VirusBuster Critical System Errors |
||
---|---|---|
#0
| ||
08.12.2006, 13:36
Ehrenmitglied
Beiträge: 29434 |
||
|
||
09.12.2006, 21:46
Member
Beiträge: 17 |
#47
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe C:\Programme\Ahead\InCD\InCDsrv.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE C:\Programme\Ahead\InCD\InCD.exe C:\Programme\iTunes\iTunesHelper.exe C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\iPod\bin\iPodService.exe C:\Programme\AT-AR215\AT-AR215 USB ADSL WAN Adapter\dslmon.exe C:\Programme\Internet Explorer\iexplore.exe C:\DOKUME~1\JRGEN~1\LOKALE~1\Temp\Temporäres Verzeichnis 1 für hijackthis.zip\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.de/ O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O4 - HKLM\..\Run: [REGSHAVE] C:\Programme\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [LVCOMS] C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [2kadiras] 2kadiras.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [InCD] C:\Programme\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: DSLMON.lnk = ? O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {33331111-1111-1111-1111-611111193429} - O16 - DPF: {33331111-1111-1111-1111-615111193427} - O16 - DPF: {33331111-1131-1111-1111-611111193428} - O16 - DPF: {4C0942C1-C405-4805-B3B6-EA16F2DDD1BD} (innova-Panorama-Viewer Object) - http://www.webplaner-innoplus.de/innova/pano/prog/rundum.7.0.2.0.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120342323249 O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Programme\Ahead\InCD\InCDsrv.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe |
|
|
||
10.12.2006, 00:45
Ehrenmitglied
Beiträge: 29434 |
#48
jürgen1972
öffne das HijackThis -- Button "scan" -- vor diese Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten Zitat O16 - DPF: {33331111-1111-1111-1111-611111193429} -PC neustarten ** poste das neue log vom HijackThis __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
10.12.2006, 15:30
Member
Beiträge: 17 |
#49
Hi,
ignorierliste und dann delete war das ok? gruss jürgen Logfile of HijackThis v1.99.1 Scan saved at 15:39:17, on 10.12.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\AntiVir PersonalEdition Classic\sched.exe C:\Programme\AntiVir PersonalEdition Classic\avguard.exe C:\Programme\Ahead\InCD\InCDsrv.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE C:\Programme\Ahead\InCD\InCD.exe C:\Programme\iTunes\iTunesHelper.exe C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\AT-AR215\AT-AR215 USB ADSL WAN Adapter\dslmon.exe C:\Programme\iPod\bin\iPodService.exe C:\DOKUME~1\JRGEN~1\LOKALE~1\Temp\Temporäres Verzeichnis 7 für hijackthis.zip\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.de/ O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O4 - HKLM\..\Run: [REGSHAVE] C:\Programme\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [LVCOMS] C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [2kadiras] 2kadiras.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [InCD] C:\Programme\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: DSLMON.lnk = ? O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {4C0942C1-C405-4805-B3B6-EA16F2DDD1BD} (innova-Panorama-Viewer Object) - http://www.webplaner-innoplus.de/innova/pano/prog/rundum.7.0.2.0.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120342323249 O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Programme\Ahead\InCD\InCDsrv.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe |
|
|
||
10.12.2006, 16:56
Ehrenmitglied
Beiträge: 29434 |
#50
««
scanne noch mal mit dr.web im abgesicherten modus leider hast du mir nie einen scanreport gepostet.... ich denke, dass der Rechner wieder i.o. ist - wenn es noch Probleme geben sollte - melde dich __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
14.12.2006, 22:34
...neu hier
Beiträge: 7 |
#51
Hi,
ich habe mir auch virusbuster eingefangen hier ist meine Log. Danke schon im voraus. Logfile of HijackThis v1.99.1 Scan saved at 22:33:07, on 14.12.2006 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Sygate\SPF\smc.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\netdde.exe C:\WINDOWS\System32\Ati2evxx.exe C:\Programme\FRITZ!DSL\IGDCTRL.EXE C:\Programme\avmwlanstick\WlanNetService.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\atiptaxx.exe C:\Programme\Apoint2K\Apoint.exe C:\WINDOWS\System32\CePMTray.exe C:\PROGRA~1\EzButton\CPATR10.EXE C:\Programme\TOSHIBA\E-KEY\CeEKey.exe C:\Programme\eBay\eBay Toolbar2\eBayTBDaemon.exe C:\Programme\Kill Window 2.0\Kill Window 2.0.exe C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe C:\Programme\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe C:\Programme\FRITZ!DSL\StCenter.exe C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\System32\dllhost.exe C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe C:\Programme\Apoint2K\Apntex.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\MsiExec.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Programme\Internet Download Manager\IDMan.exe C:\Dokumente und Einstellungen\Peter Pan\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.de/ O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Programme\Internet Download Manager\IDMIECC.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {0EEDB912-C5FA-486F-8334-57288578C627} - (no file) O2 - BHO: (no name) - {1a1ddc19-5893-43ab-a73f-f41a0f34d115} - C:\Programme\Video ActiveX Object\isaddon.dll O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Programme\eBay\eBay Toolbar2\eBayTB.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: (no name) - {90DDB9D8-A752-17E1-F7EA-8D366F7D007E} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Programme\eBay\eBay Toolbar2\eBayTB.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll O3 - Toolbar: Protection Bar - {5d4831e0-5a7c-4a46-afd5-a79ab8ce36c2} - C:\Programme\Video ActiveX Object\iesplugin.dll O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe O4 - HKLM\..\Run: [SoundFusion] RunDll32 cwaprops.cpl,CrystalControlWnd O4 - HKLM\..\Run: [Apoint] C:\Programme\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [CeEPOWER] C:\WINDOWS\System32\CePMTray.exe O4 - HKLM\..\Run: [CPATR10] C:\PROGRA~1\EzButton\CPATR10.EXE O4 - HKLM\..\Run: [CeEKey.exe] C:\Programme\TOSHIBA\E-KEY\CeEKey.exe O4 - HKLM\..\Run: [eBayToolbar] C:\Programme\eBay\eBay Toolbar2\eBayTBDaemon.exe O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [AVP] "C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Programme\TuneUp Utilities 2006\MemOptimizer.exe" autostart O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE" O4 - Startup: FRITZ!DSL Startcenter.lnk = C:\Programme\FRITZ!DSL\StCenter.exe O8 - Extra context menu item: &eBay Search - res://C:\Programme\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html O8 - Extra context menu item: Download All Links with IDM - C:\Programme\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: Download with &Shareaza - res://C:\Programme\Shareaza\Plugins\RazaWebHook.dll/3000 O8 - Extra context menu item: Download with IDM - C:\Programme\Internet Download Manager\IEExt.htm O8 - Extra context menu item: Easy-WebPrint - Drucken - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint - Vorschau - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Senden an &Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{679D82D3-CF0C-4E00-9346-037D85384E69}: NameServer = 85.255.116.136,85.255.112.13 O17 - HKLM\System\CCS\Services\Tcpip\..\{CD453072-E347-4B7E-8061-2AA19D899734}: NameServer = 85.255.116.136,85.255.112.13 O17 - HKLM\System\CCS\Services\Tcpip\..\{DC6BCC9B-BAFD-4935-B499-9C8579105CC1}: NameServer = 85.255.116.136,85.255.112.13 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.136 85.255.112.13 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.136 85.255.112.13 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.136 85.255.112.13 O20 - Winlogon Notify: klogon - C:\WINDOWS\System32\klogon.dll O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: AVM IGD CTRL Service - AVM Berlin - C:\Programme\FRITZ!DSL\IGDCTRL.EXE O23 - Service: AVM WLAN Connection Service - AVM Berlin - C:\Programme\avmwlanstick\WlanNetService.exe O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing) O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing) O23 - Service: NBService - Nero AG - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Programme\SiSoftware\SiSoftware Sandra Lite 2007.SP1\Win32\RpcDataSrv.exe O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Programme\SiSoftware\SiSoftware Sandra Lite 2007.SP1\RpcSandraSrv.exe O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programme\Sygate\SPF\smc.exe |
|
|
||
15.12.2006, 00:08
Ehrenmitglied
Beiträge: 29434 |
#52
mustang_sb
deine Internetverbindung geht nicht zu deinem provider, sondern in die Ukraine 1. scanne und poste den scanrepot hier http://virus-protect.org/artikel/tools/fixwareout.html 2. stelle den CleanUp genauso ein, wie hier angegeben: http://virus-protect.org/cleanup.html 3. Kopiere diese 6 Textdateien ab . (rechtsklick mit der Maus -> den Text markieren -> kopieren -> einfügen) Sie sind nach Datum geordnet. (kopiere nur die letzten 3 Monate ab) http://virus-protect.org/datfindbat.html 4. poste dieses log http://virus-protect.org/artikel/tools/combofix.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
16.12.2006, 14:28
...neu hier
Beiträge: 7 |
#53
Hi,
der Report von FixWareout. Windows Script Host access is disabled on this machine. Post this in the forum please. Der Report von Datfindbut, Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 1450-1102 Verzeichnis von C:\WINDOWS\system32 16.12.2006 14:18 1.136 wpa.dbl 13.12.2006 19:34 19.456 qrzsyr.dll 13.12.2006 15:48 2.953 CONFIG.NT 23.11.2006 16:45 24.072 uxtuneup.dll 01.11.2006 17:42 94.314 klogon.dll 30.10.2006 06:53 109.400 FNTCACHE.DAT 28.09.2006 10:53 13.312 BASSMOD.dll 29.08.2006 10:28 140.984 idmmbc.dll 25.08.2006 04:47 39.672 vxblock.dll 25.08.2006 04:47 67.240 pxhpinst.exe 25.08.2006 04:47 63.144 pxcpya64.exe 25.08.2006 04:47 115.880 pxinsi64.exe 25.08.2006 04:47 62.632 pxinsa64.exe 25.08.2006 04:47 477.944 pxdrv.dll 25.08.2006 04:47 514.808 px.dll 25.08.2006 04:47 183.032 pxmas.dll 25.08.2006 04:47 129.784 pxafs.dll 25.08.2006 04:47 1.309.432 pxsfs.dll 25.08.2006 04:47 379.640 pxwave.dll 14.08.2006 19:44 81.984 bdod.bin 08.08.2006 17:45 316.838 perfh007.dat 08.08.2006 17:45 48.354 perfc007.dat 08.08.2006 17:45 40.190 perfc009.dat 08.08.2006 17:45 311.802 perfh009.dat 08.08.2006 17:45 723.568 PerfStringBackup.INI 04.08.2006 17:37 196.608 dtu100.dll 04.08.2006 17:37 73.728 dpl100.dll 01.08.2006 18:14 38.432 SanCpl.cpl Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 1450-1102 Verzeichnis von C:\DOKUME~1\PETERP~1\LOKALE~1\Temp 16.12.2006 14:18 49.152 ~DF32C7.tmp 1 Datei(en) 49.152 Bytes 0 Verzeichnis(se), 3.200.761.856 Bytes frei Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 1450-1102 Verzeichnis von C:\WINDOWS 16.12.2006 14:24 68 IDMan.INI 16.12.2006 14:19 159 wiadebug.log 16.12.2006 14:18 0 0.log 16.12.2006 14:18 2.048 bootstat.dat 14.12.2006 21:58 206.048 setupact.log 14.12.2006 09:38 50 wiaservc.log 13.12.2006 14:56 162.996 setupapi.log 02.12.2006 20:41 19.138 wmsetup.log 02.12.2006 20:40 316.640 WMSysPr9.prx 02.12.2006 20:33 192 winamp.ini 01.12.2006 17:36 116 NeroDigital.ini 18.11.2006 17:45 58.472 tsoc.log 18.11.2006 17:45 6.822 msgsocm.log 18.11.2006 17:45 1.943 imsins.log 18.11.2006 17:45 31.825 ntdtcsetup.log 18.11.2006 17:45 51.424 comsetup.log 18.11.2006 17:45 16.351 iis6.log 18.11.2006 17:45 119.038 FaxSetup.log 18.11.2006 17:45 6.546 ocmsn.log 18.11.2006 17:45 78.368 ocgen.log 18.11.2006 17:44 0 Q307274Uninst.log 16.11.2006 15:38 32.218 SchedLgU.Txt 19.10.2006 15:44 248 system.ini 17.10.2006 15:11 335 nsreg.dat 21.09.2006 16:05 2.518 Microsoft.MIF 21.09.2006 16:00 2.464 $_hpcst$.hpc 21.09.2006 15:57 18.132 Windows Update.log 20.09.2006 18:15 151 PhotoSnapViewer.INI 04.09.2006 18:49 79.945 DirectX.log 31.08.2006 19:03 9.120 MSI30-KB884016.log 31.08.2006 19:03 1.374 imsins.BAK 21.08.2006 19:14 821 win.ini 19.08.2006 12:16 2.904 mozver.dat 07.08.2006 15:36 522 ODBC.INI Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 1450-1102 Verzeichnis von C:\WINDOWS\Temp Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 1450-1102 Verzeichnis von C:\WINDOWS\Downloaded Program Files 27.03.2006 13:00 5.019 swflash.inf 29.01.2002 10:14 65 desktop.ini 20.01.2000 15:25 1.162 Microsoft XML Parser for Java.osd 3 Datei(en) 6.246 Bytes 0 Verzeichnis(se), 3.200.811.008 Bytes frei Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 1450-1102 Verzeichnis von C:\ 16.12.2006 14:37 0 sys.txt 16.12.2006 14:37 416 down.txt 16.12.2006 14:36 117 tmp.txt 16.12.2006 14:36 7.513 system.txt 16.12.2006 14:34 295 systemtemp.txt 16.12.2006 14:31 102.667 system32.txt 16.12.2006 14:18 535.875.584 hiberfil.sys 16.12.2006 14:18 183.500.800 pagefile.sys 08.08.2006 17:44 0 mcaf.log hier ist der Cobofix Report, ComboFix 06.11.27W - Running from: "C:\Dokumente und Einstellungen\Peter Pan\Eigene Dateien\Downloads\Programs" ((((((((((((((((((((((((((((((( Files Created from 2006-11-16 to 2006-12-16 )))))))))))))))))))))))))))))))))) 2006-12-16 14:28 <DIR> dr-h----- C:\Dokumente und Einstellungen\Peter Pan\Recent 2006-12-16 14:24 <DIR> d-------- C:\fixwareout 2006-12-14 22:11 <DIR> d-------- C:\Programme\ClearProg 2006-12-14 20:52 <DIR> d-------- C:\Programme\TuneUp Utilities 2007 2006-12-14 20:39 <DIR> d-------- C:\Programme\VirusBurster 2006-12-14 18:02 <DIR> d--hs---- C:\Config.Msi 2006-12-13 19:34 19,456 --a------ C:\WINDOWS\system32\qrzsyr.dll 2006-12-13 19:34 <DIR> d-------- C:\Programme\Video ActiveX Object 2006-12-13 16:17 61,584 --a------ C:\WINDOWS\system32\drivers\klick.sys 2006-12-13 16:17 59,536 --a------ C:\WINDOWS\system32\drivers\klin.sys 2006-12-13 16:17 <DIR> d-------- C:\Programme\Kaspersky Lab 2006-12-13 16:17 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab 2006-12-11 08:38 <DIR> d--hs---- C:\FOUND.017 2006-12-02 20:41 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys 2006-12-02 20:41 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys 2006-12-02 20:41 129,784 --------- C:\WINDOWS\system32\pxafs.dll 2006-12-01 18:12 <DIR> d--hs---- C:\FOUND.016 2006-11-28 15:14 <DIR> d--hs---- C:\FOUND.015 2006-11-18 17:55 24,072 --a------ C:\WINDOWS\system32\uxtuneup.dll 2006-11-16 15:36 <DIR> d-------- C:\Programme\xp-AntiSpy (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-11-15 15:44 18273 --a------ C:\WINDOWS\system32\drivers\klop.sys 2006-11-03 20:35 -------- d-------- C:\Programme\LINGVO~1 2006-11-01 17:42 94314 --a------ C:\WINDOWS\system32\klogon.dll 2006-10-29 18:33 -------- d-------- C:\Programme\HumaxSmartSuite 2006-10-29 18:14 16848 --a------ C:\Dokumente und Einstellungen\Peter Pan\Anwendungsdaten\GDIPFONTCACHEV1.DAT 2006-10-27 21:10 -------- d-------- C:\Programme\Falk Navigator Premium Edition 2006-10-18 22:31 -------- d-------- C:\Programme\z-defrag 2006-09-28 10:53 13312 --a------ C:\WINDOWS\system32\BASSMOD.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "TuneUp MemOptimizer"="\"C:\\Programme\\TuneUp Utilities 2006\\MemOptimizer.exe\" autostart" "swg"="C:\\Programme\\Google\\GoogleToolbarNotifier\\1.2.908.5008\\GoogleToolbarNotifier.exe" "H/PC Connection Agent"="\"C:\\Programme\\Microsoft ActiveSync\\WCESCOMM.EXE\"" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "ATIModeChange"="Ati2mdxx.exe" "AtiPTA"="atiptaxx.exe" "SoundFusion"="RunDll32 cwaprops.cpl,CrystalControlWnd" "Apoint"="C:\\Programme\\Apoint2K\\Apoint.exe" "CeEPOWER"="C:\\WINDOWS\\System32\\CePMTray.exe" "CPATR10"="C:\\PROGRA~1\\EzButton\\CPATR10.EXE" "CeEKey.exe"="C:\\Programme\\TOSHIBA\\E-KEY\\CeEKey.exe" "eBayToolbar"="C:\\Programme\\eBay\\eBay Toolbar2\\eBayTBDaemon.exe" "SmcService"="C:\\PROGRA~1\\Sygate\\SPF\\smc.exe -startgui" "AVP"="\"C:\\Programme\\Kaspersky Lab\\Kaspersky Anti-Virus 6.0\\avp.exe\"" @="" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000005 "Settings"=dword:00000001 "GeneralFlags"=dword:00000002 [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Die derzeitige Homepage" "Flags"=dword:00000002 "Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,cb,02,00,00,00,\ 00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 "CurrentState"=dword:40000004 "OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\ ff,ff,04,00,00,00 "RestoredStateInfo"=hex:18,00,00,00,f2,01,00,00,23,00,00,00,7c,00,00,00,72,00,\ 00,00,01,00,00,00 [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" "{01b55afa-f451-474b-9e91-c35b24d02641}"="boob" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run] "isamonitor.exe"="C:\\Programme\\Video ActiveX Object\\isamonitor.exe" [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}" "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}" "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "1&1 EasyLogin"="\"C:\\Programme\\1&1\\1&1 EasyLogin\\EasyLogin.exe\" HIDE" "CTFMON.EXE"="C:\\WINDOWS\\System32\\ctfmon.exe" "IDMan"="C:\\Programme\\Internet Download Manager\\IDMan.exe /onboot" "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Programme\\Gemeinsame Dateien\\Ahead\\Lib\\NMBgMonitor.exe\"" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "NeroFilterCheck"="C:\\Programme\\Gemeinsame Dateien\\Ahead\\Lib\\NeroCheck.exe" "AVMWlanClient"="C:\\Programme\\avmwlanstick\\wlangui.exe" "SunJavaUpdateSched"="C:\\Programme\\Java\\jre1.5.0_06\\bin\\jusched.exe" "OpwareSE2"="\"C:\\Programme\\ScanSoft\\OmniPageSE2.0\\OpwareSE2.exe\"" "Kill Window"="\"C:\\Programme\\Kill Window 2.0\\Kill Window 2.0.exe\"" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\McAfee - Virenscan - Mein Computer (LAPTOP-Peter Pan).job C:\WINDOWS\tasks\AC52012693A1B2FA.job C:\WINDOWS\tasks\1-Klick-Wartung.job Completion time: 06-12-16 14:52:05.45 C:\ComboFix.txt ... 06-12-16 14:52 Dieser Beitrag wurde am 16.12.2006 um 14:55 Uhr von mustang_sb editiert.
|
|
|
||
16.12.2006, 14:39
...neu hier
Beiträge: 1 |
#54
Hallo,
habe mir leider auch den Virusbuster eingefangen. Hier meine Log: Logfile of HijackThis v1.99.1 Scan saved at 14:30:36, on 16.12.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Softex\OmniPass\Omniserv.exe C:\Program Files\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Softex\OmniPass\OPXPApp.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe C:\Program Files\LG Software\IP Operator\IP Operator.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\LG Software\Battery Miser\batterymiser.exe C:\Program Files\LG Software\On Screen Display\HotKey.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Softex\OmniPass\scureapp.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\system32\LGDMEBTN.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Napster\napster.exe C:\Program Files\ICQLite\ICQLite.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe C:\Program Files\SRS Labs\WOWXT and TSXT Driver\SRSTrayApp.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\OpenOffice.org 2.0\program\soffice.exe C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN C:\Program Files\lg_swupdate\Gilautouc.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\test\Desktop\HijackThis.exe O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [IPO3] "C:\Program Files\LG Software\IP Operator\IP Operator.exe" -aUtOsTaRtFrOmReG O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [batterymiser] "C:\Program Files\LG Software\Battery Miser\batterymiser.exe" O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [KeybdUtility] "C:\Program Files\LG Software\On Screen Display\HotKey.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [LG Intelligent Update] "C:\Program Files\lg_swupdate\autoupdate.exe" Gilautouc O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [OmniPass] C:\Program Files\Softex\OmniPass\scureapp.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [LG Direct Media Button Service] LGDMEBTN.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" O4 - HKCU\..\Run: [SRSTrayApp] C:\Program Files\SRS Labs\WOWXT and TSXT Driver\SRSTrayApp.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Web-Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll O21 - SSODL: blippers - {f2efa195-4785-4db1-9316-b48c64bb71da} - C:\WINDOWS\system32\xqpauzx.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing) O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing) O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (file missing) O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (file missing) O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing) O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: Norton Protection Center Service (NSCService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Program Files\Softex\OmniPass\Omniserv.exe O23 - Service: SRS PostInstaller Service (SRS_PostInstaller) - SRS Labs, Inc. - C:\Program Files\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller.exe test - 06-12-16 14:51:27,00 Service Pack 2 ComboFix 06.11.27W - Running from: "C:\Documents and Settings\test\Desktop" ((((((((((((((((((((((((((((((( Files Created from 2006-11-16 to 2006-12-16 )))))))))))))))))))))))))))))))))) 2006-12-16 14:41 <DIR> d-------- C:\Program Files\CleanUp! 2006-12-16 13:20 <DIR> d-------- C:\Program Files\SopCast 2006-12-16 13:20 <DIR> d-------- C:\Documents and Settings\test\Application Data\SopCast 2006-12-16 11:42 <DIR> d-------- C:\WINDOWS\LastGood 2006-12-14 20:24 <DIR> d-------- C:\Program Files\CDex_170b2 2006-12-13 21:21 61,584 --a------ C:\WINDOWS\system32\drivers\klick.sys 2006-12-13 21:21 59,536 --a------ C:\WINDOWS\system32\drivers\klin.sys 2006-12-13 21:20 <DIR> d-------- C:\Program Files\Kaspersky Lab 2006-12-13 21:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2006-12-13 21:04 <DIR> d-------- C:\KAV 2006-12-11 13:19 18,432 --a------ C:\WINDOWS\system32\xqpauzx.dll 2006-12-11 13:19 <DIR> d-------- C:\Program Files\Virus-Bursters 2006-12-11 13:19 <DIR> d-------- C:\Program Files\Video ActiveX Object 2006-11-30 23:29 <DIR> d-------- C:\Program Files\ICQLite 2006-11-30 23:29 <DIR> d-------- C:\Documents and Settings\test\Application Data\ICQLite 2006-11-28 21:08 <DIR> d-------- C:\Documents and Settings\test\Application Data\Roxio 2006-11-25 11:55 <DIR> d-------- C:\Program Files\Napster 2006-11-25 11:55 <DIR> d-------- C:\Program Files\Common Files\Napster Shared 2006-11-25 11:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Napster 2006-11-18 08:39 <DIR> d-------- C:\Documents and Settings\test\Application Data\vlc 2006-11-18 08:37 <DIR> d-------- C:\Program Files\Real 2006-11-18 08:37 <DIR> d-------- C:\Program Files\Common Files\Real 2006-11-18 08:36 <DIR> d-------- C:\Documents and Settings\test\Application Data\Real 2006-11-18 08:35 <DIR> d-------- C:\Meine Downloads 2006-11-18 08:32 <DIR> d-------- C:\Program Files\VideoLAN 2006-11-17 20:53 <DIR> d-------- C:\Documents and Settings\test\Application Data\Ahead 2006-11-17 20:50 <DIR> d-------- C:\Program Files\Nero 2006-11-17 20:50 <DIR> d-------- C:\Program Files\Common Files\Ahead 2006-11-17 06:40 <DIR> d-------- C:\Program Files\PokerStars.NET (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-12-16 14:49 -------- d-------- C:\Program Files\lg_swupdate 2006-12-16 14:48 -------- d-------- C:\Documents and Settings\test\Application Data\OpenOffice.org2 2006-12-16 14:44 -------- d-------- C:\Program Files\Mozilla Thunderbird 2006-12-16 12:41 -------- d-------- C:\Program Files\eMule 2006-12-13 21:15 -------- d-------- C:\Program Files\Common Files\Symantec Shared 2006-12-13 21:12 -------- d-------- C:\Program Files\Symantec 2006-12-13 21:10 -------- d-------- C:\Program Files\Common Files 2006-11-25 11:55 -------- d--h----- C:\Program Files\InstallShield Installation Information 2006-11-20 06:26 -------- d-------- C:\Program Files\Internet Explorer 2006-11-15 15:44 18273 --a------ C:\WINDOWS\system32\drivers\klop.sys 2006-11-09 16:21 -------- d-------- C:\Documents and Settings\test\Application Data\Thunderbird 2006-11-09 16:21 -------- d-------- C:\Documents and Settings\test\Application Data\Talkback 2006-11-09 16:21 -------- d-------- C:\Documents and Settings\test\Application Data\Mozilla 2006-11-09 16:19 -------- d-------- C:\Program Files\OpenOffice.org 2.0 2006-11-09 15:00 -------- d-------- C:\Program Files\MusicForMasses 2006-11-09 12:38 -------- d-------- C:\Program Files\WinRAR 2006-11-06 16:20 -------- d-------- C:\Documents and Settings\test\Application Data\AdobeUM 2006-11-06 16:19 -------- d-------- C:\Program Files\Common Files\Adobe 2006-11-06 16:18 -------- d-------- C:\Program Files\WinZip 2006-11-06 08:34 -------- d-------- C:\Program Files\Messenger 2006-11-06 08:09 -------- d-------- C:\Program Files\Windows Media Player 2006-11-06 08:01 -------- d-------- C:\Program Files\Outlook Express 2006-11-06 08:01 -------- d-------- C:\Program Files\Common Files\System 2006-11-05 21:39 -------- d-------- C:\Documents and Settings\test\Application Data\Apple Computer 2006-11-05 21:37 -------- d-------- C:\Program Files\QuickTime 2006-11-05 21:36 -------- d-------- C:\Program Files\Apple Software Update 2006-11-03 20:26 -------- d-------- C:\Program Files\DVD Shrink 2006-11-02 20:07 -------- d-------- C:\Program Files\Yahoo! 2006-11-01 17:42 94314 --a------ C:\WINDOWS\system32\klogon.dll 2006-11-01 09:45 -------- d-------- C:\Program Files\Microsoft Office 2006-11-01 09:45 -------- d-------- C:\Program Files\Common Files\Microsoft Shared 2006-11-01 09:17 -------- d-------- C:\Program Files\Adobe 2006-10-24 19:03 -------- d-------- C:\Documents and Settings\test\Application Data\Adobe 2006-10-20 11:30 -------- d-------- C:\Documents and Settings\test\Application Data\Propellerhead Software 2006-10-20 10:13 233472 --a------ C:\WINDOWS\system32\REX Shared Library.dll 2006-10-20 10:13 225280 --a------ C:\WINDOWS\system32\ReWire.dll 2006-10-17 20:38 -------- d-------- C:\Documents and Settings\test\Application Data\Corel 2006-10-17 20:34 -------- d-------- C:\Program Files\Common Files\InstallShield 2006-10-13 13:35 65536 --a------ C:\WINDOWS\system32\nwwks.dll 2006-10-13 13:35 64000 --a------ C:\WINDOWS\system32\nwapi32.dll 2006-10-13 13:35 142336 --a------ C:\WINDOWS\system32\nwprovau.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "SRSTrayApp"="C:\\Program Files\\SRS Labs\\WOWXT and TSXT Driver\\SRSTrayApp.exe" "MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background" "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\"" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "High Definition Audio Property Page Shortcut"="HDAShCut.exe" "IAAnotif"="C:\\Program Files\\Intel\\Intel Matrix Storage Manager\\iaanotif.exe" "IPO3"="\"C:\\Program Files\\LG Software\\IP Operator\\IP Operator.exe\" -aUtOsTaRtFrOmReG" "SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe" "batterymiser"="\"C:\\Program Files\\LG Software\\Battery Miser\\batterymiser.exe\"" "igfxtray"="C:\\WINDOWS\\system32\\igfxtray.exe" "igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe" "igfxpers"="C:\\WINDOWS\\system32\\igfxpers.exe" "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup" "nwiz"="nwiz.exe /installquiet" "KeybdUtility"="\"C:\\Program Files\\LG Software\\On Screen Display\\HotKey.exe\"" "RTHDCPL"="RTHDCPL.EXE" "Alcmtr"="ALCMTR.EXE" "AGRSMMSG"="AGRSMMSG.exe" "LG Intelligent Update"="\"C:\\Program Files\\lg_swupdate\\autoupdate.exe\" Gilautouc" "BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent" "OmniPass"="C:\\Program Files\\Softex\\OmniPass\\scureapp.exe" "RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\"" "ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\"" "LG Direct Media Button Service"="LGDMEBTN.exe" "ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime -Delay" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "NeroFilterCheck"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe" "MsgCenterExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\RealOneMessageCenter.exe\" -osboot" "NapsterShell"="C:\\Program Files\\Napster\\napster.exe /systray" "ICQ Lite"="\"C:\\Program Files\\ICQLite\\ICQLite.exe\" -minimize" "AVP"="\"C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 6.0\\avp.exe\"" @="" [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000005 "Settings"=dword:00000001 "GeneralFlags"=dword:00000001 [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="My Current Home Page" "Flags"=dword:00000002 "Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,e2,02,00,00,00,\ 00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 "CurrentState"=hex:04,00,00,40 "OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\ ff,ff,04,00,00,00 "RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\ 00,00,01,00,00,00 [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" "{f2efa195-4785-4db1-9316-b48c64bb71da}"="blippers" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" "{26F5978F-6493-4ee3-B114-C0C3ACCF9D4D}"="BatteryMiser Psap Shl Ext" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 "CDRAutoRun"=dword:00000000 [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 "CDRAutoRun"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}" "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}" "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}" "blippers"="{f2efa195-4785-4db1-9316-b48c64bb71da}" HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" ~ ~ ~ ~ ~ ~ ~ ~ Hijackthis entries set to ignore ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ O2 - BH Completion time: 06-12-16 14:52:12.06 C:\ComboFix.txt ... 06-12-16 14:52 Vielen Dank schon mal Dieser Beitrag wurde am 16.12.2006 um 14:54 Uhr von Kalla79 editiert.
|
|
|
||
16.12.2006, 15:44
Ehrenmitglied
Beiträge: 29434 |
#55
mustang_sb
«« Problem: Windows Script Host Variante 1: falls xpantispy installiert ist, dort den Windows Script Host freischalten Hosts freischalten - mit dem xp-antispy Starten ==> unter "Diverse Einstellungen" [ ] Windows Scripting Host deaktivieren Davor den Haken wegnehmen und unten auf "Einstellungen Uebernehmen" klicken. Variante 2: Schau mal, ob es in der Registry (Start -> Ausführen -> regedit) bei dir unter: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Script Host\Settings einen Eintrag mit dem Namen Enabled gibt. Wenn ja, dann weise diesem den Wert 1 zu, dann ist der Scripting Host wieder aktiviert. (dann den PC neustarten) «« Avenger http://virus-protect.org/artikel/tools/avenger.html kopiere rein Zitat Registry values to delete:Klicke die grüne Ampel das Script wird nun ausgeführt, dann wird der PC automatisch neustarten »» loesche das Backup vom Avenger unter C:\Avenger\backup.zip + leere den Papierkorb «« scanne mit smitfraudfix - Option 1 und 2 ( lasse auch die Registry mitreinigen) http://virus-protect.org/artikel/tools/smitfrautfix.html -------------------------------------------------------------------- »» scanne und poste hier den scanrpeort http://virus-protect.org/artikel/tools/fixwareout.html öffne das HijackThis -- Button "scan" -- vor diese Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten Zitat O2 - BHO: (no name) - {0EEDB912-C5FA-486F-8334-57288578C627} - (no file)PC neustarten »» poste das neue log vom HijackThis __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
16.12.2006, 15:51
Ehrenmitglied
Beiträge: 29434 |
#56
Kalla79
arbeite das avengerscript ab (videoactive.zip laden - entpacken und den videoactive.txt anwenden) - danach scanne mit smitfraudfix http://virus-protect.org/artikel/spyware/videoactivexobject.html p.s. was ich nicht in englisch im script habe - loescht der smitfraudfix __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
16.12.2006, 17:12
...neu hier
Beiträge: 7 |
#57
Hi,
hier ist das Logfile von Avenger, Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\qxowlgyo ******************* Script file located at: \??\C:\WINDOWS\System32\fyhjjcvg.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: File C:\WINDOWS\system32\qrzsyr.dll deleted successfully. File C:\WINDOWS\tasks\AC52012693A1B2FA.job deleted successfully. Folder C:\Programme\VirusBurster deleted successfully. Folder C:\Programme\Video ActiveX Object deleted successfully. Folder C:\Programme\Kill Window 2.0 deleted successfully. Registry value HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{5d4831e0-5a7c-4a46-afd5-a79ab8ce36c2} deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run|isamonitor.exe deleted successfully. Registry value HKLM\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler|{01b55afa-f451-474b-9e91-c35b24d02641} deleted successfully. Registry key HKLM\SOFTWARE\Classes\CLSID\{5d4831e0-5a7c-4a46-afd5-a79ab8ce36c2} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1a1ddc19-5893-43ab-a73f-f41a0f34d115} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Video ActiveX Object deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6470B552-2B54-4AAB-BFA2-9376A5328AEC} deleted successfully. Completed script processing. ******************* Finished! Terminate. |
|
|
||
16.12.2006, 17:13
Ehrenmitglied
Beiträge: 29434 |
#58
mustang_sb
nun arbeite alles weitere genaustens ab __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
16.12.2006, 17:45
...neu hier
Beiträge: 7 |
#59
Hi,
hier der Report von Fixwareout, Fixwareout Last edited 12/06/2006 Post this report in the forums please ... Prerun check [HKEY_LOCAL_MACHINE\\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" ... ... Reg Entries that were deleted Das Log von Hijackthis, Logfile of HijackThis v1.99.1 Scan saved at 17:46:39, on 16.12.2006 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Sygate\SPF\smc.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\netdde.exe C:\Programme\Alwil Software\Avast4\aswUpdSv.exe C:\WINDOWS\System32\Ati2evxx.exe C:\Programme\Alwil Software\Avast4\ashServ.exe C:\Programme\FRITZ!DSL\IGDCTRL.EXE C:\Programme\avmwlanstick\WlanNetService.exe C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\System32\dllhost.exe C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe C:\WINDOWS\system32\sessmgr.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Alwil Software\Avast4\ashWebSv.exe C:\Programme\Alwil Software\Avast4\ashMaiSv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\atiptaxx.exe C:\Programme\Apoint2K\Apoint.exe C:\WINDOWS\System32\CePMTray.exe C:\Programme\Apoint2K\Apntex.exe C:\PROGRA~1\EzButton\CPATR10.EXE C:\Programme\TOSHIBA\E-KEY\CeEKey.exe C:\Programme\eBay\eBay Toolbar2\eBayTBDaemon.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Programme\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE C:\Programme\FRITZ!DSL\StCenter.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Dokumente und Einstellungen\Peter Pan\Desktop\HijackThis.exe O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Programme\Internet Download Manager\IDMIECC.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {0EEDB912-C5FA-486F-8334-57288578C627} - (no file) O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Programme\eBay\eBay Toolbar2\eBayTB.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: (no name) - {90DDB9D8-A752-17E1-F7EA-8D366F7D007E} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Programme\eBay\eBay Toolbar2\eBayTB.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe O4 - HKLM\..\Run: [SoundFusion] RunDll32 cwaprops.cpl,CrystalControlWnd O4 - HKLM\..\Run: [Apoint] C:\Programme\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [CeEPOWER] C:\WINDOWS\System32\CePMTray.exe O4 - HKLM\..\Run: [CPATR10] C:\PROGRA~1\EzButton\CPATR10.EXE O4 - HKLM\..\Run: [CeEKey.exe] C:\Programme\TOSHIBA\E-KEY\CeEKey.exe O4 - HKLM\..\Run: [eBayToolbar] C:\Programme\eBay\eBay Toolbar2\eBayTBDaemon.exe O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Programme\TuneUp Utilities 2006\MemOptimizer.exe" autostart O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE" O4 - Startup: FRITZ!DSL Startcenter.lnk = C:\Programme\FRITZ!DSL\StCenter.exe O8 - Extra context menu item: &eBay Search - res://C:\Programme\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html O8 - Extra context menu item: Download All Links with IDM - C:\Programme\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: Download with &Shareaza - res://C:\Programme\Shareaza\Plugins\RazaWebHook.dll/3000 O8 - Extra context menu item: Download with IDM - C:\Programme\Internet Download Manager\IEExt.htm O8 - Extra context menu item: Easy-WebPrint - Drucken - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint - Vorschau - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Senden an &Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{679D82D3-CF0C-4E00-9346-037D85384E69}: NameServer = 85.255.116.136,85.255.112.13 O17 - HKLM\System\CCS\Services\Tcpip\..\{CD453072-E347-4B7E-8061-2AA19D899734}: NameServer = 85.255.116.136,85.255.112.13 O17 - HKLM\System\CCS\Services\Tcpip\..\{DC6BCC9B-BAFD-4935-B499-9C8579105CC1}: NameServer = 85.255.116.136,85.255.112.13 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.136 85.255.112.13 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.136 85.255.112.13 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.136 85.255.112.13 O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programme\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Programme\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programme\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Programme\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: AVM IGD CTRL Service - AVM Berlin - C:\Programme\FRITZ!DSL\IGDCTRL.EXE O23 - Service: AVM WLAN Connection Service - AVM Berlin - C:\Programme\avmwlanstick\WlanNetService.exe O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing) O23 - Service: NBService - Nero AG - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Programme\SiSoftware\SiSoftware Sandra Lite 2007.SP1\Win32\RpcDataSrv.exe O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Programme\SiSoftware\SiSoftware Sandra Lite 2007.SP1\RpcSandraSrv.exe O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programme\Sygate\SPF\smc.exe ... Random Runs removed from HKLM ... ... PLEASE NOTE, There WILL be LEGITIMATE FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE. »»»»» Searching by size/names... »»»»» Search five digit cs, dm kd and jb files. This WILL/CAN also list Legit Files, Submit them at Virustotal Other suspects. »»»»» Misc files. »»»»» Checking for older varients covered by the Rem3 tool. ... Postrun check [HKEY_LOCAL_MACHINE\\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "system"="" ... Dieser Beitrag wurde am 16.12.2006 um 17:55 Uhr von mustang_sb editiert.
|
|
|
||
16.12.2006, 17:49
Ehrenmitglied
Beiträge: 29434 |
#60
o.k.
nun fixe die angegebenen Dateien mit hijackThis, nach neustart poste das neue log vom HijacktHis __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
poste das neue log vom HijackThis
__________
MfG Sabina
rund um die PC-Sicherheit