Symbol System Alert in der Taskleiste!

#0
07.01.2007, 21:02
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#1

Zitat

Problem mit dem Symbol System Alert in der Taskleiste!
Wer kann witerhelfen?


Logfile of HijackThis v1.99.1
Scan saved at 16:51:03, on 07.01.2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Programme\Network Associates\Common Framework\FrameworkService.exe
C:\Programme\Network Associates\VirusScan\Mcshield.exe
C:\Programme\Network Associates\VirusScan\VsTskMgr.exe
C:\Programme\Linksys\Wireless-G Notebook Adapter\NICServ.exe
C:\Programme\SiteAdvisor\5020\SAService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\Dell\AccessDirect\dadapp.exe
C:\Programme\Apoint\Apoint.exe
C:\WINDOWS\System32\DSentry.exe
C:\Programme\Dell\AccessDirect\DadTray.exe
C:\Programme\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\MI948F~1\GAMECO~1\Common\SWTrayV4.exe
C:\Programme\Network Associates\VirusScan\SHSTAT.EXE
C:\Programme\Network Associates\Common Framework\UpdaterUI.exe
C:\Programme\Apoint\Apntex.exe
C:\PROGRA~1\Bluewin\QUICKH~1\SMARTB~1\MotiveSB.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Programme\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\Programme\SiteAdvisor\5020\SiteAdv.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programme\Gemeinsame Dateien\Teleca Shared\CapabilityManager.exe
C:\Programme\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
C:\Programme\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Programme\Digital Line Detect\DLG.exe
C:\Programme\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Programme\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Programme\Linksys\Wireless-G Notebook Adapter\Gcc.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\Linksys\Wireless-G Notebook Adapter\OdHost.exe
C:\Programme\Bluewin\Quick Help\bin\mpbtn.exe
C:\Programme\Gemeinsame Dateien\Teleca Shared\Generic.exe
C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\DOKUME~1\admin\LOKALE~1\Temp\HijackThis.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Dokumente und Einstellungen\admin\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bluewin.ch/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.euro.dell.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Programme\SiteAdvisor\5020\SiteAdv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll
O2 - BHO: (no name) - {f4d74aaa-a178-4463-846b-b4bc87a024e0} - C:\WINDOWS\System32\ixt0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Programme\SiteAdvisor\5020\SiteAdv.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DadApp] C:\Programme\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Programme\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MI948F~1\GAMECO~1\Common\SWTrayV4.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Programme\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Programme\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\Bluewin\QUICKH~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Programme\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [SiteAdvisor] C:\Programme\SiteAdvisor\5020\SiteAdv.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [PcSync] C:\Programme\Nokia\Nokia PC Suite 6\pcsync2.exe
O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programme\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: Quick Help.lnk = C:\Programme\Bluewin\Quick Help\bin\matcli.exe
O4 - Global Startup: Wireless-G Notebook Adapter.lnk = C:\Programme\Linksys\Wireless-G Notebook Adapter\Gcc.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Programme\SiteAdvisor\5020\SiteAdv.dll
O21 - SSODL: eupeptic - {8670ee50-01f9-47da-ac1e-cf8549e9e521} - C:\WINDOWS\System32\axlet.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\System32\dlbtcoms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework-Dienst (McAfeeFramework) - Network Associates, Inc. - C:\Programme\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Programme\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Programme\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Programme\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Programme\SiteAdvisor\5020\SAService.exe

__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
07.01.2007, 21:03
Ehrenmitglied
Themenstarter
Avatar Sabina

Beiträge: 29434
#2 OLIK79

Habe ich gemacht! und dann wie weiter??

admin - 07-01-07 18:16:28,74 Service Pack 1
ComboFix 06.11.27 - Running from: "C:\Dokumente und Einstellungen\admin\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\ishost.exe
C:\WINDOWS\system32\ismini.exe
C:\WINDOWS\system32\components
C:\WINDOWS\system32\ixt0.dll


((((((((((((((((((((((((((((((( Files Created from 2006-12-07 to 2007-01-07 ))))))))))))))))))))))))))))))))))


2007-01-07 15:32 <DIR> d--hs---- C:\Config.Msi
2007-01-07 15:25 1,003,008 --a------ C:\WINDOWS\SYSTEM32\esent.dll
2007-01-07 14:52 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Windows Genuine Advantage
2007-01-07 14:51 <DIR> d-------- C:\WINDOWS\LastGood
2007-01-07 14:49 <DIR> d-------- C:\Programme\SiteAdvisor
2007-01-07 14:49 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SiteAdvisor
2007-01-07 14:49 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\McAfee
2007-01-07 14:49 <DIR> d-------- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\SiteAdvisor
2007-01-07 14:08 <DIR> dr-h----- C:\Dokumente und Einstellungen\admin\Recent
2007-01-06 18:42 <DIR> d-a------ C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
2007-01-06 18:27 <DIR> d-------- C:\Programme\AntiVerminser
2007-01-05 18:11 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Google
2007-01-05 17:58 20,992 --a------ C:\WINDOWS\SYSTEM32\axlet.dll
2007-01-04 12:25 <DIR> d-------- C:\WINDOWS\LastGood.Tmp
2006-12-29 21:07 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Documents
2006-12-29 21:07 <DIR> d-------- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Teleca
2006-12-29 21:06 <DIR> d-------- C:\Programme\Sony Ericsson
2006-12-29 21:06 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Teleca Shared
2006-12-29 21:06 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Teleca
2006-12-29 21:06 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sony Ericsson
2006-12-29 21:04 <DIR> d----c--- C:\WINDOWS\SYSTEM32\DRVSTORE
2006-12-29 20:58 <DIR> dr--s---- C:\WINDOWS\assembly
2006-12-29 20:58 <DIR> d-------- C:\WINDOWS\SYSTEM32\URTTemp
2006-12-29 20:58 <DIR> d-------- C:\WINDOWS\Microsoft.NET
2006-12-29 20:57 6,176 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\w810cm.sys
2006-12-29 20:57 5,808 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\w810wh.sys


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-01-07 15:56 -------- d-------- C:\Programme\Outlook Express
2007-01-07 15:56 -------- d-------- C:\Programme\Gemeinsame Dateien\System
2007-01-07 15:55 -------- d-------- C:\Programme\Windows Media Player
2007-01-07 15:37 -------- d-------- C:\Programme\Messenger
2007-01-07 15:33 -------- d-------- C:\Programme\Internet Explorer
2007-01-05 18:11 -------- d-------- C:\Programme\Google
2006-12-29 21:06 -------- d-------- C:\Programme\Gemeinsame Dateien
2006-12-29 21:01 -------- d---s---- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Microsoft
2006-12-29 20:49 -------- d-------- C:\Programme\Nokia
2006-11-12 12:50 2560 --a------ C:\WINDOWS\SYSTEM32\BitCometRes.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\ctfmon.exe"
"PcSync"="C:\\Programme\\Nokia\\Nokia PC Suite 6\\pcsync2.exe"
"swg"="C:\\Programme\\Google\\GoogleToolbarNotifier\\1.2.908.8472\\GoogleToolbarNotifier.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ATIModeChange"="Ati2mdxx.exe"
"ATIPTA"="C:\\Programme\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"DadApp"="C:\\Programme\\Dell\\AccessDirect\\dadapp.exe"
"Apoint"="C:\\Programme\\Apoint\\Apoint.exe"
"DVDSentry"="C:\\WINDOWS\\System32\\DSentry.exe"
"AdaptecDirectCD"="\"C:\\Programme\\Roxio\\Easy CD Creator 5\\DirectCD\\DirectCD.exe\""
"SideWinderTrayV4"="C:\\PROGRA~1\\MI948F~1\\GAMECO~1\\Common\\SWTrayV4.exe"
"ShStatEXE"="\"C:\\Programme\\Network Associates\\VirusScan\\SHSTAT.EXE\" /STANDALONE"
"McAfeeUpdaterUI"="\"C:\\Programme\\Network Associates\\Common Framework\\UpdaterUI.exe\" /StartedFromRunKey"
"Motive SmartBridge"="C:\\PROGRA~1\\Bluewin\\QUICKH~1\\SMARTB~1\\MotiveSB.exe"
"TkBellExe"="\"C:\\Programme\\Gemeinsame Dateien\\Real\\Update_OB\\realsched.exe\" -osboot"
"Dell Photo AIO Printer 922"="\"C:\\Programme\\Dell Photo AIO Printer 922\\dlbtbmgr.exe\""
"QuickTime Task"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Programme\\iTunes\\iTunesHelper.exe\""
@=""
"Sony Ericsson PC Suite"="\"C:\\Programme\\Sony Ericsson\\Mobile2\\Application Launcher\\Application Launcher.exe\" /startoptions"
"SiteAdvisor"="C:\\Programme\\SiteAdvisor\\5020\\SiteAdv.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="http://www.rega.ch/images/medien/ECOberland1.jpg"
"SubscribedURL"="http://www.rega.ch/images/medien/ECOberland1.jpg"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,00,00,00,00,00,00,00,00,40,06,00,00,8e,04,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:02,00,00,00
"OriginalStateInfo"=hex:18,00,00,00,c4,04,00,00,ab,01,00,00,aa,0b,00,00,94,07,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,14,02,00,00,27,00,00,00,d8,00,00,00,cc,00,\
00,00,01,00,00,00

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Die derzeitige Homepage"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,00,00,ea,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,00
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{8670ee50-01f9-47da-ac1e-cf8549e9e521}"="eupeptic"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"eupeptic"="{8670ee50-01f9-47da-ac1e-cf8549e9e521}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

Completion time: 07-01-07 18:18:47.30
C:\ComboFix.txt ... 07-01-07 18:18



Logfile of HijackThis v1.99.1
Scan saved at 16:51:03, on 07.01.2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Programme\Network Associates\Common Framework\FrameworkService.exe
C:\Programme\Network Associates\VirusScan\Mcshield.exe
C:\Programme\Network Associates\VirusScan\VsTskMgr.exe
C:\Programme\Linksys\Wireless-G Notebook Adapter\NICServ.exe
C:\Programme\SiteAdvisor\5020\SAService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\Dell\AccessDirect\dadapp.exe
C:\Programme\Apoint\Apoint.exe
C:\WINDOWS\System32\DSentry.exe
C:\Programme\Dell\AccessDirect\DadTray.exe
C:\Programme\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\MI948F~1\GAMECO~1\Common\SWTrayV4.exe
C:\Programme\Network Associates\VirusScan\SHSTAT.EXE
C:\Programme\Network Associates\Common Framework\UpdaterUI.exe
C:\Programme\Apoint\Apntex.exe
C:\PROGRA~1\Bluewin\QUICKH~1\SMARTB~1\MotiveSB.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Programme\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\Programme\SiteAdvisor\5020\SiteAdv.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programme\Gemeinsame Dateien\Teleca Shared\CapabilityManager.exe
C:\Programme\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
C:\Programme\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Programme\Digital Line Detect\DLG.exe
C:\Programme\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Programme\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Programme\Linksys\Wireless-G Notebook Adapter\Gcc.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\Linksys\Wireless-G Notebook Adapter\OdHost.exe
C:\Programme\Bluewin\Quick Help\bin\mpbtn.exe
C:\Programme\Gemeinsame Dateien\Teleca Shared\Generic.exe
C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\DOKUME~1\admin\LOKALE~1\Temp\HijackThis.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Dokumente und Einstellungen\admin\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bluewin.ch/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.euro.dell.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Programme\SiteAdvisor\5020\SiteAdv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll
O2 - BHO: (no name) - {f4d74aaa-a178-4463-846b-b4bc87a024e0} - C:\WINDOWS\System32\ixt0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Programme\SiteAdvisor\5020\SiteAdv.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DadApp] C:\Programme\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Programme\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MI948F~1\GAMECO~1\Common\SWTrayV4.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Programme\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Programme\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\Bluewin\QUICKH~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Programme\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [SiteAdvisor] C:\Programme\SiteAdvisor\5020\SiteAdv.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [PcSync] C:\Programme\Nokia\Nokia PC Suite 6\pcsync2.exe
O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programme\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: Quick Help.lnk = C:\Programme\Bluewin\Quick Help\bin\matcli.exe
O4 - Global Startup: Wireless-G Notebook Adapter.lnk = C:\Programme\Linksys\Wireless-G Notebook Adapter\Gcc.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Programme\SiteAdvisor\5020\SiteAdv.dll
O21 - SSODL: eupeptic - {8670ee50-01f9-47da-ac1e-cf8549e9e521} - C:\WINDOWS\System32\axlet.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\System32\dlbtcoms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework-Dienst (McAfeeFramework) - Network Associates, Inc. - C:\Programme\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Programme\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Programme\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Programme\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Programme\SiteAdvisor\5020\SAService.exe

_
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
07.01.2007, 21:07
Ehrenmitglied
Themenstarter
Avatar Sabina

Beiträge: 29434
#3 http://virus-protect.org/artikel/tools/regsearch.html
und doppelklicken, um zu starten.
in: "Enter search strings" (reinschreiben oder reinkopieren)

AntiVerminser

in edit und klicke "Ok".
Notepad wird sich öffnen -- kopiere den Text ab und poste ihn.


2. http://virus-protect.org/artikel/tools/agentransack.html
kopiere in Suche: AntiVerminser
poste laut anweisung alles, was erscheint

________________

wenn ich die Daten habe, ergaenze ich das avengerscript - du kannst es dann anwenden + smitfraudfix
http://virus-protect.org/artikel/spyware/antiverminser.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende