Habe auch virus buster malware eingefangenThema ist geschlossen! |
||
|---|---|---|
Thema ist geschlossen! |
||
| #0
| ||
|
01.12.2006, 16:26
...neu hier
Beiträge: 6 |
||
 
|
|
|
|
01.12.2006, 17:11
Ehrenmitglied
 Beiträge: 29434 |
#2
Fisslag
«« poste dieses log http://virus-protect.org/artikel/tools/combofix.html «« ServiceFilter.zip http://virus-protect.org/artikel/tools/ServiceFilter.zip - entzippen - doppelklick auf die datei ServiceFilter.vbs - versions-nummer bestätigen - scannen - öffnen von wordpad oder editor erlauben - POST_THIS.TXT abkopieren __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
01.12.2006, 17:53
...neu hier
Themenstarter Beiträge: 6 |
#3
gesagt getan!
hier das ergebnis: The script did not recognize the services listed below. This does not mean that they are a problem. To copy the entire contents of this document for posting: At the top of this window click "Edit" then "Select All" Next click "Edit" again then "Copy" Now right click in the forum post box then click "Paste" ######################################## ServiceFilter 1.1 by rand1038 Microsoft Windows XP Home Edition Version: 5.1.2600 Service Pack 2 Dez 1, 2006 17:52:33 ---> Begin Service Listing <--- Unknown Service # 1 Service Name: ahfprog Display Name: ahfP Service Start Mode: Auto Start Name: LocalSystem Description: ... Service Type: Own Process Path: c:\windows\system32\ahfp.exe State: Running Process ID: 552 Started: Wahr Exit Code: 0 Accept Pause: Falsch Accept Stop: Wahr Unknown Service #2 Service Name: aswUpdSv Display Name: avast! iAVS4 Control Service Start Mode: Auto Start Name: LocalSystem Description: Bietet das automatische Update für avast! ... Service Type: Own Process Path: "c:\programme\alwil software\avast4\aswupdsv.exe" State: Running Process ID: 1708 Started: Wahr Exit Code: 0 Accept Pause: Falsch Accept Stop: Wahr Unknown Service #3 Service Name: avast! Antivirus Display Name: avast! Antivirus Start Mode: Auto Start Name: LocalSystem Description: Verwaltet und implementiert avast! Antivirus Dienste für diesen Computer. Dies beinhaltet den ... Service Type: Own Process Path: "c:\programme\alwil software\avast4\ashserv.exe" State: Running Process ID: 1720 Started: Wahr Exit Code: 0 Accept Pause: Falsch Accept Stop: Wahr Unknown Service # 4 Service Name: avast! Mail Scanner Display Name: avast! Mail Scanner Start Mode: Manual Start Name: LocalSystem Description: Implementiert Mailüberprüfung durch avast! ... Service Type: Own Process Path: "c:\programme\alwil software\avast4\ashmaisv.exe" /service State: Running Process ID: 1512 Started: Wahr Exit Code: 0 Accept Pause: Falsch Accept Stop: Wahr Unknown Service # 5 Service Name: avast! Web Scanner Display Name: avast! Web Scanner Start Mode: Manual Start Name: LocalSystem Description: Implementiert Internetüberprüfung (HTTP) durch avast! ... Service Type: Own Process Path: "c:\programme\alwil software\avast4\ashwebsv.exe" /service State: Running Process ID: 1568 Started: Wahr Exit Code: 0 Accept Pause: Falsch Accept Stop: Wahr Unknown Service # 6 Service Name: C-DillaCdaC11BA Display Name: C-DillaCdaC11BA Start Mode: Auto Start Name: LocalSystem Description: ... Service Type: Own Process Path: c:\windows\system32\drivers\cdac11ba.exe State: Running Process ID: 1796 Started: Wahr Exit Code: 0 Accept Pause: Falsch Accept Stop: Wahr Unknown Service # 7 Service Name: CLCapSvc Display Name: CyberLink Background Capture Service (CBCS) Start Mode: Auto Start Name: LocalSystem Description: ... Service Type: Own Process Path: "c:\programme\cyberlink\powercinema\kernel\tv\clcapsvc.exe" State: Running Process ID: 1816 Started: Wahr Exit Code: 0 Accept Pause: Falsch Accept Stop: Wahr Unknown Service # 8 Service Name: CLSched Display Name: CyberLink Task Scheduler (CTS) Start Mode: Auto Start Name: LocalSystem Description: ... Service Type: Own Process Path: "c:\programme\cyberlink\powercinema\kernel\tv\clsched.exe" State: Running Process ID: 1836 Started: Wahr Exit Code: 0 Accept Pause: Falsch Accept Stop: Wahr Unknown Service # 9 Service Name: CyberLink Media Library Service Display Name: CyberLink Media Library Service Start Mode: Auto Start Name: LocalSystem Description: ... Service Type: Own Process Path: "c:\programme\cyberlink\shared files\clml_ntservice\clmlserver.exe" State: Running Process ID: 1856 Started: Wahr Exit Code: 0 Accept Pause: Wahr Accept Stop: Wahr Unknown Service # 10 Service Name: IDriverT Display Name: InstallDriver Table Manager Start Mode: Manual Start Name: LocalSystem Description: Provides support for the Running Object Table for InstallShield ... Service Type: Own Process Path: "c:\programme\gemeinsame dateien\installshield\driver\11\intel 32\idrivert.exe" State: Stopped Process ID: 0 Started: Falsch Exit Code: 1077 Accept Pause: Falsch Accept Stop: Falsch Unknown Service #11 Service Name: ose Display Name: Office Source Engine Start Mode: Manual Start Name: LocalSystem Description: Speichert Installationsdateien, die für Updates und Reparieren verwendet werden, und ist für den ... Service Type: Own Process Path: "c:\programme\gemeinsame dateien\microsoft shared\source engine\ose.exe" State: Stopped Process ID: 0 Started: Falsch Exit Code: 1077 Accept Pause: Falsch Accept Stop: Falsch Unknown Service #12 Service Name: SwPrv Display Name: MS Software Shadow Copy Provider Start Mode: Manual Start Name: LocalSystem Description: Verwaltet Software-basierte Schattenkopien des Volumeschattenkopie-Dienstes. Software-basierte ... Service Type: Own Process Path: c:\windows\system32\dllhost.exe /processid:{7bbf8a5f-7c45-4427-aa66-86e576ec465e} State: Stopped Process ID: 0 Started: Falsch Exit Code: 1077 Accept Pause: Falsch Accept Stop: Falsch Unknown Service # 13 Service Name: WmcCds Display Name: Windows Media Connect (WMC) Start Mode: Manual Start Name: NT AUTHORITY\NetworkService Description: Stellt freigegebene Multimediainhalte für universelle Plug & Play-Geräte zur ... Service Type: Own Process Path: c:\programme\windows media connect\mswmccds.exe State: Stopped Process ID: 0 Started: Falsch Exit Code: 1077 Accept Pause: Falsch Accept Stop: Falsch Unknown Service #14 Service Name: WmcCdsLs Display Name: Windows Media Connect-Hilfsprogramm Start Mode: Manual Start Name: LocalSystem Description: Überwacht das Netzwerk auf neue ... Service Type: Own Process Path: c:\programme\windows media connect\mswmcls.exe State: Stopped Process ID: 0 Started: Falsch Exit Code: 1077 Accept Pause: Falsch Accept Stop: Falsch ---> End Service Listing <--- There are 93 Win32 services on this machine. 14 were unrecognized. Script Execution Time: 2,390625 seconds. |
|
|
|
|
|
|
01.12.2006, 19:47
Ehrenmitglied
Beiträge: 29434 |
#4
Fisslag
poste dieses log http://virus-protect.org/artikel/tools/combofix.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
01.12.2006, 20:23
...neu hier
Themenstarter Beiträge: 6 |
#5
ich hoffe, dass es das richtige is ^^;;
die log-datei von diesem combofix programm: Isaak - 06-12-01 20:19:10,07 Service Pack 2 ComboFix 06.11.27W - Running from: "C:\Programme\Mozilla Firefox" ((((((((((((((((((((((((((((((( Files Created from 2006-11-01 to 2006-12-01 )))))))))))))))))))))))))))))))))) 2006-12-01 04:06 77,824 --a------ C:\WINDOWS\system32\xxfgmy.dll 2006-12-01 01:29 <DIR> dr-h----- C:\Dokumente und Einstellungen\Isaak\Recent 2006-11-15 18:13 <DIR> d-------- C:\Programme\MSXML 4.0 2006-11-05 16:04 <DIR> d-------- C:\Dokumente und Einstellungen\Isaak\Anwendungsdaten\Ventrilo 2006-11-04 14:14 1,245,696 --a------ C:\WINDOWS\system32\msxml4.dll (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-12-01 20:19 -------- d-------- C:\Programme\Mozilla Firefox 2006-12-01 16:14 -------- d-------- C:\Dokumente und Einstellungen\Isaak\Anwendungsdaten\Skype 2006-12-01 06:29 -------- d-------- C:\Programme\Trillian 2006-12-01 04:13 -------- d---s---- C:\Dokumente und Einstellungen\Isaak\Anwendungsdaten\Microsoft 2006-12-01 04:13 -------- d-------- C:\Programme\Gemeinsame Dateien 2006-11-17 17:14 6256 --a------ C:\Dokumente und Einstellungen\Isaak\Anwendungsdaten\wklnhst.dat 2006-11-15 18:13 -------- d-------- C:\Programme\Internet Explorer 2006-11-09 16:24 -------- d--h----- C:\Programme\InstallShield Installation Information 2006-11-03 13:50 -------- d-------- C:\Programme\Java 2006-10-19 16:12 43 --a------ C:\CONFIG.SYS 2006-10-19 16:12 35 --a------ C:\AUTOEXEC.BAT 2006-10-17 13:53 -------- d-------- C:\Dokumente und Einstellungen\Isaak\Anwendungsdaten\uTorrent 2006-10-13 13:35 146432 --a------ C:\WINDOWS\system32\nwprovau.dll 2006-10-03 20:27 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll 2006-09-25 16:45 666240 --a------ C:\WINDOWS\system32\aswBoot.exe 2006-09-25 16:37 90112 --a------ C:\WINDOWS\system32\AVASTSS.scr 2006-09-18 15:14 74752 --a------ C:\WINDOWS\ST6UNST.EXE 2006-09-18 15:14 253952 --------- C:\WINDOWS\Setup1.exe 2006-09-15 15:39 208896 --a------ C:\WINDOWS\system32\nvusmb.exe 2006-09-15 15:39 208896 --a------ C:\WINDOWS\system32\NVUNINST.EXE 2006-09-15 15:39 208896 --a------ C:\WINDOWS\system32\nvuide.exe 2006-09-15 15:39 208896 --a------ C:\WINDOWS\system32\nvudisp.exe 2006-09-13 06:02 1084416 --a------ C:\WINDOWS\system32\msxml3.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "NBJ"="\"C:\\Programme\\Ahead\\Nero BackItUp\\NBJ.exe\"" "Steam"="" "Skype"="\"C:\\Programme\\Skype\\Phone\\Skype.exe\" /nosplash /minimized" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "NVRaidService"="C:\\WINDOWS\\system32\\nvraidservice.exe" "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup" "nwiz"="nwiz.exe /install" "CARPService"="carpserv.exe" "CHotkey"="mHotkey.exe" "ledpointer"="CNYHKey.exe" "PinnacleDriverCheck"="C:\\WINDOWS\\system32\\PSDrvCheck.exe -CheckReg" "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe" "PCMService"="\"C:\\Programme\\CyberLink\\PowerCinema\\PCMService.exe\"" "AntivirusRegistration"="C:\\Programme\\CA\\Etrust Antivirus\\Register.exe" "OEM-Reset"="" "DAEMON Tools-1033"="\"C:\\Programme\\D-Tools\\daemon.exe\" -lang 1033" "NetLimiter"="C:\\Programme\\NetLimiter\\NetLimiter.exe /s" "TkBellExe"="\"C:\\Programme\\Gemeinsame Dateien\\Real\\Update_OB\\realsched.exe\" -osboot" "MBM 5"="\"C:\\Programme\\Motherboard Monitor 5\\MBM5.EXE\"" "SunJavaUpdateSched"="\"C:\\Programme\\Java\\jre1.5.0_09\\bin\\jusched.exe\"" "SoundMan"="SOUNDMAN.EXE" "QuickTime Task"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime" "dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe" "StorageGuard"="\"C:\\Programme\\Gemeinsame Dateien\\Sonic\\Update Manager\\sgtray.exe\" /r" "avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe" "NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000005 "Settings"=dword:00000001 "GeneralFlags"=dword:00000001 [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Die derzeitige Homepage" "Flags"=dword:00000002 "Position"=hex:2c,00,00,00,00,02,00,00,00,00,00,00,00,02,00,00,e2,02,00,00,00,\ 00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 "CurrentState"=hex:04,00,00,40 "OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\ ff,ff,04,00,00,00 "RestoredStateInfo"=hex:18,00,00,00,12,03,00,00,23,00,00,00,dc,00,00,00,d2,00,\ 00,00,01,00,00,00 [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" "{588599f4-de26-4c28-ba14-f4eb17e33481}"="emptins" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}" "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}" "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}" "UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}" "emptins"="{588599f4-de26-4c28-ba14-f4eb17e33481}" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\Symantec NetDetect.job Completion time: 06-12-01 20:20:23.31 C:\ComboFix.txt ... 06-12-01 20:20 |
|
|
|
|
|
|
01.12.2006, 20:40
Ehrenmitglied
Beiträge: 29434 |
#6
1.
virustotal Oben auf der Seite --> auf Durchsuchen klicken --> Datei aussuchen (oder gleich die Datei mit korrektem Pfad einkopieren) --> Doppelklick auf die zu prüfende Datei --> klick auf "Send"... jetzt abwarten - dann mit der rechten Maustaste den Text markieren -> kopieren - einfügen http://www.virustotal.com/flash/index_en.html c:\windows\system32\ahfp.exe poste den report ---------------------------------------------------------------- 2. scanne mit option 1 und 2 - lasse auch die registry mitreinigen http://virus-protect.org/artikel/tools/smitfrautfix.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
01.12.2006, 21:19
...neu hier
Themenstarter Beiträge: 6 |
#7
danke für die schnelle antwort, hier ist schon das ergebnis:
Complete scanning result of "ahfp.exe", received in VirusTotal at 12.01.2006, 21:13:16 (CET). Antivirus Version Update Result AntiVir 7.2.0.46 12.01.2006 no virus found Authentium 4.93.8 12.01.2006 no virus found Avast 4.7.892.0 12.01.2006 no virus found AVG 386 12.01.2006 no virus found BitDefender 7.2 12.01.2006 no virus found CAT-QuickHeal 8.00 12.01.2006 no virus found ClamAV devel-20060426 12.01.2006 no virus found DrWeb 4.33 12.01.2006 no virus found eSafe 7.0.14.0 11.30.2006 suspicious Trojan/Worm eTrust-InoculateIT 23.73.73 12.01.2006 no virus found eTrust-Vet 30.3.3225 12.01.2006 no virus found Ewido 4.0 12.01.2006 no virus found Fortinet 2.82.0.0 12.01.2006 suspicious F-Prot 3.16f 12.01.2006 no virus found F-Prot4 4.2.1.29 11.30.2006 no virus found Kaspersky 4.0.2.24 12.01.2006 no virus found McAfee 4909 12.01.2006 no virus found Microsoft 1.1804 12.01.2006 no virus found NOD32v2 1892 11.30.2006 no virus found Norman 5.80.02 12.01.2006 no virus found Panda 9.0.0.4 12.01.2006 no virus found Prevx1 V2 12.01.2006 Covert.Sys.Exec Sophos 4.12.0 12.01.2006 no virus found Sunbelt 2.2.907.0 11.30.2006 no virus found TheHacker 6.0.3.127 12.01.2006 no virus found UNA 1.83 12.01.2006 no virus found VBA32 3.11.1 12.01.2006 no virus found VirusBuster 4.3.15:9 12.01.2006 no virus found Aditional Information File size: 369672 bytes MD5: 36196feb3682c72e44e1c2bb160edf9b SHA1: f168382c7d84c950ac32c6a2faacd4ac9803a37d packers: UPX packers: UPX, ZLIB packers: UPX Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PXC=95826814349 VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware. edit: könntest du mir sagen, wie es weiter geht? danke im vorraus! Dieser Beitrag wurde am 02.12.2006 um 15:48 Uhr von Fisslag editiert.
|
|
|
|
|
|
|
02.12.2006, 17:07
Ehrenmitglied
Beiträge: 29434 |
#8
scanne mit option 1 und 2 - lasse auch die registry mitreinigen und poste hier beide scanreporte
http://virus-protect.org/artikel/tools/smitfrautfix.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
02.12.2006, 18:24
...neu hier
Themenstarter Beiträge: 6 |
#9
so, hab es durchlaugen lassen, aber hab nur ein scan report?!
hier is er mal, kann sein, dass ich was falsch gemacht habe, auf jeden fall is jetzt das nervige zeichen weg  SmitFraudFix v2.126 Scan done at 18:16:09,68, 02.12.2006 Run from C:\Dokumente und Einstellungen\Isaak\Desktop\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT Fix run in safe mode »»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{588599f4-de26-4c28-ba14-f4eb17e33481}"="emptins" [HKEY_CLASSES_ROOT\CLSID\{588599f4-de26-4c28-ba14-f4eb17e33481}\InProcServer32] @="C:\WINDOWS\system32\xxfgmy.dll" [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{588599f4-de26-4c28-ba14-f4eb17e33481}\InProcServer32] @="C:\WINDOWS\system32\xxfgmy.dll" »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri C:\WINDOWS\system32\xxfgmy.dll -> Hoax.Win32.Renos.gen.i C:\WINDOWS\system32\xxfgmy.dll -> Deleted »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End |
|
|
|
|
|
|
02.12.2006, 20:10
Ehrenmitglied
Beiträge: 29434 |
#10
dein rechner muesste wieder o.k. sein
 kommen noch popups ??? __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
02.12.2006, 20:21
...neu hier
Themenstarter Beiträge: 6 |
#11
ne und keine zeichen in der taskleiste mehr, jo danke vielmals für die hilfe
habe davor stunden gesessen um das ding weg zu bekommen ^^;; mfg |
|
|
|
|
|
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!
bitte erst » hier kostenlos registrieren!!
Folgende Themen könnten Dich auch interessieren:
Seite(n): 1
Copyright © 2024, Protecus.de - Protecus Team - Impressum / Mediadaten
hier die log file von hijackthis
Logfile of HijackThis v1.99.1
Scan saved at 16:19:05, on 01.12.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
C:\Programme\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ahfp.exe
C:\Programme\Alwil Software\Avast4\ashMaiSv.exe
C:\Programme\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvraidservice.exe
C:\WINDOWS\system32\carpserv.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\CNYHKey.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Programme\CyberLink\PowerCinema\PCMService.exe
C:\Programme\D-Tools\daemon.exe
C:\Programme\NetLimiter\NetLimiter.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Motherboard Monitor 5\MBM5.EXE
C:\Programme\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programme\Microtek\ScanWizard 5\ScannerFinder.exe
C:\Programme\Trillian\trillian.exe
C:\Programme\Mozilla Firefox\firefox.exe
M:\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.targa.de
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.targa.de/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=tk-proxy1.univie.ac.at:3128
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Programme\Desktop Sidebar\sbhelp.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_09\bin\ssv.dll
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCMService] "C:\Programme\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [AntivirusRegistration] C:\Programme\CA\Etrust Antivirus\Register.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programme\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NetLimiter] C:\Programme\NetLimiter\NetLimiter.exe /s
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MBM 5] "C:\Programme\Motherboard Monitor 5\MBM5.EXE"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Programme\Gemeinsame Dateien\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [NBJ] "C:\Programme\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: Trillian.lnk = C:\Programme\Trillian\trillian.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Programme\Microtek\ScanWizard 5\ScannerFinder.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Subscribe in Desktop Sidebar - res://C:\Programme\Desktop Sidebar\sbhelp.dll/menuhandler.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Programme\Desktop Sidebar\sbhelp.dll
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Programme\Desktop Sidebar\sbhelp.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O12 - Plugin for .UVR: C:\Programme\Internet Explorer\Plugins\NPUPano.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.targa.de
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by19fd.bay19.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1106658605437
O21 - SSODL: emptins - {588599f4-de26-4c28-ba14-f4eb17e33481} - C:\WINDOWS\system32\xxfgmy.dll
O23 - Service: ahfP Service (ahfprog) - Unknown owner - C:\WINDOWS\system32\ahfp.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programme\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programme\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programme\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
bitte um rat^^