Win32:interceptor (trj)

panther.969 · 15.01.2006, 19:16

Hallo!

Bin neu hier, deshalb entschuldigt, wenn ich was falsch mache.
Hab mir dummerweise grad von w*w.spionfrei.de die Software gedownloaded und bei der Installation hat mein Antiviren-Programm (Avast) gleich gepiept wie ein Verrückter: win32:interceptor (trj)

Kann das echt sein, dass ich mir selber nen Trojaner runtergeladen habe?? Wisst ihr irgendwas über das Programm?

Danke!

hoerni26 · 15.01.2006, 21:22

hallo,

bitte poste ein HJT logfile nach der anleitung in meiner signatur

panther.969 · 16.01.2006, 16:31

Logfile of HijackThis v1.99.1
Scan saved at 16:27:36, on 16.01.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Sygate\SPF\smc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
F:\Programme\Avast4\aswUpdSv.exe
F:\Programme\Avast4\ashServ.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
F:\Programme\Avast4\ashMaiSv.exe
F:\Programme\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Programme\Office Mouse\moffice.exe
F:\Programme\PestPatrol\PPMemCheck.exe
F:\Programme\PestPatrol\PPControl.exe
F:\Programme\PestPatrol\CookiePatrol.exe
C:\PROGRA~1\GEMEIN~1\PCSuite\DATALA~1\DATALA~1.EXE
F:\PROGRA~1\Nokia\PCSUIT~2\NOKIAP~1\TRAYAP~1.EXE
F:\PROGRA~1\Avast4\ashDisp.exe
C:\Programme\Gemeinsame Dateien\Nokia\NCLTools\NCLConf.exe
C:\Programme\T-Online\DSL-Manager\TODslMgr.exe
C:\WINDOWS\system32\ctfmon.exe
F:\Programme\a-squared\a2guard.exe
F:\Programme\Hewlett-Packard\AiO\hp officejet g series\Bin\hpoavn07.exe
C:\Programme\Office Mouse\MOUSE32A.EXE
C:\PROGRA~1\GEMEIN~1\PCSuite\Services\SERVIC~1.EXE
C:\Programme\T-Online\DSL-Manager\TODslSvc.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
F:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
F:\Programme\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
F:\Programme\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
C:\WINDOWS\system32\hpoipm07.exe
F:\Programme\hijackthis\HijackThis.exe
F:\Programme\Opera\Opera.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://192.168.2.1/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: metaspinner media GmbH - {7C7A8947-5935-4430-AC0E-E7D04697414E} - (disabled by BHODemon)
O2 - BHO: metaspinner media GmbH - {84B94901-3645-4D80-A6B7-4D0050B19455} - (no file)
O2 - BHO: metaspinner media GmbH - {CD9B7762-DFBC-42B1-BB30-02A78287B456} - (no file)
O2 - BHO: metaspinner media GmbH - {D3AA56A9-8137-4950-A6F9-D0190A82AF2A} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Programme\Office Mouse\moffice.exe
O4 - HKLM\..\Run: [PPMemCheck] F:\Programme\PestPatrol\PPMemCheck.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] F:\Programme\PestPatrol\PPControl.exe
O4 - HKLM\..\Run: [CookiePatrol] F:\Programme\PestPatrol\CookiePatrol.exe
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\GEMEIN~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] F:\PROGRA~1\Nokia\PCSUIT~2\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [avast!] F:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Nokia Connection Monitor] "C:\Programme\Gemeinsame Dateien\Nokia\NCLTools\NCLConf.exe"
O4 - HKLM\..\Run: [T-Online DSL-Manager] "C:\Programme\T-Online\DSL-Manager\TODslMgr.exe"
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [a-squared] "F:\Programme\a-squared\a2guard.exe"
O4 - Global Startup: HPAiODevice(hp officejet g series) - 1.lnk = F:\Programme\Hewlett-Packard\AiO\hp officejet g series\Bin\hpoavn07.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &eBay Search - res://F:\Programme\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - F:\Programme\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\Programme\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\Programme\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\spacklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\spacklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\spacklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\spacklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\spacklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\spacklsp.dll
O14 - IERESET.INF: START_PAGE_URL=about:blank
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/de/check/qdiagh.cab?326
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - F:\Programme\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - F:\Programme\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - F:\Programme\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - F:\Programme\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programme\Sygate\SPF\smc.exe
O23 - Service: T-Online DSL-Manager (TODslService) - T-Systems International GmbH - C:\Programme\T-Online\DSL-Manager\TODslSvc.exe

So. Hoffe das war alles richtig und ich hab keine privaten Daten drin.

Sieht irgendwie nicht so sauber aus, kann das sein?!

Win32:interceptor (trj)

Plagegeister aller Art und deren Bekämpfung: Win32:interceptor (trj)