Moin, moin!
Ich habe o.g. Trojaner (?) gefunden und habe ihn mit Antivir gelöscht. Nun erscheinen unregelmäßig Explorer-Popups mit Werbung. Aus dem HJT-Log werde ich nicht schlau. Ich würde mich über Hilfe freuen
Zitat:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:44:34, on 19.01.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\ZoneLabs\vsmon.exe
H:\WINDOWS\Explorer.EXE
H:\WINDOWS\system32\spoolsv.exe
H:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
H:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
H:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
H:\WINDOWS\system32\dllhost.exe
g:\Programme\CDBurnerXP\NMSAccessU.exe
H:\WINDOWS\system32\HPZipm12.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\MsPMSPSv.exe
H:\WINDOWS\system32\Fast.exe
H:\Programme\iTunes\iTunesHelper.exe
G:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
H:\PROGRA~1\MI3AA1~1\wcescomm.exe
G:\Programme\Spybot - Search & Destroy\TeaTimer.exe
H:\Programme\Internet Explorer\iexplore.exe
H:\PROGRA~1\MI3AA1~1\rapimgr.exe
G:\Programme\Trillian\trillian.exe
H:\Programme\Internet Explorer\iexplore.exe
H:\Programme\iPod\bin\iPodService.exe
G:\Programme\Mozilla Thunderbird\thunderbird.exe
H:\Programme\Mozilla Firefox\firefox.exe
G:\Programme\Trend Micro\HijackThis\HijackThis.exe
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - g:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [QuickTime Task] "G:\Programme\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "H:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "g:\Programme\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "H:\PROGRA~1\MI3AA1~1\wcescomm.exe"
O4 - HKCU\..\Run: [Slow Meet] H:\DOKUME~1\ADMINI~1\ANWEND~1\DRIVEL~1\aim regs.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] g:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Trillian.lnk = G:\Programme\Trillian\trillian.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - H:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - H:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - H:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - g:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - g:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - h**p://w*w.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1208076146156
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - h**p://w*w.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1208076254750
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} (Java Plug-in 1.5.0_09) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{09BF8BBE-CE31-4907-A758-D1B395633568}: NameServer = 195.50.140.114 195.50.140.252
O17 - HKLM\System\CS1\Services\Tcpip\..\{09BF8BBE-CE31-4907-A758-D1B395633568}: NameServer = 195.50.140.114 195.50.140.252
O23 - Service: Adobe LM Service - Unknown owner - H:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe (file missing)
O23 - Service: Avira AntiVir Personal - Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - H:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - H:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - H:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Buzzsaw_Defragmentation - Unknown owner - G:\Programme\MATCO\BuzzSawService.exe (file missing)
O23 - Service: DirMS_Defragmentation - Unknown owner - G:\Programme\MATCO\DirmsService.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Unknown owner - H:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - H:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - H:\Programme\iPod\bin\iPodService.exe
O23 - Service: NMSAccessU - Unknown owner - g:\Programme\CDBurnerXP\NMSAccessU.exe
O23 - Service: Pml Driver HPZ12 - HP - H:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Tor Win32 Service (tor) - Unknown owner - g:\Programme\Vidalia Bundle\Tor\tor.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - H:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 5942 bytes
|
19.01.2009, 18:04
Baum-Darstellung