temp 532.exe wer weiß Rat
 

Hallo Spheric,

poste bitte ein Hijackthis-Logfile
Editiere bitt sämtliche Links und persönliche Daten.

dartus

Jo werde ich machen mal sehen ob ich das hinbekomme THX erst mal :party:

Logfile of HijackThis v1.99.1

Scan saved at 22:55:25, on 27.07.2005

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.****.1106)



Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe

C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe

C:\Programme\Norton Internet Security\ISSVC.exe

C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe

C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.exe

C:\Programme\ASUS\WLAN Card Utilities\Center.exe

C:\Programme\Java\j2re1.4.2_06\bin\jusched.exe

C:\Programme\HHVcdV5Sys\VC5Play.exe

C:\WINDOWS\bcqkvemr.exe

C:\Programme\AVPersonal\AVGNT.EXE

C:\Programme\NoPopUp 2003\nopopup.exe

C:\Programme\Steganos AntiSpyware 7\aspy7.exe

C:\WINDOWS\System32\sysmon32.exe

C:\Programme\Spybot - Search & Destroy\TeaTimer.exe

C:\Programme\AVPersonal\AVGUARD.EXE

C:\Programme\AVPersonal\AVWUPSRV.EXE

C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\oodag.exe

C:\WINDOWS\System32\svchost.exe

C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Programme\HHVcdV5Sys\VC5SecS.exe

C:\WINDOWS\System32\msiexec.exe

C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis2\kernel.exe

C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis2\sc_watch.exe

C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis2\PROFIL~1.EXE

D:\Programme\Teamspeak2_RC2\TeamSpeak.exe

C:\Programme\ICQ\Icq.exe

C:\Programme\Internet Explorer\IEXPLORE.EXE

C:\PROGRA~1\FlashGet\flashget.exe

C:\Programme\WinRAR\WinRAR.exe

C:\DOKUME~1\chris\LOKALE~1\Temp\Rar$EX00.390\HijackThis.exe



R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = h**p://w*w.searchgateway.net/search/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://w*w.searchgateway.net/search/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://w*w.googel.de

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://w*w.googel.de

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = h**p://w*w.searchgateway.net/search/

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = h**p://w*w.searchgateway.net/search/%s

R3 - Default URLSearchHook is missing

F2 - REG:system.ini: Shell=Explorer.exe sysmon32.exe

F2 - REG:system.ini: UserInit=userinit.exe,xpjava.exe

O1 - Hosts: **.***.100.** BF2

O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll (file missing)

O2 - BHO: (no name) - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - (no file)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [Control Center] C:\Programme\ASUS\WLAN Card Utilities\Center.exe

O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\UsrPrmpt.exe

O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_06\bin\jusched.exe

O4 - HKLM\..\Run: [VC5Player] C:\Programme\HHVcdV5Sys\VC5Play.exe

O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe

O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programme\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programme\Logitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [SAHBundle] C:\WINDOWS\TEMP\BUNDLE~1.EXE run

O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe

O4 - HKLM\..\Run: [Media Gateway] C:\Program Files\Media Gateway\MediaGateway.exe

O4 - HKLM\..\Run: [checkrun] C:\windows\system32\eliteamj32.exe

O4 - HKLM\..\Run: [salm] c:\programme\180searchassistant\salm.exe

O4 - HKLM\..\Run: [uucSDb] C:\WINDOWS\bcqkvemr.exe

O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min

O4 - HKLM\..\Run: [IST Service] C:\Programme\ISTsvc\istsvc.exe

O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"

O4 - HKCU\..\Run: [NoPopUp] C:\Programme\NoPopUp 2003\nopopup.exe /autorun

O4 - HKCU\..\Run: [Steam] "c:\programme\valve\steam\steam.exe" -silent

O4 - HKCU\..\Run: [AntiSpyware7] "C:\Programme\Steganos AntiSpyware 7\aspy7.exe" /0

O4 - HKCU\..\Run: [STYLEXP] C:\Programme\TGTSoft\StyleXP\StyleXP.exe -Hide

O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\MSMSGS.EXE" /background

O4 - HKCU\..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: Alles mit FlashGet laden - C:\PROGRA~1\FlashGet\jc_all.htm

O8 - Extra context menu item: Mit FlashGet laden - C:\PROGRA~1\FlashGet\jc_link.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe

O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE

O10 - Broken Internet access because of LSP provider 'xfire_lsp_10650.dll' missing

O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone

O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - h**p://static.windupdates.com/cab/MediaAccessVerisign/ie/Bridge-c139.cab

O16 - DPF: {7149E79C-DC19-4C5E-A53C-A54DDF75EEE9} (IObjSafety.DemoCtl) -

O16 - DPF: {CDCBE0F1-D13A-4F86-A963-3A272D3ABA7E} (VacPro.internazionale_ver15) - h**p://advnt01.com/dialer/internazionale_ver15.CAB

O16 - DPF: {D19781C5-2051-44F8-8445-DDC82933C191} (VacPro.internazionale_ver11) - h**p://advnt01.com/dialer/internazionale_ver11.CAB

O17 - HKLM\System\CCS\Services\Tcpip\..\{565A9CF4-BB1E-4C39-A668-6BBBFBF45708}: NameServer = ******

O17 - HKLM\System\CCS\Services\Tcpip\..\{5D8C7EF6-C35A-4C9D-B52E-AC2CBA43F60D}: NameServer = ***.237.***.** 217.***.150.**

O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE

O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe

O23 - Service: hexadecimal (HexadecimaRepresentation) - Unknown owner - C:\WINDOWS\Edit.exe (file missing)

O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Programme\Norton Internet Security\ISSVC.exe

O23 - Service: MAPI Mail Client (MAPI) - Unknown owner - C:\WINDOWS\System32\mapi32.exe (file missing)

O23 - Service: Marmiko ZeroConfig Controller (MZCCntrl) - Unknown owner - C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe (file missing)

O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\System32\oodag.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton Internet Security\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: StyleXPService - Unknown owner - C:\Programme\TGTSoft\StyleXP\StyleXPService.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe

O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe

O23 - Service: Virtual CD v5 Security service (VC5SecS) - H+H Software GmbH - C:\Programme\HHVcdV5Sys\VC5SecS.exe


Ich hoffe das ich das jetzt richtig gemacht habe das es das erste mal mit dem prog gearbeitet habe ..

THX für Eure Antwort :party:

Hallo Spheric,

Dein System ist sehr verseucht!
Da tummelt sich einiges, u.a. auch dieser:
http://www.sophos.com/virusinfo/analyses/w32rbotyc.html = xpjava.exe

Hauptgrund für diesen Zustand ist Dein nicht aktuelles Betriebssystem! SP 2 und alle weiteren Sicherheitsupdates müssen installiert sein!

Bei einem Trojaner mit Backdoorfunktionalität wird Dir dringend zur Neuinstallation geraten.

http://www.mathematik.uni-marburg.de...c-removal.html
http://www.mathematik.uni-marburg.de...ompromise.html
http://en.wikipedia.org/wiki/Botnet
http://de.wikipedia.org/wiki/Backdoor

Empfohlene Anleitung zur Neuinstallation

http://www.trojaner-board.de/showthread.php?t=12154

Thema Datensicherung:

http://www.trojaner-board.de/showpos...8&postcount=11

sry
dartus