Ich kann Spywarequake nicht entfernen |
||
---|---|---|
#0
| ||
31.08.2006, 21:24
Ehrenmitglied
Beiträge: 29434 |
||
|
||
02.09.2006, 11:57
Member
Beiträge: 12 |
#167
So hier der Report:
SUPERAntiSpyware Scan Log Generated 09/01/2006 at 05:19 PM Core Rules Database Version : 3070 Trace Rules Database Version: 1110 Memory Thread detected : 0 Registry Thread detected : 43 File Thread detected : 26 Adware.Director [{18BA9D2E-044A-1031-0519-050311180031}] C:\Programme\Gemeinsame Dateien\{18BA9D2E-044A-1031-0519-050311180031}\Update.exe C:\Programme\Gemeinsame Dateien\{18BA9D2E-044A-1031-0519-050311180031}\Update.exe C:\WINDOWS\Prefetch\UPDATE.EXE-2B150CA6.pf Adware.Vundo Variant HKLM\Software\Classes\CLSID\{0BB36B53-F4C6-4DAF-AFB8-3D127B4BCCCE} HKCR\CLSID\{0BB36B53-F4C6-4DAF-AFB8-3D127B4BCCCE} HKCR\CLSID\{0BB36B53-F4C6-4DAF-AFB8-3D127B4BCCCE}\InprocServer32 HKCR\CLSID\{0BB36B53-F4C6-4DAF-AFB8-3D127B4BCCCE}\InprocServer32#ThreadingModel C:\WINDOWS\system32\ddcyv.dll Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\geeda C:\WINDOWS\system32\geeda.dll C:\System Volume Information\_restore{CB90538A-FD98-4616-9909-753D9DBFB8A6}\RP112\A0036261.dll C:\System Volume Information\_restore{CB90538A-FD98-4616-9909-753D9DBFB8A6}\RP112\A0036265.dll Adware.ToolBar888 HKLM\Software\Classes\CLSID\{CBCC61FA-0221-4ccc-B409-CEE865CACA3A} HKCR\CLSID\{CBCC61FA-0221-4ccc-B409-CEE865CACA3A} HKCR\CLSID\{CBCC61FA-0221-4ccc-B409-CEE865CACA3A} HKCR\CLSID\{CBCC61FA-0221-4ccc-B409-CEE865CACA3A}\InprocServer32 HKCR\CLSID\{CBCC61FA-0221-4ccc-B409-CEE865CACA3A}\InprocServer32#ThreadingModel HKCR\CLSID\{CBCC61FA-0221-4ccc-B409-CEE865CACA3A}\ProgID HKCR\CLSID\{CBCC61FA-0221-4ccc-B409-CEE865CACA3A}\Programmable HKCR\CLSID\{CBCC61FA-0221-4ccc-B409-CEE865CACA3A}\TypeLib HKCR\CLSID\{CBCC61FA-0221-4ccc-B409-CEE865CACA3A}\VersionIndependentProgID C:\Programme\ToolBar888\MyToolBar.dll C:\Programme\Toolbar888\Activate.exe C:\Programme\Toolbar888\Uninst.exe C:\Programme\Toolbar888 HKCR\TypeLib\{569304BA-83ED-4CFF-AC26-BE3E482F7208} HKCR\TypeLib\{569304BA-83ED-4CFF-AC26-BE3E482F7208}\1.0 HKCR\TypeLib\{569304BA-83ED-4CFF-AC26-BE3E482F7208}\1.0\0 HKCR\TypeLib\{569304BA-83ED-4CFF-AC26-BE3E482F7208}\1.0\0\win32 HKCR\TypeLib\{569304BA-83ED-4CFF-AC26-BE3E482F7208}\1.0\FLAGS HKCR\TypeLib\{569304BA-83ED-4CFF-AC26-BE3E482F7208}\1.0\HELPDIR HKCR\Interface\{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B} HKCR\Interface\{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B}\ProxyStubClsid HKCR\Interface\{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B}\ProxyStubClsid32 HKCR\Interface\{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B}\TypeLib HKCR\Interface\{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B}\TypeLib#Version HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ToolBar888 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ToolBar888#DisplayName HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ToolBar888#UninstallString HKCR\MyToolBar.MyToolBarObj HKCR\MyToolBar.MyToolBarObj\CLSID HKCR\MyToolBar.MyToolBarObj\CurVer HKCR\MyToolBar.MyToolBarObj.1 HKCR\MyToolBar.MyToolBarObj.1\CLSID HKLM\Software\Classes\MyToolBar.MyToolBarObj HKLM\Software\Classes\MyToolBar.MyToolBarObj\CLSID HKLM\Software\Classes\MyToolBar.MyToolBarObj\CurVer HKLM\Software\Classes\MyToolBar.MyToolBarObj.1 HKLM\Software\Classes\MyToolBar.MyToolBarObj.1\CLSID HKU\S-1-5-21-1659004503-1682526488-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CBCC61FA-0221-4CCC-B409-CEE865CACA3A} C:\System Volume Information\_restore{CB90538A-FD98-4616-9909-753D9DBFB8A6}\RP112\A0036272.dll C:\WINDOWS\Prefetch\ACTIVATE.EXE-1B736224.pf Adware.Zango HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{56F1D444-11BF-4879-A12B-79CF0177F038} Browser Hijacker.BestSafetyGuide HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{873eb32d-ae1a-4183-89bd-45a77f761be4} Trojan.Unknown Origin HKLM\SOFTWARE\Microsoft\MSSMGR C:\Dokumente und Einstellungen\Axpyrus\Lokale Einstellungen\Temporary Internet Files\Content.IE5\3YLRUBR4\l11[1].exe C:\Programme\Gemeinsame Dateien\{18BA9D2E-044A-1031-0519-050311180031}\services.dll BearShare File Sharing Client C:\d\BearShare\BearShare.exe C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\BearShare.lnk Trojan.Freeprod C:\Dokumente und Einstellungen\Axpyrus\Lokale Einstellungen\Temporary Internet Files\Content.IE5\31PSZN5B\wlzip32[1].exe Unclassified.Unknown Origin/System C:\Dokumente und Einstellungen\Axpyrus\Lokale Einstellungen\Temporary Internet Files\Content.IE5\3YLRUBR4\wlzip32[1].exe C:\System Volume Information\_restore{CB90538A-FD98-4616-9909-753D9DBFB8A6}\RP112\A0036269.exe C:\System Volume Information\_restore{CB90538A-FD98-4616-9909-753D9DBFB8A6}\RP112\A0036270.exe C:\WINDOWS\Temp\win42.tmp.exe C:\WINDOWS\Prefetch\WIN42.TMP.EXE-18F3A5EB.pf Adware.Universa C:\Dokumente und Einstellungen\Axpyrus\Lokale Einstellungen\Temporary Internet Files\Content.IE5\KJZ96UF3\srvneo[1].exe Trojan.Downlaoder-WINRNT32 C:\System Volume Information\_restore{CB90538A-FD98-4616-9909-753D9DBFB8A6}\RP112\A0036264.dll Malware.Notifier C:\WINDOWS\system32\ismon.exe C:\WINDOWS\Prefetch\ISMON.EXE-2F715B97.pf Dann hab ich es nochmal im abgesicherten Modus durchlaufen lassen. Der Report: SUPERAntiSpyware Scan Log Generated 09/02/2006 at 11:27 AM Core Rules Database Version : 3070 Trace Rules Database Version: 1110 Memory Thread detected : 0 Registry Thread detected : 2 File Thread detected : 7 Adware.Zango HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{56F1D444-11BF-4879-A12B-79CF0177F038} Browser Hijacker.BestSafetyGuide HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{873eb32d-ae1a-4183-89bd-45a77f761be4} Adware.Tracking Cookie C:\Dokumente und Einstellungen\Axpyrus\Cookies\axpyrus@2o7[2].txt C:\Dokumente und Einstellungen\Axpyrus\Cookies\axpyrus@atdmt[2].txt C:\Dokumente und Einstellungen\Axpyrus\Cookies\axpyrus@rambler[2].txt C:\Dokumente und Einstellungen\Axpyrus\Cookies\axpyrus@weborama[2].txt C:\Dokumente und Einstellungen\Axpyrus\Cookies\axpyrus@atwola[1].txt BearShare File Sharing Client C:\d\BearShare\BearShare.exe C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\BearShare.lnk |
|
|
||
02.09.2006, 13:18
Ehrenmitglied
Beiträge: 29434 |
#168
Axpyrus
2. smitfraud.fix abarbeiten - option 1 und 2 (poste beide scanreporte) http://virus-protect.org/artikel/tools/smitfrautfix.html 2. poste das neue log vom HijackThis 3. poste noch mal die 4 logs von datfindbat __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
02.09.2006, 16:32
Member
Beiträge: 12 |
#169
Hijack This Log
Logfile of HijackThis v1.99.1 Scan saved at 16:19:02, on 02.09.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\wscntfy.exe C:\Programme\Winamp\winampa.exe C:\Programme\Java\jre1.5.0_08\bin\jusched.exe F:\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\MSN Messenger\MsnMsgr.Exe C:\Programme\Messenger\msmsgs.exe D:\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programme\VIA\RAID\raid_tool.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\WINDOWS\system32\wuauclt.exe C:\Dokumente und Einstellungen\Axpyrus\Desktop\HijackThis.exe R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll O2 - BHO: GigagetIEHelper Class - {111CAA23-6F4F-42AC-8555-B48C1D87BBAB} - C:\WINDOWS\System32\gigagetbho_v10.dll O2 - BHO: (no name) - {27EF3EBB-F337-4E1A-BAE5-3029978AA658} - (no file) O2 - BHO: (no name) - {283F7599-C068-442B-B79C-726A28CCEC01} - (no file) O2 - BHO: (no name) - {2B843679-224B-4C5D-8D09-E99D0FF8A4E9} - (no file) O2 - BHO: (no name) - {356920C6-F475-4F01-8E2B-DBB02BAC2D3E} - (no file) O2 - BHO: (no name) - {4C046E3A-BB86-48E4-A442-B2967E9B6154} - (no file) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {56F1D444-11BF-4879-A12B-79CF0177F038} - (no file) O2 - BHO: (no name) - {668B1E21-4DE0-450A-AB10-121220442EA6} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_08\bin\ssv.dll O2 - BHO: (no name) - {873eb32d-ae1a-4183-89bd-45a77f761be4} - (no file) O2 - BHO: (no name) - {B8265EB8-FC46-426B-8DAC-A2BA7D73033C} - (no file) O2 - BHO: (no name) - {C762D6BE-5240-4BE2-A8C5-A6A08D5877A1} - C:\WINDOWS\system32\geeda.dll (file missing) O2 - BHO: (no name) - {D3002E28-63F5-466C-A9A7-8BEAF049240C} - (no file) O2 - BHO: (no name) - {D510C4CB-E3C0-4767-B64B-BC6AB3C1D581} - (no file) O2 - BHO: (no name) - {EB2F31E4-D96D-400E-8802-12247AE40D14} - (no file) O2 - BHO: (no name) - {F6CEEC79-0156-4432-A9C3-48D195DA7F7A} - (no file) O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.5.0_08\bin\jusched.exe" O4 - HKLM\..\Run: [Zone Labs Client] "F:\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [SpybotSD TeaTimer] d:\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Startup: Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: MRU-Blaster Scheduler.lnk = D:\MRU-Blaster\scheduler.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: VIA RAID TOOL.lnk = C:\Programme\VIA\RAID\raid_tool.exe O8 - Extra context menu item: &Download All by Gigaget - d:\DownloadManager\Gigaget\getallurl.htm O8 - Extra context menu item: &Download by Gigaget - d:\DownloadManager\Gigaget\geturl.htm O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_08\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_08\bin\ssv.dll O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: ddcyv - C:\WINDOWS\ O20 - Winlogon Notify: hgghffc - C:\WINDOWS\ O20 - Winlogon Notify: khfecyy - C:\WINDOWS\ O20 - Winlogon Notify: SASWinLogon - D:\SUPERAntiSpyware\SASWINLO.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: winbfi32 - C:\WINDOWS\ O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - F:\TuneUp Utilities 2006\WinStylerThemeSvc.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe Letzen Monate von dafindbat Datentr„ger in Laufwerk C: ist System Volumeseriennummer: 18BA-9D2E Verzeichnis von C:\WINDOWS\system32 02.09.2006 16:17 13.646 wpa.dbl 02.09.2006 16:17 48.882 vsconfig.xml 01.09.2006 20:35 867.569 adeeg.ini 01.09.2006 17:53 867.569 adeeg.bak1 01.09.2006 16:40 360 vycdd.ini 01.09.2006 16:39 40.973 khfecyy.dll 01.09.2006 15:50 9.216 VundoFixSVC.exe 29.08.2006 18:05 40.973 hgghffc.dll 20.08.2006 23:17 13.646 wpa.bak 20.08.2006 21:20 4.212 zllictbl.dat 20.08.2006 11:32 380.350 perfh009.dat 20.08.2006 11:32 52.764 perfc009.dat 20.08.2006 11:32 391.000 perfh007.dat 20.08.2006 11:32 63.580 perfc007.dat 20.08.2006 11:32 897.954 PerfStringBackup.INI 20.08.2006 02:25 8.891 jupdate-1.5.0_08-b03.log 20.08.2006 00:34 92.680 FNTCACHE.DAT 20.08.2006 00:07 90 spupdwxp.log 09.08.2006 12:03 8.325.544 MRT.exe 06.08.2006 20:41 7.006 jupdate-1.5.0_06-b05.log 06.08.2006 17:07 34.064 lhacm.acm 06.08.2006 16:56 0 h323log.txt 06.08.2006 16:05 25.065 wmpscheme.xml 06.08.2006 16:03 261 $winnt$.inf 06.08.2006 16:00 2.951 CONFIG.NT 06.08.2006 15:59 488 logonui.exe.manifest 06.08.2006 15:59 488 WindowsLogon.manifest 06.08.2006 15:59 749 cdplayer.exe.manifest 06.08.2006 15:59 749 sapi.cpl.manifest 06.08.2006 15:59 749 wuaucpl.cpl.manifest 06.08.2006 15:59 749 nwc.cpl.manifest 06.08.2006 15:59 749 ncpa.cpl.manifest 06.08.2006 15:58 21.740 emptyregdb.dat 28.07.2006 13:30 3.079.168 mshtml.dll 27.07.2006 15:25 679.424 inetcomm.dll 27.07.2006 04:05 3.596.288 qt-dx331.dll 27.07.2006 04:05 108.544 pxcpyi64.exe 27.07.2006 04:05 109.568 pxinsi64.exe 27.07.2006 04:05 73.728 dpl100.dll 27.07.2006 04:05 192.512 dtu100.dll 26.07.2006 03:03 127.078 javaws.exe 26.07.2006 03:03 49.265 jpicpl32.cpl |
|
|
||
02.09.2006, 17:01
Ehrenmitglied
Beiträge: 29434 |
#170
Axpyrus
also pass auf: datfindbat enthaelt 4 logs, poste noch die restlichen drei........ Zitat 1. Doppel-klick DATFINDBAT __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
03.09.2006, 09:18
Member
Beiträge: 12 |
#171
Ohh sry. Ich wusste doch da war noch was ^^.
Log 1: Datentr„ger in Laufwerk C: ist System Volumeseriennummer: 18BA-9D2E Verzeichnis von C:\WINDOWS\system32 03.09.2006 08:59 13.646 wpa.dbl 03.09.2006 08:59 48.882 vsconfig.xml 01.09.2006 20:35 867.569 adeeg.ini 01.09.2006 17:53 867.569 adeeg.bak1 01.09.2006 16:40 360 vycdd.ini 01.09.2006 16:39 40.973 khfecyy.dll 01.09.2006 15:50 9.216 VundoFixSVC.exe 29.08.2006 18:05 40.973 hgghffc.dll 20.08.2006 23:17 13.646 wpa.bak 20.08.2006 21:20 4.212 zllictbl.dat 20.08.2006 11:32 380.350 perfh009.dat 20.08.2006 11:32 52.764 perfc009.dat 20.08.2006 11:32 391.000 perfh007.dat 20.08.2006 11:32 63.580 perfc007.dat Log 2 Datentr„ger in Laufwerk C: ist System Volumeseriennummer: 18BA-9D2E Verzeichnis von C:\DOKUME~1\Axpyrus\LOKALE~1\Temp 03.09.2006 09:11 978 TmpICQMagic_{05736BBE-C20F-4F10-A6DE-4DB1E3564B0E}17269.html 03.09.2006 09:11 983 TmpICQMagic_{EC202595-1DFD-4301-A1EA-13C1E331B505}10233.html 03.09.2006 09:11 16.384 ~DF92E8.tmp 03.09.2006 09:11 16.384 ~DF8E72.tmp 03.09.2006 09:11 512 ~DF8E83.tmp 03.09.2006 09:04 346 jusched.log 17.02.2006 16:55 143.360 SSUPDATE.EXE 7 Datei(en) 178.947 Bytes 0 Verzeichnis(se), 7.036.956.672 Bytes frei Log 3 (is ein bissel komisch irgendwie.. 03.09.2006 08:59 0 0.log 03.09.2006 08:59 572.688 WindowsUpdate.log 03.09.2006 08:59 2.048 bootstat.dat 02.09.2006 18:02 15.768 SchedLgU.Txt 02.09.2006 16:14 181.178 setupact.log 02.09.2006 16:12 381.430 ntbtlog.txt 01.09.2006 15:54 1.102 fesoeoia.txt 31.08.2006 22:01 35.833 wmsetup.log 30.08.2006 19:02 1.538 vixhliir.txt 29.08.2006 07:13 725.199 setupapi.log 27.08.2006 15:53 213 wiadebug.log 27.08.2006 14:43 176.054 DirectX.log 27.08.2006 11:05 50 wiaservc.log 20.08.2006 23:17 759.826 setuplog.txt 20.08.2006 11:33 4.682 WgaNotify.log 20.08.2006 11:30 30.806 spupdsvc.log 20.08.2006 03:04 1.374 imsins.log Log 4 03.09.2006 09:17 0 sys.txt 03.09.2006 09:16 9.443 system.txt 03.09.2006 09:16 680 systemtemp.txt 03.09.2006 09:16 92.422 system32.txt 03.09.2006 08:58 805.306.368 pagefile.sys 02.09.2006 18:01 268 sqmdata10.sqm 02.09.2006 18:01 244 sqmnoopt10.sqm 02.09.2006 16:15 896 rapport.txt 02.09.2006 16:10 268 sqmdata09.sqm 02.09.2006 16:10 244 sqmnoopt09.sqm 02.09.2006 13:24 268 sqmdata08.sqm 02.09.2006 13:24 244 sqmnoopt08.sqm 01.09.2006 21:22 244 sqmnoopt07.sqm 01.09.2006 21:22 268 sqmdata07.sqm 01.09.2006 16:40 268 sqmdata06.sqm 01.09.2006 16:40 244 sqmnoopt06.sqm 01.09.2006 15:54 268 sqmdata05.sqm 01.09.2006 15:54 244 sqmnoopt05.sqm 01.09.2006 15:50 1.828 VundoFix.txt 31.08.2006 23:21 268 sqmdata04.sqm 31.08.2006 23:21 244 sqmnoopt04.sqm 30.08.2006 22:43 268 sqmdata03.sqm 30.08.2006 22:43 244 sqmnoopt03.sqm 30.08.2006 19:10 33.807 ComboFix.txt 30.08.2006 19:07 120 ComboFix2.txt 30.08.2006 19:04 268 sqmdata02.sqm 30.08.2006 19:04 244 sqmnoopt02.sqm 29.08.2006 19:24 268 sqmdata01.sqm 29.08.2006 19:24 244 sqmnoopt01.sqm 29.08.2006 18:06 268 sqmdata00.sqm 29.08.2006 18:06 244 sqmnoopt00.sqm 29.08.2006 18:05 2.108 smitfiles.txt 29.08.2006 17:50 268 sqmdata19.sqm 29.08.2006 17:50 244 sqmnoopt19.sqm 29.08.2006 17:28 32.722 ComboFixII.txt 29.08.2006 17:27 32.722 ComboFix3.txt 28.08.2006 23:08 268 sqmdata18.sqm 28.08.2006 23:08 244 sqmnoopt18.sqm 27.08.2006 19:25 268 sqmdata17.sqm 27.08.2006 19:25 244 sqmnoopt17.sqm 27.08.2006 15:53 232 sqmdata16.sqm 27.08.2006 15:53 244 sqmnoopt16.sqm 27.08.2006 15:53 268 sqmdata15.sqm 27.08.2006 15:53 244 sqmnoopt15.sqm 26.08.2006 20:43 268 sqmdata14.sqm 26.08.2006 20:43 244 sqmnoopt14.sqm 26.08.2006 20:32 268 sqmdata13.sqm 26.08.2006 20:32 244 sqmnoopt13.sqm 26.08.2006 20:25 268 sqmdata12.sqm 26.08.2006 20:25 244 sqmnoopt12.sqm 26.08.2006 16:10 268 sqmdata11.sqm 26.08.2006 16:10 244 sqmnoopt11.sqm 20.08.2006 00:02 211 boot.ini.SAB 20.08.2006 00:02 211 boot.ini 19.08.2006 23:52 47.564 NTDETECT.COM 19.08.2006 23:52 251.184 ntldr 06.08.2006 16:00 0 AUTOEXEC.BAT 06.08.2006 16:00 0 MSDOS.SYS 06.08.2006 16:00 0 CONFIG.SYS 06.08.2006 16:00 0 IO.SYS 02.04.2003 14:00 4.952 bootfont.bin 61 Datei(en) 805.827.442 Bytes 0 Verzeichnis(se), 7.035.633.664 Bytes frei Ich hoffe jetzt ist es richtig.. Mfg Axpyrus [/b] |
|
|
||
03.09.2006, 12:45
Ehrenmitglied
Beiträge: 29434 |
#172
Axpyrus
1. Avenger Zitat Files to delete:2. poste den report vom avenger + noch mal (nur das erste ) Log von datfindbat 3. öffne das HijackThis -- Button "scan" -- vor die Malware-Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten Zitat O2 - BHO: GigagetIEHelper Class - {111CAA23-6F4F-42AC-8555-B48C1D87BBAB} - C:\WINDOWS\System32\gigagetbho_v10.dllPC neustarten 4. http://virus-protect.org/multiavtool.html * klicke "2" , nun beginnt der Scan von Trend Micro poste den scanreport __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
03.09.2006, 21:16
Member
Beiträge: 12 |
#173
Avenger
Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\bcahfclc ******************* Script file located at: \??\C:\WINDOWS\rfgjycng.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: File C:\WINDOWS\System32\gigagetbho_v10.dll not found! Deletion of file C:\WINDOWS\System32\gigagetbho_v10.dll failed! Could not process line: C:\WINDOWS\System32\gigagetbho_v10.dll Status: 0xc0000034 File C:\WINDOWS\system32\adeeg.ini not found! Deletion of file C:\WINDOWS\system32\adeeg.ini failed! Could not process line: C:\WINDOWS\system32\adeeg.ini Status: 0xc0000034 File C:\WINDOWS\system32\adeeg.bak1 not found! Deletion of file C:\WINDOWS\system32\adeeg.bak1 failed! Could not process line: C:\WINDOWS\system32\adeeg.bak1 Status: 0xc0000034 File C:\WINDOWS\system32\vycdd.ini not found! Deletion of file C:\WINDOWS\system32\vycdd.ini failed! Could not process line: C:\WINDOWS\system32\vycdd.ini Status: 0xc0000034 File C:\WINDOWS\system32\khfecyy.dll not found! Deletion of file C:\WINDOWS\system32\khfecyy.dll failed! Could not process line: C:\WINDOWS\system32\khfecyy.dll Status: 0xc0000034 File C:\WINDOWS\system32\hgghffc.dll not found! Deletion of file C:\WINDOWS\system32\hgghffc.dll failed! Could not process line: C:\WINDOWS\system32\hgghffc.dll Status: 0xc0000034 Completed script processing. ******************* Finished! Terminate. dafind Datentr„ger in Laufwerk C: ist System Volumeseriennummer: 18BA-9D2E Verzeichnis von C:\WINDOWS\system32 03.09.2006 21:14 13.646 wpa.dbl 03.09.2006 21:13 48.882 vsconfig.xml 03.09.2006 21:07 436 yisiyvqg.txt 01.09.2006 15:50 9.216 VundoFixSVC.exe 20.08.2006 23:17 13.646 wpa.bak 20.08.2006 21:20 4.212 zllictbl.dat 20.08.2006 11:32 380.350 perfh009.dat 20.08.2006 11:32 52.764 perfc009.dat 20.08.2006 11:32 391.000 perfh007.dat 20.08.2006 11:32 63.580 perfc007.dat 20.08.2006 11:32 897.954 PerfStringBackup.INI 20.08.2006 02:25 8.891 jupdate-1.5.0_08-b03.log 20.08.2006 00:34 92.680 FNTCACHE.DAT 20.08.2006 00:07 90 spupdwxp.log 09.08.2006 12:03 8.325.544 MRT.exe 06.08.2006 20:41 7.006 jupdate-1.5.0_06-b05.log 06.08.2006 17:07 34.064 lhacm.acm 06.08.2006 16:56 0 h323log.txt 06.08.2006 16:05 25.065 wmpscheme.xml 06.08.2006 16:03 261 $winnt$.inf 06.08.2006 16:00 2.951 config.bak 06.08.2006 16:00 2.951 CONFIG.NT 06.08.2006 15:59 488 logonui.exe.manifest 06.08.2006 15:59 488 WindowsLogon.manifest 06.08.2006 15:59 749 cdplayer.exe.manifest 06.08.2006 15:59 749 sapi.cpl.manifest 06.08.2006 15:59 749 nwc.cpl.manifest 06.08.2006 15:59 749 wuaucpl.cpl.manifest 06.08.2006 15:59 749 ncpa.cpl.manifest 06.08.2006 15:58 21.740 emptyregdb.dat 28.07.2006 13:30 3.079.168 mshtml.dll 27.07.2006 15:25 679.424 inetcomm.dll 27.07.2006 04:05 3.596.288 qt-dx331.dll 27.07.2006 04:05 108.544 pxcpyi64.exe 27.07.2006 04:05 109.568 pxinsi64.exe 27.07.2006 04:05 73.728 dpl100.dll 27.07.2006 04:05 192.512 dtu100.dll 26.07.2006 03:03 127.078 javaws.exe 26.07.2006 03:03 49.265 jpicpl32.cpl 26.07.2006 01:26 53.346 javaw.exe 26.07.2006 01:25 49.248 java.exe 25.07.2006 22:42 617.472 urlmon.dll 21.07.2006 10:29 72.704 hlink.dll 14.07.2006 17:41 336.896 netapi32.dll 14.07.2006 17:25 546.304 hhctrl.ocx 13.07.2006 15:34 8.494.592 shell32.dll 05.07.2006 12:55 1.057.792 kernel32.dll 03.07.2006 23:40 778.240 divx_xx07.dll 03.07.2006 23:40 778.240 divx_xx0c.dll Trend Micro /--------------------------------------------------------------\ | Trend Micro System Cleaner | | Copyright 2006, Trend Micro, Inc. | | http://www.antivirus.com | \--------------------------------------------------------------/ 2006-09-03, 19:19:56, Auto-clean mode specified. 2006-09-03, 19:19:56, Running scanner "c:\AV-CLS\Trend\TSC.BIN"... 2006-09-03, 19:20:02, Scanner "c:\AV-CLS\Trend\TSC.BIN" has finished running. 2006-09-03, 19:20:02, TSC Log: Damage Cleanup Engine (DCE) 3.98(Build 1012) Windows XP(Build 2600: Service Pack 2) Start time : So Sep 03 2006 19:19:56 Load Damage Cleanup Template (DCT) "c:\AV-CLS\Trend\tsc.ptn" (version 780) [success] Complete time : So Sep 03 2006 19:20:02 Execute pattern count(2953), Virus found count(0), Virus clean count(0), Clean failed count(0) 2006-09-03, 19:20:27, An error was detected on "C:\QooBox\Purity\Dokumente und Einstellungen\Axpyrus\Anwendungsdaten\SMBOLS~1\s?mbols\*.*": Die Syntax für den Dateinamen, Verzeichnisnamen oder die Datenträgerbezeichnung ist falsch. 2006-09-03, 19:20:27, An error was detected on "C:\System Volume Information\*.*": Zugriff verweigert 2006-09-03, 19:20:44, An error was detected on "D:\System Volume Information\*.*": Zugriff verweigert 2006-09-03, 19:20:45, An error was detected on "E:\System Volume Information\*.*": Zugriff verweigert 2006-09-03, 19:21:18, An error was detected on "F:\System Volume Information\*.*": Zugriff verweigert 2006-09-03, 19:39:19, Files Detected: Copyright (c) 1990 - 2004 Trend Micro Inc. Report Date : 9/3/2006 19:21:36 VSAPI Engine Version : 8.000-1001 VSCANTM Version : 1.1-1001 Virus Pattern Version : 721 (130517 Patterns) (2006/09/02) (372100) Command Line: c:\AV-CLS\Trend\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=c:\AV-CLS\Trend 34470 files have been read. 34470 files have been checked. 32498 files have been scanned. 81948 files have been scanned. (including files in archived) 0 files containing viruses. Found 0 viruses totally. Maybe 0 viruses totally. Stop At : 9/3/2006 19:39:18 ---------*---------*---------*---------*---------*---------*---------*---------* 2006-09-03, 19:39:19, Files Clean: Copyright (c) 1990 - 2004 Trend Micro Inc. Report Date : 9/3/2006 19:21:36 VSAPI Engine Version : 8.000-1001 VSCANTM Version : 1.1-1001 Virus Pattern Version : 721 (130517 Patterns) (2006/09/02) (372100) Command Line: c:\AV-CLS\Trend\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=c:\AV-CLS\Trend 34470 files have been read. 34470 files have been checked. 32498 files have been scanned. 81948 files have been scanned. (including files in archived) 0 files containing viruses. Found 0 viruses totally. Maybe 0 viruses totally. Stop At : 9/3/2006 19:39:18 17 minutes 41 seconds (1060.80 seconds) has elapsed. ---------*---------*---------*---------*---------*---------*---------*---------* 2006-09-03, 19:39:19, Clean Fail: Copyright (c) 1990 - 2004 Trend Micro Inc. Report Date : 9/3/2006 19:21:36 VSAPI Engine Version : 8.000-1001 VSCANTM Version : 1.1-1001 Virus Pattern Version : 721 (130517 Patterns) (2006/09/02) (372100) Command Line: c:\AV-CLS\Trend\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=c:\AV-CLS\Trend 34470 files have been read. 34470 files have been checked. 32498 files have been scanned. 81948 files have been scanned. (including files in archived) 0 files containing viruses. Found 0 viruses totally. Maybe 0 viruses totally. Stop At : 9/3/2006 19:39:18 17 minutes 41 seconds (1060.80 seconds) has elapsed. ---------*---------*---------*---------*---------*---------*---------*---------* 2006-09-03, 19:39:19, Scanner "c:\AV-CLS\Trend\VSCANTM.BIN" has finished running. 2006-09-03, 19:49:08, Files Detected: Copyright (c) 1990 - 2004 Trend Micro Inc. Report Date : 9/3/2006 19:39:20 VSAPI Engine Version : 8.000-1001 VSCANTM Version : 1.1-1001 Virus Pattern Version : 721 (130517 Patterns) (2006/09/02) (372100) Command Line: c:\AV-CLS\Trend\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 D:\*.* /P=c:\AV-CLS\Trend 7666 files have been read. 7666 files have been checked. 6846 files have been scanned. 24536 files have been scanned. (including files in archived) 0 files containing viruses. Found 0 viruses totally. Maybe 0 viruses totally. Stop At : 9/3/2006 19:49:07 ---------*---------*---------*---------*---------*---------*---------*---------* 2006-09-03, 19:49:08, Files Clean: Copyright (c) 1990 - 2004 Trend Micro Inc. Report Date : 9/3/2006 19:39:20 VSAPI Engine Version : 8.000-1001 VSCANTM Version : 1.1-1001 Virus Pattern Version : 721 (130517 Patterns) (2006/09/02) (372100) Command Line: c:\AV-CLS\Trend\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 D:\*.* /P=c:\AV-CLS\Trend 7666 files have been read. 7666 files have been checked. 6846 files have been scanned. 24536 files have been scanned. (including files in archived) 0 files containing viruses. Found 0 viruses totally. Maybe 0 viruses totally. Stop At : 9/3/2006 19:49:07 9 minutes 46 seconds (585.42 seconds) has elapsed. ---------*---------*---------*---------*---------*---------*---------*---------* 2006-09-03, 19:49:08, Clean Fail: Copyright (c) 1990 - 2004 Trend Micro Inc. Report Date : 9/3/2006 19:39:20 VSAPI Engine Version : 8.000-1001 VSCANTM Version : 1.1-1001 Virus Pattern Version : 721 (130517 Patterns) (2006/09/02) (372100) Command Line: c:\AV-CLS\Trend\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 D:\*.* /P=c:\AV-CLS\Trend 7666 files have been read. 7666 files have been checked. 6846 files have been scanned. 24536 files have been scanned. (including files in archived) 0 files containing viruses. Found 0 viruses totally. Maybe 0 viruses totally. Stop At : 9/3/2006 19:49:07 9 minutes 46 seconds (585.42 seconds) has elapsed. ---------*---------*---------*---------*---------*---------*---------*---------* 2006-09-03, 19:49:08, Scanner "c:\AV-CLS\Trend\VSCANTM.BIN" has finished running. 2006-09-03, 19:49:15, Files Detected: Copyright (c) 1990 - 2004 Trend Micro Inc. Report Date : 9/3/2006 19:49:09 VSAPI Engine Version : 8.000-1001 VSCANTM Version : 1.1-1001 Virus Pattern Version : 721 (130517 Patterns) (2006/09/02) (372100) Command Line: c:\AV-CLS\Trend\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 E:\*.* /P=c:\AV-CLS\Trend 332 files have been read. 332 files have been checked. 306 files have been scanned. 306 files have been scanned. (including files in archived) 0 files containing viruses. Found 0 viruses totally. Maybe 0 viruses totally. Stop At : 9/3/2006 19:49:15 ---------*---------*---------*---------*---------*---------*---------*---------* 2006-09-03, 19:49:15, Files Clean: Copyright (c) 1990 - 2004 Trend Micro Inc. Report Date : 9/3/2006 19:49:09 VSAPI Engine Version : 8.000-1001 VSCANTM Version : 1.1-1001 Virus Pattern Version : 721 (130517 Patterns) (2006/09/02) (372100) Command Line: c:\AV-CLS\Trend\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 E:\*.* /P=c:\AV-CLS\Trend 332 files have been read. 332 files have been checked. 306 files have been scanned. 306 files have been scanned. (including files in archived) 0 files containing viruses. Found 0 viruses totally. Maybe 0 viruses totally. Stop At : 9/3/2006 19:49:15 5 seconds (4.66 seconds) has elapsed. ---------*---------*---------*---------*---------*---------*---------*---------* 2006-09-03, 19:49:15, Clean Fail: Copyright (c) 1990 - 2004 Trend Micro Inc. Report Date : 9/3/2006 19:49:09 VSAPI Engine Version : 8.000-1001 VSCANTM Version : 1.1-1001 Virus Pattern Version : 721 (130517 Patterns) (2006/09/02) (372100) Command Line: c:\AV-CLS\Trend\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 E:\*.* /P=c:\AV-CLS\Trend 332 files have been read. 332 files have been checked. 306 files have been scanned. 306 files have been scanned. (including files in archived) 0 files containing viruses. Found 0 viruses totally. Maybe 0 viruses totally. Stop At : 9/3/2006 19:49:15 5 seconds (4.66 seconds) has elapsed. ---------*---------*---------*---------*---------*---------*---------*---------* 2006-09-03, 19:49:15, Scanner "c:\AV-CLS\Trend\VSCANTM.BIN" has finished running. 2006-09-03, 20:17:29, Files Detected: Copyright (c) 1990 - 2004 Trend Micro Inc. Report Date : 9/3/2006 19:49:15 VSAPI Engine Version : 8.000-1001 VSCANTM Version : 1.1-1001 Virus Pattern Version : 721 (130517 Patterns) (2006/09/02) (372100) Command Line: c:\AV-CLS\Trend\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 F:\*.* /P=c:\AV-CLS\Trend 25009 files have been read. 25009 files have been checked. 18240 files have been scanned. 20383 files have been scanned. (including files in archived) 0 files containing viruses. Found 0 viruses totally. Maybe 0 viruses totally. Stop At : 9/3/2006 20:17:28 ---------*---------*---------*---------*---------*---------*---------*---------* 2006-09-03, 20:17:29, Files Clean: Copyright (c) 1990 - 2004 Trend Micro Inc. Report Date : 9/3/2006 19:49:15 VSAPI Engine Version : 8.000-1001 VSCANTM Version : 1.1-1001 Virus Pattern Version : 721 (130517 Patterns) (2006/09/02) (372100) Command Line: c:\AV-CLS\Trend\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 F:\*.* /P=c:\AV-CLS\Trend 25009 files have been read. 25009 files have been checked. 18240 files have been scanned. 20383 files have been scanned. (including files in archived) 0 files containing viruses. Found 0 viruses totally. Maybe 0 viruses totally. Stop At : 9/3/2006 20:17:28 28 minutes 12 seconds (1692.33 seconds) has elapsed. ---------*---------*---------*---------*---------*---------*---------*---------* 2006-09-03, 20:17:29, Clean Fail: Copyright (c) 1990 - 2004 Trend Micro Inc. Report Date : 9/3/2006 19:49:15 VSAPI Engine Version : 8.000-1001 VSCANTM Version : 1.1-1001 Virus Pattern Version : 721 (130517 Patterns) (2006/09/02) (372100) Command Line: c:\AV-CLS\Trend\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 F:\*.* /P=c:\AV-CLS\Trend 25009 files have been read. 25009 files have been checked. 18240 files have been scanned. 20383 files have been scanned. (including files in archived) 0 files containing viruses. Found 0 viruses totally. Maybe 0 viruses totally. Stop At : 9/3/2006 20:17:28 28 minutes 12 seconds (1692.33 seconds) has elapsed. ---------*---------*---------*---------*---------*---------*---------*---------* 2006-09-03, 20:17:29, Scanner "c:\AV-CLS\Trend\VSCANTM.BIN" has finished running. |
|
|
||
03.09.2006, 22:17
Ehrenmitglied
Beiträge: 29434 |
#174
Axpyrus
poste das neue log vom HijackThis + scanne und poste den scanreport (Panda) http://virus-protect.org/onlinescan.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
04.09.2006, 15:36
Member
Beiträge: 12 |
#175
Hijack Log
Logfile of HijackThis v1.99.1 Scan saved at 13:44:02, on 04.09.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\wscntfy.exe C:\Programme\Winamp\winampa.exe C:\Programme\Java\jre1.5.0_08\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\MSN Messenger\MsnMsgr.Exe C:\Programme\Messenger\msmsgs.exe D:\Spybot - Search & Destroy\TeaTimer.exe D:\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programme\Steganos Internet Anonym 2006\SIA2006.exe C:\Programme\VIA\RAID\raid_tool.exe F:\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\WINDOWS\system32\wuauclt.exe C:\Dokumente und Einstellungen\Axpyrus\Desktop\HijackThis.exe R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll O2 - BHO: (no name) - {111CAA23-6F4F-42AC-8555-B48C1D87BBAB} - (no file) O2 - BHO: (no name) - {27EF3EBB-F337-4E1A-BAE5-3029978AA658} - (no file) O2 - BHO: (no name) - {283F7599-C068-442B-B79C-726A28CCEC01} - (no file) O2 - BHO: (no name) - {2B843679-224B-4C5D-8D09-E99D0FF8A4E9} - (no file) O2 - BHO: (no name) - {356920C6-F475-4F01-8E2B-DBB02BAC2D3E} - (no file) O2 - BHO: (no name) - {4C046E3A-BB86-48E4-A442-B2967E9B6154} - (no file) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {56F1D444-11BF-4879-A12B-79CF0177F038} - (no file) O2 - BHO: (no name) - {668B1E21-4DE0-450A-AB10-121220442EA6} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_08\bin\ssv.dll O2 - BHO: (no name) - {873eb32d-ae1a-4183-89bd-45a77f761be4} - (no file) O2 - BHO: (no name) - {B8265EB8-FC46-426B-8DAC-A2BA7D73033C} - (no file) O2 - BHO: (no name) - {C762D6BE-5240-4BE2-A8C5-A6A08D5877A1} - (no file) O2 - BHO: (no name) - {D3002E28-63F5-466C-A9A7-8BEAF049240C} - (no file) O2 - BHO: (no name) - {D510C4CB-E3C0-4767-B64B-BC6AB3C1D581} - (no file) O2 - BHO: (no name) - {EB2F31E4-D96D-400E-8802-12247AE40D14} - (no file) O2 - BHO: (no name) - {F6CEEC79-0156-4432-A9C3-48D195DA7F7A} - (no file) O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.5.0_08\bin\jusched.exe" O4 - HKLM\..\Run: [Zone Labs Client] "F:\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [SpybotSD TeaTimer] d:\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [SIA2006] "C:\Programme\Steganos Internet Anonym 2006\SIA2006.exe" -boot O4 - Startup: Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: MRU-Blaster Scheduler.lnk = D:\MRU-Blaster\scheduler.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: VIA RAID TOOL.lnk = C:\Programme\VIA\RAID\raid_tool.exe O8 - Extra context menu item: &Download All by Gigaget - d:\DownloadManager\Gigaget\getallurl.htm O8 - Extra context menu item: &Download by Gigaget - d:\DownloadManager\Gigaget\geturl.htm O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_08\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_08\bin\ssv.dll O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: ddcyv - C:\WINDOWS\ O20 - Winlogon Notify: hgghffc - C:\WINDOWS\ O20 - Winlogon Notify: khfecyy - C:\WINDOWS\ O20 - Winlogon Notify: SASWinLogon - D:\SUPERAntiSpyware\SASWINLO.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: winbfi32 - C:\WINDOWS\ O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - F:\TuneUp Utilities 2006\WinStylerThemeSvc.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe Panda Log Local Disk Incident Status Location Spyware:Spyware/Virtumonde Not disinfected C:\avenger\backup-03.09.2006-19.04.49,70.zip[avenger/hgghffc.dll] Spyware:Spyware/Virtumonde Not disinfected C:\avenger\backup-03.09.2006-19.04.49,70.zip[avenger/khfecyy.dll] Spyware:Cookie/Tribalfusion Not disinfected C:\Dokumente und Einstellungen\Axpyrus\Anwendungsdaten\Mozilla\Firefox\Profiles\mii5nbny.default\cookies.txt[.tribalfusion.com/] Spyware:Cookie/Hitbox Not disinfected C:\Dokumente und Einstellungen\Axpyrus\Anwendungsdaten\Mozilla\Firefox\Profiles\mii5nbny.default\cookies.txt[.hitbox.com/] My Computer Incident Status Location Potentially unwanted tool:application/mywebsearch Not disinfected c:\programme\MyGlobalSearch Adware:adware/savenow Not disinfected Windows Registry Adware:adware/systemdoctor Not disinfected Windows Registry Potentially unwanted tool:application/zango Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{56F1D444-11BF-4879-A12B-79CF0177F038} Spyware:Spyware/Virtumonde Not disinfected C:\avenger\backup-03.09.2006-19.04.49,70.zip[avenger/hgghffc.dll] Spyware:Spyware/Virtumonde Not disinfected C:\avenger\backup-03.09.2006-19.04.49,70.zip[avenger/khfecyy.dll] Spyware:Cookie/Tribalfusion Not disinfected C:\Dokumente und Einstellungen\Axpyrus\Anwendungsdaten\Mozilla\Firefox\Profiles\mii5nbny.default\cookies.txt[.tribalfusion.com/] Spyware:Cookie/Hitbox Not disinfected C:\Dokumente und edit |
|
|
||
04.09.2006, 15:38
Ehrenmitglied
Beiträge: 29434 |
#176
fixe noch mal - PC neustarten
- poste das neue log vom hijackthis __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
06.09.2006, 22:22
...neu hier
Beiträge: 10 |
#177
Hallo Sabrina,
ich hatte am 15.8. das Problem mit dem Spywarequke. Da hast du mir super geholfen (Seite 8) Jetzt habe ich das sch… Ding wieder eingefangen und versucht, all deine Anweisungen von damals noch eonmal zu machen. Ohne Erfolg. Kannst du mir bitte noch einmal mit deinem fachlichen Rat helfen? Bei den Logs habe ich alles äler 15.8. gelöscht 1. Log Datentr„ger in Laufwerk C: ist Root Volumeseriennummer: A4D9-8B0C Verzeichnis von C:\ 06.09.2006 21:46 0 sys.txt 06.09.2006 21:46 9.260 system.txt 06.09.2006 21:46 655 systemtemp.txt 06.09.2006 21:46 102.764 system32.txt 06.09.2006 20:11 0 avenger.txt 06.09.2006 20:09 2.145.386.496 pagefile.sys 06.09.2006 20:04 37.369 files.txt 06.09.2006 19:40 1.723 rapport2.txt 06.09.2006 19:40 1.723 rapport.txt 06.09.2006 19:37 1.746 dlcc.log 06.09.2006 17:58 2.435 3system.txt 04.09.2006 15:54 11.126 dlccscan.log 22.05.2006 22:05 0 IO.SYS 22.05.2006 22:05 0 AUTOEXEC.BAT 22.05.2006 22:05 0 CONFIG.SYS 22.05.2006 22:05 0 MSDOS.SYS 22.05.2006 21:56 317 boot.ini 10.08.2004 14:00 251.184 ntldr 10.08.2004 14:00 47.564 NTDETECT.COM 10.08.2004 14:00 4.952 bootfont.bin 20 Datei(en) 2.145.859.314 Bytes 0 Verzeichnis(se), 22.768.758.784 Bytes frei 2. Log Datentr„ger in Laufwerk C: ist Root Volumeseriennummer: A4D9-8B0C Verzeichnis von C:\WINDOWS\system32 06.09.2006 21:19 2.206 wpa.dbl 06.09.2006 21:01 2.550 Uninstall.ico 06.09.2006 21:01 1.406 Help.ico 06.09.2006 21:01 30.590 pavas.ico 06.09.2006 20:07 228 erbidxfy.txt 06.09.2006 17:34 176.128 gtpbx.dll 05.09.2006 09:48 253.472 FNTCACHE.DAT 15.08.2006 15:19 0 asfiles.txt 3. Log Datentr„ger in Laufwerk C: ist Root Volumeseriennummer: A4D9-8B0C Verzeichnis von C:\WINDOWS 06.09.2006 21:01 32 pavsig.txt 06.09.2006 20:19 725.292 setupapi.log 06.09.2006 20:11 5.184.054 BGInfo.bmp 06.09.2006 20:11 4.144 ModemLog_Conexant HDA D110 MDC V.92 Modem.txt 06.09.2006 20:10 0 0.log 06.09.2006 20:09 159 wiadebug.log 06.09.2006 20:09 1.421.541 WindowsUpdate.log 06.09.2006 20:09 50 wiaservc.log 06.09.2006 20:09 2.048 bootstat.dat 06.09.2006 20:08 32.376 SchedLgU.Txt 06.09.2006 19:40 319.030 setupact.log 01.09.2006 18:18 116 NeroDigital.ini 01.09.2006 17:34 151 PhotoSnapViewer.INI 01.09.2006 10:47 18.077 wmsetup.log 01.09.2006 10:47 236 wmsetup10.log 01.09.2006 00:01 357 GEARInstall.log 17.08.2006 21:29 9.544 WgaNotify.log 15.08.2006 15:18 632 win.ini 15.08.2006 01:55 492.940 ntbtlog.txt 4. Log Datentr„ger in Laufwerk C: ist Root Volumeseriennummer: A4D9-8B0C Verzeichnis von C:\DOKUME~1\SCHULO\LOKALE~1\Temp 06.09.2006 21:42 512 ~DF9739.tmp 06.09.2006 21:35 16.384 ~DF4FBD.tmp 06.09.2006 21:32 15.360 ~WRS0002.tmp 06.09.2006 21:20 512 ~DFF3F.tmp 06.09.2006 21:20 16.384 Perflib_Perfdata_15b8.dat 06.09.2006 21:20 512 ~DFB35E.tmp 06.09.2006 21:20 512 ~DF9809.tmp 06.09.2006 21:20 16.384 Perflib_Perfdata_15a0.dat 8 Datei(en) 66.560 Bytes 0 Verzeichnis(se), 22.768.766.976 Bytes frei Hijachthis Logfile of HijackThis v1.99.1 Scan saved at 21:38:57, on 06.09.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Intel\Wireless\Bin\EvtEng.exe C:\Programme\Intel\Wireless\Bin\S24EvMon.exe C:\Programme\Intel\Wireless\Bin\WLKeeper.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Programme\ewido anti-spyware 4.0\guard.exe C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Programme\Norton AntiVirus\navapsvc.exe C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe C:\Programme\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\tcpsvcs.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Programme\VMware\VMware Workstation\vmware-authd.exe C:\WINDOWS\system32\vmnat.exe C:\WINDOWS\system32\mqsvc.exe C:\WINDOWS\system32\vmnetdhcp.exe C:\WINDOWS\system32\mqtgsvc.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\dlcccoms.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\cidaemon.exe C:\WINDOWS\system32\cidaemon.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe C:\Programme\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\stsystra.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\Programme\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe C:\Programme\Dell Photo AIO Printer 924\dlccmon.exe C:\Programme\iTunes\iTunesHelper.exe C:\WINDOWS\eHome\ehmsas.exe C:\Programme\QuickTime\qttask.exe C:\Programme\iPod\bin\iPodService.exe C:\Programme\ewido anti-spyware 4.0\ewido.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Messenger\msmsgs.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\Programme\ATI Technologies\ATI.ACE\cli.exe C:\Programme\Microsoft Office\OFFICE11\WINWORD.EXE D:\spyware 060906\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - Default URLSearchHook is missing O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll O3 - Toolbar: (no name) - {fe2d25c1-c1db-4b5e-9390-af1cb5302f32} - (no file) O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [IntelWireless] "C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Programme\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [dlccmon.exe] "C:\Programme\Dell Photo AIO Printer 924\dlccmon.exe" O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [!ewido] "C:\Programme\ewido anti-spyware 4.0\ewido.exe" /minimized O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Verknüpfung mit Bginfo.exe.lnk = C:\WINDOWS\Bginfo.exe O8 - Extra context menu item: &Google Search - res://c:\programme\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\programme\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\programme\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programme\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\programme\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\programme\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/german/kavwebscan_unicode.cab O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: died - {7fa55359-7223-410f-bc82-efb3e3ded07f} - C:\WINDOWS\system32\gtpbx.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe O23 - Service: dlcc_device - Unknown owner - C:\WINDOWS\system32\dlcccoms.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Programme\ewido anti-spyware 4.0\guard.exe O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Programme\VMware\VMware Workstation\vmware-authd.exe O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Programme\Intel\Wireless\Bin\WLKeeper.exe |
|
|
||
06.09.2006, 22:49
Ehrenmitglied
Beiträge: 29434 |
#178
aschulo
virustotal Oben auf der Seite --> auf Durchsuchen klicken --> die Datei mit korrektem Pfad einkopieren) --> Doppelklick auf die zu prüfende Datei --> klick auf Submit... jetzt abwarten http://www.virustotal.com/flash/index_en.html C:\WINDOWS\system32\dlcccoms.exe poste den report http://www.file.net/prozess/dlcccoms.exe.html ------------------------------------------------------------------------- 1. Gehe in die registry Start - Ausfuehren - regedit bearbeiten -suchen - gtpbx.dll loesche alles was du von gtpbx.dll findest unter [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler] died - {7fa55359-7223-410f-bc82-efb3e3ded07f} -> loeschen 2. Avenger http://virus-protect.org/artikel/tools/avenger.html Zitat Files to delete:3. Fixe mit dem hijackThis: Zitat R3 - Default URLSearchHook is missingPC neustarten ** berichte __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
07.09.2006, 00:03
...neu hier
Beiträge: 10 |
#179
Sabina (ich werd besser, jetzt ohne r)
virustotel brachte: Your file "dlcccoms.exe" is queued in position: 116. Estimated start time is between 27 and 38 minutes. mit poste den report http://www.file.net/prozess/dlcccoms.exe.html konnte ich nichts anfangen registry alles gemacht (im ersten Step schon WINDOWS\system32\gtpbx.dll) Avencer erfolgreich Fixe mit dem hijackThis: ok? siehe nach_Fixe nach_Fixe Logfile of HijackThis v1.99.1 Scan saved at 23:48:02, on 06.09.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Intel\Wireless\Bin\EvtEng.exe C:\Programme\Intel\Wireless\Bin\S24EvMon.exe C:\Programme\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe C:\WINDOWS\Explorer.EXE C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Programme\ewido anti-spyware 4.0\guard.exe C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Programme\Norton AntiVirus\navapsvc.exe C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe C:\Programme\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\tcpsvcs.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Programme\VMware\VMware Workstation\vmware-authd.exe C:\WINDOWS\system32\vmnat.exe C:\WINDOWS\system32\mqsvc.exe C:\WINDOWS\system32\vmnetdhcp.exe C:\WINDOWS\system32\mqtgsvc.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\eHome\ehmsas.exe C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe C:\Programme\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\stsystra.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\Programme\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\Programme\Dell Photo AIO Printer 924\dlccmon.exe C:\Programme\iTunes\iTunesHelper.exe C:\Programme\QuickTime\qttask.exe C:\Programme\ewido anti-spyware 4.0\ewido.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Messenger\msmsgs.exe C:\Programme\iPod\bin\iPodService.exe C:\WINDOWS\system32\dlcccoms.exe C:\Programme\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Microsoft Office\OFFICE11\WINWORD.EXE C:\WINDOWS\system32\cidaemon.exe C:\WINDOWS\system32\cidaemon.exe D:\spyware 060906\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll O3 - Toolbar: (no name) - {fe2d25c1-c1db-4b5e-9390-af1cb5302f32} - (no file) O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [IntelWireless] "C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Programme\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [dlccmon.exe] "C:\Programme\Dell Photo AIO Printer 924\dlccmon.exe" O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [!ewido] "C:\Programme\ewido anti-spyware 4.0\ewido.exe" /minimized O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Verknüpfung mit Bginfo.exe.lnk = C:\WINDOWS\Bginfo.exe O8 - Extra context menu item: &Google Search - res://c:\programme\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\programme\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\programme\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programme\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\programme\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\programme\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/german/kavwebscan_unicode.cab O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe O23 - Service: dlcc_device - Unknown owner - C:\WINDOWS\system32\dlcccoms.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Programme\ewido anti-spyware 4.0\guard.exe O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Programme\VMware\VMware Workstation\vmware-authd.exe O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Programme\Intel\Wireless\Bin\WLKeeper.exe |
|
|
||
07.09.2006, 00:05
Ehrenmitglied
Beiträge: 29434 |
||
|
||
1.
Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als fixme.reg mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden.
Die Datei "fixme.reg" auf dem Desktop doppelklicken und der Registry mit "ja" oder "yes" beifügen
Zitat
2.Vindofix anwenden
http://virus-protect.org/artikel/tools/vundofixx.html
3.
Avenger
http://virus-protect.org/artikel/tools/avenger.html
kopiere rein
Zitat
Klicke die gruene Ampeldas Script wird nun ausgeführt, dann wird der PC automatisch neustarten
4.
scanne und poste den scanreport
http://virus-protect.org/artikel/tools/superantispyware.html
__________
MfG Sabina
rund um die PC-Sicherheit