![]() |
win1A.tmp.exe etc. Habe das Problem, dass ein Prozess namens win**.tmp.exe versucht auf das Internet zuzugreifen. Wäre um Hilfe froh. Hier das HiJack Logfile: Logfile of HijackThis v1.99.1 Scan saved at 10:54:19, on 07.08.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\xampp\apache\bin\apache.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\Programme\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe C:\Programme\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Swisscom Mobile\Unlimited Data Manager\DashBoardS.exe C:\Programme\TortoiseSVN\bin\TSVNCache.exe C:\Programme\UPHClean\uphclean.exe C:\Programme\xampp\apache\bin\apache.exe C:\Programme\Swisscom Mobile\Sesam\BIN\SecMIPService.exe C:\WINDOWS\AGRSMMSG.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Programme\QuickTime\qttask.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\Programme\SAMSUNG\MagicKBD\MagicKBD.exe C:\WINDOWS\system32\igfxpers.exe C:\Programme\Gemeinsame Dateien\{64221264-063B-1031-0413-050410150029}\Update.exe C:\WINDOWS\system32\wuauclt.exe C:\Programme\Mozilla Firefox\firefox.exe \?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE C:\Programme\Internet Explorer\iexplore.exe C:\Programme\HiJack This\HijackThis.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O4 - HKLM\..\Run: [MagicKeyboard] C:\Programme\SAMSUNG\MagicKBD\PreMKBD.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - Global Startup: C-CHANNEL OnlineUpdate.lnk = ? O8 - Extra context menu item: &ieSpell Options - res://C:\Programme\ieSpell\iespell.dll/SPELLOPTION.HTM O8 - Extra context menu item: Check &Spelling - res://C:\Programme\ieSpell\iespell.dll/SPELLCHECK.HTM O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_08\bin\npjpi142_08.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_08\bin\npjpi142_08.dll O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Programme\ieSpell\iespell.dll O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Programme\ieSpell\iespell.dll O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Programme\ieSpell\iespell.dll O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Programme\ieSpell\iespell.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - h**p://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - h**p://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1117033511017 O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apache2 - Unknown owner - C:\Programme\xampp\apache\bin\apache.exe" -k runservice (file missing) O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: MSSQL$PINNACLESYS - Unknown owner - C:\Programme\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe" -sPINNACLESYS (file missing) O23 - Service: Samsung Update Plus - Unknown owner - C:\Programme\Samsung\Samsung Update Plus\SLUBackgroundService.exe O23 - Service: Sesam Control Service (SesamService) - Swisscom Mobile - C:\Programme\Swisscom Mobile\Sesam\BIN\SecMIPService.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: SQLAgent$PINNACLESYS - Unknown owner - C:\Programme\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE" -i PINNACLESYS (file missing) |
Ich glaube ich habe das Problem soeben selbst gefixt. Hab nochmals mit Google recherchiert und folgendes gefunden: How to fix win???.tmp infection Scan your computer using Hijackthis. After scan locate line O20 - Winlogon Notify: win???32 - C:\WINDOWS\SYSTEM32\win???32.dll. ??? is replaced with any 3 symbols (For example: winzdn32.dll). Go to C:\WINDOWS\SYSTEM32\, find win???32.dll file and rename it adding .txt extention (win???32.dll.txt). Restart the computer. Das habe ich gemacht und es hat so funktioniert. Ich habe danach die Datei noch mit jotti getestet und drei haben es als Trojaner erkannt. |
Alle Zeitangaben in WEZ +1. Es ist jetzt 17:49 Uhr. |
Copyright ©2000-2025, Trojaner-Board