Startseite ändert sich immer von alleine auf about:blankThema ist geschlossen! |
||
---|---|---|
Thema ist geschlossen! |
||
#0
| ||
17.09.2005, 16:00
...neu hier
Beiträge: 8 |
||
|
||
17.09.2005, 16:03
Ehrenmitglied
Beiträge: 29434 |
||
|
||
17.09.2005, 16:10
...neu hier
Beiträge: 8 |
#18
Ergebnis vom Silentrunner: (Ergebnisse von Virustotal sind in dem vorherigen Post)
"Silent Runners.vbs", revision 40.1, http://www.silentrunners.org/ Operating System: Windows XP Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "NBJ" = ""C:\Programme\Ahead\Nero BackItUp\nbj.exe"" ["Ahead Software AG"] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "ATIPTA" = "C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" ["ATI Technologies, Inc."] "Cmaudio" = "RunDll32 cmicnfg.cpl,CMICtrlWnd" [MS] "Dit" = "Dit.exe" ["ICSI Technology Ltd."] "NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"] "CHotkey" = "mHotkey.exe" ["Chicony"] "ledpointer" = "CNYHKey.exe" ["Chicony"] "Prism_Utility" = "Prismsta.exe" ["Intersil Americas Inc."] "InstantAccess" = "C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h" [null data] "RegisterDropHandler" = "C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE" [empty string] "HotKey" = "C:\WINDOWS\Twain_32\FlatBed\HotKey.exe" ["Primax Electronics Ltd."] "TkBellExe" = ""C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."] "Microsoft Works Update Detection" = "C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe" ["Microsoft® Corporation"] "InCD" = "C:\Programme\Ahead\InCD\InCD.exe" ["Ahead Software AG"] "PCMService" = ""C:\Programme\Home Cinema\PowerCinema\PCMService.exe"" [empty string] "WinampAgent" = "C:\Programme\Winamp\winampa.exe" [null data] "PCSuiteTrayApplication" = "C:\Programme\Nokia\Nokia PC Suite 6\Launch Application 2.exe -onlytray" ["Nokia"] "DataLayer" = "C:\PROGRA~1\GEMEIN~1\PCSuite\DATALA~1\DATALA~1.EXE" ["Nokia Mobile Phones Ltd."] "AVSCHED32" = "C:\Programme\AVPersonal\AVSched32.EXE /min" ["H+BEDV Datentechnik GmbH"] "AVGCtrl" = ""C:\Programme\AVPersonal\AVGNT.EXE" /min" ["H+BEDV Datentechnik GmbH"] "ICQ Lite" = "C:\Programme\ICQLite\ICQLite.exe -minimize" [file not found] "SunJavaUpdateSched" = "C:\Programme\Java\jre1.5.0_03\bin\jusched.exe" ["Sun Microsystems, Inc."] "iTunesHelper" = ""C:\Programme\iTunes\iTunesHelper.exe"" ["Apple Computer, Inc."] "QuickTime Task" = ""C:\Programme\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."] "Zone Labs Client" = "C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe" ["Zone Labs, LLC"] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "CPL-Erweiterung für Anzeigeverschiebung" -> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Erweiterung für HyperTerminal-Icons" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."] "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Real\RealPlayer\rpshellext.dll" ["RealNetworks"] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Microsoft Office\Office10\msohev.dll" [MS] "{BB7DF450-F119-11CD-8465-00AA00425D90}" = "Microsoft Access Custom Icon Handler" -> {CLSID}\InProcServer32\(Default) = "C:\ProgramFiles\Microsoft Office\Office\soa800.dll" [MS] "{59850401-6664-101B-B21C-00AA004BA90B}" = "Microsoft Office Binder Explode" -> {CLSID}\InProcServer32\(Default) = "C:\ProgramFiles\Microsoft Office\Office\UNBIND.DLL" [MS] |
|
|
||
17.09.2005, 16:13
Ehrenmitglied
Beiträge: 29434 |
#19
amadeus5000
mit der Killbox loeschen: C:\WINDOWS\tuerkei.exe41.exe C:\WINDOWS\tuerkei.exe.exe C:\WINDOWS\radiofox.exe.exe C:\WINDOWS\radiofox.exe41.exe dann poste das Log vom Silentrunner noch mal komplett __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
17.09.2005, 16:19
...neu hier
Beiträge: 8 |
#20
Log vom Silentrunner:
"Silent Runners.vbs", revision 40.1, http://www.silentrunners.org/ Operating System: Windows XP Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "NBJ" = ""C:\Programme\Ahead\Nero BackItUp\nbj.exe"" ["Ahead Software AG"] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "ATIPTA" = "C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" ["ATI Technologies, Inc."] "Cmaudio" = "RunDll32 cmicnfg.cpl,CMICtrlWnd" [MS] "Dit" = "Dit.exe" ["ICSI Technology Ltd."] "NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"] "CHotkey" = "mHotkey.exe" ["Chicony"] "ledpointer" = "CNYHKey.exe" ["Chicony"] "Prism_Utility" = "Prismsta.exe" ["Intersil Americas Inc."] "InstantAccess" = "C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h" [null data] "RegisterDropHandler" = "C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE" [empty string] "HotKey" = "C:\WINDOWS\Twain_32\FlatBed\HotKey.exe" ["Primax Electronics Ltd."] "TkBellExe" = ""C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."] "Microsoft Works Update Detection" = "C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe" ["Microsoft® Corporation"] "InCD" = "C:\Programme\Ahead\InCD\InCD.exe" ["Ahead Software AG"] "PCMService" = ""C:\Programme\Home Cinema\PowerCinema\PCMService.exe"" [empty string] "WinampAgent" = "C:\Programme\Winamp\winampa.exe" [null data] "PCSuiteTrayApplication" = "C:\Programme\Nokia\Nokia PC Suite 6\Launch Application 2.exe -onlytray" ["Nokia"] "DataLayer" = "C:\PROGRA~1\GEMEIN~1\PCSuite\DATALA~1\DATALA~1.EXE" ["Nokia Mobile Phones Ltd."] "AVSCHED32" = "C:\Programme\AVPersonal\AVSched32.EXE /min" ["H+BEDV Datentechnik GmbH"] "AVGCtrl" = ""C:\Programme\AVPersonal\AVGNT.EXE" /min" ["H+BEDV Datentechnik GmbH"] "ICQ Lite" = "C:\Programme\ICQLite\ICQLite.exe -minimize" [file not found] "SunJavaUpdateSched" = "C:\Programme\Java\jre1.5.0_03\bin\jusched.exe" ["Sun Microsystems, Inc."] "iTunesHelper" = ""C:\Programme\iTunes\iTunesHelper.exe"" ["Apple Computer, Inc."] "QuickTime Task" = ""C:\Programme\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."] "Zone Labs Client" = "C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe" ["Zone Labs, LLC"] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "CPL-Erweiterung für Anzeigeverschiebung" -> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Erweiterung für HyperTerminal-Icons" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."] "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Real\RealPlayer\rpshellext.dll" ["RealNetworks"] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Microsoft Office\Office10\msohev.dll" [MS] "{BB7DF450-F119-11CD-8465-00AA00425D90}" = "Microsoft Access Custom Icon Handler" -> {CLSID}\InProcServer32\(Default) = "C:\ProgramFiles\Microsoft Office\Office\soa800.dll" [MS] "{59850401-6664-101B-B21C-00AA004BA90B}" = "Microsoft Office Binder Explode" -> {CLSID}\InProcServer32\(Default) = "C:\ProgramFiles\Microsoft Office\Office\UNBIND.DLL" [MS] "{950FF917-7A57-46BC-8017-59D9BF474000}" = "Shell Extension for CDRW" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Ahead\InCD\incdshx.dll" ["Ahead Software AG"] "{ED65AB21-B24F-11d3-BA80-00C0CA16AA37}" = "Mobile" -> {CLSID}\InProcServer32\(Default) = "C:\Private\Siemens_CF62\DES\DESShellExt.dll" ["Siemens AG"] "{ED65AB22-B24F-11d3-BA80-00C0CA16AA37}" = "Mobile ContextMenuHandler" -> {CLSID}\InProcServer32\(Default) = "C:\Private\Siemens_CF62\DES\DESShellExt.dll" ["Siemens AG"] "{ED65AB23-B24F-11d3-BA80-00C0CA16AA37}" = "Mobile PropertySheetHandler" -> {CLSID}\InProcServer32\(Default) = "C:\Private\Siemens_CF62\DES\DESShellExt.dll" ["Siemens AG"] "{40950107-FEA6-4d53-A65F-B2DCBA57DD58}" = "Nokia Phone Browser" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Nokia\Nokia PC Suite 6\PhoneBrowser.dll" ["Nokia"] "{FBFE7864-D495-41f0-B7DC-4BB601CC295E}" = "Contact View" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Nokia\Nokia PC Suite 6\ContactView.dll" ["Nokia"] "{C0C4375A-5B72-4efe-929D-3B848C3A1E91}" = "Message View" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Nokia\Nokia PC Suite 6\MessageView.dll" ["Nokia"] "{A5110426-177D-4e08-AB3F-785F10B4439C}" = "Eigene Telefone" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Sony Ericsson\Mobile\File Manager\fmgrgui.dll" ["Sony Ericsson Mobile Communications AB"] "{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ INFECTION WARNING! "{54D9498B-CF93-414F-8984-8CE7FDE0D391}" = "ewido shell guard" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\ewido\security suite\shellhook.dll" ["TODO: <Firmenname>"] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\ INFECTION WARNING! "Shell" = "explorer.exe, msmsgs.exe" [MS], [MS] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ INFECTION WARNING! AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ AntiVir/Win\(Default) = "{a7cda720-84ee-11d0-b5c0-00001b3ca278}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\AVPersonal\AVShlExt.DLL" ["H+BEDV Datentechnik GmbH"] ewido\(Default) = "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\ewido\security suite\context.dll" ["ewido networks"] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ ewido\(Default) = "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\ewido\security suite\context.dll" ["ewido networks"] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ AntiVir/Win\(Default) = "{a7cda720-84ee-11d0-b5c0-00001b3ca278}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\AVPersonal\AVShlExt.DLL" ["H+BEDV Datentechnik GmbH"] Active Desktop and Wallpaper: ----------------------------- Active Desktop is disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\Dokumente und Einstellungen\Thommes\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp" Startup items in "Thommes" & "All Users" startup folders: --------------------------------------------------------- C:\Dokumente und Einstellungen\Thommes\Startmenü\Programme\Autostart "Sélecteur de Fond d’Ecran" -> shortcut to: "C:\Programme\ffcc_wpc\wpc.exe" [null data] C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart "Adobe Reader - Schnellstart" -> shortcut to: "C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000004\LibraryPath = "C:\Programme\Bonjour\mdnsNSP.dll" ["Apple Computer, Inc."] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 21 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ "{855F3B16-6D32-4FE6-8A56-BBB695989046}" = "ICQ Toolbar" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "C:\Programme\ICQToolbar\toolbaru.dll" ["ICQ Inc."] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ "{855F3B16-6D32-4FE6-8A56-BBB695989046}" = "ICQ Toolbar" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "C:\Programme\ICQToolbar\toolbaru.dll" ["ICQ Inc."] Explorer Bars HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ {FE54FA40-D68C-11D2-98FA-00C0F0318AFE}\ = "Real.com" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Shdocvw.dll" [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {36ECAF82-3300-8F84-092E-AFF36D6C7040}\ "ButtonText" = "Run WinHTTrack" "MenuText" = "Launch WinHTTrack" "CLSIDExtension" = "{86529161-034E-4F8A-88D2-3C625E612E04}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\WinHTTrack\WinHTTrackIEBar.dll" [null data] {CD67F990-D8E9-11D2-98FE-00C0F0318AFE}\ "ButtonText" = "Real.com" {FB5F1910-F110-11D2-BB9E-00C04F795683}\ "ButtonText" = "Messenger" "MenuText" = "Windows Messenger" "Exec" = "C:\Programme\Messenger\MSMSGS.EXE" [MS] Miscellaneous IE Hijack Points ------------------------------ C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings") Added lines (compared with English-language version): [Strings]: START_PAGE_URL=http://www.pt.lu Missing lines (compared with English-language version): [Strings]: 1 line HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\ "{855F3B16-6D32-4fe6-8A56-BBB695989046}" = "ICQ Toolbar" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "C:\Programme\ICQToolbar\toolbaru.dll" ["ICQ Inc."] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ AntiVir Update, AVWUpSrv, ""C:\Programme\AVPersonal\AVWUPSRV.EXE"" ["H+BEDV Datentechnik GmbH, Germany"] Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\System32\Ati2evxx.exe" ["ATI Technologies Inc."] Bonjour Service, Bonjour Service, "C:\Programme\Bonjour\mDNSResponder.exe" ["Apple Computer, Inc."] ClipInc 001, ClipInc001, "C:\PROGRA~1\TOBITC~1\Server\ClipInc-Server.exe 001" [null data] Ereignisprotokoll-Überwachung, LogWatch, "C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe" ["Computer Associates"] ewido security suite control, ewido security suite control, "C:\Programme\ewido\security suite\ewidoctrl.exe" ["ewido networks"] ewido security suite guard, ewido security suite guard, "C:\Programme\ewido\security suite\ewidoguard.exe" ["ewido networks"] InCD Helper, InCDsrv, "C:\Programme\Ahead\InCD\InCDsrv.exe" ["Ahead Software AG"] iPodService, iPodService, "C:\Programme\iPod\bin\iPodService.exe" ["Apple Computer, Inc."] Machine Debug Manager, MDM, ""C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe"" [MS] TrueVector Internet Monitor, vsmon, "C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service" ["Zone Labs, LLC"] WMDM PMSP Service, WMDM PMSP Service, "C:\WINDOWS\System32\MsPMSPSv.exe" [MS] X10 Device Network Service, x10nets, "C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe" ["X10"] ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points and all Registry CLSIDs for dormant Explorer Bars, use the -supp parameter or answer "No" at the first message box. ---------- (total run time: 178 seconds, including 14 seconds for message boxes) Die soebengenannten Dateien habe ich mit der Killbox geloescht, warte noch auf das Ergebnis von Kaspersky Und nachträglich der Log von Hijackthis: Logfile of HijackThis v1.99.1 Scan saved at 16:18:06, on 17.09.2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\System32\ctfmon.exe C:\WINDOWS\Explorer.EXE C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\Dit.exe C:\WINDOWS\mHotkey.exe C:\WINDOWS\CNYHKey.exe C:\WINDOWS\System32\Prismsta.exe C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE C:\WINDOWS\Twain_32\FlatBed\HotKey.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe C:\Programme\Ahead\InCD\InCD.exe C:\Programme\Home Cinema\PowerCinema\PCMService.exe C:\Programme\Winamp\winampa.exe C:\PROGRA~1\GEMEIN~1\PCSuite\DATALA~1\DATALA~1.EXE C:\Programme\Java\jre1.5.0_03\bin\jusched.exe C:\Programme\iTunes\iTunesHelper.exe C:\Programme\QuickTime\qttask.exe C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe C:\PROGRA~1\GEMEIN~1\PCSuite\Services\SERVIC~1.EXE C:\Programme\AVPersonal\AVWUPSRV.EXE C:\Programme\ewido\security suite\ewidoctrl.exe C:\Programme\ewido\security suite\ewidoguard.exe C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Programme\Bonjour\mDNSResponder.exe C:\PROGRA~1\TOBITC~1\Server\ClipInc-Server.exe C:\Programme\Internet Explorer\iexplore.exe C:\Programme\iPod\bin\iPodService.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE C:\Programme\AVPersonal\AVGNT.EXE C:\Programme\AVPersonal\AVSched32.EXE C:\Dokumente und Einstellungen\Thommes\Desktop\Hijackthis\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.lu/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.pt.lu R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll F2 - REG:system.ini: Shell=explorer.exe, msmsgs.exe O3 - Toolbar: Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [Dit] Dit.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [CHotkey] mHotkey.exe O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe O4 - HKLM\..\Run: [Prism_Utility] Prismsta.exe O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE O4 - HKLM\..\Run: [HotKey] C:\WINDOWS\Twain_32\FlatBed\HotKey.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [InCD] C:\Programme\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [PCMService] "C:\Programme\Home Cinema\PowerCinema\PCMService.exe" O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programme\Nokia\Nokia PC Suite 6\Launch Application 2.exe -onlytray O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\GEMEIN~1\PCSuite\DATALA~1\DATALA~1.EXE O4 - HKLM\..\Run: [AVSCHED32] C:\Programme\AVPersonal\AVSched32.EXE /min O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_03\bin\jusched.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Zone Labs Client] C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE O4 - HKCU\..\Run: [NBJ] "C:\Programme\Ahead\Nero BackItUp\nbj.exe" O4 - Startup: Sélecteur de Fond d’Ecran.lnk = C:\Programme\ffcc_wpc\wpc.exe O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE O10 - Unknown file in Winsock LSP: c:\programme\bonjour\mdnsnsp.dll O14 - IERESET.INF: START_PAGE_URL=http://www.pt.lu O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by12fd.bay12.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{1805FC36-3A1C-421D-A115-CEA9CA759821}: NameServer = 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{1805FC36-3A1C-421D-A115-CEA9CA759821}: NameServer = 192.168.1.1 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Programme\Bonjour\mDNSResponder.exe O23 - Service: CA-Lizenz-Client (CA_LIC_CLNT) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe O23 - Service: CA-Lizenzserver (CA_LIC_SRVR) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe O23 - Service: ClipInc 001 (ClipInc001) - Unknown owner - C:\PROGRA~1\TOBITC~1\Server\ClipInc-Server.exe O23 - Service: ewido security suite control - ewido networks - C:\Programme\ewido\security suite\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Programme\ewido\security suite\ewidoguard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Programme\Ahead\InCD\InCDsrv.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: Ereignisprotokoll-Überwachung (LogWatch) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe So und noch der kapersky: ------------------------------------------------------------------------------ KASPERSKY ON-LINE SCANNER REPORT Saturday, September 17, 2005 17:40:21 Operating System: Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600) Kaspersky On-line Scanner version: 5.0.67.0 Kaspersky Anti-Virus database last update: 17/09/2005 Kaspersky Anti-Virus database records: 140659 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: standard Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: C:\ D:\ E:\ F:\ G:\ H:\ I:\ J:\ K:\ Scan Statistics: Total number of scanned objects: 125510 Number of viruses found: 4 Number of infected objects: 13 Number of suspicious objects: 0 Duration of the scan process: 5110 sec Infected Object Name - Virus Name C:\Programme\AVPersonal\INFECTED\WININET.DLL.VIR Infected: Virus.Win32.Nsag.b C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP246\A0081429.exe Infected: Trojan.Win32.Favadd.aj C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP246\A0081438.exe Infected: Trojan-Downloader.Win32.Zlob.an C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP247\A0081600.exe Infected: Trojan.Win32.Favadd.aj C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP247\A0081606.exe Infected: Trojan-Downloader.Win32.Zlob.an C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP247\A0082086.exe Infected: Trojan.Win32.Favadd.aj C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP247\A0082103.exe Infected: Trojan-Downloader.Win32.Zlob.an C:\WINDOWS\system32\clonzips.ssc/message_text.txt .pif Infected: Email-Worm.Win32.Sober.i C:\WINDOWS\system32\clonzips.ssc Infected: Email-Worm.Win32.Sober.i C:\WINDOWS\system32\clsobern.isc Infected: Email-Worm.Win32.Sober.i C:\WINDOWS\system32\nonzipsr.noz Infected: Email-Worm.Win32.Sober.i C:\WINDOWS\system32\zippedsr.piz/message_text.txt .pif Infected: Email-Worm.Win32.Sober.i C:\WINDOWS\system32\zippedsr.piz Infected: Email-Worm.Win32.Sober.i Scan process completed. Das Volume....Trojanische Pferd meldet auch mein AntiVir, allerdings kann er sie nicht löschen, sitzen jetzt in Quarantäne... Hoffe bloß es wird einfacher die zu löschen. Und ich muß dir wirklich für deine Engelsgeduld und Hilfsbereitschaft danken..Gibt es nur noch selten heutzutage...Danke Dieser Beitrag wurde am 17.09.2005 um 17:46 Uhr von amadeus5000 editiert.
|
|
|
||
17.09.2005, 18:21
Ehrenmitglied
Beiträge: 29434 |
#21
amadeus5000
#öffne das HijackThis-->> Button "scan" -->> Häkchen setzen -->> Button "Fix checked" -->> PC neustarten F2 - REG:system.ini: Shell=explorer.exe, msmsgs.exe PC neustarten loesche mit der Killbox: C:\WINDOWS\system32\msmsgs.exe C:\WINDOWS\system32\disclogexpoler.exe C:\WINDOWS\system32\winexerun.dal C:\WINDOWS\system32\winroot64.dal C:\WINDOWS\system32\sb2run.dii C:\WINDOWS\system32\winmprot.dal C:\WINDOWS\system32\winsend32.dal C:\WINDOWS\system32\dgssxy.yoi C:\WINDOWS\system32\cvqaikxt.apk C:\WINDOWS\system32\sysmms32.lla C:\WINDOWS\system32\Odin-Anon.Ger C:\WINDOWS\system32\clonzips.ssc/message_text.txt .pif C:\WINDOWS\system32\clonzips.ssc C:\WINDOWS\system32\zippedsr.piz/message_text.txt .pif C:\WINDOWS\system32\zippedsr.piz C:\WINDOWS\system32\nonzipsr.noz C:\WINDOWS\system32\clsobern.isc PC neustarten smitRem TOOL (Entfernungstool) http://noahdfear.geekstogo.com/ öffne smitRem folder,Doppelklick: RunThis.bat warte, bis der Scan beendet ist (der Bildschirm wird blau werden. das ist normal) suche smitfiles.txt und poste die Textdatei in den Thread Symantec /RemovaltoolW32.Sober.I@mm )-->scanne http://securityresponse.symantec.com/avcenter/venc/data/w32.sober.i@mm.html Deaktivieren Wiederherstellung «XP Arbeitsplatz-->rechtsklick, dann auf Eigenschaften--->Reiter Systemwiederherstellung--->Häkchen setzen bei Systemwiederherstellung auf allen Laufwerken deaktivieren. dann aktiviere sie wieder __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
17.09.2005, 18:55
Ehrenmitglied
Beiträge: 29434 |
#22
amadeus5000
mal ueberpruefen lassen, ob das "boese" ist....(Virustotal C:\s1l0.9f 25.12.2004 12:10 63 C:\s1l0.9d 25.12.2004 12:09 207 C:\s1l0.98 25.12.2004 12:09 250 C:\s1l0.97 25.12.2004 11:59 233 C:\s1l0.91 25.12.2004 11:26 328 C:\s1l0.2j 25.12.2004 11:05 122 C:\s1l0.1i dann mache unbedingt die Windowsupdates...lade SP2 __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
18.09.2005, 10:56
...neu hier
Beiträge: 8 |
#23
So hier die Smitfile:
smitRem log file version 2.3 by noahdfear ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Pre-run Files Present ~~~ Program Files ~~~ ~~~ Shortcuts ~~~ ~~~ Favorites ~~~ ~~~ system32 folder ~~~ ~~~ Icons in System32 ~~~ ~~~ Windows directory ~~~ ~~~ Drive root ~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Post-run Files Present ~~~ Program Files ~~~ ~~~ Shortcuts ~~~ ~~~ Favorites ~~~ ~~~ system32 folder ~~~ ~~~ Icons in System32 ~~~ ~~~ Windows directory ~~~ ~~~ Drive root ~~~ ~~~ Wininet.dll ~~~ CLEAN! Analyse von Virustotal: s1l0.9f Date: 09/18/2005 11:00:27 (CET) ---- AntiVir 6.32.0.3/20050916 found nothing Avast 4.6.695.0/20050916 found nothing AVG 718/20050916 found nothing Avira 6.32.0.3/20050916 found nothing BitDefender 7.2/20050918 found nothing CAT-QuickHeal 8.00/20050918 found nothing ClamAV devel-20050725/20050917 found nothing DrWeb 4.32b/20050917 found nothing eTrust-Iris 7.1.194.0/20050916 found nothing eTrust-Vet 11.9.1.0/20050916 found nothing Fortinet 2.41.0.0/20050907 found nothing F-Prot 3.16c/20050916 found nothing Ikarus 0.2.59.0/20050916 found nothing Kaspersky 4.0.2.24/20050918 found nothing McAfee 4583/20050916 found nothing NOD32v2 1.1219/20050916 found nothing Norman 5.70.10/20050916 found nothing Panda 8.02.00/20050917 found nothing Sophos 3.97.0/20050917 found nothing Symantec 8.0/20050917 found nothing TheHacker 5.8.2.108/20050916 found nothing VBA32 3.10.4/20050918 found nothing s1l0.9d Antivirus Version Update Result AntiVir 6.32.0.3 09.16.2005 no virus found Avast 4.6.695.0 09.16.2005 no virus found AVG 718 09.16.2005 no virus found Avira 6.32.0.3 09.16.2005 no virus found BitDefender 7.2 09.18.2005 no virus found CAT-QuickHeal 8.00 09.18.2005 no virus found ClamAV devel-20050725 09.17.2005 no virus found DrWeb 4.32b 09.17.2005 no virus found eTrust-Iris 7.1.194.0 09.16.2005 no virus found eTrust-Vet 11.9.1.0 09.16.2005 no virus found Fortinet 2.41.0.0 09.07.2005 no virus found F-Prot 3.16c 09.16.2005 no virus found Ikarus 0.2.59.0 09.16.2005 no virus found Kaspersky 4.0.2.24 09.18.2005 no virus found McAfee 4583 09.16.2005 no virus found NOD32v2 1.1219 09.16.2005 no virus found Norman 5.70.10 09.16.2005 no virus found Panda 8.02.00 09.17.2005 no virus found Sophos 3.97.0 09.17.2005 no virus found Symantec 8.0 09.17.2005 no virus found TheHacker 5.8.2.108 09.16.2005 no virus found VBA32 3.10.4 09.18.2005 no virus found s1l0.98 Antivirus Version Update Result AntiVir 6.32.0.3 09.16.2005 no virus found Avast 4.6.695.0 09.16.2005 no virus found AVG 718 09.16.2005 no virus found Avira 6.32.0.3 09.16.2005 no virus found BitDefender 7.2 09.18.2005 no virus found CAT-QuickHeal 8.00 09.18.2005 no virus found ClamAV devel-20050725 09.17.2005 no virus found DrWeb 4.32b 09.17.2005 no virus found eTrust-Iris 7.1.194.0 09.16.2005 no virus found eTrust-Vet 11.9.1.0 09.16.2005 no virus found Fortinet 2.41.0.0 09.07.2005 no virus found F-Prot 3.16c 09.16.2005 no virus found Ikarus 0.2.59.0 09.16.2005 no virus found Kaspersky 4.0.2.24 09.18.2005 no virus found McAfee 4583 09.16.2005 no virus found NOD32v2 1.1219 09.16.2005 no virus found Norman 5.70.10 09.16.2005 no virus found Panda 8.02.00 09.17.2005 no virus found Sophos 3.97.0 09.17.2005 no virus found Symantec 8.0 09.17.2005 no virus found TheHacker 5.8.2.108 09.16.2005 no virus found VBA32 3.10.4 09.18.2005 no virus found s1l0.97 Antivirus Version Update Result AntiVir 6.32.0.3 09.16.2005 no virus found Avast 4.6.695.0 09.16.2005 no virus found AVG 718 09.16.2005 no virus found Avira 6.32.0.3 09.16.2005 no virus found BitDefender 7.2 09.18.2005 no virus found CAT-QuickHeal 8.00 09.18.2005 no virus found ClamAV devel-20050725 09.17.2005 no virus found DrWeb 4.32b 09.17.2005 no virus found eTrust-Iris 7.1.194.0 09.16.2005 no virus found eTrust-Vet 11.9.1.0 09.16.2005 no virus found Fortinet 2.41.0.0 09.07.2005 no virus found F-Prot 3.16c 09.16.2005 no virus found Ikarus 0.2.59.0 09.16.2005 no virus found Kaspersky 4.0.2.24 09.18.2005 no virus found McAfee 4583 09.16.2005 no virus found NOD32v2 1.1219 09.16.2005 no virus found Norman 5.70.10 09.16.2005 no virus found Panda 8.02.00 09.17.2005 no virus found Sophos 3.97.0 09.17.2005 no virus found Symantec 8.0 09.17.2005 no virus found TheHacker 5.8.2.108 09.16.2005 no virus found VBA32 3.10.4 09.18.2005 no virus found s1l0.91 Antivirus Version Update Result AntiVir 6.32.0.3 09.16.2005 no virus found Avast 4.6.695.0 09.16.2005 no virus found AVG 718 09.16.2005 no virus found Avira 6.32.0.3 09.16.2005 no virus found BitDefender 7.2 09.18.2005 no virus found CAT-QuickHeal 8.00 09.18.2005 no virus found ClamAV devel-20050725 09.17.2005 no virus found DrWeb 4.32b 09.17.2005 no virus found eTrust-Iris 7.1.194.0 09.16.2005 no virus found eTrust-Vet 11.9.1.0 09.16.2005 no virus found Fortinet 2.41.0.0 09.07.2005 no virus found F-Prot 3.16c 09.16.2005 no virus found Ikarus 0.2.59.0 09.16.2005 no virus found Kaspersky 4.0.2.24 09.18.2005 no virus found McAfee 4583 09.16.2005 no virus found NOD32v2 1.1219 09.16.2005 no virus found Norman 5.70.10 09.16.2005 no virus found Panda 8.02.00 09.17.2005 no virus found Sophos 3.97.0 09.17.2005 no virus found Symantec 8.0 09.17.2005 no virus found TheHacker 5.8.2.108 09.16.2005 no virus found VBA32 3.10.4 09.18.2005 no virus found s1l0.2j Antivirus Version Update Result AntiVir 6.32.0.3 09.16.2005 no virus found Avast 4.6.695.0 09.16.2005 no virus found AVG 718 09.16.2005 no virus found Avira 6.32.0.3 09.16.2005 no virus found BitDefender 7.2 09.18.2005 no virus found CAT-QuickHeal 8.00 09.18.2005 no virus found ClamAV devel-20050725 09.17.2005 no virus found DrWeb 4.32b 09.17.2005 no virus found eTrust-Iris 7.1.194.0 09.16.2005 no virus found eTrust-Vet 11.9.1.0 09.16.2005 no virus found Fortinet 2.41.0.0 09.07.2005 no virus found F-Prot 3.16c 09.16.2005 no virus found Ikarus 0.2.59.0 09.16.2005 no virus found Kaspersky 4.0.2.24 09.18.2005 no virus found McAfee 4583 09.16.2005 no virus found NOD32v2 1.1219 09.16.2005 no virus found Norman 5.70.10 09.16.2005 no virus found Panda 8.02.00 09.17.2005 no virus found Sophos 3.97.0 09.17.2005 no virus found Symantec 8.0 09.17.2005 no virus found TheHacker 5.8.2.108 09.16.2005 no virus found VBA32 3.10.4 09.18.2005 no virus found s1l0.1i Antivirus Version Update Result AntiVir 6.32.0.3 09.16.2005 no virus found Avast 4.6.695.0 09.16.2005 no virus found AVG 718 09.16.2005 no virus found Avira 6.32.0.3 09.16.2005 no virus found BitDefender 7.2 09.18.2005 no virus found CAT-QuickHeal 8.00 09.18.2005 no virus found ClamAV devel-20050725 09.17.2005 no virus found DrWeb 4.32b 09.17.2005 no virus found eTrust-Iris 7.1.194.0 09.16.2005 no virus found eTrust-Vet 11.9.1.0 09.16.2005 no virus found Fortinet 2.41.0.0 09.07.2005 no virus found F-Prot 3.16c 09.16.2005 no virus found Ikarus 0.2.59.0 09.16.2005 no virus found Kaspersky 4.0.2.24 09.18.2005 no virus found McAfee 4583 09.16.2005 no virus found NOD32v2 1.1219 09.16.2005 no virus found Norman 5.70.10 09.16.2005 no virus found Panda 8.02.00 09.17.2005 no virus found Sophos 3.97.0 09.17.2005 no virus found Symantec 8.0 09.17.2005 no virus found TheHacker 5.8.2.108 09.16.2005 no virus found VBA32 3.10.4 09.18.2005 no virus found Symantec hat nichts gefunden, installiere soeben SP2 Danke für deine unverzichtbare Hilfe!!! :o) Dieser Beitrag wurde am 18.09.2005 um 11:40 Uhr von amadeus5000 editiert.
|
|
|
||
18.09.2005, 12:37
Ehrenmitglied
Beiträge: 29434 |
#24
Hallo@amadeus5000
nun, der Sober muesste nun geloescht sein, die Dialer auch und der ganze Rest an Malware. SP2 ist eine gute Option Alles Gute fuer dich + PC __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
18.09.2005, 12:44
...neu hier
Beiträge: 8 |
#25
Danke nochmal, erstaunlich wieviel man an Müll im PC wiederfindet!
|
|
|
||
21.09.2005, 15:23
...neu hier
Beiträge: 8 |
#26
Hallo habe dasselbe Problem Für Ratschläge was ich löschen sol und vor allem wie wäre ich dankbar. Jan
hier mein logfile Logfile of HijackThis v1.99.1 Scan saved at 15:08:47, on 09/21/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\alg.exe C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wdfmgr.exe C:\WINDOWS\System32\RunDll32.exe C:\Programme\Card Reader\shwicon.exe D:\multimedia\Quicktime\qttask.exe C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe C:\WINDOWS\System32\ctfmon.exe C:\Programme\Steganos AntiSpyware 7\aspy7.exe D:\tools\Spyware Doctor\swdoctor.exe C:\Programme\AOL 9.0a\aoltray.exe C:\WINDOWS\System32\wbem\wmiprvse.exe C:\Programme\Microsoft Office\Office\WINWORD.EXE C:\WINDOWS\msagent\AgentSvr.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE D:\tools\winrar\WinRAR.exe C:\DOKUME~1\JK882E~1.HAS\LOKALE~1\Temp\RarExe04.f30\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.web.de R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = fritz.box O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\tools\norton\Norton Antivirus\NavShExt.dll (file missing) O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\tools\norton\Norton Antivirus\NavShExt.dll (file missing) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [ShowIcon_The Company_USB Storage Device Ver. 1.3] "C:\Programme\Card Reader\shwicon.exe" -t"The Company\USB Storage Device Ver. 1.3" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [dlexport] C:\Programme\Windows Media Player\dlexport.exe O4 - HKLM\..\Run: [QuickTime Task] "D:\multimedia\Quicktime\qttask.exe" -atboottime O4 - HKLM\..\Run: [cbcf71cc1c2] C:\WINDOWS\System32\cbcf71cc1c2.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [AntiSpyware7] "C:\Programme\Steganos AntiSpyware 7\aspy7.exe" /0 O4 - HKCU\..\Run: [Spyware Doctor] "D:\tools\Spyware Doctor\swdoctor.exe" /Q O4 - HKCU\..\Run: [cbcf71cc1c2] C:\WINDOWS\System32\cbcf71cc1c2.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O15 - Trusted IP range: 206.161.125.149 O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/scanner/axscanner.cab O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spyspotter.com/spyspotter/SpSp29952.40noopt/SpySpotterCabInstall.cab O23 - Service: WindowInstallSystem (cbcf71cc1c2svr) - Unknown owner - C:\WINDOWS\cbcf71cc1c2.exe O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Unknown owner - D:\tools\norton\Norton Antivirus\navapsvc.exe (file missing) O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe |
|
|
||
21.09.2005, 16:41
Ehrenmitglied
Beiträge: 29434 |
#27
Hallo@jaka
CCleaner--> loesche alle *temp-Datein http://virus-protect.org/temp.html poste alle 4 Logs (mit pfadangabe) http://virus-protect.org/datfindbat.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
21.09.2005, 17:03
...neu hier
Beiträge: 8 |
#28
Hallo Sabina habe die temp-Dateien gelöscht.
Wenn ich aber datfindbat doppelckicke öffnet sich hijackthis und nicht das notepad. Habe ich eine falsche Version? So komme ich jedenfalls nicht an die Logs ran. ???????? Danke erstmal für die Rückmeldung |
|
|
||
21.09.2005, 17:40
Ehrenmitglied
Beiträge: 29434 |
#29
versuche es noch mal: (Erklaerung liegt bei )
http://virus-protect.org/virusprotect/datfindbat.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
21.09.2005, 20:45
...neu hier
Beiträge: 8 |
#30
Hey bin doch nicht doof. Hier die LOG Dateien von datfindbat
Datentr„ger in Laufwerk C: ist MAIN Volumeseriennummer: 7D8F-961E Verzeichnis von C:\WINDOWS\system32 09/21/2005 20:39 721.390 PerfStringBackup.INI 09/21/2005 20:39 48.156 perfc007.dat 09/21/2005 20:39 39.992 perfc009.dat 09/21/2005 20:39 316.594 perfh007.dat 09/21/2005 20:39 311.604 perfh009.dat 09/21/2005 11:57 2.262 wpa.dbl 08/29/2005 22:38 16.832 amcompat.tlb 08/29/2005 22:38 23.392 nscompat.tlb 08/23/2005 19:34 180.240 FNTCACHE.DAT 07/21/2005 00:07 0 kavsvc.dmp 07/21/2005 00:07 244 kavsvc.exception.log 07/19/2005 23:39 1.806 ModemLog_AVM ISDN FAX (G3).txt 07/19/2005 23:39 1.834 ModemLog_AVM ISDN Analog Modem (V.32bis).txt 07/19/2005 23:39 1.796 ModemLog_AVM ISDN BTX.txt 07/19/2005 23:39 1.816 ModemLog_AVM ISDN Custom Config.txt 07/19/2005 23:39 1.818 ModemLog_AVM ISDN Mailbox (X.75).txt Datentr„ger in Laufwerk C: ist MAIN Volumeseriennummer: 7D8F-961E Verzeichnis von C:\DOKUME~1\JK882E~1.HAS\LOKALE~1\Temp 09/21/2005 19:58 16.384 Perflib_Perfdata_728.dat 09/21/2005 19:57 1.454 e1b13f08a.html 09/21/2005 19:56 0 c59b3463519.d46 09/15/2005 05:16 109 DFC5A2B2.TMP 4 Datei(en) 17.947 Bytes 0 Verzeichnis(se), 2.224.451.584 Bytes frei Datentr„ger in Laufwerk C: ist MAIN Volumeseriennummer: 7D8F-961E Verzeichnis von C:\WINDOWS 09/21/2005 20:49 1.187 win.ini 09/21/2005 20:49 1.187 win.tmp 09/21/2005 20:40 53.695 iis6.log 09/21/2005 20:40 29.252 ocgen.log 09/21/2005 20:40 9.149 comsetup.log 09/21/2005 20:40 7.148 ntdtcsetup.log 09/21/2005 20:40 5.345 netfxocm.log 09/21/2005 20:40 1.433 ocmsn.log 09/21/2005 20:40 933 tabletoc.log 09/21/2005 20:40 1.814 msgsocm.log 09/21/2005 20:40 1.917 imsins.log 09/21/2005 20:40 17.331 tsoc.log 09/21/2005 20:40 24.496 FaxSetup.log 09/21/2005 20:40 12.704 msmqinst.log 09/21/2005 20:40 379 wsdu.log 09/21/2005 20:40 2.518 WINNT32.LOG 09/21/2005 20:40 964 UPGRADE.TXT 09/21/2005 20:39 54 setupact.log 09/21/2005 20:39 178 DHCPUPG.LOG 09/21/2005 20:39 4.566 imsins.BAK 09/21/2005 20:21 0 setuperr.log 09/21/2005 19:57 0 0.log 09/21/2005 19:56 159 wiadebug.log 09/21/2005 19:56 2.048 bootstat.dat 09/21/2005 17:29 50 wiaservc.log 09/21/2005 17:29 32.618 SchedLgU.Txt 09/16/2005 23:48 3.241 mozver.dat 09/16/2005 22:15 99.970 UninstallFirefox.exe 09/11/2005 15:32 633 aolback.exe.lnk 08/29/2005 22:37 316.640 WMSysPr9.prx 08/15/2005 14:05 306 mpsettings.ini Datentr„ger in Laufwerk C: ist MAIN Volumeseriennummer: 7D8F-961E Verzeichnis von C:\ 09/21/2005 20:53 0 sys.txt 09/21/2005 20:52 6.995 system.txt 09/21/2005 20:52 458 systemtemp.txt 09/21/2005 20:49 102.635 system32.txt 09/21/2005 19:56 402.653.184 pagefile.sys 09/21/2005 19:56 267.964.416 hiberfil.sys 09/21/2005 14:25 6 AVPCallback.log 09/21/2005 13:35 391 abc.lnk 09/17/2005 11:02 488 hpfr5550.xml 09/16/2005 22:12 397 vlist.log 09/11/2005 15:29 440 INSTALL.LOG 07/10/2005 18:50 189 w32_API.cab 05/09/2005 21:40 11.616 ascserv.log 05/09/2005 06:11 2.371 TDSLCheck.txt 01/31/2005 06:37 10.250 move_before.xml 01/31/2005 06:37 10.250 move_after.xml 01/21/2005 02:32 0 mssys.com 01/21/2005 02:32 0 q.exe 01/21/2005 02:32 0 m.exe 01/21/2005 02:32 0 ntldr.exe 01/21/2005 02:32 0 p.exe 01/21/2005 02:32 0 winspec.dat 01/21/2005 02:32 0 q250204.exe Dieser Beitrag wurde am 21.09.2005 um 20:54 Uhr von jaka editiert.
|
|
|
||
C:\WINDOWS1\UNNMP.exe
Antivirus Version Update Result
AntiVir 6.32.0.3 09.16.2005 no virus found
Avast 4.6.695.0 09.16.2005 no virus found
AVG 718 09.16.2005 no virus found
Avira 6.32.0.3 09.16.2005 no virus found
BitDefender 7.2 09.17.2005 no virus found
CAT-QuickHeal 8.00 09.17.2005 no virus found
ClamAV devel-20050725 09.17.2005 no virus found
DrWeb 4.32b 09.17.2005 no virus found
eTrust-Iris 7.1.194.0 09.16.2005 no virus found
eTrust-Vet 11.9.1.0 09.16.2005 no virus found
Fortinet 2.41.0.0 09.07.2005 no virus found
F-Prot 3.16c 09.16.2005 no virus found
Ikarus 0.2.59.0 09.16.2005 no virus found
Kaspersky 4.0.2.24 09.17.2005 no virus found
McAfee 4583 09.16.2005 no virus found
NOD32v2 1.1219 09.16.2005 no virus found
Norman 5.70.10 09.16.2005 no virus found
Panda 8.02.00 09.17.2005 no virus found
Sophos 3.97.0 09.17.2005 no virus found
Symantec 8.0 09.17.2005 no virus found
TheHacker 5.8.2.108 09.16.2005 no virus found
VBA32 3.10.4 09.16.2005 no virus found
C:\WINDOWS1\tuerkei.exe.exe
Antivirus Version Update Result
AntiVir 6.32.0.3 09.16.2005 DIAL/Generic
Avast 4.6.695.0 09.16.2005 no virus found
AVG 718 09.16.2005 Dialer.22.AQ
Avira 6.32.0.3 09.16.2005 DIAL/Generic
BitDefender 7.2 09.17.2005 no virus found
CAT-QuickHeal 8.00 09.17.2005 no virus found
ClamAV devel-20050725 09.17.2005 Dialer-203
DrWeb 4.32b 09.17.2005 no virus found
eTrust-Iris 7.1.194.0 09.16.2005 no virus found
eTrust-Vet 11.9.1.0 09.16.2005 no virus found
Fortinet 2.41.0.0 09.07.2005 Dial/Platform.B
F-Prot 3.16c 09.16.2005 no virus found
Ikarus 0.2.59.0 09.16.2005 Dialer
Kaspersky 4.0.2.24 09.17.2005 not-a-virusorn-Dialer.Win32.Intexdial
McAfee 4583 09.16.2005 potentially unwanted program Dialer-192
NOD32v2 1.1219 09.16.2005 a variant of Win32/Dialer.StarDialer
Norman 5.70.10 09.16.2005 no virus found
Panda 8.02.00 09.17.2005 Dialer.Gen
Sophos 3.97.0 09.17.2005 Dial/Intex-B
Symantec 8.0 09.17.2005 no virus found
TheHacker 5.8.2.108 09.16.2005 no virus found
VBA32 3.10.4 09.16.2005 suspected of Porn-Dialer.MainpeanGmbH.Star.1
tuerkei.exe41.exe
Antivirus Version Update Result
AntiVir 6.32.0.3 09.16.2005 DIAL/Generic
Avast 4.6.695.0 09.16.2005 no virus found
AVG 718 09.16.2005 Dialer.22.AQ
Avira 6.32.0.3 09.16.2005 DIAL/Generic
BitDefender 7.2 09.17.2005 no virus found
CAT-QuickHeal 8.00 09.17.2005 no virus found
ClamAV devel-20050725 09.17.2005 Dialer-203
DrWeb 4.32b 09.17.2005 no virus found
eTrust-Iris 7.1.194.0 09.16.2005 no virus found
eTrust-Vet 11.9.1.0 09.16.2005 no virus found
Fortinet 2.41.0.0 09.07.2005 Dial/Platform.B
F-Prot 3.16c 09.16.2005 no virus found
Ikarus 0.2.59.0 09.16.2005 Dialer
Kaspersky 4.0.2.24 09.17.2005 not-a-virusorn-Dialer.Win32.Intexdial
McAfee 4583 09.16.2005 potentially unwanted program Dialer-192
NOD32v2 1.1219 09.16.2005 a variant of Win32/Dialer.StarDialer
Norman 5.70.10 09.16.2005 no virus found
Panda 8.02.00 09.17.2005 Dialer.Gen
Sophos 3.97.0 09.17.2005 Dial/Intex-B
Symantec 8.0 09.17.2005 no virus found
TheHacker 5.8.2.108 09.16.2005 no virus found
VBA32 3.10.4 09.16.2005 suspected of Porn-Dialer.MainpeanGmbH.Star.1