sers!
seit ein paar tagen, habe ich folgendes problem:
http://www.trojaner-board.de/38005-trojaner-der-das-internet-blockiert.html
der thread-ersteller hat ja leider keine antwort bekommen...
wär nice, wenn mir jemand helfen könnte!
hier noch mein hijack this logfile:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:20:48, on 08.11.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:ProgrammeWIDCOMMBluetooth Softwarebinbtwdins.exe
C:WINDOWSsystem32ZoneLabsvsmon.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
C:ProgrammeAviraAntiVir Desktopsched.exe
C:ProgrammeAviraAntiVir Desktopavguard.exe
C:ProgrammeVPN Clientcvpnd.exe
C:ProgrammeJavajre6binjqs.exe
C:ProgrammeSystem Control ManagerMSIService.exe
C:WINDOWSsystem32PSIService.exe
C:ProgrammeCyberlinkShared filesRichVideo.exe
C:WINDOWSsystem32svchost.exe
C:ProgrammeAviraAntiVir Desktopavshadow.exe
C:ProgrammeTuneUp Utilities 2011TuneUpUtilitiesService32.exe
C:WINDOWSsystem32wbemwmiapsrv.exe
C:ProgrammeTuneUp Utilities 2011TuneUpUtilitiesApp32.exe
C:WINDOWSRTHDCPL.EXE
C:WINDOWSsystem32wscntfy.exe
C:ProgrammeSynapticsSynTPSynTPEnh.exe
C:ProgrammeSystem Control ManagerMGSysCtrl.exe
C:ProgrammeAviraAntiVir Desktopavgnt.exe
C:ProgrammeGemeinsame DateienJavaJava Updatejusched.exe
C:ProgrammeZoneAlarmzlclient.exe
C:WINDOWSsystem32wbemunsecapp.exe
C:WINDOWSsystem32ctfmon.exe
C:ProgrammeFirefoxfirefox.exe
C:Dokumente und EinstellungenStiviDesktopHijackThis.exe
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.yodl.de/?&affid=1&uid=8CEB13AA-9946-4665-BCCE-A73216FDA3C7
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:ProgrammeGemeinsame DateienAdobeAcrobatActiveXAcroIEHelperShim.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:ProgrammeGemeinsame DateienMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:ProgrammeJavajre6binjp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:ProgrammeJavajre6libdeployjqsiejqs_plugin.dll
O4 - HKLM..Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM..Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM..Run: [SynTPEnh] C:ProgrammeSynapticsSynTPSynTPEnh.exe
O4 - HKLM..Run: [MGSysCtrl] C:ProgrammeSystem Control ManagerMGSysCtrl.exe
O4 - HKLM..Run: [UCam_Menu] "C:ProgrammeHomeCinemaYouCamMUITransferMUIStartMen u.exe" "C:ProgrammeHomeCinemaYouCam" UpdateWithCreateOnce "SoftwareCyberLinkYouCam2.0"
O4 - HKLM..Run: [avgnt] "C:ProgrammeAviraAntiVir Desktopavgnt.exe" /min
O4 - HKLM..Run: [Versato] C:PROGRA~1MAGICW~1MulMouse.exe
O4 - HKLM..Run: [SunJavaUpdateSched] "C:ProgrammeGemeinsame DateienJavaJava Updatejusched.exe"
O4 - HKLM..Run: [ZoneAlarm Client] "C:ProgrammeZoneAlarmzlclient.exe"
O4 - HKLM..Run: [Adobe ARM] "C:ProgrammeGemeinsame DateienAdobeARM1.0AdobeARM.exe"
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'SYSTEM')
O4 - HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'Default user')
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:ProgrammeWIDCOMMBluetooth Softwarebtsendto_ie_ctx.htm
O8 - Extra context menu item: Senden an Bluetooth - C:ProgrammeWIDCOMMBluetooth Softwarebtsendto_ie.htm
O8 - Extra context menu item: Öffnen mit WordPerfect - C:ProgrammeWordPerfect Office X3ProgramsWPLauncher.hta
O9 - Extra button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-37276-17534-25/4 (file missing)
O9 - Extra 'Tools' menuitem: eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-37276-17534-25/4 (file missing)
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:ProgrammeWindows LiveWriterWriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in &Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:ProgrammeWindows LiveWriterWriterBrowserExtension.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:ProgrammeICQLiteICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:ProgrammeICQLiteICQLite.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:ProgrammeWIDCOMMBluetooth Softwarebtsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:ProgrammeWIDCOMMBluetooth Softwarebtsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-37276-17534-25/4 (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-37276-17534-25/4 (file missing) (HKCU)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1260794826609
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1260794812406
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:WINDOWSsystem32browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:WINDOWSsystem32browseui.dll
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:ProgrammeAviraAntiVir Desktopsched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:ProgrammeAviraAntiVir Desktopavguard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:ProgrammeWIDCOMMBluetooth Softwarebinbtwdins.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:ProgrammeVPN Clientcvpnd.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:ProgrammeJavajre6binjqs.exe
O23 - Service: Micro Star SCM - Unknown owner - C:ProgrammeSystem Control ManagerMSIService.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:WINDOWSsystem32PSIService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:ProgrammeCyberlinkShared filesRichVideo.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:ProgrammeTuneUp Utilities 2011TuneUpUtilitiesService32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:WINDOWSsystem32ZoneLabsvsmon.exe
--
End of file - 7962 bytes
seit ein paar tagen, habe ich folgendes problem:
http://www.trojaner-board.de/38005-trojaner-der-das-internet-blockiert.html
der thread-ersteller hat ja leider keine antwort bekommen...
wär nice, wenn mir jemand helfen könnte!
hier noch mein hijack this logfile:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:20:48, on 08.11.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:ProgrammeWIDCOMMBluetooth Softwarebinbtwdins.exe
C:WINDOWSsystem32ZoneLabsvsmon.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
C:ProgrammeAviraAntiVir Desktopsched.exe
C:ProgrammeAviraAntiVir Desktopavguard.exe
C:ProgrammeVPN Clientcvpnd.exe
C:ProgrammeJavajre6binjqs.exe
C:ProgrammeSystem Control ManagerMSIService.exe
C:WINDOWSsystem32PSIService.exe
C:ProgrammeCyberlinkShared filesRichVideo.exe
C:WINDOWSsystem32svchost.exe
C:ProgrammeAviraAntiVir Desktopavshadow.exe
C:ProgrammeTuneUp Utilities 2011TuneUpUtilitiesService32.exe
C:WINDOWSsystem32wbemwmiapsrv.exe
C:ProgrammeTuneUp Utilities 2011TuneUpUtilitiesApp32.exe
C:WINDOWSRTHDCPL.EXE
C:WINDOWSsystem32wscntfy.exe
C:ProgrammeSynapticsSynTPSynTPEnh.exe
C:ProgrammeSystem Control ManagerMGSysCtrl.exe
C:ProgrammeAviraAntiVir Desktopavgnt.exe
C:ProgrammeGemeinsame DateienJavaJava Updatejusched.exe
C:ProgrammeZoneAlarmzlclient.exe
C:WINDOWSsystem32wbemunsecapp.exe
C:WINDOWSsystem32ctfmon.exe
C:ProgrammeFirefoxfirefox.exe
C:Dokumente und EinstellungenStiviDesktopHijackThis.exe
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.yodl.de/?&affid=1&uid=8CEB13AA-9946-4665-BCCE-A73216FDA3C7
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:ProgrammeGemeinsame DateienAdobeAcrobatActiveXAcroIEHelperShim.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:ProgrammeGemeinsame DateienMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:ProgrammeJavajre6binjp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:ProgrammeJavajre6libdeployjqsiejqs_plugin.dll
O4 - HKLM..Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM..Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM..Run: [SynTPEnh] C:ProgrammeSynapticsSynTPSynTPEnh.exe
O4 - HKLM..Run: [MGSysCtrl] C:ProgrammeSystem Control ManagerMGSysCtrl.exe
O4 - HKLM..Run: [UCam_Menu] "C:ProgrammeHomeCinemaYouCamMUITransferMUIStartMen u.exe" "C:ProgrammeHomeCinemaYouCam" UpdateWithCreateOnce "SoftwareCyberLinkYouCam2.0"
O4 - HKLM..Run: [avgnt] "C:ProgrammeAviraAntiVir Desktopavgnt.exe" /min
O4 - HKLM..Run: [Versato] C:PROGRA~1MAGICW~1MulMouse.exe
O4 - HKLM..Run: [SunJavaUpdateSched] "C:ProgrammeGemeinsame DateienJavaJava Updatejusched.exe"
O4 - HKLM..Run: [ZoneAlarm Client] "C:ProgrammeZoneAlarmzlclient.exe"
O4 - HKLM..Run: [Adobe ARM] "C:ProgrammeGemeinsame DateienAdobeARM1.0AdobeARM.exe"
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'SYSTEM')
O4 - HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'Default user')
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:ProgrammeWIDCOMMBluetooth Softwarebtsendto_ie_ctx.htm
O8 - Extra context menu item: Senden an Bluetooth - C:ProgrammeWIDCOMMBluetooth Softwarebtsendto_ie.htm
O8 - Extra context menu item: Öffnen mit WordPerfect - C:ProgrammeWordPerfect Office X3ProgramsWPLauncher.hta
O9 - Extra button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-37276-17534-25/4 (file missing)
O9 - Extra 'Tools' menuitem: eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-37276-17534-25/4 (file missing)
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:ProgrammeWindows LiveWriterWriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in &Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:ProgrammeWindows LiveWriterWriterBrowserExtension.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:ProgrammeICQLiteICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:ProgrammeICQLiteICQLite.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:ProgrammeWIDCOMMBluetooth Softwarebtsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:ProgrammeWIDCOMMBluetooth Softwarebtsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-37276-17534-25/4 (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-37276-17534-25/4 (file missing) (HKCU)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1260794826609
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1260794812406
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:WINDOWSsystem32browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:WINDOWSsystem32browseui.dll
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:ProgrammeAviraAntiVir Desktopsched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:ProgrammeAviraAntiVir Desktopavguard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:ProgrammeWIDCOMMBluetooth Softwarebinbtwdins.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:ProgrammeVPN Clientcvpnd.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:ProgrammeJavajre6binjqs.exe
O23 - Service: Micro Star SCM - Unknown owner - C:ProgrammeSystem Control ManagerMSIService.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:WINDOWSsystem32PSIService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:ProgrammeCyberlinkShared filesRichVideo.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:ProgrammeTuneUp Utilities 2011TuneUpUtilitiesService32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:WINDOWSsystem32ZoneLabsvsmon.exe
--
End of file - 7962 bytes
Kommentar