Hi,

ich habe mich an die Anleitung gehalten und einen Logfile (mein 1.) erstellen lassen. Da ich von Logfiles noch von Computer viel verstehe, wäre ich euch dankbar, wenn ihr mir weiterhelfen könntet.

Vielen Dank
Conny

Code: Alles auswählenAufklappen

ATTFilter

e of Trend Micro HijackThis v2.0.2
Scan saved at 19:22:09, on 16.11.2009
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\TpShocks.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE
C:\Program Files\iTunesHelper.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Lion\Lion.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\Windows\system32\conime.exe
C:\Program Files\Opera\opera.exe
C:\Users\Conny\Documents\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = h**p://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://wer-mit-wem.webhop.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://www.dufpy.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://lenovo.live.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = h**p://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {1879A12A-C651-4734-9FC9-3ACA9BDE6AF9} - C:\Windows\System32\avicap3232.dll (file missing)
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (file missing)
O4 - HKLM\..\Run: [Performance Center] C:\Program Files\Ascentive\Performance Center\ApcMain.exe -m
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PWMTRV] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [LenovoRegistration] C:\SWTOOLS\LenovoWelcome\LenovoRegistration.exe /inif="C:\SWSHARE\leadertech.ini"
O4 - HKLM\..\Run: [LenovoOobeOffers] c:\swtools\LenovoWelcome\LenovoOobeOffers.exe /filePath="c:\swshare\firstrun.txt"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunesHelper.exe"
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BTVLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [ActiveSpeed] C:\Program Files\Ascentive\ActiveSpeed\AS.exe -b
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Lion] "C:\Program Files\Lion\Lion.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O13 - Gopher Prefix: 
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - h**p://static.pe.studivz.net/photouploader/ImageUploader5.cab?nocache=1220624676
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - h**p://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - h**p://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: C:\Windows\System32\chtbrkr32.dll
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\Windows\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IPS-Basisservice (IPSSVC) - Lenovo Group Limited - C:\Windows\system32\IPSSVC.EXE
O23 - Service: SQL Server (MSSMLBIZ) (MSSQL$MSSMLBIZ) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (file missing)
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\Windows\System32\TPHDEXLG.exe
O23 - Service: Anzeige am Bildschirm (TPHKSVC) - Unknown owner - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7717 bytes
         

Hallo,

deaktiviere mal in HijackThis den folgenden Eintrag
O20 - AppInit_DLLs: C:\Windows\System32\chtbrkr32.dll

Laut chtbrkr32.dll | Recent Virus-Current Virus-Novirus365.org
Trojan-GameThief.Win32.OnLineGames.thls

Lass die Datei mal bei Virustotal auf Viren überprüfen:
VirusTotal - Kostenloser online Viren- und Malwarescanner

Hi,

was meinst du mit deaktivieren. Soll ich das Kästchen vor den Dateien aktivieren und dann. Auf welchen Bottom soll ich drücken. Scan oder Fix checked ......
Danke

Also ich habe jetzt die erste Datei O20 gefixt - aber wie kann ich das andere hochladen?

Also auch die zweite Hürde habe ich gemeistert.
Es wird folgendes angezeigt:

Code: Alles auswählenAufklappen

ATTFilter

Antivirus	Version	letzte aktualisierung	Ergebnis
a-squared	4.5.0.41	2009.11.05	P2P-Worm.Win32.Nugg!IK
AhnLab-V3	5.0.0.2	2009.11.06	-
AntiVir	7.9.1.59	2009.11.05	-
Antiy-AVL	2.0.3.7	2009.11.05	-
Authentium	5.2.0.5	2009.11.05	-
Avast	4.8.1351.0	2009.11.05	-
AVG	8.5.0.423	2009.11.05	-
BitDefender	7.2	2009.11.05	-
CAT-QuickHeal	10.00	2009.11.05	-
ClamAV	0.94.1	2009.11.05	-
Comodo	2853	2009.11.05	-
DrWeb	5.0.0.12182	2009.11.05	-
eTrust-Vet	35.1.7106	2009.11.05	-
F-Prot	4.5.1.85	2009.11.05	-
F-Secure	9.0.15370.0	2009.11.04	-
Fortinet	3.120.0.0	2009.11.05	-
GData	19	2009.11.06	-
Ikarus	T3.1.1.74.0	2009.11.05	P2P-Worm.Win32.Nugg
Jiangmin	11.0.800	2009.11.05	-
K7AntiVirus	7.10.889	2009.11.05	-
Kaspersky	7.0.0.125	2009.11.06	-
McAfee	5793	2009.11.05	-
McAfee+Artemis	5793	2009.11.05	-
McAfee-GW-Edition	6.8.5	2009.11.05	-
Microsoft	1.5202	2009.11.05	-
NOD32	4577	2009.11.05	-
Norman	6.03.02	2009.11.05	-
nProtect	2009.1.8.0	2009.11.05	-
Panda	10.0.2.2	2009.11.05	-
PCTools	7.0.3.5	2009.11.05	-
Prevx	3.0	2009.11.06	-
Rising	21.54.34.00	2009.11.05	-
Sophos	4.47.0	2009.11.05	-
Sunbelt	3.2.1858.2	2009.11.06	-
Symantec	1.4.4.12	2009.11.06	-
TheHacker	6.5.0.2.062	2009.11.05	-
TrendMicro	9.0.0.1003	2009.11.05	-
VBA32	3.12.10.11	2009.11.04	-
ViRobot	2009.11.5.2023	2009.11.05	-
VirusBuster	4.6.5.0	2009.11.05	-
weitere Informationen
File size: 122880 bytes
MD5   : 4604da6375b1b5b625136848f712fa5f
SHA1  : 047ff2b727e21656d609aef8f57598133cf35c1e
SHA256: c3229eb25ebde5837e3432e6acb937fc943d8fd1a67cf8aaff6cbb10d0a10651
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1C0CF
timedatestamp.....: 0x28E31AAE (Fri Sep 27 13:49:02 1991)
machinetype.......: 0x14C (Intel I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
CODE 0x1000 0x1B15B 0x1B200 7.97 4f391c043e4ff22122f4512f9457e295
DATA 0x1D000 0x2EDA 0x600 3.94 93543772d8068990e00e2d95598b44a2
BSS 0x20000 0xE3D 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.idata 0x21000 0x9DC 0xA00 4.72 b0ffe12015bc01590d6d5089038bdb73
.reloc 0x22000 0x19D1 0x1A00 6.68 f9be5fabc07d6b5bb9dc4cff5e719430

( 5 imports )

> advapi32.dll: RegQueryValueExA, RegOpenKeyExA, RegCloseKey
> dsound.dll: DirectSoundCreate
> kernel32.dll: DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, GetVersion, GetCurrentThreadId, InterlockedDecrement, InterlockedIncrement, VirtualQuery, WideCharToMultiByte, MultiByteToWideChar, lstrlenA, lstrcpynA, LoadLibraryExA, GetThreadLocale, GetStartupInfoA, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetCommandLineA, FreeLibrary, FindFirstFileA, FindClose, ExitProcess, WriteFile, UnhandledExceptionFilter, RtlUnwind, RaiseException, GetStdHandle, TlsSetValue, TlsGetValue, TlsFree, TlsAlloc, LocalFree, LocalAlloc, WriteFile, WaitForSingleObject, VirtualQuery, SetFilePointer, SetEvent, SetEndOfFile, ResetEvent, ReadFile, LeaveCriticalSection, InitializeCriticalSection, GetVersionExA, GetThreadLocale, GetStringTypeExA, GetStdHandle, GetProcAddress, GetOEMCP, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLocalTime, GetLastError, GetFullPathNameA, GetDiskFreeSpaceA, GetDateFormatA, GetCurrentThreadId, GetCPInfo, GetACP, FormatMessageA, EnumCalendarInfoA, EnterCriticalSection, DeleteCriticalSection, CreateFileA, CreateEventA, CompareStringA, CloseHandle, Sleep
> oleaut32.dll: SysFreeString, SysReAllocStringLen, SysAllocStringLen, SafeArrayPtrOfIndex, SafeArrayGetUBound, SafeArrayGetLBound, SafeArrayCreate, VariantChangeType, VariantCopy, VariantClear, VariantInit
> user32.dll: GetKeyboardType, LoadStringA, MessageBoxA, CharNextA, MessageBoxA, LoadStringA, GetSystemMetrics, CharNextA, CharToOemA

( 0 exports )
TrID  : File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
ssdeep: 3072:gNWRIJE8ZPVp8Er317yJvak4lO5mgrhUz/2HCI8iE:m8Z8ZPVpZyJvd4l/grhUb2iDi
PEiD  : -
RDS   : NSRL Reference Data Set