| 
 Trojaner "Conhook" Bitte überprüft meine Logfile - 7 goldene Regeln Edition;-)
 Hallo 
ich habe mir ein Trojaner eingefangen und brauche dringend Hilfe!  
Wäre cool wenn sich mal jmd. meine log-file angucken könnte und mir sagen was ich alles "fixen" muss.  
Ich habe Windows Vista  Home-Edition SP1 32Bit und der Windows Defender meldet beim Systemstart, das ich den Trojaner "Win32/Conhook.I" habe.  
Zitat:    Code: 
 Kategorie:Trojaner
 
 Beschreibung:
 Dieses Programm ist gefährlich. Es installiert andere Programme.
 
 Empfehlung:
 Entfernen Sie diese Software unverzüglich.
 
 Ressourcen:
 process:
 pid:1716
 
 
 
 
 
 regkey:
 HKCU@S-1-5-21-1486893222-2717532912-3498305740-1000\Software\Microsoft\Windows\CurrentVersion\Run\\MSServer
 
 runkey:
 HKCU@S-1-5-21-1486893222-2717532912-3498305740-1000\Software\Microsoft\Windows\CurrentVersion\Run\\MSServer
 
 file:
 C:\Users\Nikolaus Kinder\AppData\Local\Temp\ssqPhFVl.dll
 Hier meine Lof-File:    Code: 
 Logfile of Trend Micro HiJackThis v2.0.2Scan saved at 17:49:45, on 31.07.2008
 Platform: Windows Vista SP1 (WinNT 6.00.1905)
 MSIE: Internet Explorer v7.00 (7.00.6001.18000)
 Boot mode: Normal
 
 Running processes:
 C:\Windows\system32\taskeng.exe
 C:\Windows\system32\Dwm.exe
 C:\Windows\Explorer.EXE
 C:\Program Files\Windows Defender\MSASCui.exe
 C:\Windows\RtHDVCpl.exe
 C:\Users\NIKOLA~1\AppData\Local\Temp\RtkBtMnt.exe
 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
 C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
 C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
 C:\Windows\System32\rundll32.exe
 C:\Program Files\DAEMON Tools Lite\daemon.exe
 C:\Windows\System32\rundll32.exe
 C:\Windows\ehome\ehtray.exe
 C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
 C:\Program Files\Logitech\SetPoint\SetPoint.exe
 C:\Windows\System32\rundll32.exe
 C:\Windows\ehome\ehmsas.exe
 C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
 C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
 C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
 C:\Windows\system32\SearchFilterHost.exe
 C:\Program Files\Mozilla Firefox\firefox.exe
 
 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://de.rd.yahoo.com/customize/ycomp/defaults/sp/*h**p://de.yahoo.com
 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://de.intl.acer.yahoo.com
 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://de.intl.acer.yahoo.com
 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896
 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://de.intl.acer.yahoo.com
 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = h**p://de.rd.yahoo.com/customize/ycomp/defaults/su/*h**p://de.yahoo.com
 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
 R3 - URLSearchHook: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
 O1 - Hosts: ::1 localhost
 O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
 O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
 O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - (no file)
 O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
 O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
 O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
 O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
 O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
 O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting
 O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
 O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
 O4 - HKLM\..\Run: [Skytel] Skytel.exe
 O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
 O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
 O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
 O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
 O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
 O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
 O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
 O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
 O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
 O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\NIKOLA~1\AppData\Local\Temp\ljJYSkiF.dll,#1
 O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
 O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
 O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
 O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')
 O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')
 O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
 O4 - Global Startup: BTTray.lnk = ?
 O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
 O8 - Extra context menu item: An vorhandenes PDF anfügen - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
 O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
 O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
 O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
 O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
 O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
 O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
 O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
 O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
 O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
 O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
 O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
 O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
 O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
 O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
 O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
 O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
 O13 - Gopher Prefix:
 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
 O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
 O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
 O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
 O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
 O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
 O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
 O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
 O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
 O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
 O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
 O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
 O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
 O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
 O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
 O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
 
 --
 End of file - 9948 bytes
 Danke! |