Sorry, das ich mich einfach in diesem Thread breit mache.
Ich bin leider auch ein dropper.gen Opfer
Habe ein Logfile mit HiJack erstellt
Code:
Alles auswählen Aufklappen ATTFilter
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:56:35, on 26.12.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Sygate\SPF\smc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir Desktop\sched.exe
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\Keyboard Driver\KMWDSrv.exe
C:\Programme\Spyware Terminator\sp_rsser.exe
C:\Programme\VIA\RAID\vialogsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Programme\Keyboard Driver\StartAutorun.exe
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\Programme\Keyboard Driver\KMConfig.exe
C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Keyboard Driver\KMProcess.exe
C:\Programme\RocketDock\RocketDock.exe
C:\Programme\SSL\ssl.exe
C:\Programme\tclock.2.28.portable\TClock.exe
C:\DOKUME~1\XXX\LOKALE~1\Temp\{BEB0D1E2-BFD1-4C1E-A788-8B8168EEB8F6}\Hyalo-Time and Date gadget by adni18.exe
C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Programme\PC Connectivity Solution\ServiceLayer.exe
C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Programme\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Programme\Mozilla Firefox\firefox.exe
E:\FireFox Downloads\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Programme\Crawler\ctbr.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Programme\Crawler\ctbr.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [ATIPTA] "C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [KMCONFIG] C:\Programme\Keyboard Driver\StartAutorun.exe KMConfig.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [StartCCC] "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Steam] "E:\Programme\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - S-1-5-18 Startup: cleaner.bat (User 'SYSTEM')
O4 - S-1-5-18 Startup: RocketDock.lnk = C:\Programme\RocketDock\RocketDock.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: SSL.lnk = ? (User 'SYSTEM')
O4 - S-1-5-18 Startup: tclock.lnk = C:\Programme\tclock.2.28.portable\TClock.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: welcometext.vbs (User 'SYSTEM')
O4 - .DEFAULT Startup: cleaner.bat (User 'Default user')
O4 - .DEFAULT Startup: RocketDock.lnk = C:\Programme\RocketDock\RocketDock.exe (User 'Default user')
O4 - .DEFAULT Startup: SSL.lnk = ? (User 'Default user')
O4 - .DEFAULT Startup: tclock.lnk = C:\Programme\tclock.2.28.portable\TClock.exe (User 'Default user')
O4 - .DEFAULT Startup: welcometext.vbs (User 'Default user')
O4 - Startup: Hyalo-Time and Date by adni18.lnk = C:\Dokumente und Einstellungen\halloween\Desktop\plus\gadgets\Time and Date Gadget\Hyalo-Time and
Date gadget by adni18.exe
O4 - Startup: RocketDock.lnk = C:\Programme\RocketDock\RocketDock.exe
O4 - Startup: SSL.lnk = ?
O4 - Startup: tclock.lnk = C:\Programme\tclock.2.28.portable\TClock.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - E:\Programme\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - E:\Programme\ICQ6.5\ICQ.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{2D6F3E04-1402-47E7-8762-88168367C8DC}: NameServer = 213.191.74.18 62.109.123.196
O17 - HKLM\System\CS1\Services\Tcpip\..\{2D6F3E04-1402-47E7-8762-88168367C8DC}: NameServer = 213.191.74.18 62.109.123.196
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Programme\Crawler\ctbr.dll
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel
32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Programme\Keyboard Driver\KMWDSrv.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programme\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programme\Sygate\SPF\smc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programme\Spyware Terminator\sp_rsser.exe
O23 - Service: VRAID Log Service - Unknown owner - C:\Programme\VIA\RAID\vialogsv.exe
--
End of file - 7504 bytes
Bin ein Computer Laie und bin über eine Diagnose dankbar.
26.12.2009, 16:07
Hybrid-Darstellung
