-
Mülltonne
(
https://www.trojaner-board.de/muelltonne/)
Trojan.Tool.Wpakill.A
hallo
habe heute den Trojaner Trojan.Tool.Wpakill.A bei mir gefunden .
hier ist der Log, danke für die Auswertung Code:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:22:37, on 13.10.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
D:\Programm Files\AVP KASPERSKY Internet Security\avp.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Programm Files\AVP KASPERSKY Internet Security\avp.exe
C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\mspaint.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
D:\Programm Files\HijackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cska.bg/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (file missing)
O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - D:\Programm Files\PDF Converter (SolidPDF)\SCPDF\ExploreExtPDF.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - D:\Programm Files\AVP KASPERSKY Internet Security\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Programm Files\JAVA RunTime Environtment\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll
O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - D:\Programm Files\PDF Converter (SolidPDF)\SCPDF\ExploreExtPDF.dll
O4 - HKLM\..\Run: [StartupDelayer] "D:\Programm Files\Windows StartUp Delayer\Startup Launcher.exe"
O4 - HKLM\..\Run: [AVP] "D:\Programm Files\AVP KASPERSKY Internet Security\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WeatherWatcher] "D:\Programm Files\Weather Watcher\ww.exe"
O4 - HKCU\..\Run: [Skype] "D:\Programm Files\Skype\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - D:\Programm Files\AVP KASPERSKY Internet Security\ie_banner_deny.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://D:\PROGRA~1\MSOFFI~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programm Files\JAVA RunTime Environtment\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programm Files\JAVA RunTime Environtment\bin\ssv.dll
O9 - Extra button: ENG-GER - {1D1FC0A2-97E4-4922-A785-15A2E480860A} - D:\Progra~1\Eng--G~1\QuickDic.exe
O9 - Extra button: Statistik für den Schutz des Web-Datenverkehrs - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Programm Files\AVP KASPERSKY Internet Security\SCIEPlgn.dll
O9 - Extra button: GER-BUL - {5BBD0D81-E638-48cf-829C-ABBE7664A07B} - D:\Progra~1\Ger--B~1\KoralS~1\EuroDi~1\Ger-Bul.exe
O9 - Extra button: DUDEN - {7671EF37-7F5D-4638-BF2F-61E852A25F97} - D:\Progra~1\DUDEN\duden.vbs
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: ENG-BUL - {A0A374C6-2B0A-4e54-83DA-69B43E123055} - D:\Progra~1\Eng---~1\Eng-Bul.vbs
O9 - Extra button: GER-RUS - {D62EB183-2654-4df9-B186-03B97F978C12} - D:\Progra~1\Ger---~1\Ger-Rus.vbs
O9 - Extra button: ICQ - {DB463877-5B45-4400-AA15-3BDFDB056E7E} - D:\Progra~1\Mirand~1\Mirand~1.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra button: ENG-RUS - {FC0DADC0-E01B-40f3-A511-FA5453F2619A} - D:\Progra~1\Eng--R~1\Eng-Rus.vbs
O9 - Extra button: Fav.-Suche - {FF925300-80E6-11D4-A15B-FFF9086C1A3C} - D:\PROGRA~1\IEFAVO~1\FavSeek.dll
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.de/scan_de/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C0E8716A-1804-44F4-B09F-412CF51C98F5}: NameServer = 195.50.140.178 195.50.140.114
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: D:\PROGRA~1\AVPKAS~2\mzvkbd.dll,D:\PROGRA~1\AVPKAS~2\mzvkbd3.dll,D:\PROGRA~1\AVPKAS~2\adialhk.dll,D:\PROGRA~1\AVPKAS~2\kloehk.dll
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - D:\Programm Files\AVP KASPERSKY Internet Security\avp.exe
O23 - Service: Hotspot Manager (HotSpotFSvc) - Unknown owner - C:\Programme\Gemeinsame Dateien\T-COM\HotspotMgr\HotSpotFSvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - D:\Programm Files\NERO LightScribe CD-DVD Burning\Nero 7\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - D:\Programm Files\NERO LightScribe CD-DVD Burning\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe
O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - VoyagerSoft, LLC - D:\Programm Files\PDF Converter (SolidPDF)\SCPDF\SolidPdfService.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
--
End of file - 7564 bytes
|
| Alle Zeitangaben in WEZ +1. Es ist jetzt 08:48 Uhr. | |
Copyright ©2000-2025, Trojaner-Board
Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.
