|
bitte um auswertung StartupList report, 09.04.2007, 15:41:56 StartupList version: 1.52.2 Started from : C:\Dokumente und Einstellungen\...\Desktop\HiJackThis_v2.EXE Detected: Windows XP (WinNT 5.01.2600) Detected: Internet Explorer v6.00 (6.00.2600.0000) * Using default options ================================================== Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\AntiVir PersonalEdition Classic\sched.exe C:\Programme\AntiVir PersonalEdition Classic\avguard.exe C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Programme\FRITZ!DSL\IGDCTRL.EXE C:\Programme\avmwlanstick\WlanNetService.exe C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Programme\Eset\nod32krn.exe C:\WINDOWS\Explorer.EXE C:\Programme\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Programme\Musicmatch\Musicmatch Jukebox\mm_tray.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\Programme\TuneUp Utilities 2007\MemOptimizer.exe C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe C:\Programme\Musicmatch\Musicmatch Jukebox\mim.exe C:\Programme\Musicmatch\Musicmatch Jukebox\mmjb.exe C:\Programme\Musicmatch\Musicmatch Jukebox\mm_director.exe C:\PROGRA~1\MUSICM~1\MUSICM~1\MM_TDM~1.EXE C:\Programme\ICQLite\ICQLite.exe C:\Programme\Opera\Opera.exe C:\Dokumente und Einstellungen\...\Desktop\HiJackThis_v2.exe -------------------------------------------------- Checking Windows NT UserInit: [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINDOWS\system32\userinit.exe, -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run !AVG Anti-Spyware = "C:\Programme\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized MimBoot = C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe MMTray = "C:\Programme\Musicmatch\Musicmatch Jukebox\mm_tray.exe" TkBellExe = "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Opera Internet Browser = C:\Programme\Opera\Opera.exe TuneUp MemOptimizer = "C:\Programme\TuneUp Utilities 2007\MemOptimizer.exe" autostart -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce ICQ Lite = C:\Programme\ICQLite\ICQLite.exe -trayboot -------------------------------------------------- Load/Run keys from C:\WINDOWS\WIN.INI: load=*INI section not found* run=*INI section not found* Load/Run keys from Registry: HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found* HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found* HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found* HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found* HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found* HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found* HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found* HKCU\..\Windows NT\CurrentVersion\Windows: load= HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL -------------------------------------------------- Shell & screensaver key from C:\WINDOWS\SYSTEM.INI: Shell=*INI section not found* SCRNSAVE.EXE=*INI section not found* drivers=*INI section not found* Shell & screensaver key from Registry: Shell=Explorer.exe SCRNSAVE.EXE=C:\WINDOWS\System32\logon.scr drivers=*Registry value not found* Policies Shell key: HKCU\..\Policies: Shell=*Registry value not found* HKLM\..\Policies: Shell=*Registry value not found* -------------------------------------------------- Enumerating Browser Helper Objects: (no name) - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll - {02478D38-C3F9-4EFB-9B51-7695ECA05670} (no name) - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (no name) - C:\WINDOWS\System32\wvwtu.dll (file missing) - {31D38384-E017-4FFD-8D3B-2D827704D95D} (no name) - C:\Programme\Java\jre1.5.0_11\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (no name) - (no file) - {A348B425-2541-4FC3-9E97-5EAAF6A983Dd} (no name) - c:\programme\google\googletoolbar1.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7} (no name) - C:\Programme\Google\GoogleToolbarNotifier\2.0.301.3558\swg.dll - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -------------------------------------------------- Enumerating Task Scheduler jobs: 1-Klick-Wartung.job -------------------------------------------------- Enumerating Download Program Files: [{33564D57-0000-0010-8000-00AA00389B71}] CODEBASE =h***p://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB [Shockwave Flash Object] InProcServer32 = C:\WINDOWS\System32\Macromed\Flash\Flash9b.ocx CODEBASE = h**p://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab -------------------------------------------------- Enumerating Winsock LSP files: NameSpace #4: C:\Programme\FRITZ!DSL\sarah.dll Protocol #9: C:\Programme\FRITZ!DSL\sarah.dll Protocol #10: C:\Programme\FRITZ!DSL\sarah.dll Protocol #11: C:\Programme\FRITZ!DSL\sarah.dll Protocol #29: C:\Programme\FRITZ!DSL\sarah.dll -------------------------------------------------- Enumerating ShellServiceObjectDelayLoad items: PostBootReminder: C:\WINDOWS\system32\SHELL32.dll CDBurn: C:\WINDOWS\system32\SHELL32.dll WebCheck: C:\WINDOWS\System32\webcheck.dll SysTray: C:\WINDOWS\System32\stobject.dll -------------------------------------------------- End of report, 7.010 bytes Report generated in 0,060 seconds Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only ich habe bereits das vundo fix programm durchlaufen lassen, jedoch kommt Vundo.Gen immer wieder. wäre das der einzige trojaner, würde ich euch nicht schreiben. ich bitte um auskunft, wie ich vorgehen muss um möglichst nicht formatieren zu müssen. ich habe schon den tipp bekommen, den Rechner mit knoppix zu starten um dann einen onlinescan durchzuführen. wisst ihr einen top onlinescan, mit löschungs funktion? vielen Danke für eure Mühe. |
Ähm was ist denn das fürn Logfile :confused: Poste bitte ein ganz "normales" Hijackthis-Logfile... |
ohh sorry, ist das hier richtig?! Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 15:00:27, on 10.04.2007 Platform: Windows XP (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\AntiVir PersonalEdition Classic\sched.exe C:\Programme\AntiVir PersonalEdition Classic\avguard.exe C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Programme\Eset\nod32krn.exe C:\Programme\Sunbelt Software\CounterSpy\SBCSSvc.exe C:\WINDOWS\Explorer.EXE C:\Programme\Sunbelt Software\CounterSpy\SBCSTray.exe C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programme\Opera\Opera.exe C:\Dokumente und Einstellungen\Colja\Desktop\HiJackThis_v2.exe O4 - HKLM\..\Run: [SBCSTray] C:\Programme\Sunbelt Software\CounterSpy\SBCSTray.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe O20 - Winlogon Notify: !SASWinLogon - C:\Programme\SUPERAntiSpyware\SASWINLO.dll O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: media professional (mediapro) - Unknown owner - C:\WINDOWS\mediapro32.exe (file missing) O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programme\Eset\nod32krn.exe O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Programme\Sunbelt Software\CounterSpy\SBCSSvc.exe -- End of file - 2036 bytes |
Hallo, das hier ist nicht dein ernst oder? Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 15:00:27, on 10.04.2007 Platform: Windows XP (WinNT 5.01.2600) Boot mode: Normal Da fehlt dringend SP 2.. Ist das Logfile in normalem Modus erstellt worden?? |
Hi, besser gleich ganz neu anfangen Code: O23 - Service: media professional (mediapro) - Unknown owner - C:\WINDOWS\mediapro32.exe (file missing) |
also formatieren... |
Zitat:
|
| Alle Zeitangaben in WEZ +1. Es ist jetzt 13:04 Uhr. |
Copyright ©2000-2024, Trojaner-Board