@ kopfschmerzen:
Ich empfehle zusätzlich die De-Installation der Java-Version 1.6.0.7 und die Installation der aktuellsten Version 1.6.0.11, da bestimmte Malware Schwachstellen in Java ausnutzt.
@ kopfschmerzen:
Ich empfehle zusätzlich die De-Installation der Java-Version 1.6.0.7 und die Installation der aktuellsten Version 1.6.0.11, da bestimmte Malware Schwachstellen in Java ausnutzt.
Last edited by Matt; 2009-01-22 at 17:30.
Best regards - Beste Grüße,
Matt
Ich habe durch das Update bereits die aktuellste Version installiert.
Könnten Sie meiner bitte die Beiträge zu manipulieren (oder zu löschen) noch nachkommen? Man kann in google sehr gut meinen Arbeitgeber und Windowsnutzernamen finden.
Vielen Dank im Voraus.
Malvare c
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:06:44, on 16.03.2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19019)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\conime.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Canon\Memory Card Utility\iP6700D\PDUiP6700DMon.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\AirPort\APAgent.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Mediafour\MacDrive 8\MacDrive.exe
C:\Windows\System32\WTClient.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files\AirVideoServer\AirVideoServer.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
C:\Program Files\PGP Corporation\PGP Desktop\PGPtray.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files\PGP Corporation\PGP Desktop\PGPfsd.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Windows\system32\WerCon.exe
C:\Windows\system32\sdclt.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: TerraTec Home Cinema - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\PROGRA~1\TerraTec\TERRAT~1\THCDES~1.DLL
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [PDUiP6700DMon] C:\Program Files\Canon\Memory Card Utility\iP6700D\PDUiP6700DMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [AirPort Base Station Agent] "C:\Program Files\AirPort\APAgent.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [MacDrive 8 application] "C:\Program Files\Mediafour\MacDrive 8\MacDrive.exe"
O4 - HKLM\..\Run: [Getting started with MacDrive 8] "C:\Program Files\Mediafour\MacDrive 8\MDGetStarted.exe" /auto
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [WTClient] WTClient.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [vmware-tray] "C:\Program Files\VMware\VMware Workstation\vmware-tray.exe"
O4 - HKCU\..\Run: [AirVideoServer] C:\Program Files\AirVideoServer\AirVideoServer.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Global Startup: Google Calendar Sync.lnk = C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
O4 - Global Startup: PGPtray.exe.lnk = ?
O4 - Global Startup: WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pu...sh/swflash.cab
O20 - AppInit_DLLs: PGPmapih.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MacDrive 8 service (MacDrive8Service) - Mediafour Corporation - C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe
O23 - Service: PGP RDD Service - PGP Corporation - C:\Program Files\PGP Corporation\PGP Desktop\RDDService.exe
O23 - Service: PGPserv - PGP Corporation - C:\Windows\system32\PGPserv.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: WDDMService - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\Windows\System32\Drivers\WTSRV.EXE
--
End of file - 8487 bytes
Hallo Medvidek,
was moechtest du uns mit dem Posting sagen? Bitte erklaere dein Problem ausfuehrlich, am besten mit entsprechenden Infos und Reporten von Spybot und deinen anderen "Sicherheitsprodukten".
Eroeffne bitte dazu hier ein neues Thema:
http://forums.spybot.info/newthread....newthread&f=15
MfG Ralf
Posting Permissions
