Keine ahnung von HijackThis + datfindbat u.s.w |
||
---|---|---|
#0
| ||
22.08.2006, 14:12
...neu hier
Beiträge: 3 |
||
|
||
22.08.2006, 21:52
Ehrenmitglied
Beiträge: 29434 |
#32
Duga
wenn du hier den scanreport vom Antivirus posten koenntest, muesste ich meine Glaskugel nicht suchen __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
23.08.2006, 11:44
...neu hier
Beiträge: 3 |
#33
Hehe... hab ich mich wohl als Ahnungsloser enttarnt
Hier mal das AVG-Logfile: Partition table (MBR) - OK - Quick checked Boot sector of disk C: - OK - Quick checked System registry Software\Microsoft\Windows NT\CurrentVersion\Windows\Load Scanned System registry Software\Microsoft\Windows NT\CurrentVersion\Windows\Run Scanned System registry Software\Microsoft\Windows\CurrentVersion\Run Scanned System registry Software\Microsoft\Windows\CurrentVersion\RunOnce Scanned System registry Software\Microsoft\Windows\CurrentVersion\RunOnceEx Scanned System registry Software\Microsoft\Windows\CurrentVersion\RunServices Scanned System registry Software\Microsoft\Windows\CurrentVersion\RunServicesOnce Scanned System registry Software\Microsoft\Windows\CurrentVersion\Run Scanned System registry Software\Microsoft\Windows\CurrentVersion\RunOnce Scanned System registry Software\Microsoft\Windows\CurrentVersion\RunOnceEx Scanned System registry Software\Microsoft\Windows\CurrentVersion\RunServices Scanned System registry Software\Microsoft\Windows\CurrentVersion\RunServicesOnce Scanned System registry Software\Microsoft\Windows\CurrentVersion\Winlogon\Userinit Scanned System registry SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell Scanned System registry exefile\shell\open\command Scanned System registry scrfile\shell\open\command Scanned System registry scrfile\shell\config\command Scanned System registry batfile\shell\open\command Scanned System registry cmdfile\shell\open\command Scanned System registry comfile\shell\open\command Scanned System registry piffile\shell\open\command Scanned System registry giffile\shell\open\command Scanned System registry htmlfile\shell\open\command Scanned System registry htafile\shell\open\command Scanned System registry jpegfile\shell\open\command Scanned System registry txtfile\shell\open\command Scanned System registry regfile\shell\open\command Scanned System registry cplfile\shell\cplopen\command Scanned System registry Word.Document.8\shell\open\command Scanned System registry WordPad.Document.1\shell\open\command Scanned System registry inffile\shell\open\command Scanned System registry vbsfile\shell\open\command Scanned System registry vbefile\shell\open\command Scanned C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe - OK - Quick checked C:\Program Files\CyberLink\PowerCinema Linux\ion_install.exe - OK - Quick checked C:\Programme\CyberLink\PowerDVD\PDVDServ.exe - OK - Quick checked C:\Programme\D-Tools\daemon.exe - OK - Quick checked C:\Programme\Intel\Wireless\Bin\EOUWiz.exe - OK - Quick checked C:\Programme\Intel\Wireless\Bin\iFrmewrk.exe - OK - Quick checked C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe - OK - Quick checked C:\Programme\Internet Explorer\IEXPLORE.EXE - OK - Quick checked C:\Programme\Java\jre1.5.0_03\bin\jusched.exe - OK - Quick checked C:\Programme\Microsoft Office\OFFICE11\WINWORD.EXE - OK - Quick checked C:\Programme\QuickTime\qttask.exe - OK - Quick checked C:\Programme\Skype\Phone\Skype.exe - OK - Quick checked C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe - OK - Quick checked C:\Programme\Synaptics\SynTP\SynTPEnh.exe - OK - Quick checked C:\Programme\Synaptics\SynTP\SynTPLpr.exe - OK - Quick checked C:\Programme\iTunes\iTunesHelper.exe - OK - Quick checked C:\WINDOWS\ALCMTR.EXE - OK - Quick checked C:\WINDOWS\ALCWZRD.EXE - OK - Quick checked C:\WINDOWS\SOUNDMAN.EXE - OK - Quick checked C:\WINDOWS\regedit.exe - OK - Quick checked C:\WINDOWS\sm56hlpr.exe - OK - Quick checked C:\WINDOWS\system32\HdAShCut.exe - OK - Quick checked C:\WINDOWS\system32\NeroCheck.exe - OK - Quick checked C:\WINDOWS\system32\ctfmon.exe - OK - Quick checked C:\WINDOWS\system32\mshta.exe - OK - Quick checked C:\WINDOWS\system32\nwiz.exe - OK - Quick checked C:\WINDOWS\system32\rundll32.exe - OK - Quick checked C:\WINDOWS\system32\shell32.dll - OK - Quick checked C:\WINDOWS\system32\shimgvw.dll - OK - Quick checked C:\WINDOWS\system32\kernel32.dll - OK - Quick checked C:\WINDOWS\system32\wsock32.dll - OK - Quick checked C:\WINDOWS\system32\user32.dll - OK - Quick checked C:\WINDOWS\system32\shell32.dll - OK - Quick checked C:\WINDOWS\system32\ntoskrnl.exe - OK - Quick checked C:\WINDOWS\system32\drivers\etc\hosts - OK - Quick checked D:\RECYCLER\S-1-5-21-3380552081-2286108752-3052340754-1007\Dd24.zip Virus identified Worm/VB.SO Infected System registry Software\Microsoft\Windows NT\CurrentVersion\Windows\Load Scanned System registry Software\Microsoft\Windows NT\CurrentVersion\Windows\Run Scanned System registry Software\Microsoft\Windows\CurrentVersion\Run Scanned System registry Software\Microsoft\Windows\CurrentVersion\RunOnce Scanned System registry Software\Microsoft\Windows\CurrentVersion\RunOnceEx Scanned System registry Software\Microsoft\Windows\CurrentVersion\RunServices Scanned System registry Software\Microsoft\Windows\CurrentVersion\RunServicesOnce Scanned System registry Software\Microsoft\Windows\CurrentVersion\Run Scanned System registry Software\Microsoft\Windows\CurrentVersion\RunOnce Scanned System registry Software\Microsoft\Windows\CurrentVersion\RunOnceEx Scanned System registry Software\Microsoft\Windows\CurrentVersion\RunServices Scanned System registry Software\Microsoft\Windows\CurrentVersion\RunServicesOnce Scanned System registry Software\Microsoft\Windows\CurrentVersion\Winlogon\Userinit Scanned System registry SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell Scanned System registry exefile\shell\open\command Scanned System registry scrfile\shell\open\command Scanned System registry scrfile\shell\config\command Scanned System registry batfile\shell\open\command Scanned System registry cmdfile\shell\open\command Scanned System registry comfile\shell\open\command Scanned System registry piffile\shell\open\command Scanned System registry giffile\shell\open\command Scanned System registry htmlfile\shell\open\command Scanned System registry htafile\shell\open\command Scanned System registry jpegfile\shell\open\command Scanned System registry txtfile\shell\open\command Scanned System registry regfile\shell\open\command Scanned System registry cplfile\shell\cplopen\command Scanned System registry Word.Document.8\shell\open\command Scanned System registry WordPad.Document.1\shell\open\command Scanned System registry inffile\shell\open\command Scanned System registry vbsfile\shell\open\command Scanned System registry vbefile\shell\open\command Scanned C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe - OK - Quick checked C:\Program Files\CyberLink\PowerCinema Linux\ion_install.exe - OK - Quick checked C:\Programme\CyberLink\PowerDVD\PDVDServ.exe - OK - Quick checked C:\Programme\D-Tools\daemon.exe - OK - Quick checked C:\Programme\Intel\Wireless\Bin\EOUWiz.exe - OK - Quick checked C:\Programme\Intel\Wireless\Bin\iFrmewrk.exe - OK - Quick checked C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe - OK - Quick checked C:\Programme\Internet Explorer\IEXPLORE.EXE - OK - Quick checked C:\Programme\Java\jre1.5.0_03\bin\jusched.exe - OK - Quick checked C:\Programme\Microsoft Office\OFFICE11\WINWORD.EXE - OK - Quick checked C:\Programme\QuickTime\qttask.exe - OK - Quick checked C:\Programme\Skype\Phone\Skype.exe - OK - Quick checked C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe - OK - Quick checked C:\Programme\Synaptics\SynTP\SynTPEnh.exe - OK - Quick checked C:\Programme\Synaptics\SynTP\SynTPLpr.exe - OK - Quick checked C:\Programme\iTunes\iTunesHelper.exe - OK - Quick checked C:\WINDOWS\ALCMTR.EXE - OK - Quick checked C:\WINDOWS\ALCWZRD.EXE - OK - Quick checked C:\WINDOWS\SOUNDMAN.EXE - OK - Quick checked C:\WINDOWS\regedit.exe - OK - Quick checked C:\WINDOWS\sm56hlpr.exe - OK - Quick checked C:\WINDOWS\system32\HdAShCut.exe - OK - Quick checked C:\WINDOWS\system32\NeroCheck.exe - OK - Quick checked C:\WINDOWS\system32\ctfmon.exe - OK - Quick checked C:\WINDOWS\system32\mshta.exe - OK - Quick checked C:\WINDOWS\system32\nwiz.exe - OK - Quick checked C:\WINDOWS\system32\rundll32.exe - OK - Quick checked C:\WINDOWS\system32\shell32.dll - OK - Quick checked C:\WINDOWS\system32\shimgvw.dll - OK - Quick checked Edit: gestern hieß der "Wurm" noch "Generic.IQ"... war im gleichen Ordner |
|
|
||
23.08.2006, 12:48
Ehrenmitglied
Beiträge: 29434 |
#34
1.
gehe auf die partition von D:\ und leere den Papierkorb. 2. entpacke combofix auf D:\ und poste den report http://virus-protect.org/artikel/tools/combofix.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
23.08.2006, 14:36
...neu hier
Beiträge: 3 |
#35
Hmm... Combofix will bei mir auch nach 2 Stunden noch keine Bereinigung starten.
Habs auf D entpackt und gestartet. Ich gebe Y ein, worauf dann seit 2 Stunden "please wait"... da steht. Habs dann abgebrochen. Hätte ich länger warten müssen? Papierkorb gelöscht (/umfall , dass ich auf sowas nicht komme...) und nach neuem Scan mit Avg nichts mehr gefunden.... |
|
|
||
23.08.2006, 14:39
Ehrenmitglied
Beiträge: 29434 |
#36
dann entpacke Combofix auf c:\ und poste den report
__________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
Hier mal das HijackThis Logfile:
Logfile of HijackThis v1.99.1
Scan saved at 14:08:47, on 22.08.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Intel\Wireless\Bin\EvtEng.exe
C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\sm56hlpr.exe
C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe
C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\Intel\Wireless\Bin\EOUWiz.exe
C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\Java\jre1.5.0_03\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Gemeinsame Dateien\Teleca Shared\CapabilityManager.exe
C:\Programme\iPod\bin\iPodService.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Programme\Gemeinsame Dateien\Teleca Shared\Generic.exe
C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Outlook Express\msimn.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\ICQ\Icq.exe
C:\Programme\Lavasoft\Ad-aware 6\Ad-aware.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgwb.dat
C:\Dokumente und Einstellungen\Daniel\Desktop\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.autoglobal.hr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de.yahoo.com/fsc/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.yahoo.com/fsc/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/fuji/defaults/su/*http://www.yahoo.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [Verknüpfung mit der High Definition Audio-Eigenschaftenseite] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [Seri*hier nicht!*] sm56hlpr.exe
O4 - HKLM\..\Run: [InstantOn] "C:\Program Files\CyberLink\PowerCinema Linux\ion_install.exe" /c
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Programme\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programme\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @C:\Programme\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Programme\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O17 - HKLM\System\CCS\Services\Tcpip\..\{D896196A-F547-4061-8C27-1ED114C78940}: NameServer = 195.29.150.3,195.29.150.4
O20 - Winlogon Notify: OdysseyClient - C:\WINDOWS\
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
Vielen Dank für die Hilfe, die hier geboten wird. Super Sache.