Keine ahnung von HijackThis + datfindbat u.s.w

#0
22.08.2006, 14:12
...neu hier

Beiträge: 3
#31 Mein AVG Free Edition findet den Wurm "Generiq.IQ" in einem Verzeichnis, das für meinen Browser nicht existiert.

Hier mal das HijackThis Logfile:
Logfile of HijackThis v1.99.1
Scan saved at 14:08:47, on 22.08.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Intel\Wireless\Bin\EvtEng.exe
C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\sm56hlpr.exe
C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe
C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\Intel\Wireless\Bin\EOUWiz.exe
C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\Java\jre1.5.0_03\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Gemeinsame Dateien\Teleca Shared\CapabilityManager.exe
C:\Programme\iPod\bin\iPodService.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Programme\Gemeinsame Dateien\Teleca Shared\Generic.exe
C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Outlook Express\msimn.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\ICQ\Icq.exe
C:\Programme\Lavasoft\Ad-aware 6\Ad-aware.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgwb.dat
C:\Dokumente und Einstellungen\Daniel\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.autoglobal.hr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de.yahoo.com/fsc/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.yahoo.com/fsc/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/fuji/defaults/su/*http://www.yahoo.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [Verknüpfung mit der High Definition Audio-Eigenschaftenseite] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [Seri*hier nicht!*] sm56hlpr.exe
O4 - HKLM\..\Run: [InstantOn] "C:\Program Files\CyberLink\PowerCinema Linux\ion_install.exe" /c
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Programme\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programme\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @C:\Programme\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Programme\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O17 - HKLM\System\CCS\Services\Tcpip\..\{D896196A-F547-4061-8C27-1ED114C78940}: NameServer = 195.29.150.3,195.29.150.4
O20 - Winlogon Notify: OdysseyClient - C:\WINDOWS\
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe


Vielen Dank für die Hilfe, die hier geboten wird. Super Sache.
Seitenanfang Seitenende
22.08.2006, 21:52
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#32 Duga

wenn du hier den scanreport vom Antivirus posten koenntest, muesste ich meine Glaskugel nicht suchen ;)
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
23.08.2006, 11:44
...neu hier

Beiträge: 3
#33 Hehe... hab ich mich wohl als Ahnungsloser enttarnt ;)

Hier mal das AVG-Logfile:

Partition table (MBR) - OK - Quick checked
Boot sector of disk C: - OK - Quick checked
System registry Software\Microsoft\Windows NT\CurrentVersion\Windows\Load Scanned
System registry Software\Microsoft\Windows NT\CurrentVersion\Windows\Run Scanned
System registry Software\Microsoft\Windows\CurrentVersion\Run Scanned
System registry Software\Microsoft\Windows\CurrentVersion\RunOnce Scanned
System registry Software\Microsoft\Windows\CurrentVersion\RunOnceEx Scanned
System registry Software\Microsoft\Windows\CurrentVersion\RunServices Scanned
System registry Software\Microsoft\Windows\CurrentVersion\RunServicesOnce Scanned
System registry Software\Microsoft\Windows\CurrentVersion\Run Scanned
System registry Software\Microsoft\Windows\CurrentVersion\RunOnce Scanned
System registry Software\Microsoft\Windows\CurrentVersion\RunOnceEx Scanned
System registry Software\Microsoft\Windows\CurrentVersion\RunServices Scanned
System registry Software\Microsoft\Windows\CurrentVersion\RunServicesOnce Scanned
System registry Software\Microsoft\Windows\CurrentVersion\Winlogon\Userinit Scanned
System registry SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell Scanned
System registry exefile\shell\open\command Scanned
System registry scrfile\shell\open\command Scanned
System registry scrfile\shell\config\command Scanned
System registry batfile\shell\open\command Scanned
System registry cmdfile\shell\open\command Scanned
System registry comfile\shell\open\command Scanned
System registry piffile\shell\open\command Scanned
System registry giffile\shell\open\command Scanned
System registry htmlfile\shell\open\command Scanned
System registry htafile\shell\open\command Scanned
System registry jpegfile\shell\open\command Scanned
System registry txtfile\shell\open\command Scanned
System registry regfile\shell\open\command Scanned
System registry cplfile\shell\cplopen\command Scanned
System registry Word.Document.8\shell\open\command Scanned
System registry WordPad.Document.1\shell\open\command Scanned
System registry inffile\shell\open\command Scanned
System registry vbsfile\shell\open\command Scanned
System registry vbefile\shell\open\command Scanned
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe - OK - Quick checked
C:\Program Files\CyberLink\PowerCinema Linux\ion_install.exe - OK - Quick checked
C:\Programme\CyberLink\PowerDVD\PDVDServ.exe - OK - Quick checked
C:\Programme\D-Tools\daemon.exe - OK - Quick checked
C:\Programme\Intel\Wireless\Bin\EOUWiz.exe - OK - Quick checked
C:\Programme\Intel\Wireless\Bin\iFrmewrk.exe - OK - Quick checked
C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe - OK - Quick checked
C:\Programme\Internet Explorer\IEXPLORE.EXE - OK - Quick checked
C:\Programme\Java\jre1.5.0_03\bin\jusched.exe - OK - Quick checked
C:\Programme\Microsoft Office\OFFICE11\WINWORD.EXE - OK - Quick checked
C:\Programme\QuickTime\qttask.exe - OK - Quick checked
C:\Programme\Skype\Phone\Skype.exe - OK - Quick checked
C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe - OK - Quick checked
C:\Programme\Synaptics\SynTP\SynTPEnh.exe - OK - Quick checked
C:\Programme\Synaptics\SynTP\SynTPLpr.exe - OK - Quick checked
C:\Programme\iTunes\iTunesHelper.exe - OK - Quick checked
C:\WINDOWS\ALCMTR.EXE - OK - Quick checked
C:\WINDOWS\ALCWZRD.EXE - OK - Quick checked
C:\WINDOWS\SOUNDMAN.EXE - OK - Quick checked
C:\WINDOWS\regedit.exe - OK - Quick checked
C:\WINDOWS\sm56hlpr.exe - OK - Quick checked
C:\WINDOWS\system32\HdAShCut.exe - OK - Quick checked
C:\WINDOWS\system32\NeroCheck.exe - OK - Quick checked
C:\WINDOWS\system32\ctfmon.exe - OK - Quick checked
C:\WINDOWS\system32\mshta.exe - OK - Quick checked
C:\WINDOWS\system32\nwiz.exe - OK - Quick checked
C:\WINDOWS\system32\rundll32.exe - OK - Quick checked
C:\WINDOWS\system32\shell32.dll - OK - Quick checked
C:\WINDOWS\system32\shimgvw.dll - OK - Quick checked
C:\WINDOWS\system32\kernel32.dll - OK - Quick checked
C:\WINDOWS\system32\wsock32.dll - OK - Quick checked
C:\WINDOWS\system32\user32.dll - OK - Quick checked
C:\WINDOWS\system32\shell32.dll - OK - Quick checked
C:\WINDOWS\system32\ntoskrnl.exe - OK - Quick checked
C:\WINDOWS\system32\drivers\etc\hosts - OK - Quick checked
D:\RECYCLER\S-1-5-21-3380552081-2286108752-3052340754-1007\Dd24.zip Virus identified Worm/VB.SO Infected
System registry Software\Microsoft\Windows NT\CurrentVersion\Windows\Load Scanned
System registry Software\Microsoft\Windows NT\CurrentVersion\Windows\Run Scanned
System registry Software\Microsoft\Windows\CurrentVersion\Run Scanned
System registry Software\Microsoft\Windows\CurrentVersion\RunOnce Scanned
System registry Software\Microsoft\Windows\CurrentVersion\RunOnceEx Scanned
System registry Software\Microsoft\Windows\CurrentVersion\RunServices Scanned
System registry Software\Microsoft\Windows\CurrentVersion\RunServicesOnce Scanned
System registry Software\Microsoft\Windows\CurrentVersion\Run Scanned
System registry Software\Microsoft\Windows\CurrentVersion\RunOnce Scanned
System registry Software\Microsoft\Windows\CurrentVersion\RunOnceEx Scanned
System registry Software\Microsoft\Windows\CurrentVersion\RunServices Scanned
System registry Software\Microsoft\Windows\CurrentVersion\RunServicesOnce Scanned
System registry Software\Microsoft\Windows\CurrentVersion\Winlogon\Userinit Scanned
System registry SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell Scanned
System registry exefile\shell\open\command Scanned
System registry scrfile\shell\open\command Scanned
System registry scrfile\shell\config\command Scanned
System registry batfile\shell\open\command Scanned
System registry cmdfile\shell\open\command Scanned
System registry comfile\shell\open\command Scanned
System registry piffile\shell\open\command Scanned
System registry giffile\shell\open\command Scanned
System registry htmlfile\shell\open\command Scanned
System registry htafile\shell\open\command Scanned
System registry jpegfile\shell\open\command Scanned
System registry txtfile\shell\open\command Scanned
System registry regfile\shell\open\command Scanned
System registry cplfile\shell\cplopen\command Scanned
System registry Word.Document.8\shell\open\command Scanned
System registry WordPad.Document.1\shell\open\command Scanned
System registry inffile\shell\open\command Scanned
System registry vbsfile\shell\open\command Scanned
System registry vbefile\shell\open\command Scanned
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe - OK - Quick checked
C:\Program Files\CyberLink\PowerCinema Linux\ion_install.exe - OK - Quick checked
C:\Programme\CyberLink\PowerDVD\PDVDServ.exe - OK - Quick checked
C:\Programme\D-Tools\daemon.exe - OK - Quick checked
C:\Programme\Intel\Wireless\Bin\EOUWiz.exe - OK - Quick checked
C:\Programme\Intel\Wireless\Bin\iFrmewrk.exe - OK - Quick checked
C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe - OK - Quick checked
C:\Programme\Internet Explorer\IEXPLORE.EXE - OK - Quick checked
C:\Programme\Java\jre1.5.0_03\bin\jusched.exe - OK - Quick checked
C:\Programme\Microsoft Office\OFFICE11\WINWORD.EXE - OK - Quick checked
C:\Programme\QuickTime\qttask.exe - OK - Quick checked
C:\Programme\Skype\Phone\Skype.exe - OK - Quick checked
C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe - OK - Quick checked
C:\Programme\Synaptics\SynTP\SynTPEnh.exe - OK - Quick checked
C:\Programme\Synaptics\SynTP\SynTPLpr.exe - OK - Quick checked
C:\Programme\iTunes\iTunesHelper.exe - OK - Quick checked
C:\WINDOWS\ALCMTR.EXE - OK - Quick checked
C:\WINDOWS\ALCWZRD.EXE - OK - Quick checked
C:\WINDOWS\SOUNDMAN.EXE - OK - Quick checked
C:\WINDOWS\regedit.exe - OK - Quick checked
C:\WINDOWS\sm56hlpr.exe - OK - Quick checked
C:\WINDOWS\system32\HdAShCut.exe - OK - Quick checked
C:\WINDOWS\system32\NeroCheck.exe - OK - Quick checked
C:\WINDOWS\system32\ctfmon.exe - OK - Quick checked
C:\WINDOWS\system32\mshta.exe - OK - Quick checked
C:\WINDOWS\system32\nwiz.exe - OK - Quick checked
C:\WINDOWS\system32\rundll32.exe - OK - Quick checked
C:\WINDOWS\system32\shell32.dll - OK - Quick checked
C:\WINDOWS\system32\shimgvw.dll - OK - Quick checked






Edit: gestern hieß der "Wurm" noch "Generic.IQ"... war im gleichen Ordner
Seitenanfang Seitenende
23.08.2006, 12:48
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#34 1.
gehe auf die partition von D:\ und leere den Papierkorb.

2.
entpacke combofix auf D:\ und poste den report
http://virus-protect.org/artikel/tools/combofix.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
23.08.2006, 14:36
...neu hier

Beiträge: 3
#35 Hmm... Combofix will bei mir auch nach 2 Stunden noch keine Bereinigung starten.

Habs auf D entpackt und gestartet.
Ich gebe Y ein, worauf dann seit 2 Stunden "please wait"... da steht.

Habs dann abgebrochen. Hätte ich länger warten müssen?

Papierkorb gelöscht (/umfall , dass ich auf sowas nicht komme...) und nach neuem Scan mit Avg nichts mehr gefunden....
Seitenanfang Seitenende
23.08.2006, 14:39
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#36 dann entpacke Combofix auf c:\ und poste den report
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende