Malware/Virus Virtumonde

#0
03.06.2006, 13:46
Member

Beiträge: 11
#1 Als ich letzte Woche Samstag nichtsahnend den PC anmachte, der nen Tag vorher noch einwandfrei funktionierte, traf mich erst mal der schlag. Window ging nich mehr. Also flugs neu installiert, tauchten neue Probs auf. Nachdem ich Spyware Doctor, Ad-Aware, Norton Antivirus, Spybot Search&Destroy und Stinger drüberlaufen lassen hab (Spyware Doctor 5 mal), blieb von ca. 150 Infizierten Dateien/Regestry, etc. noch dieses Fiese, Verdammte Sch... Teil übrig:

Virtumonde

Spyware Doctor zeigt an, dass EXPLORER.EXE befallen ist, im WINDOWS Ordner die Datei sstqq.dll, die sich natürlich nicht löschen lässt (habs mit allem versucht, mehrere Datenvernichterprogramme, zb. Tune Up) außerdem in der Regisry files, die immer wieder kommen, wenn man sie löscht. Sobald ich ins Internet gehe, wird alles dermaßen langsam, das nur noch Reset hilft. Deswegen entschuldigt auch bitte, falls es so nen Tread schon gibt, nur muss ich halt immer schnell machen, bevor wieder alles abkackt.

Also hier hab ich mal Hijackthis drüber laufen lassen:

Logfile of HijackThis v1.99.1
Scan saved at 13:28:24, on 03.06.2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Avast4\aswUpdSv.exe
C:\Programme\Avast4\ashServ.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Programme\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\UAService7.exe
C:\Programme\ASUS\WLAN Card Utilities\NorExec.exe
C:\WINDOWS\System32\carpserv.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Programme\Microsoft IntelliType Pro\type32.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\Avast4\ashDisp.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\Programme\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programme\Spyware Doctor\swdoctor.exe
C:\Programme\Avast4\ashWebSv.exe
C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programme\Avast4\ashMaiSv.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Dokumente und Einstellungen\Jan.STARGATECENTER\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {45AD732C-2CE2-4666-B366-B2214AD57A49} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Programme\TGTSoft\StyleXP\TGT_BHO.dll
O2 - BHO: (no name) - {F2FA09FB-EE7A-46d8-9145-A1EEF7850052} - C:\WINDOWS\system32\sstqq.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O4 - HKLM\..\Run: [Norton] C:\Programme\ASUS\WLAN Card Utilities\NorExec.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [type32] "C:\Programme\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Programme\TuneUp Utilities 2006\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Programme\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Programme\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1137765512890
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1140821526531
O17 - HKLM\System\CCS\Services\Tcpip\..\{66466F67-5D8C-47E6-ACBF-0CAD0103FC5C}: NameServer = 192.168.0.1
O17 - HKLM\System\CS5\Services\Tcpip\..\{0904CCEA-0D71-4656-8AB0-2DF406965EA3}: NameServer = 62.104.191.241 62.104.196.134
O18 - Protocol: bw+0 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: sstqq - C:\WINDOWS\SYSTEM32\sstqq.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programme\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programme\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programme\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programme\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AntiVir Update (AVWUpSrv) - Unknown owner - C:\Programme\AntiVir\AVWUPSRV.EXE (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Programme\Spyware Doctor\sdhelp.exe
O23 - Service: StyleXPService - Unknown owner - C:\Programme\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Unknown owner - C:\Programme\Webroot\Spy Sweeper\WRSSSDK.exe (file missing)
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\System32\UAService7.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)


Das wärs soweit, hoffe auf baldige Anwort und Hilfe

In tiefer Verzweiflung:
The_Death

PS: Avast Zugriffs-Schutz zeigt mir immer:

"DCOM Exploit" abgewehrt von irgendner IP-Adresse oder so. Kann mir da jemand was zu sagen?
Seitenanfang Seitenende
04.06.2006, 00:03
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#2 arbeite vundofix ab und poste den scanreport
http://virus-protect.org/artikel/tools/vundofixx.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
04.06.2006, 13:19
Member

Themenstarter

Beiträge: 11
#3 Vundofix fand folgende Datei:

C:/Windows/System32/sstqq.dll

Was muss ich jetz mit Hijackthis fixen?

Ich hab da nur: Winlogon Notify: sstqq - C:\WINDOWS\
Seitenanfang Seitenende
04.06.2006, 14:03
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#4 The_Death

fixe mit Hiajckthis

Zitat

O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O2 - BHO: (no name) - {F2FA09FB-EE7A-46d8-9145-A1EEF7850052} - C:\WINDOWS\system32\sstqq.dll
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O20 - Winlogon Notify: sstqq - C:\WINDOWS\
das kannst du auch unbedenklich fixen:

O18 - Protocol: bw+0 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

PC neustarten

---------------------------------------------------------------------------

ich schaue noch mal nach:

stelle den CleanUp genauso ein, wie hier angegeben:
http://virus-protect.org/cleanup.html

Kopiere diese 4 Textdateien ab . (rechtsklick mit der Maus -> den Text markieren -> kopieren -> einfügen) Sie sind nach Datum geordnet. (kopiere nur die letzten 3 Monate ab)
http://virus-protect.org/datfindbat.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
04.06.2006, 17:21
Member

Themenstarter

Beiträge: 11
#5 So hab mit hijackthis gefixt und jetz die 4 logs:

1. Log:

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 585A-CB4D

Verzeichnis von C:\

04.06.2006 17:06 0 sys.txt
04.06.2006 17:06 12.206 system.txt
04.06.2006 17:06 309 systemtemp.txt
04.06.2006 17:06 101.788 system32.txt
04.06.2006 16:56 535.613.440 hiberfil.sys
04.06.2006 16:56 805.306.368 pagefile.sys
30.05.2006 15:29 355 boot.ini
28.05.2006 10:04 45 TEST.XML
03.05.2006 16:21 381 overall_network.csv
28.03.2006 13:15 441 bootbak.bat
27.03.2006 19:09 319 boot.bak
27.03.2006 19:09 319 boot.lgb
03.03.2006 19:42 194 BOOT.BKK

2. Log:

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 585A-CB4D

Verzeichnis von C:\DOKUME~1\JAN~1.STA\LOKALE~1\Temp

04.06.2006 16:58 16.384 Perflib_Perfdata_6b4.dat
1 Datei(en) 16.384 Bytes
0 Verzeichnis(se), 76.927.205.376 Bytes frei

3. Log:

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 585A-CB4D

Verzeichnis von C:\WINDOWS

04.06.2006 16:58 49 NeroDigital.ini
04.06.2006 16:57 0 0.log
04.06.2006 16:57 159 wiadebug.log
04.06.2006 16:57 50 wiaservc.log
04.06.2006 16:56 2.048 bootstat.dat
04.06.2006 16:55 7.926 ModemLog_FM-56PCI-HSFi-AB.txt
04.06.2006 16:46 32.468 SchedLgU.Txt
04.06.2006 16:38 610 oleco.ini
02.06.2006 15:08 778.009 setupapi.log
01.06.2006 20:38 47.352 Windows Update.log
01.06.2006 19:09 89.235 iis6.log
01.06.2006 19:09 241.662 comsetup.log
01.06.2006 19:09 146.993 ntdtcsetup.log
01.06.2006 19:09 239.366 tsoc.log
01.06.2006 19:09 1.891 imsins.log
01.06.2006 19:09 323.487 ocgen.log
01.06.2006 19:09 22.515 ocmsn.log
01.06.2006 19:09 29.308 msgsocm.log
01.06.2006 19:09 572.081 FaxSetup.log
01.06.2006 18:43 848 HBCIKRNL.INI
01.06.2006 14:41 83 wwp.INI
31.05.2006 19:56 389 LUINSTALL.LOG
30.05.2006 21:18 870.012 ntbtlog.txt
30.05.2006 18:01 9.255 Zmodeler.ini
29.05.2006 16:25 227 system.ini
28.05.2006 15:16 69.179 wmsetup.log
28.05.2006 15:16 17.581 dasetup.log
28.05.2006 15:15 332.849 DirectX.log
28.05.2006 14:16 797 win.ini
28.05.2006 14:04 535.617.536 MEMORY.DMP
28.05.2006 12:23 1.562 ATIWDM.LOG
28.05.2006 10:40 243 wmsetup10.log
28.05.2006 10:40 316.640 WMSysPr9.prx
28.05.2006 10:02 1.442 COM+.log
28.05.2006 09:59 719.744 setuplog.txt
28.05.2006 09:57 4.382 imsins.BAK
28.05.2006 09:57 424.647 setupact.log
28.05.2006 09:53 299.552 WMSysPrx.prx
28.05.2006 09:52 2.060 OEWABLog.txt
28.05.2006 09:52 4.161 ODBCINST.INI
28.05.2006 09:52 3.090 setuperr.log
28.05.2006 09:52 749 WindowsShell.Manifest
28.05.2006 09:51 858 DtcInstall.log
28.05.2006 09:51 9.173 sessmgr.setup.log
28.05.2006 09:48 8.114 regopt.log
27.05.2006 23:51 363.239 setupapi.old
27.05.2006 23:48 290.816 Setup1.exe
27.05.2006 23:48 74.752 ST6UNST.EXE
25.05.2006 22:29 1.845.769 WindowsUpdate.log
18.05.2006 14:52 260 musicmaker.INI
16.05.2006 16:03 367 lexstat.ini
08.05.2006 18:16 258 RtlRack.ini
21.04.2006 21:27 161.564 f-15-3_large.jpg
14.04.2006 15:59 383.015 WoWGeR-Client 1.9.4 Patch Setup Log.txt
08.04.2006 03:54 7.183 svcpack.log
07.04.2006 15:55 3.618 KB897715-OE6SP1-20050503.210336.log
07.04.2006 14:47 10.631 KB914798.log
07.04.2006 14:45 22.539 KB885250.log
07.04.2006 14:45 5.452 xpsp1hfm.log
07.04.2006 14:45 7.703 KB840374.log
07.04.2006 14:44 18.368 KB841356.log
07.04.2006 14:44 8.205 KB839645.log
07.04.2006 14:43 18.422 KB871250.log
07.04.2006 14:43 7.781 KB833987.log
07.04.2006 14:43 19.076 KB841873.log
07.04.2006 14:43 16.676 KB873376.log
07.04.2006 14:42 16.136 KB841533.log
07.04.2006 14:42 19.202 KB840987.log
03.04.2006 16:33 403 toolsx86.INI

4. Log:

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 585A-CB4D

Verzeichnis von C:\WINDOWS\system32

04.06.2006 16:56 146.466 ikhcore.log
04.06.2006 16:54 77 bios.rom
01.06.2006 17:51 2.993 CONFIG.NT
31.05.2006 19:54 9.767.149 kspydoc.log
31.05.2006 19:48 0 Sweeper.cfg
31.05.2006 11:02 624.640 aswBoot.exe
31.05.2006 10:54 90.112 AVASTSS.scr
30.05.2006 15:29 2.177.024 TUKernel.exe
28.05.2006 15:21 278.152 FNTCACHE.DAT
28.05.2006 12:46 9.216 Thumbs.db
28.05.2006 12:19 0 TFTP1692
28.05.2006 10:40 16.832 amcompat.tlb
28.05.2006 10:40 23.392 nscompat.tlb
28.05.2006 10:07 477.462 perfh009.dat
28.05.2006 10:07 79.020 perfc009.dat
28.05.2006 10:07 95.108 perfc007.dat
28.05.2006 10:07 499.308 perfh007.dat
28.05.2006 10:07 1.164.800 PerfStringBackup.INI
28.05.2006 10:03 12.598 wpa.dbl
28.05.2006 09:56 288 $winnt$.inf
28.05.2006 09:53 25.065 wmpscheme.xml
28.05.2006 09:52 488 WindowsLogon.manifest
28.05.2006 09:52 488 logonui.exe.manifest
28.05.2006 09:52 749 cdplayer.exe.manifest
28.05.2006 09:52 749 sapi.cpl.manifest
28.05.2006 09:52 749 wuaucpl.cpl.manifest
28.05.2006 09:52 749 nwc.cpl.manifest
28.05.2006 09:52 749 ncpa.cpl.manifest
28.05.2006 09:51 22.976 emptyregdb.dat
27.05.2006 23:43 12.598 wpa.bak
21.05.2006 11:40 4.096 crash
25.04.2006 20:28 2.043.008 kernel1.exe
20.04.2006 17:53 98.304 CmdLineExt.dll
13.04.2006 14:34 38.925 sstqq.dll


PS: Noch ma zu der Avast-Nachricht: Sobald diese DCOM Exploit abgewehrt kommt, hängt sich alles außer Internet auf. Und manchmal kommt ein Fenster, da steht dann ungefähr: Speichern sie alle änderungen, Windows wird von Windows NT/Autorität beendet. oder so was in der Art und nach 55 sec is der pc dann down, ich konnte es aber mit spyware doctor on guard blocken, nur wird der im mom von nem sogen. neuen bo-objekt traktiert, was er alle 2 sek im fenster anzeigt: BO-Objekt erkannt wird de/re-registiert oder so was... Ich hab keine Ahnung, lass aber gleich noch mal spyware doctor drüberlaufen, vllt. zeigt sich ja noch was.

MFG The_Death
Seitenanfang Seitenende
04.06.2006, 17:31
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#6 KILLBOX - Pocket KillBox
http://virus-protect.org/killbox.html

Options: Delete on Reboot --> anhaken
und klicke auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "---- klicke auf "no",und kopiere das nächste rein, erst beim letzten auf "yes"
reinkopieren: ..........

C:\WINDOWS\system32\TFTP1692
C:\WINDOWS\system32\sstqq.dll

PC neustarten


*
poste das neue Log vom HijackThis
*
poste noch mal die logs von datfindbat (bis Februar 2006)
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
04.06.2006, 17:47
Member

Themenstarter

Beiträge: 11
#7 neuer Hijackthislog:

Logfile of HijackThis v1.99.1
Scan saved at 17:43:38, on 04.06.2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Programme\Avast4\aswUpdSv.exe
C:\Programme\Avast4\ashServ.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Programme\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\UAService7.exe
C:\Programme\ASUS\WLAN Card Utilities\NorExec.exe
C:\WINDOWS\System32\carpserv.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Programme\Microsoft IntelliType Pro\type32.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\Avast4\ashDisp.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\Programme\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programme\Spyware Doctor\swdoctor.exe
C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programme\Avast4\ashMaiSv.exe
C:\Programme\Avast4\ashWebSv.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Dokumente und Einstellungen\Jan.STARGATECENTER\Desktop\Programme\HijackThis.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {45AD732C-2CE2-4666-B366-B2214AD57A49} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Programme\TGTSoft\StyleXP\TGT_BHO.dll
O2 - BHO: (no name) - {F2FA09FB-EE7A-46d8-9145-A1EEF7850052} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Norton] C:\Programme\ASUS\WLAN Card Utilities\NorExec.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [type32] "C:\Programme\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Programme\TuneUp Utilities 2006\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Programme\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Programme\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1137765512890
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1140821526531
O17 - HKLM\System\CCS\Services\Tcpip\..\{66466F67-5D8C-47E6-ACBF-0CAD0103FC5C}: NameServer = 192.168.0.1
O20 - Winlogon Notify: sstqq - C:\WINDOWS\
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programme\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programme\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programme\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programme\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AntiVir Update (AVWUpSrv) - Unknown owner - C:\Programme\AntiVir\AVWUPSRV.EXE (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Programme\Spyware Doctor\sdhelp.exe
O23 - Service: StyleXPService - Unknown owner - C:\Programme\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Unknown owner - C:\Programme\Webroot\Spy Sweeper\WRSSSDK.exe (file missing)
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\System32\UAService7.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)

dann der 1. Log:

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 585A-CB4D

Verzeichnis von C:\WINDOWS\system32

04.06.2006 17:42 159.312 ikhcore.log
04.06.2006 16:54 77 bios.rom
01.06.2006 17:51 2.993 CONFIG.NT
31.05.2006 19:54 9.767.149 kspydoc.log
31.05.2006 19:48 0 Sweeper.cfg
31.05.2006 11:02 624.640 aswBoot.exe
31.05.2006 10:54 90.112 AVASTSS.scr
30.05.2006 15:29 2.177.024 TUKernel.exe
28.05.2006 15:21 278.152 FNTCACHE.DAT
28.05.2006 12:46 9.216 Thumbs.db
28.05.2006 10:40 23.392 nscompat.tlb
28.05.2006 10:40 16.832 amcompat.tlb
28.05.2006 10:07 79.020 perfc009.dat
28.05.2006 10:07 477.462 perfh009.dat
28.05.2006 10:07 95.108 perfc007.dat
28.05.2006 10:07 499.308 perfh007.dat
28.05.2006 10:07 1.164.800 PerfStringBackup.INI
28.05.2006 10:03 12.598 wpa.dbl
28.05.2006 09:56 288 $winnt$.inf
28.05.2006 09:53 25.065 wmpscheme.xml
28.05.2006 09:52 488 WindowsLogon.manifest
28.05.2006 09:52 488 logonui.exe.manifest
28.05.2006 09:52 749 cdplayer.exe.manifest
28.05.2006 09:52 749 sapi.cpl.manifest
28.05.2006 09:52 749 nwc.cpl.manifest
28.05.2006 09:52 749 wuaucpl.cpl.manifest
28.05.2006 09:52 749 ncpa.cpl.manifest
28.05.2006 09:51 22.976 emptyregdb.dat
27.05.2006 23:43 12.598 wpa.bak
21.05.2006 11:40 4.096 crash
25.04.2006 20:28 2.043.008 kernel1.exe
20.04.2006 17:53 98.304 CmdLineExt.dll
29.03.2006 14:55 2.043.008 KERNEL.TMP
28.03.2006 15:21 8.464 sporder.dll
20.03.2006 16:41 664 d3d9caps.dat
10.03.2006 02:10 4.799.320 MRT.exe
07.03.2006 19:05 221.184 UAService7.exe
24.02.2006 23:23 4.212 zllictbl.dat
22.02.2006 05:27 6.684.672 atioglx1.dll
22.02.2006 05:11 151.552 atikvmag.dll
22.02.2006 05:04 258.048 ati2cqag.dll
22.02.2006 04:21 282.624 ATIDEMGR.dll
14.02.2006 10:20 550.120 LegitCheckControl.dll
13.02.2006 22:29 121.995 atiicdxx.dat
01.02.2006 04:48 106.496 atinppt2.ax

2. Log:

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 585A-CB4D

Verzeichnis von C:\WINDOWS

04.06.2006 17:42 0 0.log
04.06.2006 17:42 157 wiadebug.log
04.06.2006 17:42 50 wiaservc.log
04.06.2006 17:42 2.048 bootstat.dat
04.06.2006 17:41 32.468 SchedLgU.Txt
04.06.2006 17:41 35.336 ModemLog_FM-56PCI-HSFi-AB.txt
04.06.2006 17:38 610 oleco.ini
04.06.2006 17:07 49 NeroDigital.ini
02.06.2006 15:08 778.009 setupapi.log
01.06.2006 20:38 47.352 Windows Update.log
01.06.2006 19:09 241.662 comsetup.log
01.06.2006 19:09 89.235 iis6.log
01.06.2006 19:09 146.993 ntdtcsetup.log
01.06.2006 19:09 1.891 imsins.log
01.06.2006 19:09 239.366 tsoc.log
01.06.2006 19:09 29.308 msgsocm.log
01.06.2006 19:09 323.487 ocgen.log
01.06.2006 19:09 22.515 ocmsn.log
01.06.2006 19:09 572.081 FaxSetup.log
01.06.2006 18:43 848 HBCIKRNL.INI
01.06.2006 14:41 83 wwp.INI
31.05.2006 19:56 389 LUINSTALL.LOG
30.05.2006 21:18 870.012 ntbtlog.txt
30.05.2006 18:01 9.255 Zmodeler.ini
29.05.2006 16:25 227 system.ini
28.05.2006 15:16 69.179 wmsetup.log
28.05.2006 15:16 17.581 dasetup.log
28.05.2006 15:15 332.849 DirectX.log
28.05.2006 14:16 797 win.ini
28.05.2006 14:04 535.617.536 MEMORY.DMP
28.05.2006 12:23 1.562 ATIWDM.LOG
28.05.2006 10:40 243 wmsetup10.log
28.05.2006 10:40 316.640 WMSysPr9.prx
28.05.2006 10:02 1.442 COM+.log
28.05.2006 09:59 719.744 setuplog.txt
28.05.2006 09:57 4.382 imsins.BAK
28.05.2006 09:57 424.647 setupact.log
28.05.2006 09:53 299.552 WMSysPrx.prx
28.05.2006 09:52 2.060 OEWABLog.txt
28.05.2006 09:52 4.161 ODBCINST.INI
28.05.2006 09:52 3.090 setuperr.log
28.05.2006 09:52 749 WindowsShell.Manifest
28.05.2006 09:51 858 DtcInstall.log
28.05.2006 09:51 9.173 sessmgr.setup.log
28.05.2006 09:48 8.114 regopt.log
27.05.2006 23:51 363.239 setupapi.old
27.05.2006 23:48 290.816 Setup1.exe
27.05.2006 23:48 74.752 ST6UNST.EXE
25.05.2006 22:29 1.845.769 WindowsUpdate.log
18.05.2006 14:52 260 musicmaker.INI
16.05.2006 16:03 367 lexstat.ini
08.05.2006 18:16 258 RtlRack.ini
21.04.2006 21:27 161.564 f-15-3_large.jpg
14.04.2006 15:59 383.015 WoWGeR-Client 1.9.4 Patch Setup Log.txt
08.04.2006 03:54 7.183 svcpack.log
07.04.2006 15:55 3.618 KB897715-OE6SP1-20050503.210336.log
07.04.2006 14:47 10.631 KB914798.log
07.04.2006 14:45 22.539 KB885250.log
07.04.2006 14:45 5.452 xpsp1hfm.log
07.04.2006 14:45 7.703 KB840374.log
07.04.2006 14:44 18.368 KB841356.log
07.04.2006 14:44 8.205 KB839645.log
07.04.2006 14:43 18.422 KB871250.log
07.04.2006 14:43 7.781 KB833987.log
07.04.2006 14:43 19.076 KB841873.log
07.04.2006 14:43 16.676 KB873376.log
07.04.2006 14:42 16.136 KB841533.log
07.04.2006 14:42 19.202 KB840987.log
03.04.2006 16:33 403 toolsx86.INI
28.03.2006 15:28 183.296 NDNuninstall7_22.exe
10.03.2006 15:40 7.330 WGA.log
02.03.2006 18:28 107.134 UninstallFirefox.exe
02.03.2006 18:28 4.370 mozver.dat
02.03.2006 18:26 179 LDM.log
02.03.2006 18:25 86 KE.log
27.02.2006 18:42 2.359.350 Firefox Wallpaper.bmp
27.02.2006 18:42 177.823 206cc.jpg
25.02.2006 22:08 2.737 spupdsvc.log
25.02.2006 00:54 56.468 KB913446.log
25.02.2006 00:54 51.687 KB911564.log
25.02.2006 00:53 62.645 KB911927.log
25.02.2006 00:53 32.720 updspapi.log
25.02.2006 00:53 48.743 KB911565.log
25.02.2006 00:52 49.116 KB905915-IE6SP1-20051122.175908.log
25.02.2006 00:51 45.532 KB910437.log
25.02.2006 00:51 54.246 KB900725.log
25.02.2006 00:51 55.797 KB902400.log
25.02.2006 00:50 31.858 KB896423.log
25.02.2006 00:50 32.214 KB890859.log
25.02.2006 00:50 22.764 KB887472.log

3. Log:

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 585A-CB4D

Verzeichnis von C:\

04.06.2006 17:42 0 sys.txt
04.06.2006 17:42 12.206 system.txt
04.06.2006 17:42 556 systemtemp.txt
04.06.2006 17:42 101.695 system32.txt
04.06.2006 17:42 535.613.440 hiberfil.sys
04.06.2006 17:42 805.306.368 pagefile.sys
30.05.2006 15:29 355 boot.ini
28.05.2006 10:04 45 TEST.XML
03.05.2006 16:21 381 overall_network.csv
28.03.2006 13:15 441 bootbak.bat
27.03.2006 19:09 319 boot.bak
27.03.2006 19:09 319 boot.lgb
03.03.2006 19:42 194 BOOT.BKK
15.04.2004 18:50 870 IPH.PH
15.04.2004 02:30 0 CONFIG.SYS
15.04.2004 02:30 0 MSDOS.SYS
15.04.2004 02:30 0 IO.SYS
15.04.2004 02:30 0 AUTOEXEC.BAT
02.04.2003 14:00 4.952 bootfont.bin
02.04.2003 14:00 47.580 NTDETECT.COM
02.04.2003 14:00 235.296 ntldr
21 Datei(en) 1.341.325.017 Bytes
0 Verzeichnis(se), 76.925.460.480 Bytes frei

4. Log:

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 585A-CB4D

Verzeichnis von C:\DOKUME~1\JAN~1.STA\LOKALE~1\Temp

04.06.2006 17:42 16.384 Perflib_Perfdata_120.dat
04.06.2006 17:38 8.871 trash.htm
04.06.2006 17:38 0 TMP3.tmp
04.06.2006 17:12 0 TMP2.tmp
04.06.2006 17:09 0 TMP4.tmp
04.06.2006 16:58 16.384 Perflib_Perfdata_6b4.dat
6 Datei(en) 41.639 Bytes
0 Verzeichnis(se), 76.925.476.864 Bytes frei
Seitenanfang Seitenende
04.06.2006, 18:06
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#8 1.
fixe mit dem HijackThis:

O2 - BHO: (no name) - {45AD732C-2CE2-4666-B366-B2214AD57A49} - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O2 - BHO: (no name) - {F2FA09FB-EE7A-46d8-9145-A1EEF7850052} - (no file)
O20 - Winlogon Notify: sstqq - C:\WINDOWS\

PC neustarten

2.
loesche:
C:\WINDOWS\system32\sporder.dll
C:\WINDOWS\NDNuninstall7_22.exe

3.
scanne mit ewido und poste den report
http://virus-protect.org/ewido.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
05.06.2006, 12:09
Member

Themenstarter

Beiträge: 11
#9 Spyware Doctor Scan-Ergebnisse:

Infizierungen: 4

Virtumonde
Virtumonde modifies the Windows Internet connection mechanism and display varios pop-up advertisements.

Files:

- C:\System Volume Information\_restore{8B30F253-140D-44FB-91C8-1D10644DE9EC}\RP21\A0033077.dll
- C:\System Volume Information\_restore{8B30F253-140D-44FB-91C8-1D10644DE9EC}\RP21\A0035118.dll

Registry:

- HKLM\Software\Mircrosoft\Windows\Current Version\Explorer\Browser Helper Objects\{F2FA09FB-EE7A-46D8-9145-A1EEF7850052}
- HKLM\Software\Mircrosoft\Windows\Current Version\Explorer\Browser Helper Objects\{F2FA09FB-EE7A-46D8-9145-A1EEF7850052}##

---------------------------------------------------------------------------------------------------------------------------
ewido anti-malware - System-Scan

- 13 Infizierungen, konnte Report durch "Aufhängen" nicht speichern, Infizierungen behoben.
- 2. Scan brachte keine Ergebnisse mehr.

---------------------------------------------------------
ewido anti-malware - Prozess Report
---------------------------------------------------------

+ Erstellt am: 10:53:45, 05.06.2006
+ Report-Checksumme: 5A006EA8

0: System Process
4: System Process
192: C:\Programme\TuneUp Utilities 2006\MemOptimizer.exe
236: C:\Programme\Messenger\msmsgs.exe
240: C:\WINDOWS\System32\ctfmon.exe
280: C:\WINDOWS\System32\svchost.exe
288: C:\Programme\Spyware Doctor\swdoctor.exe
420: C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
476: \SystemRoot\System32\smss.exe
528: C:\WINDOWS\System32\UAService7.exe
544: \??\C:\WINDOWS\system32\csrss.exe
568: \??\C:\WINDOWS\system32\winlogon.exe
612: C:\WINDOWS\system32\services.exe
624: C:\WINDOWS\system32\lsass.exe
768: C:\WINDOWS\System32\Ati2evxx.exe
796: C:\WINDOWS\system32\svchost.exe
840: C:\WINDOWS\System32\svchost.exe
864: C:\Programme\TGTSoft\StyleXP\StyleXPService.exe
948: C:\WINDOWS\System32\svchost.exe
1024: C:\WINDOWS\System32\svchost.exe
1152: C:\WINDOWS\system32\Ati2evxx.exe
1212: C:\WINDOWS\Explorer.EXE
1288: C:\WINDOWS\system32\LEXBCES.EXE
1312: C:\WINDOWS\system32\spoolsv.exe
1328: C:\WINDOWS\system32\LEXPPS.EXE
1356: C:\Programme\Avast4\ashWebSv.exe
1500: C:\Programme\Avast4\aswUpdSv.exe
1528: C:\Programme\Avast4\ashServ.exe
1588: C:\Programme\ewido anti-malware\ewidoctrl.exe
1612: C:\Programme\ewido anti-malware\ewidoguard.exe
1840: C:\Programme\Avast4\ashMaiSv.exe
1852: C:\WINDOWS\System32\SCardSvr.exe
1908: C:\Programme\Spyware Doctor\sdhelp.exe
1924: C:\Programme\ASUS\WLAN Card Utilities\NorExec.exe
1932: C:\WINDOWS\System32\carpserv.exe
1968: C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\UsrPrmpt.exe
1976: C:\Programme\Microsoft IntelliType Pro\type32.exe
1984: C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
1992: C:\Programme\ATI Technologies\ATI.ACE\cli.exe
2024: C:\PROGRA~1\Avast4\ashDisp.exe
2032: C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
2488: C:\WINDOWS\System32\wbem\wmiprvse.exe
2804: C:\Programme\ATI Technologies\ATI.ACE\cli.exe
2844: C:\Programme\ewido anti-malware\securitysuite.exe
---------------------------------------------------------------------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 11:51:44, on 05.06.2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Programme\Avast4\aswUpdSv.exe
C:\Programme\Avast4\ashServ.exe
C:\Programme\ewido anti-malware\ewidoctrl.exe
C:\Programme\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Programme\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\carpserv.exe
C:\Programme\Microsoft IntelliType Pro\type32.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\Avast4\ashDisp.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\Programme\TuneUp Utilities 2006\MemOptimizer.exe
C:\Programme\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Spyware Doctor\swdoctor.exe
C:\WINDOWS\System32\UAService7.exe
C:\Programme\Avast4\ashWebSv.exe
C:\Programme\Avast4\ashMaiSv.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\ewido anti-malware\securitysuite.exe
C:\WINDOWS\notepad.exe
C:\Dokumente und Einstellungen\Jan.STARGATECENTER\Desktop\Programme\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {45AD732C-2CE2-4666-B366-B2214AD57A49} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Programme\TGTSoft\StyleXP\TGT_BHO.dll
O2 - BHO: (no name) - {F2FA09FB-EE7A-46d8-9145-A1EEF7850052} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Norton] C:\Programme\ASUS\WLAN Card Utilities\NorExec.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [type32] "C:\Programme\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Programme\TuneUp Utilities 2006\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Programme\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Programme\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1137765512890
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1140821526531
O17 - HKLM\System\CCS\Services\Tcpip\..\{66466F67-5D8C-47E6-ACBF-0CAD0103FC5C}: NameServer = 192.168.0.1
O20 - Winlogon Notify: sstqq - C:\WINDOWS\
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programme\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programme\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programme\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programme\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AntiVir Update (AVWUpSrv) - Unknown owner - C:\Programme\AntiVir\AVWUPSRV.EXE (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Programme\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programme\ewido anti-malware\ewidoguard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Programme\Spyware Doctor\sdhelp.exe
O23 - Service: StyleXPService - Unknown owner - C:\Programme\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Unknown owner - C:\Programme\Webroot\Spy Sweeper\WRSSSDK.exe (file missing)
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\System32\UAService7.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)
Seitenanfang Seitenende
05.06.2006, 12:14
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#10 The_Death

1.
Arbeitsplatz-->Rechtsklick, dann auf Eigenschaften--->Reiter Systemwiederherstellung--->Häkchen setzen bei Systemwiederherstellung auf allen Laufwerken deaktivieren.
(dann wieder aktivieren)

2.
Download Registry Search by Bobbi Flekman
http://virus-protect.org/artikel/tools/regsearch.html
und doppelklicken, um zu starten. in: "Enter search strings" (reinschreiben oder reinkopieren)

sstqq

in edit und klicke "Ok".
Notepad wird sich oeffnen -- kopiere den Text ab und poste ihn.

in: "Enter search strings" (reinschreiben oder reinkopieren)

{F2FA09FB-EE7A-46d8-9145-A1EEF7850052}

in edit und klicke "Ok".
Notepad wird sich oeffnen -- kopiere den Text ab und poste ihn.

-----------------------------------------------------------------------

3.
poste das log
RootkitRevealer
http://www.sysinternals.com/Utilities/RootkitRevealer.html

4.
Download f-secure-Beta Trial
http://www.f-secure.com/blacklight/
starte die Datei, nimm die Lizenzbestimmung an und waehle scan, wenn es mit dem Scan fertig ist, druecke next und danach close. Nun befindet sich im selben Ordner von Blacklight eine FSB*.TXT Datei -> hier posten
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
05.06.2006, 18:31
Member

Themenstarter

Beiträge: 11
#11 06/05/06 18:12:31 [Info]: BlackLight Engine 1.0.37 initialized
06/05/06 18:12:31 [Info]: OS: 5.1 build 2600 (Service Pack 1)
06/05/06 18:12:31 [Note]: 7019 4
06/05/06 18:12:31 [Note]: 7005 0
06/05/06 18:12:37 [Note]: 7006 0
06/05/06 18:12:37 [Note]: 7011 1188
06/05/06 18:12:37 [Note]: 7026 0
06/05/06 18:12:37 [Note]: 7026 0
06/05/06 18:12:41 [Note]: FSRAW library version 1.7.1015
06/05/06 18:15:27 [Note]: 7007 0
-------------------------------------------------------------------
HKLM\SOFTWARE\Classes\webcal\URL Protocol 19.1.2006 17:56 13 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\SecuROM\!CAUTION! NEVER DELETE OR CHANGE ANY KEY* 23.3.2006 18:50 0 bytes Key name contains embedded nulls (*)
HKLM\SYSTEM\ControlSet002\Services\d347prt\Cfg\0Jf40 5.6.2006 18:08 0 bytes Hidden from Windows API.
HKLM\SYSTEM\ControlSet002\Services\d347prt\Cfg\0Jf41 28.5.2006 14:14 0 bytes Hidden from Windows API.
HKLM\SYSTEM\ControlSet002\Services\d347prt\Cfg\0Jf42 28.5.2006 14:14 0 bytes Hidden from Windows API.
HKLM\SYSTEM\ControlSet002\Services\d347prt\Cfg\0Jf43 30.3.2006 14:20 0 bytes Hidden from Windows API.
HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\s0 20.1.2006 17:10 4 bytes Hidden from Windows API.
HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\s1 20.1.2006 17:10 4 bytes Hidden from Windows API.
HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\s2 20.1.2006 17:10 4 bytes Hidden from Windows API.
HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\g0 20.1.2006 17:10 32 bytes Hidden from Windows API.
C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll 2.3.2006 19:14 252.00 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll 2.3.2006 19:14 111.50 KB Visible in Windows API, but not in MFT or directory index.
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
REGEDIT4

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.1.0

; Results at 05.06.2006 18:30:29 for strings:
; 'sstqq'
; '{f2fa09fb-ee7a-46d8-9145-a1eef7850052}'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{F2FA09FB-EE7A-46d8-9145-A1EEF7850052}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{F2FA09FB-EE7A-46d8-9145-A1EEF7850052}"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sstqq]

[HKEY_USERS\S-1-5-21-2998049325-2888997173-801624603-1005\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit]
"LastKey"="Arbeitsplatz\\HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\Notify\\sstqq"

[HKEY_USERS\S-1-5-21-2998049325-2888997173-801624603-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\dll]
"a"="C:\\WINDOWS\\system32\\sstqq.dll"

; End Of The Log...
Seitenanfang Seitenende
06.06.2006, 00:33
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#12 The_Death

Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als fixme.reg mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden.

Die Datei "fixme.reg" auf dem Desktop doppelklicken und der Registry beifuegen.

Zitat

REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{F2FA09FB-EE7A-46d8-9145-A1EEF7850052}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{F2FA09FB-EE7A-46d8-9145-A1EEF7850052}"=-

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sstqq]
PC neustarten

poste das neue Log vom HijackThis
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
06.06.2006, 15:27
Member

Themenstarter

Beiträge: 11
#13 Logfile of HijackThis v1.99.1
Scan saved at 15:26:28, on 06.06.2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Programme\Avast4\aswUpdSv.exe
C:\Programme\Avast4\ashServ.exe
C:\Programme\ewido anti-malware\ewidoctrl.exe
C:\Programme\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Programme\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\ASUS\WLAN Card Utilities\NorExec.exe
C:\WINDOWS\System32\carpserv.exe
C:\WINDOWS\System32\UAService7.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Programme\Microsoft IntelliType Pro\type32.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\Avast4\ashDisp.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\Programme\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programme\Spyware Doctor\swdoctor.exe
C:\Programme\Avast4\ashWebSv.exe
C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programme\Avast4\ashMaiSv.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Dokumente und Einstellungen\Jan.STARGATECENTER\Desktop\Programme\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {45AD732C-2CE2-4666-B366-B2214AD57A49} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Programme\TGTSoft\StyleXP\TGT_BHO.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Norton] C:\Programme\ASUS\WLAN Card Utilities\NorExec.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [type32] "C:\Programme\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Programme\TuneUp Utilities 2006\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Programme\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Programme\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1137765512890
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1140821526531
O17 - HKLM\System\CCS\Services\Tcpip\..\{66466F67-5D8C-47E6-ACBF-0CAD0103FC5C}: NameServer = 192.168.0.1
O20 - Winlogon Notify: sstqq - C:\WINDOWS\
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programme\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programme\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programme\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programme\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AntiVir Update (AVWUpSrv) - Unknown owner - C:\Programme\AntiVir\AVWUPSRV.EXE (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Programme\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programme\ewido anti-malware\ewidoguard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Programme\Spyware Doctor\sdhelp.exe
O23 - Service: StyleXPService - Unknown owner - C:\Programme\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Unknown owner - C:\Programme\Webroot\Spy Sweeper\WRSSSDK.exe (file missing)
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\System32\UAService7.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)
Seitenanfang Seitenende
06.06.2006, 16:50
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#14 nun weiss ich nicht, ob du die reg-Datei korrekt angewendet hast......
berichte bitte, denn eigentlich muessten nun die Eintraege im HijackThis verschwunden sein ;)

Start - Ausfuehren - regedit
bearbeiten - suchen -

- sstqq

- {F2FA09FB-EE7A-46d8-9145-A1EEF7850052}

loesche alles raus, was du findest und starte den Rechner neu
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
07.06.2006, 17:18
Member

Themenstarter

Beiträge: 11
#15 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{F2FA09FB-EE7A-46d8-9145-A1EEF7850052}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sstqq]

Die Zwei krieg ich net weg!

EDIT:
Ich denke es hat sich erledigt... Bei Regestry durchsuchen zeigt er nichts an... noch heute oder morgen alles an antiviren/malware etc. drüber laufen lassen un dann mal schaun... wenns weg ist: tausend dank für die professionelle hilfe. Wenn nich auch tausend dank ;)

Zitat

freiwillig: PayPal
werd sehn was sich machen lässt ;)
Dieser Beitrag wurde am 07.06.2006 um 17:32 Uhr von The_Death editiert.
Seitenanfang Seitenende