![]() |
SpywareDetected-Hijack Ergebniss-weiteres Vorgehen? Hallo Zusammen, habe auch das Problem mit dem Blauen Hintergurnd mit aufschrift: Warning - Spyware detected on your computer! Wäre euch sehr dankbar wenn ihr mir sagen könntet welche datern ich nun mit hilfe dieses Hijack Program löschen bzw Fix checked soll . Wäre über Hilfe sehhhhr dankbar Grüße Boas Hier das Ergebniss des Hijack scans Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 07:20:50, on 06.07.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\Explorer.EXE C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Programme\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Eigene Installtionen\Winamp\winampa.exe C:\Programme\Java\jre1.6.0_06\bin\jusched.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\Programme\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\WINDOWS\system32\lphcepcj0ep2t.exe C:\Eigene Installtionen\Syware remover\spftray.exe C:\Programme\Messenger\msmsgs.exe C:\Programme\ICQ6\ICQ.exe C:\Programme\Winamp Remote\bin\OrbTray.exe C:\Eigene Installtionen\Syware remover\spfprc.exe C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\WINDOWS\system32\WgaTray.exe C:\Programme\Internet Explorer\IEXPLORE.EXE C:\Programme\HijackThis\killer\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Programme\Adobe\/Adobe Contribute CS3/contributeieplugin.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Programme\Adobe\/Adobe Contribute CS3/contributeieplugin.dll O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [WinampAgent] "C:\Eigene Installtionen\Winamp\winampa.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Eigene Installtionen\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Programme\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\GEMEIN~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE O4 - HKLM\..\Run: [lphcepcj0ep2t] C:\WINDOWS\system32\lphcepcj0ep2t.exe O4 - HKLM\..\Run: [SMrhcapcj0ep2t] C:\Programme\rhcapcj0ep2t\rhcapcj0ep2t.exe O4 - HKLM\..\Run: [spywarefighterguard] C:\Eigene Installtionen\Syware remover\spftray.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ICQ] "C:\Programme\ICQ6\ICQ.exe" silent O4 - HKCU\..\Run: [Orb] "C:\Programme\Winamp Remote\bin\OrbTray.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: An vorhandenes PDF anfügen - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{088B54AD-4BDD-4BEE-B513-54A0750C86F0}: NameServer = 192.168.2.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{088B54AD-4BDD-4BEE-B513-54A0750C86F0}: NameServer = 192.168.2.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{088B54AD-4BDD-4BEE-B513-54A0750C86F0}: NameServer = 192.168.2.1 O23 - Service: Adobe Version Cue CS3 {de_DE} (Adobe Version Cue CS3) - Adobe Systems Incorporated - C:\Programme\Gemeinsame Dateien\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programme\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Eigene Installtionen\Syware remover\spfprc.exe -- End of file - 8161 bytes Trotz ausführlicher Recherche im Internet, kapier ich immernoch ziemlch wenig von der ganzen sache, DANAKE für eure Hilfe!!! |
Hi Boas und :hallo: Bitte lass als erstes Malwarebytes laufen, lösche alles was er findet und poste das Log:daumenhoc Nun erstellst du bitte mit RunScanner ein Log und postest es mit einem neuen Hijackthis Log zusammen:daumenhoc |
Hey, alles klar wird gemacht hier schonmal der Report von Malwarebytes. vielen Dank übrigens!!!! Malwarebytes' Anti-Malware 1.23 Datenbank Version: 992 Windows 5.1.2600 Service Pack 2 14:45:45 06.07.2008 mbam-log-7-6-2008 (14-45-45).txt Scan-Methode: Vollständiger Scan (C:\|E:\|) Durchsuchte Objekte: 172234 Laufzeit: 1 hour(s), 46 minute(s), 20 second(s) Infizierte Speicherprozesse: 1 Infizierte Speichermodule: 1 Infizierte Registrierungsschlüssel: 9 Infizierte Registrierungswerte: 6 Infizierte Dateiobjekte der Registrierung: 2 Infizierte Verzeichnisse: 13 Infizierte Dateien: 27 Infizierte Speicherprozesse: C:\WINDOWS\system32\lphcepcj0ep2t.exe (Trojan.FakeAlert) -> Unloaded process successfully. Infizierte Speichermodule: C:\WINDOWS\system32\blphcepcj0ep2t.scr (Trojan.FakeAlert) -> Delete on reboot. Infizierte Registrierungsschlüssel: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rhcapcj0ep2t (Rogue.Multiple) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\rhcapcj0ep2t (Rogue.Multiple) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\BrowsingEnhancer (Adware.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Mirar (Adware.Mirar) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\PlayMP3 (Adware.PlayMP3Z) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fbrowsingadvisor_is1 (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphcepcj0ep2t (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smrhcapcj0ep2t (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Infizierte Verzeichnisse: C:\Programme\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully. C:\Programme\FBrowserAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\rhcapcj0ep2t (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\rhcapcj0ep2t\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\rhcapcj0ep2t\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\rhcapcj0ep2t\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\rhcapcj0ep2t\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\rhcapcj0ep2t\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\rhcapcj0ep2t\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\rhcapcj0ep2t\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\rhcapcj0ep2t\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\rhcapcj0ep2t\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\rhcapcj0ep2t\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully. Infizierte Dateien: C:\WINDOWS\system32\lphcepcj0ep2t.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Programme\FBrowsingAdvisor\XPCOMEvents.dll (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully. C:\Programme\Mozilla Firefox\regxpcom.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully. C:\Programme\FBrowsingAdvisor\IXPCOMEvents.xpt (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully. C:\Programme\FBrowsingAdvisor\Logo.png (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully. C:\Programme\FBrowsingAdvisor\main.db (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully. C:\Programme\FBrowsingAdvisor\unins000.dat (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully. C:\Programme\FBrowsingAdvisor\unins000.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\.tt15.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\.tt1.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\.tt2.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\.tt3.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\.tt4.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\.tt5.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\.tt6.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\.tt7.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\.tt8.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\.tt9.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\.ttA.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\.ttB.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\.ttC.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\.ttD.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\.ttE.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\.ttF.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\system32\blphcepcj0ep2t.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\system32\phcepcj0ep2t.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\s1265.php (Trojan.FakeAlert) -> Quarantined and deleted successfully. |
so hier der Rest: die 2 fehlenden Logs, was muss ich nun machen, habe ich die Viren (oder was auch immer :) ) jetzt schon gelöscht? Log von Runscanner: Runscanner logfile http://www.runscanner.net * = signed file - = file not found 000 General info ---------------- Computer name : DANIEL Creation time : 06.07.2008 14:59:08 Hosts <> 127.0.0.1 : 0 Hosts file location : %SystemRoot%\System32\drivers\etc IE version : 6.0.2900.2180 OS : Microsoft Windows XP OS Build : 2600 OS SP : Service Pack 2 RunScanner Version : 1.6.3.0 User Language : Deutsch (Deutschland) User rights : Administrator Windows folder : C:\WINDOWS 001 Running processes --------------------- * c:\programme\adobe\acrobat 8.0\acrobat\acrotray.exe (Adobe Systems Inc.) c:\programme\gemeinsame dateien\macrovision shared\flexnet publisher\fnplicensingservice.exe (Macrovision Europe Ltd.) c:\programme\avira\antivir personaledition classic\avguard.exe (Avira GmbH) c:\programme\avira\antivir personaledition classic\sched.exe (Avira GmbH) c:\programme\avira\antivir personaledition classic\avgnt.exe (Avira GmbH) * c:\windows\system32\services.exe (Microsoft Corporation) * c:\windows\system32\alg.exe (Microsoft Corporation) c:\programme\bonjour\mdnsresponder.exe (Apple Computer, Inc.) * c:\windows\system32\csrss.exe (Microsoft Corporation) * c:\windows\system32\svchost.exe (Microsoft Corporation) * c:\windows\system32\svchost.exe (Microsoft Corporation) * c:\windows\system32\svchost.exe (Microsoft Corporation) * c:\windows\system32\svchost.exe (Microsoft Corporation) * c:\windows\system32\svchost.exe (Microsoft Corporation) * c:\windows\system32\svchost.exe (Microsoft Corporation) * c:\programme\internet explorer\iexplore.exe (Microsoft Corporation) * c:\programme\java\jre1.6.0_06\bin\jusched.exe (Sun Microsystems, Inc.) * c:\windows\system32\lsass.exe (Microsoft Corporation) c:\programme\winamp remote\bin\orbtray.exe (Orb Networks) * c:\programme\gemeinsame dateien\real\update_ob\realsched.exe (RealNetworks, Inc.) * c:\dokume~1\admini~1\lokale~1\temp\temporäres verzeichnis 1 für runscanner.zip\runscanner.exe (Runscanner.net) * c:\windows\system32\spoolsv.exe (Microsoft Corporation) * c:\eigene installtionen\syware remover\spfprc.exe (SpamFighter APS) * c:\eigene installtionen\syware remover\spftray.exe (SPAMfighter) c:\eigene installtionen\winamp\winamp.exe (Nullsoft) c:\eigene installtionen\winamp\winampa.exe * c:\windows\explorer.exe (Microsoft Corporation) * c:\windows\system32\wgatray.exe (Microsoft Corporation) * c:\programme\messenger\msmsgs.exe (Microsoft Corporation) * c:\windows\system32\winlogon.exe (Microsoft Corporation) * c:\windows\system32\smss.exe (Microsoft Corporation) * c:\windows\system32\wdfmgr.exe (Microsoft Corporation) 002 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run (+subkeys) ----------------------------------------------------------------- c:\progra~1\gemein~1\adobe\adobev~1\server\bin\versio~2.exe (Adobe Systems Incorporated) c:\programme\avira\antivir personaledition classic\avgnt.exe (Avira GmbH) c:\eigene installtionen\quicktime\qttask.exe (Apple Inc.) * c:\programme\gemeinsame dateien\real\update_ob\realsched.exe (RealNetworks, Inc.) c:\eigene installtionen\winamp\winampa.exe 003 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run (+subkeys) ----------------------------------------------------------------- c:\programme\winamp remote\bin\orbtray.exe (Orb Networks) 010 HKLM\SYSTEM\CurrentControlSet\Services (Services) ----------------------------------------------------- c:\programme\bonjour\mdnsresponder.exe (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) c:\programme\avira\antivir personaledition classic\avguard.exe (AntiVir PersonalEdition Classic Guard) c:\programme\avira\antivir personaledition classic\sched.exe (AntiVir PersonalEdition Classic Planer) c:\programme\gemeinsame dateien\macrovision shared\flexnet publisher\fnplicensingservice.exe (FLEXnet Licensing Service) 011 HKLM\SYSTEM\CurrentControlSet\Services (drivers) ---------------------------------------------------- * c:\programme\avira\antivir personaledition classic\avgio.sys (avgio) * c:\programme\avira\antivir personaledition classic\avgntflt.sys (avgntflt) * C:\WINDOWS\system32\drivers\avipbb.sys (avipbb) - c:\windows\system32\drivers\changer.sys (Changer) - c:\programme\unknown device identifier\gwiopm.sys (gwiopm) - c:\windows\system32\drivers\i2omgmt.sys (i2omgmt) - c:\windows\system32\drivers\lbrtfdc.sys (lbrtfdc) - c:\windows\system32\drivers\pcidump.sys (PCIDump) - c:\windows\system32\drivers\pdcomp.sys (PDCOMP) - c:\windows\system32\drivers\pdframe.sys (PDFRAME) - c:\windows\system32\drivers\pdreli.sys (PDRELI) - c:\windows\system32\drivers\pdrframe.sys (PDRFRAME) - c:\windows\system32\plcmpr5.sys (PLCMPR5 NDIS Protocol Driver) c:\windows\system32\plcndis5.sys (PLCNDIS5 NDIS Protocol Driver) C:\WINDOWS\system32\drivers\alcxwdm.sys (Service for Realtek AC97 Audio (WDM)) C:\WINDOWS\system32\drivers\ssmdrv.sys (ssmdrv) c:\windows\system32\drivers\tvichw32.sys (TVICHW32) - c:\windows\system32\drivers\wdica.sys (WDICA) 041 HKLM-HKCU\Software\Microsoft\Internet Explorer\Toolbar ---------------------------------------------------------- - c:\programme\adobe\ {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} 042 HKLM\Software\Microsoft\Internet Explorer\Extensions -------------------------------------------------------- * c:\programme\icq6\icq.exe (ICQ, Inc.) {E59EB121-F339-4851-A3BA-FE49C35617C2} 052 HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects ---------------------------------------------------------------------------------- - c:\programme\adobe\ {074C1DC5-9320-4A9A-947D-C042949C6216} * c:\program files\real\realplayer\rpbrowserrecordplugin.dll (RealPlayer) {3049C3E9-B461-4BC5-8870-4C09146192CA} 061 HKLM-HCKU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved --------------------------------------------------------------------------------- - deskpan.dll {42071714-76d4-11d1-8b24-00a0c9068ff3} c:\programme\avira\antivir personaledition classic\shlext.dll (Avira GmbH) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} * c:\program files\real\realplayer\rpshell.dll (RealNetworks, Inc.) {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} 062 HKLM-HKCU\Software\Classes\Folder\Shellex\ColumnHandlers ------------------------------------------------------------ c:\programme\gemeinsame dateien\adobe\acrobat\activex\pdfshell.dll (Adobe Systems, Inc.) {F9DB5320-233E-11D1-9F84-707F02C10627} 073 %windir%\Tasks ------------------ AppleSoftwareUpdate.job : c:\programme\apple software update\softwareupdate.exe (Apple Inc.) 100 Internet Explorer settings ------------------------------ Start Page HKCU : http://www.msn.com/ 104 HKLM\Software\Microsoft\Code Store Database\Distribution Units ------------------------------------------------------------------ * c:\windows\downloaded program files\sysreqlab2.dll (Husdawg, LLC) {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} GUID / CLSID not found {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} 105 HKCU\Software\Microsoft\Internet Explorer\MenuExt ----------------------------------------------------- An vorhandenes PDF anfügen : res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html Ausgewählte Verknüpfungen in Adobe PDF konvertieren : res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren : res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html Auswahl in Adobe PDF konvertieren : res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html Auswahl in vorhandene PDF-Datei konvertieren : res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html In Adobe PDF konvertieren : res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html Nach Microsoft E&xel exportieren : res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 Verknüpfungsziel in Adobe PDF konvertieren : res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html Verknüpfungsziel in vorhandene PDF-Datei konvertieren : res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html 107 HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5 --------------------------------------------------------------------------------- c:\programme\bonjour\mdnsnsp.dll (Apple Computer, Inc.) 120 Domain/DNS hijacking ------------------------ NameServer {088B54AD-4BDD-4BEE-B513-54A0750C86F0} : 192.168.2.1 170 HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ------------------------------------------------------------------------ {88d95ef9-e74c-11dc-a1e6-efdd2690e6d7} : G:\pushinst.exe 173 HKCR\*\shellex\ContextMenuHandlers -------------------------------------- c:\programme\avira\antivir personaledition classic\shlext.dll (Avira GmbH) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} 221 HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers ------------------------------------------------------- c:\programme\avira\antivir personaledition classic\shlext.dll (Avira GmbH) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} 223 HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers -------------------------------------------------------------------------- * c:\eigene installtionen\kampfprogs\malwarebytes' anti-malware\mbamext.dll (Malwarebytes Corporation) {57CE581A-0CB6-4266-9CA0-19364C90A0B3} 225 HKCU\Software\Classes\Folder\ShellEx\ContextMenuHandlers ------------------------------------------------------------ * c:\eigene installtionen\kampfprogs\malwarebytes' anti-malware\mbamext.dll (Malwarebytes Corporation) {57CE581A-0CB6-4266-9CA0-19364C90A0B3} * c:\eigene installtionen\kampfprogs\malwarebytes' anti-malware\mbamext.dll (Malwarebytes Corporation) {57CE581A-0CB6-4266-9CA0-19364C90A0B3} c:\programme\avira\antivir personaledition classic\shlext.dll (Avira GmbH) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} c:\programme\avira\antivir personaledition classic\shlext.dll (Avira GmbH) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} 231 HKLM\Software\Classes\Folder\Shellex\ColumnHandlers ------------------------------------------------------- c:\programme\gemeinsame dateien\adobe\acrobat\activex\pdfshell.dll (Adobe Systems, Inc.) PDF Column Info Log von Hijack : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:04:46, on 06.07.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\Explorer.EXE C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Eigene Installtionen\Winamp\winampa.exe C:\Programme\Java\jre1.6.0_06\bin\jusched.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\Programme\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\Eigene Installtionen\Syware remover\spftray.exe C:\Programme\Messenger\msmsgs.exe C:\Programme\Winamp Remote\bin\OrbTray.exe C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Programme\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\svchost.exe C:\Eigene Installtionen\Syware remover\spfprc.exe C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\WINDOWS\system32\WgaTray.exe C:\Programme\Internet Explorer\IEXPLORE.EXE C:\Eigene Installtionen\Winamp\winamp.exe C:\Programme\HijackThis\killer\HijackThis.exe C:\Programme\HijackThis\killer\HijackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Programme\Adobe\/Adobe Contribute CS3/contributeieplugin.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Programme\Adobe\/Adobe Contribute CS3/contributeieplugin.dll O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [WinampAgent] "C:\Eigene Installtionen\Winamp\winampa.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Eigene Installtionen\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Programme\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\GEMEIN~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE O4 - HKLM\..\Run: [spywarefighterguard] C:\Eigene Installtionen\Syware remover\spftray.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Orb] "C:\Programme\Winamp Remote\bin\OrbTray.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: An vorhandenes PDF anfügen - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{088B54AD-4BDD-4BEE-B513-54A0750C86F0}: NameServer = 192.168.2.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{088B54AD-4BDD-4BEE-B513-54A0750C86F0}: NameServer = 192.168.2.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{088B54AD-4BDD-4BEE-B513-54A0750C86F0}: NameServer = 192.168.2.1 O23 - Service: Adobe Version Cue CS3 {de_DE} (Adobe Version Cue CS3) - Adobe Systems Incorporated - C:\Programme\Gemeinsame Dateien\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programme\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Eigene Installtionen\Syware remover\spfprc.exe -- End of file - 7817 bytes |
Hallo, arbeite bitte folgende Schritte nach der Reihe ab: Dateien Online überprüfen lassen:
Code: C:\WINDOWS\system32\lphcepcj0ep2t.exe
Danach folge der Anleitung für MalwareBytes, Link in meiner Signatur. (Log posten) mfg |
Alle Zeitangaben in WEZ +1. Es ist jetzt 12:07 Uhr. |
Copyright ©2000-2025, Trojaner-Board