hijackthis virus,trojaner,spyware?

#0
04.10.2008, 14:04
...neu hier

Beiträge: 1
#1 Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:39:06, on 04.10.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe
C:\Programme\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Programme\IC\Card Reader Driver v1.9e2\Disk_Monitor.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
C:\Programme\Lexmark 2200 Series\lxbvbmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\Lexmark 2200 Series\lxbvbmon.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\Programme\Samsung\Digimax Viewer 2.1\STImgBrowser.exe
C:\Programme\T-Mobile\webnwalk Manager\webnwalkmanager.exe
C:\PROGRA~1\GEMEIN~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Programme\T-Mobile\web 'n' walk Manager\Web 'n' Walk Manager.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.at/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Gemeinsame Dateien\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\GEMEIN~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: mxlivemedia browser enhancer - {9e2ae022-5f9d-51f5-0196-2e505ce986e2} - C:\WINDOWS\system32\pnnxdmpjezzb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: (no name) - {CFEE97A3-4911-444D-8BE8-E243A23D3DE2} - C:\Programme\Applications\iebt.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll
O3 - Toolbar: Norton-Symbolleiste anzeigen - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Gemeinsame Dateien\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O3 - Toolbar: Internet Service - {144A6B24-0EBC-4D89-BF09-A06A718E57B5} - C:\Programme\Applications\iebr.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Disk Monitor] C:\Programme\IC\Card Reader Driver v1.9e2\Disk_Monitor.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [Lexmark 2200 Series] "C:\Programme\Lexmark 2200 Series\lxbvbmgr.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Programme\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [DXM6Patch_9904] C:\WINDOWS\p_9904.exe /Q:A
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Programme\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [adopmlpexwley] C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\system32\pnnxdmpjezzb.dll"
O4 - HKLM\..\Run: [ALUAlert] C:\Programme\Symantec\LiveUpdate\ALuNotify.exe
O4 - HKLM\..\RunOnce: [SpybotDeletingA7506] command /c del "C:\Programme\Applications\iebt.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1904] cmd /c del "C:\Programme\Applications\iebt.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8215] command /c del "C:\Programme\Applications\iebtm.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8888] cmd /c del "C:\Programme\Applications\iebtm.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6857] command /c del "C:\Programme\Applications\iebu.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6531] cmd /c del "C:\Programme\Applications\iebu.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5502] command /c del "C:\Programme\Applications\iebtmm.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4216] cmd /c del "C:\Programme\Applications\iebtmm.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7128] command /c del "C:\Programme\Applications\iebtu.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2994] cmd /c del "C:\Programme\Applications\iebtu.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2484] command /c del "C:\Programme\Applications\wcs.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6452] cmd /c del "C:\Programme\Applications\wcs.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5105] command /c del "C:\Programme\Applications\myd.ico"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2455] cmd /c del "C:\Programme\Applications\myd.ico"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2539] command /c del "C:\Programme\Applications\mym.ico"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4446] cmd /c del "C:\Programme\Applications\mym.ico"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7767] command /c del "C:\Programme\Applications\myp.ico"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4790] cmd /c del "C:\Programme\Applications\myp.ico"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1508] command /c del "C:\Programme\Applications\myv.ico"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9456] cmd /c del "C:\Programme\Applications\myv.ico"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4107] command /c del "C:\Programme\Applications\ot.ico"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4278] cmd /c del "C:\Programme\Applications\ot.ico"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2794] command /c del "C:\Programme\Applications\ts.ico"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6893] cmd /c del "C:\Programme\Applications\ts.ico"
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Programme\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WashAndGo - Cleanup of old Backupfiles] C:\Programme\Purgatio Pro\checker.exe /check
O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingD7087] cmd /c del "C:\Programme\Applications\iebt.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9990] command /c del "C:\Programme\Applications\iebtm.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2342] cmd /c del "C:\Programme\Applications\iebtm.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4593] command /c del "C:\Programme\Applications\iebu.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4589] cmd /c del "C:\Programme\Applications\iebu.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3578] command /c del "C:\Programme\Applications\iebtmm.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6482] cmd /c del "C:\Programme\Applications\iebtmm.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3239] command /c del "C:\Programme\Applications\iebtu.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1940] cmd /c del "C:\Programme\Applications\iebtu.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2738] command /c del "C:\Programme\Applications\wcs.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3417] cmd /c del "C:\Programme\Applications\wcs.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6531] command /c del "C:\Programme\Applications\myd.ico"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1567] cmd /c del "C:\Programme\Applications\myd.ico"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3102] command /c del "C:\Programme\Applications\mym.ico"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2874] cmd /c del "C:\Programme\Applications\mym.ico"
O4 - HKCU\..\RunOnce: [SpybotDeletingB247] command /c del "C:\Programme\Applications\myp.ico"
O4 - HKCU\..\RunOnce: [SpybotDeletingD602] cmd /c del "C:\Programme\Applications\myp.ico"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3956] command /c del "C:\Programme\Applications\myv.ico"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5091] cmd /c del "C:\Programme\Applications\myv.ico"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1579] command /c del "C:\Programme\Applications\ot.ico"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3020] cmd /c del "C:\Programme\Applications\ot.ico"
O4 - HKCU\..\RunOnce: [SpybotDeletingB528] command /c del "C:\Programme\Applications\ts.ico"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6952] cmd /c del "C:\Programme\Applications\ts.ico"
O4 - HKLM\..\Policies\Explorer\Run: [smile] C:\Programme\Applications\wcs.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digimax Viewer 2.1.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: web'n'walk Manager.lnk = C:\Programme\T-Mobile\webnwalk Manager\webnwalkmanager.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{87BAA05E-3CD3-48DE-9D18-6E5F3DFB0188}: NameServer = 213.162.65.1 213.162.65.2
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programme\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Automatisches LiveUpdate - Scheduler (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\Programme\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\GEMEIN~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 13674 bytes
Seitenanfang Seitenende
04.10.2008, 14:29
Moderator

Beiträge: 7805
#2 Hake bitte den ganzen "RunOnce" Krempel in hijackthis an und druecke fix checked.

Danach bitte einmal Mbam und Combofix laufen lassen und die entsprechenden Reporte Posten:
http://board.protecus.de/t23188.htm

Achso, vorher bitte die Datentraegerbereinigung nutzen.
__________
MfG Ralf
SEO-Spam Hunter
Seitenanfang Seitenende