Guten morgen an alle.Wie ich sehen kann bin ich nicht aleine mit dem iexplore.exe.Kann mir hier jemant helfen.Danke in voraus.




Logfile of HijackThis v1.99.1
Scan saved at 07:30:58, on 17.04.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\T-DSL SpeedManager\SpeedMgr.exe
C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\System32\alg.exe
C:\Programme\T-DSL SpeedManager\TSMSvc.exe
C:\Programme\AOL 9.0\waol.exe
C:\Programme\AOL 9.0\shellmon.exe
C:\Programme\Gemeinsame Dateien\Aol\aoltpspd.exe
C:\Dokumente und Einstellungen\Gigolo\Eigene Dateien\Instaler\Hijack This\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\2.0.301.3558\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll
O4 - HKLM\..\Run: [T-DSL SpeedMgr] "C:\Programme\T-DSL SpeedManager\SpeedMgr.exe"
O4 - HKLM\..\Run: [kis] "C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O8 - Extra context menu item: Hinzufügen zu Kaspersky Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\\ie_banner_deny.htm
O9 - Extra button: Web-Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O17 - HKLM\System\CCS\Services\Tcpip\..\{946DDBFC-B2EA-4FD6-9723-6E75E17F76F9}: NameServer = 205.188.146.145
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\system32\CTsvcCDA.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hotspot Manager (HotSpotFSvc) - Unknown owner - C:\Programme\Gemeinsame Dateien\T-COM\HotspotMgr\HotSpotFSvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: T-DSL SpeedManager (TSMService) - T-Systems Business Services - C:\Programme\T-DSL SpeedManager\TSMSvc.exe

Hallo

Zitat:

Wie ich sehen kann bin ich nicht aleine mit dem iexplore.exe.

ich sehe den Internet Explorer bei dir überhaupt nicht laufen im Log .
Beschreibe dein Problem doch mal etwas genauer.

Erstelle auch noch ein neues HijackThis log ändere aber vorher die Hijackthis.exe in z.B. ABC.exe, lade dir auch mal Silentrunners runter
und lasse es dein System scannen, anschließend poste das Log.

MFG

Danke für die schnele Antwort.
Das problem liegt immer bei Hochfahren am Pc kommt.Warnung von Kaspersky diese meldung.
17.04.2007 08:50:46 Prozess C:\Programme\Internet Explorer\iexplore.exe, gefunden: potentiell gefährliche Software Hidden object (Modifikation)
und kommt in Quarantäne,Erlauben oder Schlißen.
Ich drück ihmer in Quarantäne.

Und heute war auch eine meldung:
: trojanisches Programm Trojan.Win32.Obfuscated.en Datei: C:\Dokumente und Einstellungen\Gigolo\Eigene Dateien\Incoming\Nelly Furtado - Loose\Nelly Furtado - Loose.part1.rar\Nelly Furtado - Loose\BitRoll-2.2.0.0-setup-0111.exe/data0013

Das hab ich gelöcht.Kaspersky wieder laufen lassen hat nichts gefunden.


Aber den oben genante meldung kommt ihmer wieder bei Neustart am PC.


das ist die aktuele :


Logfile of HijackThis v1.99.1
Scan saved at 09:01:59, on 17.04.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\T-DSL SpeedManager\SpeedMgr.exe
C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\System32\alg.exe
C:\Programme\T-DSL SpeedManager\TSMSvc.exe
C:\Programme\AOL 9.0\waol.exe
C:\Programme\AOL 9.0\shellmon.exe
C:\Programme\Gemeinsame Dateien\Aol\aoltpspd.exe
C:\Dokumente und Einstellungen\Gigolo\Eigene Dateien\Instaler\Hijack This\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\2.0.301.3558\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll
O4 - HKLM\..\Run: [T-DSL SpeedMgr] "C:\Programme\T-DSL SpeedManager\SpeedMgr.exe"
O4 - HKLM\..\Run: [kis] "C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O8 - Extra context menu item: Hinzufügen zu Kaspersky Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\\ie_banner_deny.htm
O9 - Extra button: Web-Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O17 - HKLM\System\CCS\Services\Tcpip\..\{946DDBFC-B2EA-4FD6-9723-6E75E17F76F9}: NameServer = 205.188.146.145
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\system32\CTsvcCDA.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hotspot Manager (HotSpotFSvc) - Unknown owner - C:\Programme\Gemeinsame Dateien\T-COM\HotspotMgr\HotSpotFSvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: T-DSL SpeedManager (TSMService) - T-Systems Business Services - C:\Programme\T-DSL SpeedManager\TSMSvc.exe

Hallo.
Du bist nochdiggers Empfehlung noch nicht nachgekommen.

Zitat:

Zitat von nochdigger

Erstelle auch noch ein neues HijackThis log ändere aber vorher die Hijackthis.exe in z.B. ABC.exe, lade dir auch mal Silentrunners runter
und lasse es dein System scannen, anschließend poste das Log.

Bitte hol das nach, denn im Fall der versteckten iexplore.exe kann beides sehr wichtig sein.
Also:
1.) hijackthis.exe umbenennen (!) und neues Log posten,
2.) silentrunners scannen lassen und Log posten.

hab ich gemacht;
Logfile of HijackThis v1.99.1
Scan saved at 11:09:57, on 17.04.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\T-DSL SpeedManager\SpeedMgr.exe
C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\System32\alg.exe
C:\Programme\T-DSL SpeedManager\TSMSvc.exe
C:\Programme\AOL 9.0\waol.exe
C:\Programme\AOL 9.0\shellmon.exe
C:\Programme\Gemeinsame Dateien\Aol\aoltpspd.exe
C:\Programme\Windows Media Player\wmplayer.exe
C:\WINDOWS\System32\WScript.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Dokumente und Einstellungen\Gigolo\Eigene Dateien\Instaler\Hijack This\abc..exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\2.0.301.3558\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll
O4 - HKLM\..\Run: [T-DSL SpeedMgr] "C:\Programme\T-DSL SpeedManager\SpeedMgr.exe"
O4 - HKLM\..\Run: [kis] "C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O8 - Extra context menu item: Hinzufügen zu Kaspersky Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\\ie_banner_deny.htm
O9 - Extra button: Web-Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O17 - HKLM\System\CCS\Services\Tcpip\..\{946DDBFC-B2EA-4FD6-9723-6E75E17F76F9}: NameServer = 205.188.146.145
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\system32\CTsvcCDA.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hotspot Manager (HotSpotFSvc) - Unknown owner - C:\Programme\Gemeinsame Dateien\T-COM\HotspotMgr\HotSpotFSvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: T-DSL SpeedManager (TSMService) - T-Systems Business Services - C:\Programme\T-DSL SpeedManager\TSMSvc.exe



"Silent Runners.vbs", revision R50, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"swg" = "C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" ["Google Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"T-DSL SpeedMgr" = ""C:\Programme\T-DSL SpeedManager\SpeedMgr.exe"" ["T-Systems Business Services"]
"kis" = ""C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"" ["Kaspersky Lab"]
"(Default)" = "(empty string)" [file not found]

HKLM\Software\Microsoft\Active Setup\Installed Components\
{D2B55DA5-5431-DF81-B628-6032F68EA044}\(Default) = (no title provided)
\StubPath = "C:\WINDOWS\system32\Google\svchost32.exe s" [null data]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF Reader"
\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Programme\Spybot - Search & Destroy\SDHelper.dll" ["Safer Networking Limited"]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Google Toolbar Helper"
\InProcServer32\(Default) = "c:\programme\google\googletoolbar2.dll" ["Google Germany GmbH"]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Google Toolbar Notifier BHO"
\InProcServer32\(Default) = "C:\Programme\Google\GoogleToolbarNotifier\2.0.301.3558\swg.dll" ["Google Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "CPL-Erweiterung für Anzeigeverschiebung"
-> {HKLM...CLSID} = "CPL-Erweiterung für Anzeigeverschiebung"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Erweiterung für HyperTerminal-Icons"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{73B24247-042E-4EF5-ADC2-42F62E6FD654}" = "ICQ Lite Shell Extension"
-> {HKLM...CLSID} = "MCLiteShellExt Class"
\InProcServer32\(Default) = "C:\Programme\ICQLite\ICQLiteShell.dll" [empty string]
"{44440D00-FF19-4AFC-B765-9A0970567D97}" = "TuneUp Theme Extension"
-> {HKLM...CLSID} = "TuneUp Theme Extension"
\InProcServer32\(Default) = "C:\WINDOWS\system32\uxtuneup.dll" ["TuneUp Software GmbH"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]
"{A4DF5659-0801-4A60-9607-1C48695EFDA9}" = "Ordner HP Share-to-Web"
-> {HKLM...CLSID} = "Ordner HP Share-to-Web"
\InProcServer32\(Default) = "C:\Programme\Hewlett-Packard\HP Share-to-Web\HPGS2WNS.DLL" ["Hewlett-Packard"]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {HKLM...CLSID} = "Portable Media Devices Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{85E0B171-04FA-11D1-B7DA-00A0C90348D6}" = "Web-Anti-Virus"
-> {HKLM...CLSID} = "Web-Anti-Virus"
\InProcServer32\(Default) = "C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll" ["Kaspersky Lab"]
"{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}" = "TuneUp Shredder Shell Extension"
-> {HKLM...CLSID} = "TuneUp Shredder Shell Extension"
\InProcServer32\(Default) = "C:\Programme\TuneUp Utilities 2007\SDShelEx-win32.dll" ["TuneUp Software GmbH"]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\
<<!>> "AppInit_DLLs" = "C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll" ["Kaspersky Lab"]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> klogon\DLLName = "C:\WINDOWS\system32\klogon.dll" ["Kaspersky Lab"]

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}"
-> {HKLM...CLSID} = "MCLiteShellExt Class"
\InProcServer32\(Default) = "C:\Programme\ICQLite\ICQLiteShell.dll" [empty string]
Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\shellex.dll" ["Kaspersky Lab"]
TuneUp Shredder Shell Extension\(Default) = "{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}"
-> {HKLM...CLSID} = "TuneUp Shredder Shell Extension"
\InProcServer32\(Default) = "C:\Programme\TuneUp Utilities 2007\SDShelEx-win32.dll" ["TuneUp Software GmbH"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}"
-> {HKLM...CLSID} = "MCLiteShellExt Class"
\InProcServer32\(Default) = "C:\Programme\ICQLite\ICQLiteShell.dll" [empty string]
TuneUp Shredder Shell Extension\(Default) = "{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}"
-> {HKLM...CLSID} = "TuneUp Shredder Shell Extension"
\InProcServer32\(Default) = "C:\Programme\TuneUp Utilities 2007\SDShelEx-win32.dll" ["TuneUp Software GmbH"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\shellex.dll" ["Kaspersky Lab"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]


Group Policies {policy setting}:
--------------------------------

Note: detected settings may not have any effect.

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Devices: Allow undock without having to log on}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState


Enabled Scheduled Tasks:
------------------------

"1-Klick-Wartung" -> launches: "C:\Programme\TuneUp Utilities 2007\SystemOptimizer.exe /schedulestart" ["TuneUp Software GmbH"]
"FRU Task #Hewlett-Packard#hp psc 2100 series#1167384421" -> launches: "C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe -I "#Hewlett-Packard#hp psc 2100 series#1167384421"" [empty string]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 15
%SystemRoot%\system32\rsvpsp.dll [MS], 16 - 17


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\programme\google\googletoolbar2.dll" ["Google Germany GmbH"]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\programme\google\googletoolbar2.dll" ["Google Germany GmbH"]

Explorer Bars

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
{FE54FA40-D68C-11D2-98FA-00C0F0318AFE}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Real.com"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Shdocvw.dll" [MS]

HKLM\Software\Classes\CLSID\{85E0B171-04FA-11D1-B7DA-00A0C90348D6}\(Default) = "Web-Anti-Virus"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll" ["Kaspersky Lab"]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}\
"ButtonText" = "Web-Anti-Virus"

{B863453A-26C3-4E1F-A54D-A2CD196348E9}\
"ButtonText" = "ICQ Lite"
"MenuText" = "ICQ Lite"
"Exec" = "C:\Programme\ICQLite\ICQLite.exe" ["ICQ Ltd."]

{CD67F990-D8E9-11D2-98FE-00C0F0318AFE}\
"ButtonText" = "Real.com"

{E2E2DD38-D088-4134-82B7-F2BA38496583}\
"MenuText" = "@xpsp3res.dll,-20001"
"Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Programme\Messenger\msmsgs.exe" [MS]


Miscellaneous IE Hijack Points
------------------------------

HKLM\Software\Microsoft\Internet Explorer\AboutURLs\
<<H>> "TuneUp" = "file://C|/Dokumente und Einstellungen/All Users/Anwendungsdaten/TuneUp Software/Common/base.css" [file not found]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

AOL Connectivity Service, AOL ACS, ""C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe"" ["America Online, Inc."]
Google Updater Service, gusvc, ""C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe"" ["Google"]
Kaspersky Internet Security 6.0, AVP, ""C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r" ["Kaspersky Lab"]
SmartLinkService, SLService, "slserv.exe" [" "]
T-DSL SpeedManager, TSMService, ""C:\Programme\T-DSL SpeedManager\TSMSvc.exe"" ["T-Systems Business Services"]
TuneUp Designerweiterung, UxTuneUp, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\uxtuneup.dll" ["TuneUp Software GmbH"]}
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]
WMDM PMSP Service, WMDM PMSP Service, "C:\WINDOWS\system32\MsPMSPSv.exe" [MS]


Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monitors\
FRITZ!fax Color Port Monitor\Driver = "FritzColorPort.dll" [file not found]
FRITZ!fax Port Monitor\Driver = "FritzPort.dll" [file not found]
hpzlnt05\Driver = "hpzlnt05.dll" ["HP"]


----------
<<!>>: Suspicious data at a malware launch point.
<<H>>: Suspicious data at a browser hijack point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 131 seconds, including 10 seconds for message boxes)

Hallo.

Zitat:

Zitat von joro7102

HKLM\Software\Microsoft\Active Setup\Installed Components\
{D2B55DA5-5431-DF81-B628-6032F68EA044}\(Default) = (no title provided)
\StubPath = "C:\WINDOWS\system32\Google\svchost32.exe s" [null data]

Das sieht böse aus, wenn ich es mit dem Silentrunners-Log aus diesem Thread vergleiche. Dort war es ein Bifrost-Server, wozu eben auch die versteckte iexplore.exe passen würde.

Kann sein, dass es nicht funktioniert, aber geh mal zu www.virustotal.com und gib in das Eingabefeld oben rechts genau den folgenden Pfad ein:
"C:\WINDOWS\system32\Google\svchost32.exe" (ohne die Anführungszeichen).
Poste das komplette Ergebnis, wenn es eins gibt.

Complete scanning result of "svchost32.exe", received in VirusTotal at 04.17.2007, 12:12:36 (CET).

Antivirus Version Update Result
AhnLab-V3 2007.4.17.2 04.17.2007 no virus found
AntiVir 7.3.1.52 04.17.2007 no virus found
Authentium 4.93.8 04.16.2007 no virus found
Avast 4.7.981.0 04.16.2007 no virus found
AVG 7.5.0.447 04.17.2007 no virus found
BitDefender 7.2 04.17.2007 no virus found
CAT-QuickHeal 9.00 04.16.2007 no virus found
ClamAV devel-20070312 04.17.2007 no virus found
DrWeb 4.33 04.17.2007 no virus found
eSafe 7.0.15.0 04.16.2007 no virus found
eTrust-Vet 30.7.3574 04.17.2007 no virus found
Ewido 4.0 04.16.2007 no virus found
FileAdvisor 1 04.17.2007 no virus found
Fortinet 2.85.0.0 04.17.2007 suspicious
F-Prot 4.3.2.48 04.16.2007 no virus found
F-Secure 6.70.13030.0 04.17.2007 no virus found
Ikarus T3.1.1.5 04.17.2007 Backdoor.VB.EV
Kaspersky 4.0.2.24 04.17.2007 no virus found
McAfee 5010 04.16.2007 BackDoor-CEP.svr
Microsoft 1.2405 04.17.2007 no virus found
NOD32v2 2197 04.17.2007 no virus found
Norman 5.80.02 04.14.2007 no virus found
Panda 9.0.0.4 04.17.2007 no virus found
Prevx1 V2 04.17.2007 no virus found
Sophos 4.16.0 04.16.2007 no virus found
Sunbelt 2.2.907.0 04.14.2007 VIPRE.Suspicious
Symantec 10 04.17.2007 no virus found
TheHacker 6.1.6.095 04.15.2007 no virus found
VBA32 3.11.3 04.17.2007 no virus found
VirusBuster 4.3.7:9 04.16.2007 no virus found
Webwasher-Gateway 6.0.1 04.17.2007 Packer.Themida


Aditional Information
File size: 1263860 bytes
MD5: 7a1db3e91242f38356079e8d62be7644
SHA1: 63879f1491899576bc0c286b9d245dd540f3320c
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.

Ich hab eine frage,Warum Kaspersky findet die nichts.

Sodele.

Zitat:

Zitat von joro7102

Ich hab eine frage,Warum Kaspersky findet die nichts.

Kaspersky gehört zu den besseren AV-Programmen. Aber keines davon findet alles.

Mir würde das hier

Zitat:

Ikarus T3.1.1.5 04.17.2007 Backdoor.VB.EV
McAfee 5010 04.16.2007 BackDoor-CEP.svr

reichen. Denn bis auf die Pfad- und Dateinamen sieht es so aus, als ob du diesen Backdoor-Trojaner im System hast, einen Vertreter der Bifrose/Bifrost-Sippe eben, die dafür bekannt sind, dass sie im HJT-Log nicht zu sehen sind (gut, dass nochdigger Silentrunners vorgeschlagen hat :aplaus: ).

Wäre es mein Rechner, würde ich
1. unruhig auf meinem Stuhl hin und her rutschen und dann
2. um sicher zu gehen, die versteckte iexplore.exe noch einmal durch einen Scan mit Blacklight bestätigen (bitte Log posten!)
3. diese Datei

Zitat:

C:\WINDOWS\system32\Google\svchost32.exe

per Mail an die AV-Hersteller einsenden (hier in den FAQ gibt es Hinweise dazu)
4. alle nicht ausführbaren Daten sichern und
5. mich daran machen, das System neu aufzusetzen.

Denn ein aktiver Backdoor-Trojaner bewirkt, dass ein Angreifer von außen deinen Rechner fernsteuern und ihn zu seinen Zwecken missbrauchen kann. Sicher lässt sich ein Backdoor-Trojaner nur durch Neuaufsetzen entfernen.

Dieser Thread bedarf keiner weiteren Lösungsvorschläge...

Hier gehts für den TO weiter -> gefunden: potentiell gefährliche Software Hidden object iexplore.exe - Sicherheits Forum

Sunny