![]() |
TR/Agent.EM Running processes: C:\WINDOWS\System32\smss. exe C:\WINDOWS\system32\winlo gon.exe C:\WINDOWS\system32\servi ces.exe C:\WINDOWS\system32\lsass .exe C:\WINDOWS\System32\Ati2e vxx.exe C:\WINDOWS\system32\svcho st.exe C:\WINDOWS\System32\svcho st.exe C:\WINDOWS\system32\spool sv.exe C:\Programme\AVPersonal\A VWUPSRV.EXE C:\WINDOWS\System32\drive rs\CDAC11BA.EXE C:\PROGRA~1\CACHEM~1\Cach emanXP.exe C:\WINDOWS\System32\gears ec.exe C:\WINDOWS\System32\LckFl dService.exe C:\Programme\NMapWin\bin\ nmapserv.exe C:\Programme\Advanced Registry Doctor\RegManServ.exe C:\WINDOWS\System32\svcho st.exe C:\WINDOWS\system32\ZoneL abs\vsmon.exe C:\WINDOWS\system32\Ati2e vxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\RunDl l32.exe C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\System32\spool \drivers\w32x86\3\hpztsb0 5.exe C:\Programme\QuickTime\qt task.exe C:\Programme\iTunes\iTune sHelper.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\re alsched.exe C:\Programme\DU Meter\DUMeter.exe C:\Programme\Winamp\winam pa.exe C:\Programme\Zone Labs\ZoneAlarm\zlclient.e xe C:\Programme\ICQLite\ICQL ite.exe C:\Programme\Java\jre1.5. 0_02\bin\jusched.exe C:\Programme\Microsoft IntelliType Pro\type32.exe C:\Programme\AVPersonal\A VGNT.EXE C:\Programme\MSN Messenger\msnmsgr.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\wkcalrem.exe C:\Programme\iPod\bin\iPo dService.exe C:\Programme\AVPersonal\A VGUARD.EXE C:\Programme\Trojancheck 6\tcguard.exe C:\Programme\STK007\STK00 7M.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Programme\WinRAR\WinRA R.exe C:\DOKUME~1\Benutzer\LOKA LE~1\Temp\Rar$EX03.047\Hi jackThis.exe R1 - HKCU\Software\Microsoft\I nternet Explorer,SearchURL = http://static.vpptechnologies.co m...landing.html?s= R1 - HKCU\Software\Microsoft\I nternet Explorer\Main,Search Bar = http://static.vpptechnologies.co m...landing.html?s= R1 - HKCU\Software\Microsoft\I nternet Explorer\Main,Search Page = http://static.vpptechnologies.co m...landing.html?s= R0 - HKCU\Software\Microsoft\I nternet Explorer\Main,Start Page = http://www.gmx.net/de R1 - HKCU\Software\Microsoft\I nternet Explorer\Search,SearchAss istant = http://static.vpptechnologies.co m...landing.html?s= R0 - HKLM\Software\Microsoft\I nternet Explorer\Search,SearchAss istant = http://static.vpptechnologies.co m...landing.html?s= R1 - HKCU\Software\Microsoft\I nternet Explorer\Main,Start Page_bak = http://www.gmx.de/ R3 - Default URLSearchHook is missing O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acroba t 6.0\Reader\ActiveX\AcroIE Helper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googl etoolbar2.dll O2 - BHO: Class - {DA211C7E-80D9-4852-98A8-572088007AC3} - C:\WINDOWS\winhe.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm .ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googl etoolbar2.dll O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool \drivers\w32x86\3\hpztsb0 5.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qt task.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] C:\Programme\iTunes\iTune sHelper.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\re alsched.exe" -osboot O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroC heck.exe O4 - HKLM\..\Run: [DU Meter] C:\Programme\DU Meter\DUMeter.exe O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winam pa.exe O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Programme\RivaTuner\Ri vaTuner.exe" /S O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programme\Zone Labs\ZoneAlarm\zlclient.e xe" O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQL ite.exe -minimize O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5. 0_02\bin\jusched.exe O4 - HKLM\..\Run: [type32] "C:\Programme\Microsoft IntelliType Pro\type32.exe" O4 - HKLM\..\Run: [CloneDVDElbyDelay] "C:\Programme\Elaborate Bytes\CloneDVD\ElbyCheck. exe" /L ElbyDelay O4 - HKLM\..\Run: [LogonStudio] "C:\Programme\WinCustomize \LogonStudio\logonstudio. exe" /RANDOM O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Programme\Stardock\Win Customize\BootSkin\BootSk in.exe" /StartupJobs O4 - HKLM\..\Run: [iexplore.exe] C:\Programme\Internet Explorer\iexplore.exe O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\A VGNT.EXE" /min O4 - HKLM\..\Run: [Trojancheck 6 Guard] C:\Programme\Trojancheck 6\tcguard.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\ Skype.exe" /nosplash /minimized O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQL ite.exe -trayboot O4 - Startup: PowerReg Scheduler.exe O4 - Global Startup: Erinnerungen für Microsoft Works-Kalender.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: STK007 PNP Monitor.lnk = ? O8 - Extra context menu item: &Google Search - res://c:\programme\google\Googl eToolbar2.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://c:\programme\google\Googl eToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programme\google\Googl eToolbar2.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://c:\programme\google\Googl eToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\programme\google\Googl eToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5. 0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5. 0_02\bin\npjpi150_02.dll O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe (file missing) O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe (file missing) O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQL ite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQL ite.exe O9 - Extra button: XM2002® - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Programme\IPPS\XM2002® \XM2002.exe (file missing) O9 - Extra 'Tools' menuitem: &XM2002® - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Programme\IPPS\XM2002® \XM2002.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MS MSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MS MSGS.EXE O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab O16 - DPF: {0F9B4CA4-A30F-480A-841D-69B45C50A8F8} (SekureL0gin.SekureKontro l) - http://secure2.comned.com/signuptemplates/AktiveSekurity.cab O16 - DPF: {1B51CC54-F369-460B-9184-22D51ABCF807} (empfaenger Element) - http://www.privat-akt.com/download/empfaengerProj1.cab O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/p...s/GSManager.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/...bin/AvSniff.cab O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KX-HCM10 Control) - http://netcam.ccc.edu/kxhcm10.ocx O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.Main Screen) - http://ppupdates.ca.com/downloads/scanner/axscanner.cab O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/01017a2...ip/RdxIE601.cab O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52...meInstaller.exe O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/...n/bin/cabsa.cab O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://god.t-online.de/download/ExentCtl.ocx O16 - DPF: {70EE0AA4-5A3A-4052-8FFA-2EEDA43F7942} (Innotive Cibrowser Control 1.1) - http://ibrow01.streamfarm.net/plugin/cibrowser11.cab O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureContro l) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab O16 - DPF: {861FDA2A-2B57-4BDA-8B8B-305C9D5D8604} (_Multimedia Player) - http://stream.pussyharem.com/stream/mmp.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloa dControl Class) - http://messenger.msn.com/download/m...ownload er.cab O16 - DPF: {BBCACFA8-B901-451E-A606-0FE678814967} (control to view directory & upload images) - http://www.uboot.com/h/int/applet/p...otoUploader.CAB O16 - DPF: {D62B5127-8D03-4175-BA71-E0041595DA4B} (UDConnect Class) - http://03.sharedsource.org/html/Tri..._1.0.0.2ie.cab? O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edges u.../ITDetector.cab O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/active...ol_v1-0-3-0.cab O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\netsi.exe (file missing) O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\A VGUARD.EXE O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2e vxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2s gag.exe O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\A VWUPSRV.EXE O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drive rs\CDAC11BA.EXE O23 - Service: CachemanXP (CachemanXPService) - OuterTechnologies - C:\PROGRA~1\CACHEM~1\Cach emanXP.exe O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gears ec.exe O23 - Service: GFI LANguard N.S.S. 5.0 attendant service - Unknown owner - C:\Programme\GFI\LANguard Network Security Scanner 5.0\lnssatt.exe" -service (file missing) O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programme\iPod\bin\iPo dService.exe O23 - Service: LckFldService - Unknown owner - C:\WINDOWS\System32\LckFl dService.exe O23 - Service: NMap - Unknown owner - C:\Programme\NMapWin\bin\ nmapserv.exe O23 - Service: Registry Management Service (RegManServ) - Unknown owner - C:\Programme\Advanced Registry Doctor\RegManServ.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rp capd.exe" -d -f "%ProgramFiles%\WinPcap\rp capd.ini (file missing) O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2004\WinStylerThemeSvc.ex e O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneL abs\vsmon.exe _____________ Anm. Aktive Links editiert! Beachte zukünftig die Hinweise dieser Anleitung: HiJackThis. LG Cidre S-Mod TB |
1. Entschärfe die Links, damit sich niemand durch versehentliches Anklicken auch noch solchen Müll einfängt. 2. Poste das HJT-Logfile vollständig. 3. Entferne persönliche Angaben. |
Zitat:
Zitat:
|
Naja, da das Problem mit den Links generell besteht, sind die Reaktionen dann manchmal so. Deine hat ja Cidre geändert. Aber wo ist das komplette HJT-Log :mad: |
Hallo Manhunt, das Programm "Trojancheck 6" ist recht alt und die Definitionen ebenfalls. Mein Rat wäre eine Deinstallation. Wechsel nun in den abgesicherten Modus bei deaktivierter Systemwiederherstellung http://www.systemwiederherstellung-d...indows-xp.html und fixe folgende Einträge (Scan mit HJT, Häckchen vor Eintrag und auf fix checked klicken): Falls Dir die "R"-Einträge unbekannt sind (den "R3" auf jeden Fall) O2 - BHO: Class - {DA211C7E-80D9-4852-98A8-572088007AC3} - C:\WINDOWS\winhe.dll O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe (file missing) O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe (file missing O9 - Extra button: XM2002® - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Programme\IPPS\XM2002® \XM2002.exe (file missing) O9 - Extra 'Tools' menuitem: &XM2002® - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Programme\IPPS\XM2002® \XM2002.exe (file missing) O16 - DPF: {1B51CC54-F369-460B-9184-22D51ABCF807} (empfaenger Element) - http://www.privat-akt.com/download/empfaengerProj1.cab O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KX-HCM10 Control) - http://netcam.ccc.edu/kxhcm10.ocx O16 - DPF: {BBCACFA8-B901-451E-A606-0FE678814967} (control to view directory & upload images) - http://www.uboot.com/h/int/applet/p...otoUploader.CAB O16 - DPF: {D62B5127-8D03-4175-BA71-E0041595DA4B} (UDConnect Class) - http://03.sharedsource.org/html/Tri..._1.0.0.2ie.cab? O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/01017a2...ip/RdxIE601.cab O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52...meInstaller.exe O16 - DPF: {70EE0AA4-5A3A-4052-8FFA-2EEDA43F7942} (Innotive Cibrowser Control 1.1) - http://ibrow01.streamfarm.net/plugin/cibrowser11.cab O16 - DPF: {861FDA2A-2B57-4BDA-8B8B-305C9D5D8604} (_Multimedia Player) - http://stream.pussyharem.com/stream/mmp.cab sowie weiter "016"-Einträge, die nicht kennst bzw. nicht mehr brauchst O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\netsi.exe (file missing) O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rp capd.exe" -d -f "%ProgramFiles%\WinPcap\rp capd.ini (file missing) Lösche manuell: C:\WINDOWS\netsi.exe C:\WINDOWS\winhe.dll Führe danach Escan durch (bitte Anleitung genau durchlesen) und lösche alle Funde. Papierkorb leeren Neues Logfile mit Kopfzeilen, aus denen Dein System ersichtlich ist dartus |
@dartus Danke jetzt geht wieder alles. |
Alle Zeitangaben in WEZ +1. Es ist jetzt 11:10 Uhr. |
Copyright ©2000-2025, Trojaner-Board