| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: C:\Windows\Temp\~osE4A6.tmp\Osspdf.dll HILFE!Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
| |
25.03.2009, 18:57
| #1 |
  |  C:\Windows\Temp\~osE4A6.tmp\Osspdf.dll HILFE! Hallo und  arbeite bitte zuerst diese Anleitung ab http://www.trojaner-board.de/69886-a...-beachten.html dann sehen wir weiter. MFG
__________________ Kein Support per PN - Bitte im Forum posten. Wenn du das Forum unterstützen möchtest Genitiv ins Wasser, weil es dativ ist   http://www.vivaconagua.org/ |
|
25.03.2009, 19:06
| #2 | |
| | C:\Windows\Temp\~osE4A6.tmp\Osspdf.dll HILFE!Zitat:
|
|
25.03.2009, 19:16
| #3 | ||
| | C:\Windows\Temp\~osE4A6.tmp\Osspdf.dll HILFE! Hallo
__________________Zitat:
Zitat:
 Ist alles nicht so schwer wie es klingt. MFG
__________________ |
|
25.03.2009, 19:21
| #4 |
| | C:\Windows\Temp\~osE4A6.tmp\Osspdf.dll HILFE! *g* na hoffentlich ist das jetzt richtig was ich hier Poste: ------------------------------------------------------------------------ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:03:59, on 25.03.2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\Logitech\QuickCam\Quickcam.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\ICQ6.5\ICQ.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Program Files\3DataManager\3DataManager.exe C:\Program Files\Internet Explorer\IEUser.exe C:\Windows\System32\mobsync.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Fighters\Spywarefighter\SpywarefighterUser.exe c:\program files\fighters\spywarefighter\SPYWAREfighterTray.exe C:\Windows\system32\rundll32.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Users\HasiMaus\Documents\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing) R3 - URLSearchHook: (no name) - - (no file) O1 - Hosts: ::1 localhost O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [Google EULA Launcher] C:\Program Files\Google\Google EULA\GoogleEULALauncher.exe GE O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\Fighters\spywarefighter\SpywarefighterUser.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [IECheck] C:\Windows\IECheck.exe O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user') O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: In Windows Live Writer in &Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe O13 - Gopher Prefix: O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/WebfettiInitialSetup1.0.1.1.cab O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{C5848C9A-EFF3-4DEB-85CD-E0D5D5D2D312}: NameServer = 213.94.78.16 213.94.78.17 O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe O23 - Service: PTK License-FIGHTERS-297811811 - SPAMfighter - C:\Program Files\Fighters\licenseservice.exe O23 - Service: PTK Live Update-FIGHTERS-297811811 - SPAMfighter - C:\Program Files\Fighters\updateservice.exe O23 - Service: PTK Scanner-FIGHTERS-297811811 - SPAMfighter - C:\Program Files\Fighters\ScannerService.exe O23 - Service: PTK SharedAccess-FIGHTERS-297811811 - SPAMfighter - C:\Program Files\Fighters\configservice.exe O23 - Service: RelevantKnowledge - RelevantKnowledge - C:\Program Files\RelevantKnowledge\rlservice.exe O23 - Service: Reset Reader (resetWinService) - Unknown owner - C:\Program Files\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe -- End of file - 8402 bytes ------------------------------------------------------------------------- Jetzt bin ich gespannt *g* |
|
25.03.2009, 19:29
| #5 | |
| | C:\Windows\Temp\~osE4A6.tmp\Osspdf.dll HILFE! Hallo Zitat:
 (Anleitung...Malwarebytes, installierte Programme)Das Log sieht nicht besonders schlimm aus, dazu aber später mehr. MFG
__________________ Kein Support per PN - Bitte im Forum posten. Wenn du das Forum unterstützen möchtest Genitiv ins Wasser, weil es dativ ist http://www.vivaconagua.org/ |
|
25.03.2009, 19:31
| #6 | |
| | C:\Windows\Temp\~osE4A6.tmp\Osspdf.dll HILFE!Zitat:
Ja bei diesem Malwarebytes bin ich noch dran *g* das braucht wohl noch etwas, aber bis jetzt hat er schon 7 infizierte Dateien gefunden *oioioi* |
|
25.03.2009, 19:39
| #7 |
| | C:\Windows\Temp\~osE4A6.tmp\Osspdf.dll HILFE! So, hier mal die installierten Programme  ----------------------------------------------------------------------- 2007 Microsoft Office Suite Service Pack 1 (SP1) 2007 Microsoft Office Suite Service Pack 1 (SP1) 2007 Microsoft Office Suite Service Pack 1 (SP1) 2007 Microsoft Office Suite Service Pack 1 (SP1) 2007 Microsoft Office Suite Service Pack 1 (SP1) 2007 Microsoft Office Suite Service Pack 1 (SP1) 2007 Microsoft Office Suite Service Pack 1 (SP1) 2007 Microsoft Office Suite Service Pack 1 (SP1) 2007 Microsoft Office Suite Service Pack 1 (SP1) 2007 Microsoft Office Suite Service Pack 1 (SP1) Activation Assistant for the 2007 Microsoft Office suites Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Reader 9 - Deutsch Adobe Shockwave Player Avira AntiVir Personal - Free Antivirus Azurewave Wireless LAN Compatibility Pack für 2007 Office System Corel MediaOne CorelDRAW Essential Edition 3 CorelDRAW Essential Edition 3 DE Die Sims™ 2 Deluxe E.M. Free Photo Collage 1.30 Google Desktop Google Earth ICQ6.5 ImageElements Photo Suite Inkscape 0.46 Intel(R) Graphics Media Accelerator Driver Java(TM) 6 Update 11 LimeWire 5.1.2 Logitech QuickCam Logitech QuickCam-Treiberpaket Malwarebytes' Anti-Malware Mein 3DataManager Messenger Plus! Live Microsoft Office Excel MUI (German) 2007 Microsoft Office Home and Student 2007 Microsoft Office Home and Student 2007 Microsoft Office OneNote MUI (German) 2007 Microsoft Office PowerPoint MUI (German) 2007 Microsoft Office PowerPoint Viewer 2007 (German) Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (German) 2007 Microsoft Office Proof (Italian) 2007 Microsoft Office Proofing (German) 2007 Microsoft Office Shared MUI (German) 2007 Microsoft Office Word MUI (German) 2007 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [DEU] Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Works MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB941833) MSXML 4.0 SP2 (KB954430) Nero 8 Essentials neroxml Picasa 2 Realtek 8169 8168 8101E 8102E Ethernet Driver Realtek High Definition Audio Driver Realtek USB 2.0 Card Reader RelevantKnowledge Security Update for 2007 Microsoft Office System (KB951550) Security Update for 2007 Microsoft Office System (KB951944) Security Update for 2007 Microsoft Office System (KB958439) Security Update for CAPICOM (KB931906) Security Update for CAPICOM (KB931906) Security Update for Microsoft Office Excel 2007 (KB958437) Security Update for Microsoft Office OneNote 2007 (KB950130) Security Update for Microsoft Office PowerPoint 2007 (KB951338) Security Update for Microsoft Office system 2007 (KB954326) Security Update for Microsoft Office system 2007 (KB956828) Security Update for Microsoft Office Word 2007 (KB956358) Spelling Dictionaries Support For Adobe Reader 9 SPYWAREfighter SPYWAREfighter Synaptics Pointing Device Driver Update for Microsoft Office Excel 2007 Help (KB957242) Update for Office 2007 (KB946691) Update Manager VCRedistSetup Windows Live Anmelde-Assistent Windows Live Fotogalerie Windows Live installer Windows Live Mail Windows Live Messenger Windows Live Writer |
|
| Themen zu C:\Windows\Temp\~osE4A6.tmp\Osspdf.dll HILFE! |
| antivir, avira, avira antivir, c:\windows, c:\windows\temp, dinge, gen, hallo zusammen, heute, hilfe!, internet, laptop, meldungen, neu, nichts, ordner, pferd, programm, temp, tipps, trojanisches, trojanisches pferd, verschiedene, windows, windows\temp |
Hybrid-Darstellung
