Hallo zusammen habe grosse Probleme mit Spyaxe!

#0
30.11.2005, 07:41
...neu hier

Beiträge: 1
#1 Hallo zusammen

Habe so einen hartnäckigen Wurm (Sypaxe)oder so auf meinem Computer,
es wäre schön wenn mir jemand helfen wurde.

Bitte bei der Hilfe Schritt für Schritt erklären, habe nämlich nicht soviel Computer-
kenntnisse. Besten Dank für eure Hilfe.

Logfile of HijackThis v1.99.1
Scan saved at 08:10:13, on 30.11.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvctrl.exe
C:\WINDOWS\system32\mssearchnet.exe
C:\ATI-CPanel\atiptaxx.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
C:\Programme\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\Java\jre1.5.0_04\bin\jusched.exe
C:\Programme\FreePDF_XP\fpassist.exe
C:\Programme\Microsoft AntiSpyware\gcasServ.exe
C:\Programme\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
C:\Programme\Norton SystemWorks\Password Manager\AcctMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Logitech\MouseWare\system\em_exec.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Programme\Microsoft AntiSpyware\gcasDtServ.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\DOKUME~1\ALEXAN~1\LOKALE~1\Temp\Temporäres Verzeichnis 1 für hijackthis.zip\HijackThis.exe
C:\Programme\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bluewin.ch/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bluewin.ch/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bluewin.ch/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: HomepageBHO - {7caf96a2-c556-460a-988e-76fc7895d284} - C:\WINDOWS\system32\hpAB91.tmp
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Dokumente und Einstellungen\Alexandra Lauper\Lokale Einstellungen\Temp\NIS9\Setup\ISCommon\SYMSHARE\ADBLCK\NISShExt.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Dokumente und Einstellungen\Alexandra Lauper\Lokale Einstellungen\Temp\NIS9\NAV\External\NORTON\APP\NavShExt.dll (file missing)
O4 - HKLM\..\Run: [ATIPTA] "C:\ATI-CPanel\atiptaxx.exe"
O4 - HKLM\..\Run: [NAV_Update] C:\NAV_Update.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [mmtask] C:\Programme\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QD FastAndSafe] C:\Programme\Norton SystemWorks\Norton CleanSweep\QDCSFS.exe /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Programme\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Programme\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [AcctMgr] C:\Programme\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SpyAxe] C:\Programme\SpyAxe\spyaxe.exe /h
O4 - HKCU\..\Run: [sws.exe] c:\programme\GlobalDialer\pigno00000\gd-pigno00000_ch[1].exe -remove
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\programme\valve\steam\steam.exe" -silent
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: officejet 6100.lnk = ?
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O15 - Trusted Zone: *.symantec.com
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-18.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040428/qtinstall.info.apple.com/saba/de/win/QuickTimeInstaller.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
O20 - Winlogon Notify: st3 - C:\WINDOWS\
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Programme\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programme\Norton Internet Security\comHost.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programme\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe

Denn datFind.bat kann ich leider nicht ausführen, wenn ich es üffnen will passiert nichts!! Nur wenn ich es auf bearbeiten klicke erscheinen diese Daten!

cd\
cd %windir%\system32
dir /a:-d /o:-d > %systemdrive%\system32.txt
start %systemdrive%\system32.txt
cls
pause

cd\
cd %temp%\
dir /a:-d /o:-d > %systemdrive%\systemtemp.txt
start %systemdrive%\systemtemp.txt
cls
pause

cd\
cd %windir%
dir /a:-d /o:-d > %systemdrive%\system.txt
start %systemdrive%\system.txt
cls
pause

cd\
dir /a:-d /o:-d > %systemdrive%\sys.txt
start %systemdrive%\sys.txt
cls
exit

REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\SpyAxe.EXE]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{70F17C8C-1744-41B6-9D07-575DB448DCC5}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06506B3A-857D-431f-BE0B-038B1EC386B3}\LocalServer32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BFF94F7-9748-43d1-BAC4-D963351B63E7}\LocalServer32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0C580891-CA9D-4619-BDC9-85378EB65931}\LocalServer32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53525A6C-3774-4b47-B317-BC7DFE4FC7ED}\LocalServer32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5DEB9A24-19E0-49e6-A6B2-110BC3E1062A}\LocalServer32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5E1ACE2A-8638-4775-8AA9-5C187AD40A82}\LocalServer32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{629C4FE9-B627-4905-AF5B-AD652BB1B5C5}\LocalServer32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{659F78EA-6FF2-40f8-8EA3-06F7418A209E}\LocalServer32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7616A7F7-DF99-432f-870D-4AFEA0D079F4}\LocalServer32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7EB22F36-2CCD-4003-89EE-6CF40EBC4282}\LocalServer32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A0D06AA3-499B-4156-9FFD-0BE236F0D4E5}\LocalServer32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B6610F1D-DA77-42c4-8300-721D9DA9D70B}\LocalServer32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SpyAxe.Backup]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SpyAxe.Backup.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SpyAxe.EngineListener]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SpyAxe.EngineListener.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SpyAxe.Log]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SpyAxe.Log.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SpyAxe.LogRecord]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SpyAxe.LogRecord.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SpyAxe.Paths]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SpyAxe.Paths.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SpyAxe.Quarantine]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SpyAxe.Quarantine.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SpyAxe.RunAs]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SpyAxe.RunAs.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SpyAxe.Scanner]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SpyAxe.Scanner.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SpyAxe.SearchItem]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SpyAxe.SearchItem.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SpyAxe.ThreatCollection]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SpyAxe.ThreatCollection.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{2BB3BCBF-411A-4C67-8E69-F4BB301DC333}\1.0]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\spyaxe.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpyAxe"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpyAxe]
[-HKEY_LOCAL_MACHINE\SOFTWARE\SpyAxe]


Cafard
Dieser Beitrag wurde am 30.11.2005 um 09:10 Uhr von Cafard editiert.
Seitenanfang Seitenende