom.dec.com O15 - Trusted Zone: http://*.dec.com O15 - Trusted Zone: *.hp.com O15 - Trusted Zone: http://*.hpe-learning.com O15 - Trusted Zone: *.hpqcorp.net O15 - Trusted Zone: *.hpshopping.com O15 - Trusted Zone: http://ie.config.tandem.com O15 - Trusted Zone: http://*.tandem.com O15 - Trusted Zone: http://ie.config.asia.compaq.com (HKLM) O15 - Trusted Zone: http://ie.config.eur.compaq.com (HKLM) O15 - Trusted Zone: http://ie.config.im.hou.compaq.com (HKLM) O15 - Trusted Zone: http://ie.config.jp.compaq.com (HKLM) O15 - Trusted Zone: http://ie.config.ecom.dec.com (HKLM) O15 - Trusted Zone: http://ie.config.tandem.com (HKLM) O16 - DPF: {00000006-9593-4264-8B29-930B3E4EDCCD} (HPVirtualRooms6 Class) - h**ps://www.rooms.hp.com/vRoom_Cab/WebHPVCInstall6.cab O16 - DPF: {00000008-9593-4264-8B29-930B3E4EDCCD} (HPVirtualRooms8 Class) - h**ps://www.rooms.hp.com/vRoom_Cab/WebHPVCInstall8.cab O16 - DPF: {253A9D23-F982-11D4-8BE4-00D0B7E61414} (SiebelHTMLApplication Class) - h**p://emeasblprod.emea.hp.com/callcenter_enu/16192/applets/siebelhtml.cab O16 - DPF: {59136DB4-6CA3-4B40-8F2F-BBF84B6F1E91} (Attachment Upload Control) - h**ps://stream.web.de/mail/activex/mail_upload_11213.cab O16 - DPF: {5BAC1200-0BBE-499A-A9E9-5F334DBC8E89} (Executive Viewer Web Client 5.1 (English)) - h**p://olap-dev.grenoble.hp.com/ev/evctrl5en.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - h**p://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab? 1219069672328 O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - h**p://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {739A95E1-3942-47B8-BC5A-E53F68E9EE99} (Siebel Option Pack for IE 7.5.3) - h**p://emeasblprod.emea.hp.com/callcenter_enu/16192/applets/SiebelOptionPack.cab O16 - DPF: {8F4F3368-54CA-4268-8225-0F4367472CF4} (MailClient Class) - h**p://emeasblprod.emea.hp.com/callcenter_enu/16192/applets/SiebExtMailClient.cab O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - h**p://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader4.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - h**p://game11.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {E876D003-BCDE-11D3-9131-000094B61529} (ERPageAddin Class) - h**ps://eroom3.external.hp.com/eroomsetup/client.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = emea.cpqcorp.net O17 - HKLM\Software\..\Telephony: DomainName = emea.hpqcorp.net O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = emea.cpqcorp.net O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = EMEA.cpqcorp.net,EMEA.hpqcorp.net,hpqcorp.net,cpqcorp.net O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = emea.cpqcorp.net O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = EMEA.cpqcorp.net,EMEA.hpqcorp.net,hpqcorp.net,cpqcorp.net O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = EMEA.cpqcorp.net,EMEA.hpqcorp.net,hpqcorp.net,cpqcorp.net O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Portrait Displays\HP Display Assistant\DTSRVC.exe O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\XXX\LOCALS~1\Temp\hpdj.exe (file missing) O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1 \LUCOMS~1.EXE O23 - Service: Lan Discover Agent (magaService) - Unknown owner - C:\Program Files\Sygate\SSA\maga\maga.exe (file missing) O23 - Service: PictureTaker - LANovation - C:\WINDOWS\system32\PCTKRNT.SYS O23 - Service: Radia Notify Daemon (radexecd) - Hewlett-Packard - C:\Program Files\Hewlett- Packard\PC COE 3\OV CMS\radexecd.exe O23 - Service: Radia Scheduler Daemon (radsched) - Hewlett-Packard - C:\Program Files\Hewlett-Packard\PC COE 3\OV CMS\radsched.exe O23 - Service: Radia MSI Redirector (Radstgms) - Hewlett-Packard - C:\Program Files\Hewlett -Packard\PC COE 3\OV CMS\Radstgms.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32 \ZoneLabs\vsmon.exe -- End of file - 12157 bytes |
| Themen zu Virus/Trojaner? |
| adobe, antivirus, application, askbar, bho, excel, explorer, hijack, hijackthis, hotkey, internet explorer, lan, launch, logfile, messenger, microsoft, monitor, netgear, object, scan, software, sound, soundtrack, symantec, system, temp, virus/trojaner, windows, windows xp, windows xp sp3, wmi, xp sp3 |
Linear-Darstellung
