Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   ie explorer öffnet leere seiten, prog will daten ins inet übertragen (https://www.trojaner-board.de/55924-ie-explorer-oeffnet-leere-seiten-prog-will-daten-ins-inet-uebertragen.html)

chris1111 14.07.2008 13:08
ie explorer öffnet leere seiten, prog will daten ins inet übertragen
 
hi,

auf dem laptop enínes bekannten von mir öffnet sich öfters ein neues ie fenster (ohne inhalt), und ein prog will daten ins inet stelle, man wird aber zuerst gefragt, ich selber habe das nochnicht gesehn, aber er meine iwas mit hidden/hiden?!?!

Code:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:02:46, on 14.07.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\user\Desktop\HiJackThis.exe
C:\Windows\System32\wsqmcons.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.at/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\user\AppData\Local\Temp\jkkJawtr.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\user\AppData\Local\Temp\xxyxXnki.dll,c
O4 - HKCU\..\Run: [80d79745] rundll32.exe "C:\Users\user\AppData\Local\Temp\munoqplx.dll",b
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O9 - Extra button: Statistik für Web-Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O13 - Gopher Prefix:
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe

--
End of file - 5494 bytes
is da in virus oder ein ie bug?? aber was mit dem daten ins inet stellen???

hoffe iwer kann da helfen

grüße

Celli 14.07.2008 13:33
Hallo chris1111 und :hallo:

Dein KIS ist veraltet installiere bitte die neue Version nach dieser Anleitung.
Lass dir wie hier beschrieben alle versteckten Dateien anzeigen.http://www.trojaner-board.de/54791-a...tml#post349565(nur Punkt1!)

Lass diese Dateien
Code:
C:\Users\user\AppData\Local\Temp\munoqplx.dll
C:\Users\user\AppData\Local\Temp\xxyxXnki.dll
C:\Users\user\AppData\Local\Temp\jkkJawtr.dll
auf VirusTotal - Free Online Virus and Malware Scan auswerten. Mach bitte auch einen Scan mit http://www.trojaner-board.de/51187-a...i-malware.html.

blow-in 14.07.2008 13:47
Zitat:
Zitat von Celli (Beitrag 353969)
Dein KIS ist veraltet installiere bitte die neue Version nach dieser Anleitung.
Die Aussage ist absolut Falsch. So lange der sich noch Updaten lässt, ist der in Ordnung. Es sei denn du hast Geld übrig und deine Lizens läuft in Kürze ab.
Der Onlinscan bei Virustotal ist da schon in Ordnung.

chris1111 14.07.2008 14:10
hier die ausertung er 3 datein

Code:
C:\Users\user\AppData\Local\Temp\munoqplx.dll

File size: 93184 bytes
MD5...: e8e476362eaeaeaec8d76a80f918c257
SHA1..: dc783f52267eafbbc60496a894276bf56ce1110e
SHA256: 436b049a266bf03637067dacac9540fe97f79dac8fe9ce588b079842d3e55e35
SHA512: 9535b8196b405dc239966a6be51b400124ad0bde1c2cfcf6955145277ea44b3d
3c8a5163f08e540169f25677a4f62c426389b05998aca58f309bdca8d8444411
PEiD..: Armadillo v1.xx - v2.xx
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x100016bd
timedatestamp.....: 0x486b4ed7 (Wed Jul 02 09:48:07 2008)
machinetype.......: 0x14c (I386)

( 6 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x3000 0x3000 4.37 f4af1a7819e16afbae40aa05c94ea696
.reloc 0x4000 0x1000 0x600 4.12 5523f1dbdee3ad6d781cfd33dd7eeaca
.rsrc 0x5000 0x2000 0x1800 7.97 cca692666d81b562be3e9b87d00f1657
.code 0x7000 0x1000 0xc00 7.93 0fbbf2d96391f5b7f8e81ca1738fd1cd
.data 0x8000 0x8000 0x7400 7.99 49c222a31ffdb864bca0884de18ca921
.code 0x10000 0x16000 0x8000 7.97 231a38bb34632a45b25e87d867de1b09

( 1 imports )
> user32.dll: BeginPaint, CheckMenuRadioItem, CheckRadioButton, CopyIcon, CreateMenu, CreateWindowExA, DestroyCursor, DestroyIcon, DestroyWindow, EndPaint, ExitWindowsEx, FindWindowExA, GetCapture, GetCursorPos, GetDC, GetDesktopWindow, GetSystemMetrics, GetWindow, GetWindowDC, GetWindowTextA, GetWindowTextLengthA, InvalidateRect, IsWindow, KillTimer, LoadCursorA, LoadIconA, LoadIconA, LoadStringA, MessageBoxA, SetWindowPos, ShowWindow, SystemParametersInfoA, TranslateMessage, UpdateWindow, ValidateRect, WaitMessage, wvsprintfA

( 0 exports )
 
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=E63D98A10030701B6CC4018107D805005F0280D8


C:\Users\user\AppData\Local\Temp\xxyxXnki.dll

weitere Informationen
File size: 318720 bytes
MD5...: 68f1e202aa0eed6dd2c73b1318a93613
SHA1..: 02a00e21f9d69a120e7568ffe1f32a585ce863fe
SHA256: 7dea3d053d090b80af91182c9c2549590695a6968a547d30adbc3c72c7ab4418
SHA512: cce9efd5e22b20faf88997bd8c930f740b1501acba1085aaee91f333f742732a
5c6e21ca71114f582f5011ce0e26e707c587b3e07844c5bc578e3bd13f8743fa
PEiD..: Armadillo v1.xx - v2.xx
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1000136f
timedatestamp.....: 0x485f54bd (Mon Jun 23 07:46:05 2008)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x2000 0x2000 5.36 715bd33bbe9526eb05838f25d86ed2a6
.data 0x3000 0x1000 0x600 4.86 928b679ff186b40c5e1c5d532d3013f2
CODE 0x4000 0x17000 0x16e00 8.00 34dfa8123118df37b77c649f02fc7f6d
.code 0x1b000 0x15000 0x14c00 8.00 facc9b6c065e7ec3f196e8259add3877
.reloc 0x30000 0x6d000 0x1f900 8.00 cb333e43977fdf886050f332c4ca759e

( 1 imports )
> user32.dll: BeginPaint, CreateMenu, CreateWindowExA, DestroyCursor, DestroyWindow, EndPaint, EndPaint, ExitWindowsEx, FindWindowExA, GetCapture, GetCursorPos, GetDC, GetDesktopWindow, GetSystemMetrics, GetWindow, GetWindowDC, GetWindowTextA, GetWindowTextLengthA, InvalidateRect, IsWindow, KillTimer, LoadCursorA, LoadIconA, LoadStringA, MessageBoxA, PeekMessageA, PostMessageA, PostQuitMessage, RegisterClassA, ReleaseCapture, ReleaseDC, SendMessageA, SetCursor, SetForegroundWindow, SetMenu, SetMenuItemInfoA, SetPropA, SetScrollPos, SetScrollRange, SetSysColors, SetTimer, SetWindowLongA, SetWindowPos, ShowWindow, SystemParametersInfoA, TranslateMessage, UpdateWindow, ValidateRect, WaitMessage, wvsprintfA

( 0 exports )
 
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=E5EFA2F600C17BF7DDD604ADD30E5B00AE8C1741


C:\Users\user\AppData\Local\Temp\jkkJawtr.dll

File size: 28288 bytes
MD5...: d00b9b58f8f91b39a8e21795fba707ae
SHA1..: 0c57183bd00c7f7e7f6b0af181d89e42f4930317
SHA256: 008f6c7db29a9ba2ee165180f09ff1edc5e1183c401faf354c0a1033c08a65c4
SHA512: 4af3d8780539f4d799cbd643ddb9892444a42df8483158fb27f8cd51bfaa92d1
e0e785f2e5c92b42eb38314957c700a2f933b67c09365bf526f67f02901fb5aa
PEiD..: Armadillo v1.xx - v2.xx
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x100012a5
timedatestamp.....: 0x4821945b (Wed May 07 11:36:59 2008)
machinetype.......: 0x14c (I386)

( 9 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x2000 0x2000 5.27 411556fafa00018d48d2261025c4c6ae
.rsrc 0x3000 0x1000 0x400 3.65 c3721dfca6de0ec7fa87c823194af350
.data 0x4000 0x1000 0x600 7.86 a8f6466feaabd1c7fc15881a7745e81a
.text 0x5000 0x1000 0xa00 7.92 6ec1b01e62aa382c2f2ed34019c56608
.idata 0x6000 0x1000 0x400 7.79 c2a38c5ba340d7b4be56c2f18b7f7cfd
.reloc 0x7000 0x1000 0xc00 7.93 af0fdeed3355560cdac55192899659a6
CODE 0x8000 0x1000 0x200 7.59 802e0da99795749576e206ae6b0af15c
.rsrc 0x9000 0x1000 0x1000 7.95 7b835a69b05dcd3e89927b884d28207e
BSS 0xa000 0x6000 0x1480 7.69 eedd7cee1d514f12767477055ed24246

( 1 imports )
> user32.dll: BeginPaint, EndPaint, GetDesktopWindow, GetWindowTextA, GetWindowTextLengthA, InvalidateRect, IsWindow, KillTimer, LoadCursorA, LoadIconA, LoadStringA, MessageBoxA, PeekMessageA, PostMessageA, PostQuitMessage

( 0 exports )
 
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=D4B3189080C304FF6E74002DDDE82A00ECEF19A5
malewarebytes folgt

chris1111 14.07.2008 15:00
malerebyte

Code:
Malwarebytes' Anti-Malware 1.20
Datenbank Version: 948
Windows 6.0.6001 Service Pack 1

15:51:21 14.07.2008
mbam-log-7-14-2008 (15-51-21).txt

Scan Art: Komplett Scan (C:\|D:\|)
Objekte gescannt: 159599
Scan Dauer: 45 minute(s), 9 second(s)

Infizierte Speicher Prozesse: 0
Infizierte Speicher Module: 2
Infizierte Registrierungsschlüssel: 2
Infizierte Registrierungswerte: 3
Infizierte Datei Objekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 29

Infizierte Speicher Prozesse:
(Keine Malware Objekte gefunden)

Infizierte Speicher Module:
C:\Users\user\AppData\Local\Temp\munoqplx.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\Users\user\AppData\Local\Temp\xxyxXnki.dll (Trojan.Vundo) -> Unloaded module successfully.

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\80d79745 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cmds (Trojan.Vundo) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msserver (Trojan.Vundo) -> Quarantined and deleted successfully.

Infizierte Datei Objekte der Registrierung:
(Keine Malware Objekte gefunden)

Infizierte Verzeichnisse:
(Keine Malware Objekte gefunden)

Infizierte Dateien:
C:\Users\user\AppData\Local\Temp\munoqplx.dll (Trojan.Vundo) -> Delete on reboot.
C:\Users\user\AppData\Local\Temp\xxyxXnki.dll (Trojan.Vundo) -> Delete on reboot.
C:\Users\user\AppData\Local\Temp\jkkJawtr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8UZ8SQWK\kb456456[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8UZ8SQWK\kb767887[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8UZ8SQWK\kb767887[2] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NSAK39UD\kb456456[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\bgbobwvh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\rsjdylnx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\tmp00008507 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\tmp000094fe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\tmp00009896 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\tmp0000a38e (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\tmp0000b431 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\tmp0000b51b (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\tmp0000bc3c (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\tmp0000be01 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\tmp0000c10d (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\tmp0000e79f (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\tmp0000eaab (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\tmp0000f527 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\tmp0000f8fe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\tmp00010ea0 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\tmp0001143b (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\tmp0001d2e7 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\urujnqpn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\xoajlaff.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\yekvceyu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\yvlwdwov.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
neu gestartet auch schon, dannach als fehlermeldung

C:\Users\user\AppData\Local\Temp\xxyxXnki.dll konnte nicht geöffnet werden

chris1111 14.07.2008 15:08
hijackthis nach den scann:

Code:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:06:12, on 14.07.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Users\user\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.at/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O9 - Extra button: Statistik für Web-Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O13 - Gopher Prefix:
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll,
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe

--
End of file - 5998 bytes
is nu wieder alles sauber???

chris1111 14.07.2008 19:24
die fehlermeldung erscheint nu nimma nach neustart

(hmmm, ich hätt auch den edit button nehmen können, sorry :) )

blow-in 15.07.2008 07:45
Hallo Chris
Dann lasse mal noch den CCleaner nach Anleitung drüber laufen. Die Registry dabei mehrmals durchsuchen lassen, bis keine Fehler mehr festgestellt werden können.
In deinem HJT-Log ist nichts mehr zu sehen.
Die Benutzung des Editbuttens ist nur in der 1. Stunde möglich. (oder nur 30 Minuten?)

chris1111 15.07.2008 14:06
hi, ccleaner hab ich drüber laufen lassen, alles so wie nach der anleitung, danke für die hilfe:Boogie:


Alle Zeitangaben in WEZ +1. Es ist jetzt 02:54 Uhr.

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129