Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Mülltonne (https://www.trojaner-board.de/muelltonne/)
-   -   TrojanSPM u.a. (https://www.trojaner-board.de/29622-trojanspm-u-a.html)

ascii20 01.06.2006 09:14
TrojanSPM u.a.
 
Hallo,

ich bekam gerade die Meldung TrojanSPM /X zu haben.

Keine ahnung was zu tun ist. Könnt ihr mir helfen?
Ich habe schonmal so ein HiJackThis Log erstellt:

Logfile of HijackThis v1.99.1
Scan saved at 10:54:39, on 01.06.2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
I:\Roxio\WinOnCD 5 PE\DirectCD\DirectCD.exe
I:\Dell\AccessDirect\dadapp.exe
i:\Dell\AccessDirect\DadTray.exe
I:\Java\jre1.5.0_06\bin\jusched.exe
I:\Mindjet\MindManager 6\MMReminderService.exe
C:\WINDOWS\System32\ctfmon.exe
I:\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe
I:\Google\Google Desktop Search\GoogleDesktop.exe
I:\Hamster\Hamster.exe
C:\WINDOWS\System32\Ati2evxx.exe
I:\Google\Google Desktop Search\GoogleDesktopIndex.exe
I:\Google\Google Desktop Search\GoogleDesktopDisplay.exe
I:\Google\Google Desktop Search\GoogleDesktopCrawl.exe
I:\Mozilla Thunderbird\thunderbird.exe
I:\Mozilla Firefox\firefox.exe
I:\Macromedia\Dreamweaver 8\Dreamweaver.exe
C:\WINDOWS\SSTEM~1\netdde.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\atmclk.exe
C:\WINDOWS\System32\dcomcfg.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\Internet Explorer\iexplore.exe
i:\Spyware Doctor\sdhelp.exe
i:\Spyware Doctor\swdoctor.exe
i:\WinRAR\WinRAR.exe
C:\DOKUME~1\name\LOKALE~1\Temp\Rar$EX00.518\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = h**p://www.2020search.com/search/9884/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = prosearching.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = h**p://www.2020search.com/search/9884/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = h**p://www.2020search.com/search/9884/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = h**p://www.acdsystems.com/support/onlineregistration/index
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = www-cache.ub.uni-heidelberg.de:8080
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - I:\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Resources - {2D38A51A-23C9-48a1-A33C-48675AA2B494} - C:\WINDOWS\winres.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - i:\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Nothing - {6ab7158b-4bff-4160-ad7d-4d622df548cf} - C:\WINDOWS\System32\hp100.tmp
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - i:\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: CmjBrowserHelperObject Object - {AC41D38F-B56D-40AD-94E0-B493D130C959} - i:\Mindjet\MindManager 6\Mm6InternetExplorer.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - i:\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [AdaptecDirectCD] "i:\Roxio\WinOnCD 5 PE\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [DadApp] i:\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] i:\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [MMReminderService] i:\Mindjet\MindManager 6\MMReminderService.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [ShellToys-VirtualDrives] "i:\CFi\ShellToys\vdrive.exe" -start
O4 - HKCU\..\Run: [pdfSaver3] "i:\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe"
O4 - HKCU\..\Run: [Active Desktop Calendar] I:\Active Desktop Calendar\ADC.exe
O4 - HKCU\..\Run: [Google Desktop Search] "i:\\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [Owir] "C:\WINDOWS\SSTEM~1\netdde.exe" -vt mt
O4 - Startup: Hamster.lnk = I:\Hamster\Hamster.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = I:\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = I:\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://i:\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - i:\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - i:\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - i:\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Send to Mindjet MindManager - {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - i:\Mindjet\MindManager 6\Mm6InternetExplorer.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.i-lookup.com
O15 - Trusted Zone: *.offshoreclicks.com
O15 - Trusted Zone: *.teensguru.com
O15 - Trusted Zone: *.xxxtoolbar.com
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} - h**p://www.mt-download.com/MediaTicketsInstaller.cab?refid=5071
O17 - HKLM\System\CCS\Services\Tcpip\..\{87F7A95B-9A36-4CE8-9439-6B67CA4FDB70}: NameServer = 194.25.2.219,192.76.144.66,195.182.96.29
O20 - Winlogon Notify: winpez32 - C:\WINDOWS\SYSTEM32\winpez32.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - i:\Spyware Doctor\sdhelp.exe

Wäre total dankbar für Tips!
ascii20

GUA 01.06.2006 11:29
einfach mal hier nachlesen, dann klappts auch mit der hilfe

http://www.trojaner-board.de/extra/impressum.html#NUB

GUA


Alle Zeitangaben in WEZ +1. Es ist jetzt 18:22 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131