|
rätselhafter Eintrag vom wmp Hallo, ich habe einen Hijackths Scan gemacht und ausgewertet dabei wurde der Eintrag: O4 - Startup: Windows Media Player.lnk = C:\Program Files\Windows Media Player\wmplayer.exe als böse identifiziert, dazu die Seite: Unbedingt fixen! Added by the KELVIR.G WORM or variants! Note - this is not the valid Windows Media Player as the executeable resides is C:WindowsSystem (Win9x/Me). Als Kommentar steht dann allerdings noch: 12.04.2006 - Only dangerous if you have not manually added Windows Media Player to your startup folder on purpose. Ich habe den Mediaplayer allerdings zum Autostart hinzugefügt. Und wenn ich den wmp aus dem Autostartordner lösche ist auch der Eintrag weg. Was stimmt also jetzt? Achja was mir grad noch aufgefallen ist was sol das File Missing im letzten Eintrag? Logfile of HijackThis v1.99.1 Scan saved at 12:13:23, on 05.03.2008 Platform: Unknown Windows (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16386) Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe C:\Windows\ehome\ehtray.exe D:\Programme\Free Download Manager\fdm.exe D:\Programme\SetPoint\SetPoint.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Users\sven\AppData\Local\Temp\RtkBtMnt.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\Windows\system32\wuauclt.exe C:\Users\sven\Desktop\Windows Media Player\WMPSideShowGadget.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe D:\Programme\Mozilla Firefox\firefox.exe D:\Programme\WinRAR\WinRAR.exe D:\Programme\Mozilla Thunderbird\thunderbird.exe D:\Programme\WinRAR\WinRAR.exe C:\Users\sven\AppData\Local\Temp\Rar$EX00.794\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - D:\Programme\Free Download Manager\iefdm2.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [Skytel] Skytel.exe O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [Free Download Manager] "D:\Programme\Free Download Manager\fdm.exe" -autorun O4 - Startup: Windows Media Player.lnk = C:\Program Files\Windows Media Player\wmplayer.exe O4 - Global Startup: Logitech SetPoint.lnk = D:\Programme\SetPoint\SetPoint.exe O8 - Extra context menu item: Alles mit FDM herunterladen - file://D:\Programme\Free Download Manager\dlall.htm O8 - Extra context menu item: Auswahl mit FDM herunterladen - file://D:\Programme\Free Download Manager\dlselected.htm O8 - Extra context menu item: Datei mit FDM herunterladen - file://D:\Programme\Free Download Manager\dllink.htm O8 - Extra context menu item: Videos mit FDM herunterladen - file://D:\Programme\Free Download Manager\dlfvideo.htm O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll O11 - Options group: [INTERNATIONAL] International* O13 - Gopher Prefix: O17 - HKLM\System\CCS\Services\Tcpip\..\{36B37F11-E096-4308-AD71-474E17DA15BD}: NameServer = 213.191.74.11 213.191.92.82 O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxdev.dll O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing) Grüße zado717 |
Das HJT-Logfile ist so gut wie unbrauchbar da es eine veraltete Version und mit Vista weitgehend inkompatibel ist. Erstell ein neues Logfile mit Hilfe dieser umbenannten hijackthis.exe |
So hier nochmal das neue Logfile: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:23:07, on 05.03.2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16386) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Windows\RtHDVCpl.exe D:\Programme\Empowering Technology\eDataSecurity\eDSLoader.exe C:\Windows\system32\igfxsrvc.exe D:\Programme\Empowering Technology\ENET\ENMTRAY.EXE D:\Programme\Empowering Technology\EPOWER\EPOWER_DMC.EXE D:\Programme\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE C:\Users\sven\AppData\Local\Temp\RtkBtMnt.exe C:\Windows\system32\taskeng.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Windows Media Player\wmplayer.exe D:\PROGRA~1\FREEDO~1\fdm.exe D:\Programme\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - D:\Programme\Free Download Manager\iefdm2.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [Skytel] Skytel.exe O4 - HKLM\..\Run: [eDataSecurity Loader] D:\Programme\Empowering Technology\eDataSecurity\eDSloader.exe O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter O4 - HKCU\..\Run: [Free Download Manager] "D:\Programme\Free Download Manager\fdm.exe" -autorun O4 - HKCU\..\Run: [Software Informer] "D:\Programme\Free Download Manager\si.exe" -autorun O4 - Startup: Windows Media Player.lnk = C:\Program Files\Windows Media Player\wmplayer.exe O4 - Global Startup: Empowering Technology Launcher.lnk = ? O8 - Extra context menu item: Alles mit FDM herunterladen - file://D:\Programme\Free Download Manager\dlall.htm O8 - Extra context menu item: Auswahl mit FDM herunterladen - file://D:\Programme\Free Download Manager\dlselected.htm O8 - Extra context menu item: Datei mit FDM herunterladen - file://D:\Programme\Free Download Manager\dllink.htm O8 - Extra context menu item: Videos mit FDM herunterladen - file://D:\Programme\Free Download Manager\dlfvideo.htm O13 - Gopher Prefix: O17 - HKLM\System\CCS\Services\Tcpip\..\{8E17C8E3-2FE0-49DC-AB88-92CCA5621D28}: NameServer = 213.191.74.11 213.191.92.82 O20 - AppInit_DLLs: eNetHook.dll O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - D:\Programme\Empowering Technology\eDataSecurity\eDSService.exe O23 - Service: eLock Service (eLockService) - Acer Inc. - D:\Programme\Empowering Technology\eLock\Service\eLockServ.exe O23 - Service: eNet Service - Acer Inc. - D:\Programme\Empowering Technology\eNet\eNet Service.exe O23 - Service: eSettings Service (eSettingsService) - Unknown owner - D:\Programme\Empowering Technology\eSettings\Service\capuserv.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: ePower Service (WMIService) - acer - D:\Programme\Empowering Technology\ePower\ePowerSvc.exe -- End of file - 4903 bytes |
Also für mich sieht das Log okay aus. Achte mal auf die Userwertung des Mediaplayer-Eintrags: Zitat:
|
| Alle Zeitangaben in WEZ +1. Es ist jetzt 10:55 Uhr. |
Copyright ©2000-2025, Trojaner-Board