Error Safe, wie bekomme ich den los?

#1 Hi,
scheint ähnlich wie Winfix zu sein.
Kann mir bitte, bitte , bitte jemand helfen?

Hier mein Logfile.

Vielen Dank




Logfile of HijackThis v1.99.1
Scan saved at 15:37:21, on 28.01.2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\carpserv.exe
C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe
C:\Program Files\CA\eTrust PestPatrol\PestPatrol5.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Downloads\Programme\Hijack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com/info/e-center-p
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [TV Now] C:\Program Files\HPQ\Notebook Utilities\TvNow.exe /RK
O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [QT4HPOT] C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [eTrust PestPatrol Active Protection] "C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{F839BDF1-5D27-474F-887D-B3909FC084F8}: NameServer = 217.237.151.97 217.237.150.141
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: TSMService - T-Systems Nova, Berkom - C:\Program Files\T-DSL SpeedManager\tsmsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

#2 cass

stelle den CleanUp genauso ein, wie hier angegeben:
http://virus-protect.org/cleanup.html

Kopiere diese 4 Textdateien. Sie sind nach Datum geordnet. (kopiere nur die letzten 3 Monate ab)
http://virus-protect.org/datfindbat.html
__________
MfG Sabina

rund um die PC-Sicherheit

#3 Hallo Sabina,
hier also die files der letzten 3 Monate (soweit vorhanden, da regelmäßig gelöscht wird). Der ErrorSafe Fehler hängt wohl mit dem auf unserem PC noch vorhandenen IE zusammen - die Popups waren jedenfalls immer mit dem IE logo. Wir benutzen Mozilla Firefox.

Vielen Dank für deine Hilfe

Gruss
Cass :-)



Directory of C:\WINDOWS\system32

29.01.2006 09:53 24 fwlog.txt
26.01.2006 10:45 169.896 FNTCACHE.DAT
19.01.2006 15:38 6.617 jupdate-1.5.0_06-b05.log
18.01.2006 16:25 1.158 wpa.dbl
10.01.2006 18:07 34.308 bassmod.dll
09.01.2006 18:50 4.212 zllictbl.dat
09.01.2006 18:24 364.302 perfh009.dat
09.01.2006 18:24 45.810 perfc009.dat
09.01.2006 18:24 414.482 PerfStringBackup.INI
09.01.2006 18:21 2.395 $winnt$.inf
04.01.2006 19:46 2.827.616 MRT.exe
02.01.2006 23:38 260.608 gdi32.dll
22.11.2005 16:49 2.700.288 MSHTML.DLL
10.11.2005 13:03 127.078 javaws.exe
10.11.2005 13:03 49.265 jpicpl32.cpl
10.11.2005 11:27 49.250 javaw.exe
10.11.2005 11:27 49.248 java.exe
27.10.2005 20:06 226.816 srrstr.dll
21.10.2005 15:17 1.339.392 SHDOCVW.DLL
21.10.2005 12:51 575.488 WININET.DLL
21.10.2005 12:51 459.776 URLMON.DLL
21.10.2005 12:49 192.512 DXTRANS.DLL
21.10.2005 12:49 496.640 MSTIME.DLL
20.10.2005 23:33 991.232 esent.dll
20.10.2005 19:08 986.112 DANIM.DLL
17.10.2005 22:29 111.616 t2embed.dll
17.10.2005 22:29 77.824 fontsub.dll
04.10.2005 02:38 1.799.552 win32k.sys

Directory of C:\DOCUME~1\Owner\LOCALS~1\Temp

29.01.2006 10:18 206 jusched.log
1 File(s) 206 bytes
0 Dir(s) 33.254.252.544 bytes free

Directory of C:\WINDOWS

29.01.2006 10:07 1.359.753 WindowsUpdate.log
29.01.2006 09:55 0 0.log
29.01.2006 09:53 2.048 bootstat.dat
29.01.2006 09:53 32.600 SchedLgU.Txt
28.01.2006 10:24 3.470 ModemLog_Conexant 56K ACLink Modem.txt
27.01.2006 14:16 594 win.ini
26.01.2006 14:41 16 popcinfo.dat
21.01.2006 20:17 99.970 UninstallFirefox.exe
21.01.2006 20:17 4.964 mozver.dat
09.01.2006 20:24 720.896 iun6002.exe
09.01.2006 18:37 0 PestPatrol5.INI
09.01.2006 18:34 400 ODBC.INI
09.01.2006 18:17 231 system.ini

Directory of C:\

29.01.2006 10:21 0 sys.txt
29.01.2006 10:21 3.660 system.txt
29.01.2006 10:20 269 systemtemp.txt
29.01.2006 10:18 90.986 system32.txt
29.01.2006 09:53 468.242.432 hiberfil.sys
29.01.2006 09:53 704.643.072 pagefile.sys
09.01.2006 18:21 0 IO.SYS
09.01.2006 18:21 0 MSDOS.SYS
09.01.2006 18:20 194 boot.ini
09.01.2006 18:14 0 nsreg.dat

#4 Oben auf der Seite --> auf Durchsuchen klicken --> Datei aussuchen --> Doppelklick auf die zu prüfende Datei --> klick auf Submit... jetzt abwarten --> kopiere das Ergebnis in das Sicherheitsforum
http://www.virustotal.com/flash/index_en.html

C:\WINDOWS\system32\bassmod.dll
C:\WINDOWS\popcinfo.dat
C:\WINDOWS\win.ini
__________
MfG Sabina

rund um die PC-Sicherheit

#5 Hier die Daten von VirusTotal

this is a report processed by VirusTotal on 01/30/2006 at 09:10:39 (CET) after scanning the file "bassmod.dll" file.
Antivirus Version Update Result
AntiVir 6.33.0.81 01.28.2006 no virus found
Avast 4.6.695.0 01.29.2006 no virus found
AVG 718 01.27.2006 no virus found
Avira 6.33.0.81 01.27.2006 no virus found
BitDefender 7.2 01.30.2006 no virus found
CAT-QuickHeal 8.00 01.27.2006 no virus found
ClamAV devel-20051123 01.29.2006 no virus found
DrWeb 4.33 01.29.2006 no virus found
eTrust-InoculateIT 23.71.63 01.29.2006 no virus found
eTrust-Vet 12.4.2060 01.30.2006 no virus found
Ewido 3.5 01.29.2006 no virus found
Fortinet 2.54.0.0 01.30.2006 no virus found
F-Prot 3.16c 01.28.2006 no virus found
Ikarus 0.2.59.0 01.27.2006 no virus found
Kaspersky 4.0.2.24 01.30.2006 no virus found
McAfee 4684 01.27.2006 no virus found
NOD32v2 1.1386 01.29.2006 no virus found
Norman 5.70.10 01.27.2006 no virus found
Panda 9.0.0.4 01.30.2006 no virus found
Sophos 4.02.0 01.30.2006 no virus found
Symantec 8.0 01.30.2006 no virus found
UNA 1.83 01.27.2006 no virus found
VBA32 3.10.5 01.30.2006 no virus found


This is a report processed by VirusTotal on 01/30/2006 at 09:12:24 (CET) after scanning the file "popcinfo.dat" file.
Antivirus Version Update Result
AntiVir 6.33.0.81 01.28.2006 no virus found
Avast 4.6.695.0 01.29.2006 no virus found
AVG 718 01.27.2006 no virus found
Avira 6.33.0.81 01.27.2006 no virus found
BitDefender 7.2 01.30.2006 no virus found
CAT-QuickHeal 8.00 01.27.2006 no virus found
ClamAV devel-20051123 01.29.2006 no virus found
DrWeb 4.33 01.29.2006 no virus found
eTrust-InoculateIT 23.71.63 01.29.2006 no virus found
eTrust-Vet 12.4.2060 01.30.2006 no virus found
Ewido 3.5 01.29.2006 no virus found
Fortinet 2.54.0.0 01.30.2006 no virus found
F-Prot 3.16c 01.28.2006 no virus found
Ikarus 0.2.59.0 01.27.2006 no virus found
Kaspersky 4.0.2.24 01.30.2006 no virus found
McAfee 4684 01.27.2006 no virus found
NOD32v2 1.1386 01.29.2006 no virus found
Norman 5.70.10 01.27.2006 no virus found
Panda 9.0.0.4 01.30.2006 no virus found
Sophos 4.02.0 01.30.2006 no virus found
Symantec 8.0 01.30.2006 no virus found
UNA 1.83 01.27.2006 no virus found
VBA32 3.10.5 01.30.2006 no virus found


This is a report processed by VirusTotal on 01/30/2006 at 09:16:35 (CET) after scanning the file "win.ini" file.
Antivirus Version Update Result
AntiVir 6.33.0.81 01.28.2006 no virus found
Avast 4.6.695.0 01.29.2006 no virus found
AVG 718 01.27.2006 no virus found
Avira 6.33.0.81 01.27.2006 no virus found
BitDefender 7.2 01.30.2006 no virus found
CAT-QuickHeal 8.00 01.27.2006 no virus found
ClamAV devel-20051123 01.29.2006 no virus found
DrWeb 4.33 01.29.2006 no virus found
eTrust-InoculateIT 23.71.63 01.29.2006 no virus found
eTrust-Vet 12.4.2060 01.30.2006 no virus found
Ewido 3.5 01.29.2006 no virus found
Fortinet 2.54.0.0 01.30.2006 no virus found
F-Prot 3.16c 01.28.2006 no virus found
Ikarus 0.2.59.0 01.27.2006 no virus found
Kaspersky 4.0.2.24 01.30.2006 no virus found
McAfee 4684 01.27.2006 no virus found
NOD32v2 1.1386 01.29.2006 no virus found
Norman 5.70.10 01.27.2006 no virus found
Panda 9.0.0.4 01.30.2006 no virus found
Sophos 4.02.0 01.30.2006 no virus found
Symantec 8.0 01.30.2006 no virus found
UNA 1.83 01.27.2006 no virus found
VBA32 3.10.5 01.30.2006 no virus found

#6 ich kann nichts finden...mache also Onlinescans, vielleicht finden die Scanner etwas
http://virus-protect.org/onlinescan.html
dann berichte (Scanreporte abkopieren... etrust, Kaspersky, Panda)
__________
MfG Sabina

rund um die PC-Sicherheit

#7 OK - werde mein Glück versuchen.
Vielen Dank erstmal

Hier noch eine kleine Stärkung für zwischendurch. Vielleicht baue ich meinen PC um...

:o)