Trojanisches Pferd TR/Click.526Thema ist geschlossen! |
||
|---|---|---|
Thema ist geschlossen! |
||
| #0
| ||
|
04.03.2006, 16:22
Member
Beiträge: 16 |
||
 
|
|
|
|
04.03.2006, 16:27
Ehrenmitglied
 Beiträge: 29434 |
#2
Smiley007
1. stelle den CleanUp genauso ein, wie hier angegeben: http://virus-protect.org/cleanup.html 2. Kopiere diese 4 Textdateien. Sie sind nach Datum geordnet. (kopiere nur die letzten 3 Monate ab) http://virus-protect.org/datfindbat.html 3. Hijackthis http://virus-protect.org/hjtkurz.html Lade/entpacke HijackThis in einem Ordner --> None of the above just start the program --> Save--> Savelog -->es öffnet sich der Editor nun das KOMPLETTE Log mit rechtem Mausklick abkopieren und ins Forum mit rechtem Mausklick "einfügen" 4. Download f-secure-Beta Trial http://www.f-secure.com/blacklight/ doppelklick: blbeta.exe nach dem Check klicke -- next nun findet man eine Log-Datei (txt) auf dem Desktop --> poste hier __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
04.03.2006, 16:28
Member
Themenstarter Beiträge: 16 |
#3
Hier schonmal das Hijack Logfile:
Logfile of HijackThis v1.99.1 Scan saved at 16:31:58, on 04.03.2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\AntiVir PersonalEdition Classic\sched.exe C:\Programme\AntiVir PersonalEdition Classic\avguard.exe C:\Programme\FRITZ!DSL\IGDCTRL.EXE C:\WINDOWS\Explorer.EXE C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe C:\WINDOWS\System32\wdfmgr.exe C:\WINDOWS\System32\UAService.exe C:\Programme\Sunbelt Software\CounterSpy\Consumer\Thread.exe C:\Programme\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe C:\WINDOWS\ATK0100\Hcontrol.exe C:\WINDOWS\SOUNDMAN.EXE C:\Progra~1\ASUS\Power4 Gear\BatteryLife.exe C:\Progra~1\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programme\Synaptics\SynTP\SynTPLpr.exe C:\Programme\Synaptics\SynTP\SynTPEnh.exe C:\Programme\Java\jre1.5.0_04\bin\jusched.exe D:\Programme\iTunes\iTunesHelper.exe C:\Programme\Sunbelt Software\CounterSpy\Consumer\sunserver.exe C:\Programme\QuickTime\qttask.exe C:\Progra~1\ASUS\WLAN Card Utilities\Center.exe C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe C:\Programme\TV Movie\TV Movie ClickFinder\tvtip.EXE C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Programme\Gemeinsame Dateien\PCSuite\DataLayer\DataLayer.exe C:\WINDOWS\System32\ctfmon.exe C:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe C:\Programme\Asus\Asus ChkMail\ChkMail.exe C:\PROGRA~1\GEMEIN~1\PCSuite\Services\SERVIC~1.EXE C:\Programme\Asus\ASUS Hotkey\Hotkey.exe C:\Programme\iPod\bin\iPodService.exe C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe C:\PROGRA~1\GEMEIN~1\Nokia\MPAPI\MPAPI3s.exe C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe C:\Programme\Logitech\Harmony Remote\harmonyClient.exe C:\WINDOWS\ATK0100\ATKOSD.exe C:\Programme\ETeX AG\Speak&Win\ETeXSecureClientXP.exe C:\Programme\FRITZ!DSL\FwebProt.exe C:\Programme\FRITZ!DSL\StCenter.exe c:\programme\etex ag\speak&win\bin\ETTSengine.exe C:\Programme\Mozilla Firefox\firefox.exe D:\Downloads\Programme\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.asus.com.tw/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com.tw O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - D:\Programme\TechSmith\SnagIt 7\SnagItBHO.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - D:\Programme\TechSmith\SnagIt 7\SnagItIEAddin.dll O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [Power_Gear] C:\Progra~1\ASUS\Power4 Gear\BatteryLife.exe 1 O4 - HKLM\..\Run: [ATIPTA] C:\Progra~1\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [xpos] C:\Programme\DATA BECKER\XP optimal stylen\xpui.exe /tray O4 - HKLM\..\Run: [BootSkin Startup Jobs] "D:\Programme\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs O4 - HKLM\..\Run: [LogonStudio] "D:\Programme\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM O4 - HKLM\..\Run: [VC5Player] C:\Programme\HHVcdV5Sys\VC5Play.exe O4 - HKLM\..\Run: [iTunesHelper] "D:\Programme\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [SunServer] C:\Programme\Sunbelt Software\CounterSpy\Consumer\sunserver.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Control Center] C:\Progra~1\ASUS\WLAN Card Utilities\Center.exe O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [TVTip] C:\Programme\TV Movie\TV Movie ClickFinder\tvtip.EXE /m O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray O4 - HKLM\..\Run: [DataLayer] C:\Programme\Gemeinsame Dateien\PCSuite\DataLayer\DataLayer.exe O4 - HKLM\..\Run: [dmwvc.exe] C:\WINDOWS\System32\dmwvc.exe O4 - HKLM\..\Run: [yaemu.exe] C:\WINDOWS\System32\yaemu.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [PcSync] C:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog O4 - HKCU\..\Run: [desktop] C:\WINDOWS\System32\idemlog.exe O4 - Startup: Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: FRITZ!DSL Protect.lnk = C:\Programme\FRITZ!DSL\FwebProt.exe O4 - Startup: FRITZ!DSL Startcenter.lnk = C:\Programme\FRITZ!DSL\StCenter.exe O4 - Global Startup: ASUS ChkMail.lnk = C:\Programme\Asus\Asus ChkMail\ChkMail.exe O4 - Global Startup: Hotkey.lnk = C:\Programme\Asus\ASUS Hotkey\Hotkey.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe O4 - Global Startup: BlueSoleil.lnk = ? O4 - Global Startup: Logitech Harmony Remote.lnk = C:\Programme\Logitech\Harmony Remote\harmonyClient.exe O4 - Global Startup: ETeX Secure Client.lnk = C:\Programme\ETeX AG\Speak&Win\ETeXSecureClientXP.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programme\ICQLite\ICQLite.exe O9 - Extra button: SchnapperPro - {D6243B39-211B-440E-B4C5-26D2A579CAC8} - D:\Programme\SchnapperPro\SchnapperPro.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com.tw O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1130776066506 O17 - HKLM\System\CCS\Services\Tcpip\..\{613949B8-0415-44EE-AABD-243717A62479}: NameServer = 85.255.116.75,85.255.112.177 O17 - HKLM\System\CCS\Services\Tcpip\..\{9875EC03-E2F7-4D09-9D66-3AFAB967B752}: NameServer = 85.255.116.75,85.255.112.177 O17 - HKLM\System\CCS\Services\Tcpip\..\{9E2C6D3F-BE58-4C2D-9E48-1BEBEF9D468B}: NameServer = 85.255.116.75,85.255.112.177 O17 - HKLM\System\CCS\Services\Tcpip\..\{B2F2C398-F9F3-4266-A7D0-E70DD1D8110B}: NameServer = 85.255.116.75,85.255.112.177 O17 - HKLM\System\CCS\Services\Tcpip\..\{CAA36B49-15E8-4139-9435-412C368475DC}: NameServer = 85.255.116.75,85.255.112.177 O17 - HKLM\System\CCS\Services\Tcpip\..\{DFF03EB0-8BFC-413E-83DC-4D328845EA65}: NameServer = 85.255.116.75,85.255.112.177 O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir Scheduler (AntiVirScheduler) - H+BEDV Datentechnik GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: AVM IGD CTRL Service - AVM Berlin - C:\Programme\FRITZ!DSL\IGDCTRL.EXE O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: SecuROM User Access Service (UserAccess) - Unknown owner - C:\WINDOWS\System32\UAService.exe |
|
|
|
|
|
|
04.03.2006, 16:35
Ehrenmitglied
Beiträge: 29434 |
#4
das ist der Wareout,,,wenn du schneller formatierst, als die Reinigung dauern wird...dann formatiere...ansonsten werden wir das Wochenende damit zubringeen, alles zu saeubern
__________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
04.03.2006, 16:41
Member
Themenstarter Beiträge: 16 |
#5
Datfind.bat
Datentr„ger in Laufwerk C: ist WINDOWS Volumeseriennummer: 380A-5F2F Verzeichnis von C:\WINDOWS\system32 04.03.2006 16:17 4.608 sphlp32.exe 04.03.2006 15:29 19.712 insurance.bmp 04.03.2006 15:29 4.984 close.bmp 04.03.2006 15:29 11.772 spyware.bmp 04.03.2006 15:29 21.224 xxx.bmp 04.03.2006 15:29 21.872 dating.bmp 04.03.2006 15:29 21.872 pharmacy.bmp 04.03.2006 15:29 23.480 gambling.bmp 04.03.2006 15:29 387 idesk.conf 04.03.2006 15:28 109.568 idemlog.exe 04.03.2006 15:24 51.200 cspoe.exe 04.03.2006 10:43 1.158 wpa.dbl 03.02.2006 12:44 171.488 FNTCACHE.DAT 18.01.2006 13:05 57.344 avsda.dll 02.01.2006 18:11 722.932 PerfStringBackup.INI 02.01.2006 18:11 40.326 perfc009.dat 02.01.2006 18:11 311.938 perfh009.dat 02.01.2006 18:11 317.168 perfh007.dat 02.01.2006 18:11 48.552 perfc007.dat Datentr„ger in Laufwerk C: ist WINDOWS Volumeseriennummer: 380A-5F2F Verzeichnis von C:\DOKUME~1\Dirk\LOKALE~1\Temp 04.03.2006 16:36 32.768 ~DF9F36.tmp 04.03.2006 16:36 545 IPCONFIG.TXT 04.03.2006 16:36 0 JET8.tmp 04.03.2006 16:36 16.384 ~DF710B.tmp 04.03.2006 16:36 49.152 ~DF6DE6.tmp 04.03.2006 16:36 203 jusched.log 04.03.2006 16:36 32.768 ~DF2DC9.tmp 04.03.2006 16:36 16.384 ~DF9810.tmp 04.03.2006 16:35 32.768 ~DFEDF7.tmp 04.03.2006 16:35 16.384 ~DF1A43.tmp 04.03.2006 16:35 49.152 ~DF9C05.tmp 04.03.2006 16:35 32.768 ~DF5078.tmp 04.03.2006 16:35 16.384 ~DFC5B1.tmp 13 Datei(en) 295.660 Bytes 0 Verzeichnis(se), 9.991.684.096 Bytes frei Datentr„ger in Laufwerk C: ist WINDOWS Volumeseriennummer: 380A-5F2F Verzeichnis von C:\WINDOWS 04.03.2006 16:16 0 0.log 04.03.2006 16:16 2.048 bootstat.dat 04.03.2006 16:15 32.634 SchedLgU.Txt 04.03.2006 16:15 891.877 WindowsUpdate.log 04.03.2006 16:00 107.134 UninstallFirefox.exe 04.03.2006 16:00 8.636 mozver.dat 04.03.2006 15:45 256 system.ini 04.03.2006 15:45 710 win.ini 04.03.2006 15:24 173 OEWABLog.txt 04.03.2006 14:36 346.800 setupapi.log 04.03.2006 14:31 11.718 ModemLog_Motorola USB Modem #2.txt 04.03.2006 14:25 7.462 ModemLog_Motorola USB Modem #3.txt 04.03.2006 10:39 1.006 ocmsn.log 04.03.2006 10:39 1.891 imsins.log 04.03.2006 10:39 10.244 tsoc.log 04.03.2006 10:39 4.919 ntdtcsetup.log 04.03.2006 10:39 6.252 comsetup.log 04.03.2006 10:39 1.045 msgsocm.log 04.03.2006 10:39 1.947 iis6.log 04.03.2006 10:39 24.159 ocgen.log 04.03.2006 10:39 17.808 FaxSetup.log 01.03.2006 22:01 1.125 winamp.ini 25.02.2006 11:53 408 wiadebug.log 25.02.2006 11:53 50 wiaservc.log 17.02.2006 19:32 282 homeDVD-Fotos3_5_dlx.INI 09.02.2006 22:18 356.352 Spukschloss3DUninstaller.exe 09.02.2006 22:18 7.618.560 Spukschloss3D.scr 04.02.2006 18:05 5.396 ModemLog_Bluetooth DUN Modem.txt 31.01.2006 16:41 12.451 wmsetup.log 17.01.2006 12:49 116 NeroDigital.ini 02.01.2006 18:11 4.507 imsins.BAK Datentr„ger in Laufwerk C: ist WINDOWS Volumeseriennummer: 380A-5F2F Verzeichnis von C:\ 04.03.2006 16:45 0 sys.txt 04.03.2006 16:45 6.073 system.txt 04.03.2006 16:45 871 systemtemp.txt 04.03.2006 16:44 99.058 system32.txt 04.03.2006 16:16 536.268.800 hiberfil.sys 04.03.2006 16:16 805.306.368 PAGEFILE.SYS 04.03.2006 15:45 194 boot.ini 28.02.2006 16:02 8.315 pdatime.log 31.10.2005 18:36 6 AVPCallback.log 03.05.2005 20:40 0 DBS.TXT 25.02.2005 07:07 9 Finish.log 25.02.2005 06:50 0 MSDOS.SYS 25.02.2005 06:50 0 IO.SYS 25.02.2005 06:50 0 CONFIG.SYS 25.02.2005 06:50 0 AUTOEXEC.BAT 27.01.2004 19:59 14 RECOVERY.DAT 26.11.2003 17:25 0 A2D_A2DC.30 29.08.2002 14:00 4.952 bootfont.bin 29.08.2002 14:00 235.296 ntldr 29.08.2002 14:00 47.580 NTDETECT.COM 20 Datei(en) 1.341.977.536 Bytes 0 Verzeichnis(se), 9.991.684.096 Bytes frei O4 - HKLM\..\Run: [dmfou.exe] C:\WINDOWS\System32\dmfou.exe O4 - HKLM\..\Run: [hgqhp.exe] C:\WINDOWS\System32\hgqhp.exe O4 - HKCU\..\Run: [desktop] C:\WINDOWS\System32\idemlog.exe ** |
|
|
|
|
|
|
04.03.2006, 16:45
Ehrenmitglied
Beiträge: 29434 |
#6
poste dann nach dem log vom f-secure-Beta Trial
noch das Log vom Silentrunner http://virus-protect.org/silentrunner.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
04.03.2006, 18:27
Member
Themenstarter Beiträge: 16 |
#7
F-Secure hat komischerweise nix gefunden !???
Hier der Log von SIlentrunner: "Silent Runners.vbs", revision 43, http://www.silentrunners.org/ Operating System: Windows XP Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "CTFMON.EXE" = "C:\WINDOWS\System32\ctfmon.exe" [MS] "PcSync" = "C:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog" ["Time Information Services Ltd."] "desktop" = "C:\WINDOWS\System32\idemlog.exe" [empty string] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "Hcontrol" = "C:\WINDOWS\ATK0100\Hcontrol.exe" [empty string] "SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."] "ATIModeChange" = "Ati2mdxx.exe" ["ATI Technologies, Inc."] "SiSUSBRG" = "C:\WINDOWS\SiSUSBrg.exe" ["Silicon Integrated Systems Corp."] "Power_Gear" = "C:\Progra~1\ASUS\Power4 Gear\BatteryLife.exe 1" ["ASUSTeK Computer Inc."] "ATIPTA" = "C:\Progra~1\ATI Technologies\ATI Control Panel\atiptaxx.exe" ["ATI Technologies, Inc."] "SynTPLpr" = "C:\Programme\Synaptics\SynTP\SynTPLpr.exe" ["Synaptics, Inc."] "SynTPEnh" = "C:\Programme\Synaptics\SynTP\SynTPEnh.exe" ["Synaptics, Inc."] "SunJavaUpdateSched" = "C:\Programme\Java\jre1.5.0_04\bin\jusched.exe" ["Sun Microsystems, Inc."] "xpos" = "C:\Programme\DATA BECKER\XP optimal stylen\xpui.exe /tray" [file not found] "BootSkin Startup Jobs" = ""D:\Programme\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs" [file not found] "LogonStudio" = ""D:\Programme\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM" [file not found] "VC5Player" = "C:\Programme\HHVcdV5Sys\VC5Play.exe" [file not found] "iTunesHelper" = ""D:\Programme\iTunes\iTunesHelper.exe"" ["Apple Computer, Inc."] "SunServer" = "C:\Programme\Sunbelt Software\CounterSpy\Consumer\sunserver.exe" ["Sunbelt Software"] "QuickTime Task" = ""C:\Programme\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."] "Control Center" = "C:\Progra~1\ASUS\WLAN Card Utilities\Center.exe" ["ASUSTeK COMPUTER INC."] "avgnt" = ""C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min" ["H+BEDV Datentechnik GmbH"] "TVTip" = "C:\Programme\TV Movie\TV Movie ClickFinder\tvtip.EXE /m" [null data] "PCSuiteTrayApplication" = "C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray" ["Nokia"] "DataLayer" = "C:\Programme\Gemeinsame Dateien\PCSuite\DataLayer\DataLayer.exe" ["Nokia Mobile Phones Ltd."] "dmzil.exe" = "C:\WINDOWS\System32\dmzil.exe" [null data] "yaemu.exe" = "C:\WINDOWS\System32\yaemu.exe" [null data] HKLM\Software\Microsoft\Active Setup\Installed Components\ >{26923b43-4d38-484f-9b9e-de460746276c}\(Default) = "Internet Explorer" \StubPath = "C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigIE" [MS] >{881dd1c5-3dcf-431b-b061-f3f88e8be88a}\(Default) = "Outlook Express" \StubPath = "C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigOE" [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {00C6482D-C502-44C8-8409-FCE54AD9C208}\(Default) = "HelperObject Class" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "D:\Programme\TechSmith\SnagIt 7\SnagItBHO.dll" ["TechSmith Corporation"] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "Adobe PDF Reader Link Helper" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"] {53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided) -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Spybot - Search & Destroy\SDHelper.dll" ["Safer Networking Limited"] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "CPL-Erweiterung für Anzeigeverschiebung" -> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Erweiterung für HyperTerminal-Icons" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" [file not found] "{2F603045-309F-11CF-9774-0020AFD0CFF6}" = "Synaptics Control Panel" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Synaptics\SynTP\SynTPCpl.dll" ["Synaptics, Inc."] "{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] "{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] "{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] "{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\WinRaR\rarext.dll" [null data] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Microsoft Office\Office10\OLKFSTUB.DLL" [MS] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Microsoft Office\Office10\msohev.dll" [MS] "{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS] "{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS] "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."] "{73B24247-042E-4EF5-ADC2-42F62E6FD654}" = "ICQ Lite Shell Extension" -> {CLSID}\InProcServer32\(Default) = "D:\Programme\ICQLite\ICQLiteShell.dll" [empty string] "{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes" -> {CLSID}\InProcServer32\(Default) = "D:\Programme\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."] "{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3}" = "SnagIt" -> {CLSID}\InProcServer32\(Default) = "D:\Programme\TechSmith\SnagIt 7\SnagItIEAddin.dll" ["TechSmith Corporation"] "{CF74B903-3389-469c-B3B6-0204D204FCBD}" = "SnagIt Shell Extension" -> {CLSID}\InProcServer32\(Default) = "D:\Programme\TechSmith\SnagIt 7\SnagItShellExt.dll" ["TechSmith Corporation"] "{00020000-0000-1011-8004-0000C06B5161}" = "WIBU-SYSTEMS Shell Extension" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\WIBU-SYSTEMS\System\WibuShellExt.dll" ["WIBU-SYSTEMS AG"] "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" = "Shell Extension for Malware scanning" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\AntiVir PersonalEdition Classic\shlext.dll" ["H+BEDV Datentechnik GmbH"] "{40950107-FEA6-4d53-A65F-B2DCBA57DD58}" = "Nokia Phone Browser" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Nokia\Nokia PC Suite 6\PhoneBrowser.dll" ["Nokia"] "{FBFE7864-D495-41f0-B7DC-4BB601CC295E}" = "Contact View" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Nokia\Nokia PC Suite 6\ContactView.dll" ["Nokia"] "{C0C4375A-5B72-4efe-929D-3B848C3A1E91}" = "Message View" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Nokia\Nokia PC Suite 6\MessageView.dll" ["Nokia"] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ INFECTION WARNING! "{076394AD-7FDD-44EF-A075-32C68DBAB99B}" = "*X" (unwritable string) -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Sunbelt Software\CounterSpy\Consumer\SunExecuteHook.dll" ["Sunbelt Software"] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\ "System" = (value not set) HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}" -> {CLSID}\InProcServer32\(Default) = "D:\Programme\ICQLite\ICQLiteShell.dll" [empty string] Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\AntiVir PersonalEdition Classic\shlext.dll" ["H+BEDV Datentechnik GmbH"] SnagItMainShellExt\(Default) = "{CF74B903-3389-469c-B3B6-0204D204FCBD}" -> {CLSID}\InProcServer32\(Default) = "D:\Programme\TechSmith\SnagIt 7\SnagItShellExt.dll" ["TechSmith Corporation"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\WinRaR\rarext.dll" [null data] WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}" -> {CLSID}\InProcServer32\(Default) = "D:\Programme\ICQLite\ICQLiteShell.dll" [empty string] SnagItMainShellExt\(Default) = "{CF74B903-3389-469c-B3B6-0204D204FCBD}" -> {CLSID}\InProcServer32\(Default) = "D:\Programme\TechSmith\SnagIt 7\SnagItShellExt.dll" ["TechSmith Corporation"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\WinRaR\rarext.dll" [null data] WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\AntiVir PersonalEdition Classic\shlext.dll" ["H+BEDV Datentechnik GmbH"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\WinRaR\rarext.dll" [null data] WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] Active Desktop and Wallpaper: ----------------------------- Active Desktop is disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\Dokumente und Einstellungen\Dirk\Anwendungsdaten\Mozilla\Firefox\Desktop Hintergrund.bmp" Startup items in "Dirk" & "All Users" startup folders: ------------------------------------------------------ C:\Dokumente und Einstellungen\Dirk\Startmenü\Programme\Autostart "Adobe Gamma" -> shortcut to: "C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."] "FRITZ!DSL Protect" -> shortcut to: "C:\Programme\FRITZ!DSL\FwebProt.exe" ["AVM Berlin"] "FRITZ!DSL Startcenter" -> shortcut to: "C:\Programme\FRITZ!DSL\StCenter.exe" ["AVM Berlin"] C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart "ASUS ChkMail" -> shortcut to: "C:\Programme\Asus\Asus ChkMail\ChkMail.exe" ["asus"] "Hotkey" -> shortcut to: "C:\Programme\Asus\ASUS Hotkey\Hotkey.exe" ["ASUS"] "Microsoft Office" -> shortcut to: "C:\Programme\Microsoft Office\Office10\OSA.EXE -b -l" [MS] "InterVideo WinCinema Manager" -> shortcut to: "C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe" ["InterVideo Inc."] "BlueSoleil" -> shortcut to: "C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe" ["IVT Corporation"] "Logitech Harmony Remote" -> shortcut to: "C:\Programme\Logitech\Harmony Remote\harmonyClient.exe" [null data] "ETeX Secure Client" -> shortcut to: "C:\Programme\ETeX AG\Speak&Win\ETeXSecureClientXP.exe" [null data] "Adobe Reader Speed Launch" -> shortcut to: "C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000004\LibraryPath = "C:\Programme\FRITZ!DSL\sarah.dll" ["AVM Berlin"] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: C:\Programme\FRITZ!DSL\sarah.dll ["AVM Berlin"], 01 - 03, 30 %SystemRoot%\system32\mswsock.dll [MS], 04 - 07, 10 - 29 %SystemRoot%\system32\rsvpsp.dll [MS], 08 - 09 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKLM\Software\Microsoft\Internet Explorer\Toolbar\ "{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3}" = "SnagIt" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "D:\Programme\TechSmith\SnagIt 7\SnagItIEAddin.dll" ["TechSmith Corporation"] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ "MenuText" = "Sun Java Konsole" "CLSIDExtension" = "{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll" ["Sun Microsystems, Inc."] {B863453A-26C3-4E1F-A54D-A2CD196348E9}\ "ButtonText" = "ICQ Lite" "MenuText" = "ICQ Lite" "Exec" = "D:\Programme\ICQLite\ICQLite.exe" ["ICQ Ltd."] {D6243B39-211B-440E-B4C5-26D2A579CAC8}\ "ButtonText" = "SchnapperPro" "CLSIDExtension" = "{1FBA04EE-3024-11D2-8F1F-0000F87ABD16}" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS] "Exec" = "D:\Programme\SchnapperPro\SchnapperPro.exe" [null data] {FB5F1910-F110-11D2-BB9E-00C04F795683}\ "ButtonText" = "Messenger" "MenuText" = "Messenger" "Exec" = "C:\Programme\Messenger\MSMSGS.EXE" [MS] Miscellaneous IE Hijack Points ------------------------------ C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings") Added lines (compared with English-language version): [Strings]: START_PAGE_URL=http://www.asus.com.tw Missing lines (compared with English-language version): [Strings]: 1 line Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ AntiVir PersonalEdition Classic Service, AntiVirService, "C:\Programme\AntiVir PersonalEdition Classic\avguard.exe" ["H+BEDV Datentechnik GmbH"] AntiVir Scheduler, AntiVirScheduler, "C:\Programme\AntiVir PersonalEdition Classic\sched.exe" ["H+BEDV Datentechnik GmbH"] Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\System32\Ati2evxx.exe" ["ATI Technologies Inc."] AVM IGD CTRL Service, AVM IGD CTRL Service, "C:\Programme\FRITZ!DSL\IGDCTRL.EXE" ["AVM Berlin"] BlueSoleil Hid Service, BlueSoleil Hid Service, "C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe" [null data] iPodService, iPodService, "C:\Programme\iPod\bin\iPodService.exe" ["Apple Computer, Inc."] SecuROM User Access Service, UserAccess, "C:\WINDOWS\System32\UAService.exe" [null data] Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\System32\wdfmgr.exe" [MS] ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points and all Registry CLSIDs for dormant Explorer Bars, use the -supp parameter or answer "No" at the first message box. ---------- (total run time: 55 seconds, including 18 seconds for message boxes) Und was nun ? Danke schonmal das du mir hilfst Sabina. ;-) |
|
|
|
|
|
|
04.03.2006, 19:02
Ehrenmitglied
Beiträge: 29434 |
#8
Zitat 4. __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
04.03.2006, 19:21
Member
Themenstarter Beiträge: 16 |
#9
F-Secure erstellt mir auch keine Log-Datei ! :-(
Hab dir mal nen Screenshot angehängt.[/img] EDIT: Hab noch was gefunden ! ;-)) 03/04/06 19:21:47 [Info]: BlackLight Engine 1.0.33 initialized 03/04/06 19:21:47 [Info]: OS: 5.1 build 2600 (Service Pack 1) 03/04/06 19:21:48 [Note]: 7019 4 03/04/06 19:21:48 [Note]: 7005 0 03/04/06 19:21:50 [Note]: 7006 0 03/04/06 19:21:50 [Note]: 7011 2016 03/04/06 19:21:50 [Note]: FSRAW library version 1.7.1015 03/04/06 19:26:01 [Note]: 7007 0 Anhang: f-secure.jpg Dieser Beitrag wurde am 04.03.2006 um 19:28 Uhr von Smiley007 editiert.
|
|
|
|
|
|
|
04.03.2006, 19:46
Ehrenmitglied
Beiträge: 29434 |
#10
Smiley007
Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als fixme.reg mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden. Zitat REGEDIT4KILLBOX - Pocket KillBox http://virus-protect.org/killbox.html Options: Delete on Reboot --> anhaken und klicke auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "---- klicke auf "no",und kopiere das nächste rein, erst beim letzten auf "yes" reinkopieren: ... C:\WINDOWS\system32\sphlp32.exe C:\WINDOWS\system32\insurance.bmp C:\WINDOWS\system32\close.bmp C:\WINDOWS\system32\spyware.bmp C:\WINDOWS\system32\xxx.bmp C:\WINDOWS\system32\dating.bmp C:\WINDOWS\system32\pharmacy.bmp C:\WINDOWS\system32\gambling.bmp C:\WINDOWS\system32\idesk.conf C:\WINDOWS\System32\dmzil.exe C:\WINDOWS\System32\yaemu.exe C:\WINDOWS\System32\dmfou.exe C:\WINDOWS\System32\hgqhp.exe C:\WINDOWS\system32\idemlog.exe C:\WINDOWS\system32\cspoe.exe PC neustarten damit wird deine jetzige Internetverbindung geloescht, denn sie ist nicht korrekt. Stelle dich nach dem neustart darauf ein, dass du eine neue Verbindung erstellen musst. öffne das HijackThis -- Button "scan" -- vor die Malware-Einträge Häkchen setzen -- Button "Fix checked" O4 - HKLM\..\Run: [dmfou.exe] C:\WINDOWS\System32\dmfou.exe O4 - HKLM\..\Run: [hgqhp.exe] C:\WINDOWS\System32\hgqhp.exe O4 - HKCU\..\Run: [desktop] C:\WINDOWS\System32\idemlog.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{613949B8-0415-44EE-AABD-243717A62479}: NameServer = 85.255.116.75,85.255.112.177 O17 - HKLM\System\CCS\Services\Tcpip\..\{9875EC03-E2F7-4D09-9D66-3AFAB967B752}: NameServer = 85.255.116.75,85.255.112.177 O17 - HKLM\System\CCS\Services\Tcpip\..\{9E2C6D3F-BE58-4C2D-9E48-1BEBEF9D468B}: NameServer = 85.255.116.75,85.255.112.177 O17 - HKLM\System\CCS\Services\Tcpip\..\{B2F2C398-F9F3-4266-A7D0-E70DD1D8110B}: NameServer = 85.255.116.75,85.255.112.177 O17 - HKLM\System\CCS\Services\Tcpip\..\{CAA36B49-15E8-4139-9435-412C368475DC}: NameServer = 85.255.116.75,85.255.112.177 O17 - HKLM\System\CCS\Services\Tcpip\..\{DFF03EB0-8BFC-413E-83DC-4D328845EA65}: NameServer = 85.255.116.75,85.255.112.177 Computer in den abgesicherten Modus neustarten (F8 beim Starten drücken). Die Datei "fixme.reg" auf dem Desktop doppelklicken Fixwareout.exe http://swandog46.geekstogo.com/Fixwareout.exe --> next --> Install --> Run fixit --> Finish / der PC wird neustarten --> boote wieder in den Normalmodus hoster.zip Press 'Restore Original Hosts' and press 'OK' Exit Program. scanne mit dr.Web und berichte http://virus-protect.org/cureit.html dann poste das neue Log vom HijackTHis __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
04.03.2006, 20:40
Member
Themenstarter Beiträge: 16 |
#11
So....
was ist bzw. wo finde ich hoster.zip ??? Dr.Web hat nix gefunden HijackThis Logfile: Logfile of HijackThis v1.99.1 Scan saved at 20:43:11, on 04.03.2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Programme\AntiVir PersonalEdition Classic\sched.exe C:\Programme\AntiVir PersonalEdition Classic\avguard.exe C:\Programme\FRITZ!DSL\IGDCTRL.EXE C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe C:\WINDOWS\System32\wdfmgr.exe C:\WINDOWS\System32\UAService.exe C:\Programme\Sunbelt Software\CounterSpy\Consumer\Thread.exe C:\Programme\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe C:\WINDOWS\ATK0100\Hcontrol.exe C:\WINDOWS\SOUNDMAN.EXE C:\Progra~1\ASUS\Power4 Gear\BatteryLife.exe C:\Progra~1\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programme\Synaptics\SynTP\SynTPLpr.exe C:\Programme\Synaptics\SynTP\SynTPEnh.exe C:\Programme\Java\jre1.5.0_04\bin\jusched.exe D:\Programme\iTunes\iTunesHelper.exe C:\Programme\Sunbelt Software\CounterSpy\Consumer\sunserver.exe C:\Programme\QuickTime\qttask.exe C:\Progra~1\ASUS\WLAN Card Utilities\Center.exe C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe C:\Programme\TV Movie\TV Movie ClickFinder\tvtip.EXE C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Programme\Gemeinsame Dateien\PCSuite\DataLayer\DataLayer.exe C:\WINDOWS\System32\ctfmon.exe C:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe C:\Programme\Asus\Asus ChkMail\ChkMail.exe C:\Programme\Asus\ASUS Hotkey\Hotkey.exe C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe C:\Programme\iPod\bin\iPodService.exe C:\Programme\Logitech\Harmony Remote\harmonyClient.exe C:\Programme\ETeX AG\Speak&Win\ETeXSecureClientXP.exe C:\PROGRA~1\GEMEIN~1\PCSuite\Services\SERVIC~1.EXE C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Programme\FRITZ!DSL\FwebProt.exe C:\Programme\FRITZ!DSL\StCenter.exe c:\programme\etex ag\speak&win\bin\ETTSengine.exe C:\WINDOWS\ATK0100\ATKOSD.exe C:\PROGRA~1\GEMEIN~1\Nokia\MPAPI\MPAPI3s.exe C:\WINDOWS\System32\wuauclt.exe D:\Downloads\Programme\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.asus.com.tw/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com.tw O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - D:\Programme\TechSmith\SnagIt 7\SnagItBHO.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - D:\Programme\TechSmith\SnagIt 7\SnagItIEAddin.dll O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [Power_Gear] C:\Progra~1\ASUS\Power4 Gear\BatteryLife.exe 1 O4 - HKLM\..\Run: [ATIPTA] C:\Progra~1\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [xpos] C:\Programme\DATA BECKER\XP optimal stylen\xpui.exe /tray O4 - HKLM\..\Run: [BootSkin Startup Jobs] "D:\Programme\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs O4 - HKLM\..\Run: [LogonStudio] "D:\Programme\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM O4 - HKLM\..\Run: [VC5Player] C:\Programme\HHVcdV5Sys\VC5Play.exe O4 - HKLM\..\Run: [iTunesHelper] "D:\Programme\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [SunServer] C:\Programme\Sunbelt Software\CounterSpy\Consumer\sunserver.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Control Center] C:\Progra~1\ASUS\WLAN Card Utilities\Center.exe O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [TVTip] C:\Programme\TV Movie\TV Movie ClickFinder\tvtip.EXE /m O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray O4 - HKLM\..\Run: [DataLayer] C:\Programme\Gemeinsame Dateien\PCSuite\DataLayer\DataLayer.exe O4 - HKLM\..\Run: [dmwqi.exe] C:\WINDOWS\System32\dmwqi.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [PcSync] C:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog O4 - Startup: Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: FRITZ!DSL Protect.lnk = C:\Programme\FRITZ!DSL\FwebProt.exe O4 - Startup: FRITZ!DSL Startcenter.lnk = C:\Programme\FRITZ!DSL\StCenter.exe O4 - Global Startup: ASUS ChkMail.lnk = C:\Programme\Asus\Asus ChkMail\ChkMail.exe O4 - Global Startup: Hotkey.lnk = C:\Programme\Asus\ASUS Hotkey\Hotkey.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe O4 - Global Startup: BlueSoleil.lnk = ? O4 - Global Startup: Logitech Harmony Remote.lnk = C:\Programme\Logitech\Harmony Remote\harmonyClient.exe O4 - Global Startup: ETeX Secure Client.lnk = C:\Programme\ETeX AG\Speak&Win\ETeXSecureClientXP.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programme\ICQLite\ICQLite.exe |
|
|
|
|
|
|
04.03.2006, 21:56
Ehrenmitglied
Beiträge: 29434 |
#12
sorry
 Zitat Hoster.zipFixe mit dem HijackThis:...starte aber noch nicht neu, lasse hijackThis mit diesem angehakten Eintrag offen O4 - HKLM\..\Run: [dmwqi.exe] C:\WINDOWS\System32\dmwqi.exe loesche mit der killbox: C:\WINDOWS\System32\dmwqi.exe PC neustarten scanne mit ewido und poste den scanreport http://virus-protect.org/ewido.html + das neue Log vom HijackTHis __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
05.03.2006, 10:49
Member
Themenstarter Beiträge: 16 |
#13
Hallo Sabina !
Also bei Hoster blick ich nicht durch.... Die oben genannte Datei "dmwqi.exe" gibt´s nirgends mehr... Und nun der Scanbericht von ewido: --------------------------------------------------------- ewido anti-malware - Scan Report --------------------------------------------------------- + Erstellt am: 10:50:48, 05.03.2006 + Report-Checksumme: 338D53B7 + Scanergebnis: HKLM\SOFTWARE\Classes\ToolBand.ToolBandObj -> Adware.CoolWebSearch : Gesäubert mit Backup HKLM\SOFTWARE\Classes\ToolBand.ToolBandObj\CLSID -> Adware.CoolWebSearch : Gesäubert mit Backup HKLM\SOFTWARE\Classes\ToolBand.ToolBandObj\CurVer -> Adware.CoolWebSearch : Gesäubert mit Backup HKLM\SOFTWARE\Classes\ToolBand.ToolBandObj.1 -> Adware.CoolWebSearch : Gesäubert mit Backup [2028] VM_013B0000 -> Trojan.Pakes : Fehler beim Säubern C:\WINDOWS\system32\pppcgm.exe -> Adware.Msnagent : Gesäubert mit Backup C:\WINDOWS\system32\filesafer23.exe -> Hijacker.Small : Gesäubert mit Backup C:\Dokumente und Einstellungen\Dirk\Lokale Einstellungen\Anwendungsdaten\Sunbelt Software\CounterSpy\Quarantine\B9674B16-002D-4603-B0CB-7741A1\4910FA15-6424-4FC5-ABCD-7FF5A7 -> Adware.Msnagent : Gesäubert mit Backup C:\Dokumente und Einstellungen\Dirk\Lokale Einstellungen\Anwendungsdaten\Sunbelt Software\CounterSpy\Quarantine\B9674B16-002D-4603-B0CB-7741A1\03D32F55-2095-44FA-9096-241754 -> Adware.Msnagent : Gesäubert mit Backup C:\Dokumente und Einstellungen\Dirk\Lokale Einstellungen\Anwendungsdaten\Sunbelt Software\CounterSpy\Quarantine\B9674B16-002D-4603-B0CB-7741A1\F2EE0FB1-5BA5-45E6-905C-F21E10 -> Adware.Msnagent : Gesäubert mit Backup C:\Dokumente und Einstellungen\Dirk\Lokale Einstellungen\Anwendungsdaten\Sunbelt Software\CounterSpy\Quarantine\B9674B16-002D-4603-B0CB-7741A1\1A2712C2-B010-4F26-A09D-9764BF Information\_restore{7D0610EB-FB5D-451F-BE84-4EA40E133A9B}\RP62\A0009668.EXE -> Trojan.DNSChanger.bn : Gesäubert mit Backup C:\System Volume Information\_restore{7D0610EB-FB5D-451F-BE84-4EA40E133A9B}\RP62\A0010668.EXE -> Trojan.DNSChanger.bn : Gesäubert mit Backup ::Report Ende Und nun noch HijackThis: Logfile of HijackThis v1.99.1 Scan saved at 10:54:02, on 05.03.2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Programme\AntiVir PersonalEdition Classic\sched.exe C:\Programme\AntiVir PersonalEdition Classic\avguard.exe C:\Programme\FRITZ!DSL\IGDCTRL.EXE C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe C:\WINDOWS\System32\wdfmgr.exe C:\WINDOWS\System32\UAService.exe C:\Programme\Sunbelt Software\CounterSpy\Consumer\Thread.exe C:\Programme\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe C:\WINDOWS\ATK0100\Hcontrol.exe C:\WINDOWS\SOUNDMAN.EXE C:\Progra~1\ASUS\Power4 Gear\BatteryLife.exe C:\Progra~1\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programme\Synaptics\SynTP\SynTPLpr.exe C:\Programme\Synaptics\SynTP\SynTPEnh.exe C:\Programme\Java\jre1.5.0_04\bin\jusched.exe D:\Programme\iTunes\iTunesHelper.exe C:\Programme\Sunbelt Software\CounterSpy\Consumer\sunserver.exe C:\Programme\QuickTime\qttask.exe C:\Progra~1\ASUS\WLAN Card Utilities\Center.exe C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe C:\Programme\TV Movie\TV Movie ClickFinder\tvtip.EXE C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Programme\Gemeinsame Dateien\PCSuite\DataLayer\DataLayer.exe C:\WINDOWS\System32\ctfmon.exe C:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe C:\Programme\Asus\Asus ChkMail\ChkMail.exe C:\Programme\Asus\ASUS Hotkey\Hotkey.exe C:\PROGRA~1\GEMEIN~1\PCSuite\Services\SERVIC~1.EXE C:\Programme\iPod\bin\iPodService.exe C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe C:\Programme\Logitech\Harmony Remote\harmonyClient.exe C:\WINDOWS\ATK0100\ATKOSD.exe C:\Programme\ETeX AG\Speak&Win\ETeXSecureClientXP.exe C:\Programme\FRITZ!DSL\FwebProt.exe C:\PROGRA~1\GEMEIN~1\Nokia\MPAPI\MPAPI3s.exe C:\Programme\FRITZ!DSL\StCenter.exe c:\programme\etex ag\speak&win\bin\ETTSengine.exe C:\Programme\ewido anti-malware\ewidoguard.exe C:\Programme\ewido anti-malware\ewidoctrl.exe C:\Programme\ewido anti-malware\securitysuite.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Programme\Mozilla Firefox\firefox.exe D:\Downloads\Programme\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.asus.com.tw/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com.tw O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - D:\Programme\TechSmith\SnagIt 7\SnagItBHO.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - D:\Programme\TechSmith\SnagIt 7\SnagItIEAddin.dll O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [Power_Gear] C:\Progra~1\ASUS\Power4 Gear\BatteryLife.exe 1 O4 - HKLM\..\Run: [ATIPTA] C:\Progra~1\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [xpos] C:\Programme\DATA BECKER\XP optimal stylen\xpui.exe /tray O4 - HKLM\..\Run: [BootSkin Startup Jobs] "D:\Programme\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs O4 - HKLM\..\Run: [LogonStudio] "D:\Programme\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM O4 - HKLM\..\Run: [VC5Player] C:\Programme\HHVcdV5Sys\VC5Play.exe O4 - HKLM\..\Run: [iTunesHelper] "D:\Programme\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [SunServer] C:\Programme\Sunbelt Software\CounterSpy\Consumer\sunserver.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Control Center] C:\Progra~1\ASUS\WLAN Card Utilities\Center.exe O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [TVTip] C:\Programme\TV Movie\TV Movie ClickFinder\tvtip.EXE /m O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray O4 - HKLM\..\Run: [DataLayer] C:\Programme\Gemeinsame Dateien\PCSuite\DataLayer\DataLayer.exe O4 - HKLM\..\Run: [dmupu.exe] C:\WINDOWS\System32\dmupu.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [PcSync] C:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog O4 - Startup: Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: FRITZ!DSL Protect.lnk = C:\Programme\FRITZ!DSL\FwebProt.exe O4 - Startup: FRITZ!DSL Startcenter.lnk = C:\Programme\FRITZ!DSL\StCenter.exe O4 - Global Startup: ASUS ChkMail.lnk = C:\Programme\Asus\Asus ChkMail\ChkMail.exe O4 - Global Startup: Hotkey.lnk = C:\Programme\Asus\ASUS Hotkey\Hotkey.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe O4 - Global Startup: BlueSoleil.lnk = ? O4 - Global Startup: Logitech Harmony Remote.lnk = C:\Programme\Logitech\Harmony Remote\harmonyClient.exe O4 - Global Startup: ETeX Secure Client.lnk = C:\Programme\ETeX AG\Speak&Win\ETeXSecureClientXP.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programme\ICQLite\ICQLite.exe O9 - Extra button: SchnapperPro - {D6243B39-211B-440E-B4C5-26D2A579CAC8} - D:\Programme\SchnapperPro\SchnapperPro.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com.tw O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1130776066506 O17 - HKLM\System\CCS\Services\Tcpip\..\{B2F2C398-F9F3-4266-A7D0-E70DD1D8110B}: NameServer = 195.95.218.20,85.255.112.10 O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir Scheduler (AntiVirScheduler) - H+BEDV Datentechnik GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: AVM IGD CTRL Service - AVM Berlin - C:\Programme\FRITZ!DSL\IGDCTRL.EXE O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe O23 - Service: ewido security suite control - ewido networks - C:\Programme\ewido anti-malware\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Programme\ewido anti-malware\ewidoguard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: SecuROM User Access Service (UserAccess) - Unknown owner - C:\WINDOWS\System32\UAService.exe |
|
|
|
|
|
|
05.03.2006, 13:16
Ehrenmitglied
Beiträge: 29434 |
#14
1.
Arbeitsplatz-->Rechtsklick, dann auf Eigenschaften--->Reiter Systemwiederherstellung--->Häkchen setzen bei Systemwiederherstellung auf allen Laufwerken deaktivieren. 2. fixe mit dem HijackThis: O4 - HKLM\..\Run: [dmupu.exe] C:\WINDOWS\System32\dmupu.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{B2F2C398-F9F3-4266-A7D0-E70DD1D8110B}: NameServer = 195.95.218.20,85.255.112.10 3. PC neustarten --> in den abgesicherten modus 4. scane noch mal mit ewido , lasse alles loeschen, was erkannt wird, dann poste den enuen Scanreport + das neue log vom HijackTHis __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
05.03.2006, 15:56
Member
Themenstarter Beiträge: 16 |
#15
So hier ewido: :-))
--------------------------------------------------------- ewido anti-malware - Scan Report --------------------------------------------------------- + Erstellt am: 15:59:00, 05.03.2006 + Report-Checksumme: F7BCD8DF + Scanergebnis: Keine infizierten Objekte gefunden. ::Report Ende Und nochmal HijackThis: Logfile of HijackThis v1.99.1 Scan saved at 16:00:24, on 05.03.2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\Explorer.EXE C:\Programme\AntiVir PersonalEdition Classic\avguard.exe C:\Programme\FRITZ!DSL\IGDCTRL.EXE C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe C:\Programme\ewido anti-malware\ewidoctrl.exe C:\Programme\ewido anti-malware\ewidoguard.exe C:\WINDOWS\System32\UAService.exe C:\Programme\Sunbelt Software\CounterSpy\Consumer\Thread.exe C:\Programme\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe C:\WINDOWS\ATK0100\Hcontrol.exe C:\WINDOWS\SOUNDMAN.EXE C:\Progra~1\ASUS\Power4 Gear\BatteryLife.exe C:\Progra~1\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programme\Synaptics\SynTP\SynTPLpr.exe C:\Programme\Synaptics\SynTP\SynTPEnh.exe C:\Programme\Java\jre1.5.0_04\bin\jusched.exe C:\Programme\Sunbelt Software\CounterSpy\Consumer\sunserver.exe C:\Programme\QuickTime\qttask.exe C:\Progra~1\ASUS\WLAN Card Utilities\Center.exe C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe C:\Programme\TV Movie\TV Movie ClickFinder\tvtip.EXE C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Programme\Gemeinsame Dateien\PCSuite\DataLayer\DataLayer.exe C:\WINDOWS\System32\ctfmon.exe C:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe C:\Programme\Asus\Asus ChkMail\ChkMail.exe C:\PROGRA~1\GEMEIN~1\PCSuite\Services\SERVIC~1.EXE C:\Programme\Asus\ASUS Hotkey\Hotkey.exe C:\PROGRA~1\GEMEIN~1\Nokia\MPAPI\MPAPI3s.exe C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe C:\WINDOWS\ATK0100\ATKOSD.exe C:\Programme\Logitech\Harmony Remote\harmonyClient.exe C:\Programme\ETeX AG\Speak&Win\ETeXSecureClientXP.exe C:\Programme\FRITZ!DSL\FwebProt.exe C:\Programme\FRITZ!DSL\StCenter.EXE c:\programme\etex ag\speak&win\bin\ETTSengine.exe C:\Programme\Mozilla Firefox\firefox.exe D:\Downloads\Programme\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.asus.com.tw/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com.tw O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - D:\Programme\TechSmith\SnagIt 7\SnagItBHO.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - D:\Programme\TechSmith\SnagIt 7\SnagItIEAddin.dll O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [Power_Gear] C:\Progra~1\ASUS\Power4 Gear\BatteryLife.exe 1 O4 - HKLM\..\Run: [ATIPTA] C:\Progra~1\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [VC5Player] C:\Programme\HHVcdV5Sys\VC5Play.exe O4 - HKLM\..\Run: [SunServer] C:\Programme\Sunbelt Software\CounterSpy\Consumer\sunserver.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Control Center] C:\Progra~1\ASUS\WLAN Card Utilities\Center.exe O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [TVTip] C:\Programme\TV Movie\TV Movie ClickFinder\tvtip.EXE /m O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray O4 - HKLM\..\Run: [DataLayer] C:\Programme\Gemeinsame Dateien\PCSuite\DataLayer\DataLayer.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [PcSync] C:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog O4 - Startup: Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: FRITZ!DSL Protect.lnk = C:\Programme\FRITZ!DSL\FwebProt.exe O4 - Startup: FRITZ!DSL Startcenter.lnk = C:\Programme\FRITZ!DSL\StCenter.exe O4 - Global Startup: ASUS ChkMail.lnk = C:\Programme\Asus\Asus ChkMail\ChkMail.exe O4 - Global Startup: Hotkey.lnk = C:\Programme\Asus\ASUS Hotkey\Hotkey.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe O4 - Global Startup: Logitech Harmony Remote.lnk = C:\Programme\Logitech\Harmony Remote\harmonyClient.exe O4 - Global Startup: ETeX Secure Client.lnk = C:\Programme\ETeX AG\Speak&Win\ETeXSecureClientXP.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programme\ICQLite\ICQLite.exe O9 - Extra button: SchnapperPro - {D6243B39-211B-440E-B4C5-26D2A579CAC8} - D:\Programme\SchnapperPro\SchnapperPro.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com.tw O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1130776066506 O17 - HKLM\System\CCS\Services\Tcpip\..\{B2F2C398-F9F3-4266-A7D0-E70DD1D8110B}: NameServer = 195.95.218.20,85.255.112.10 O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir Scheduler (AntiVirScheduler) - H+BEDV Datentechnik GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: AVM IGD CTRL Service - AVM Berlin - C:\Programme\FRITZ!DSL\IGDCTRL.EXE O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe O23 - Service: ewido security suite control - ewido networks - C:\Programme\ewido anti-malware\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Programme\ewido anti-malware\ewidoguard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: SecuROM User Access Service (UserAccess) - Unknown owner - C:\WINDOWS\System32\UAService.exe Muß ich nun nochmal was machen, oder ist mein Laptop damit geheilt ?? Wenn ja was rätst du mir für die Zukunft ? (Software etc.) |
|
|
|
|
|
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!
bitte erst » hier kostenlos registrieren!!
Folgende Themen könnten Dich auch interessieren:
Copyright © 2024, Protecus.de - Protecus Team - Impressum / Mediadaten
Mein Antivir hat vorhin oben genannten Virus gefunden.
Es öffnet sich beim Computerstart auch immer rechts so ne Leiste mit Schaltflächen "XXX", "Spyware" usw..
Die Datei ist unter c:\windows\system32\sphlp.32.exe
Wollte sie schon mit killbox löschen aber hat nichts gebracht.
Was kann ich nun tun ???