Hab Ein Problem Mit fservice.exe Mein Pc Ist So langsamThema ist geschlossen! |
||
---|---|---|
Thema ist geschlossen! |
||
#0
| ||
16.01.2007, 12:32
Member
Beiträge: 35 |
||
|
||
16.01.2007, 14:55
Ehrenmitglied
Beiträge: 29434 |
#2
gh-angel
'' Folgen den Anweisungen unter http://virus-protect.org/cleanup.html und stelle den CleanUp genauso ein, wie dort angegeben, dann den Rechner neustarten (so werden die temporaeren Dateien geloescht) '' combofix anwenden, auch die Datentraegerbereinigung durchfuehren lassen + den Scanreport abkopieren und im Beitrag posten http://virus-protect.org/artikel/tools/combofix.html '' Logfiles mittels datfind.bat erstellen und posten (abkopieren) Exakte Anleitung unter: http://virus-protect.org/datfindbat.html Kopiere diese 6 erstellten Textdateien ab . (rechtsklick mit der Maus -> den Text markieren -> kopieren -> einfügen) Sie sind nach Datum geordnet. (kopiere je Logfile nur die letzten 3 Monate ab !) __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
16.01.2007, 15:10
Member
Themenstarter Beiträge: 35 |
#3
ComboFix 07-01-15 - Running from: "C:\Dokumente und Einstellungen\AytacTogay"
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS.0\system32\vbuzip10.dll ((((((((((((((((((((((((((((((( Files Created from 2006-12-16 to 2007-01-16 )))))))))))))))))))))))))))))))))) 2007-01-16 10:52 65,536 --a------ C:\WINDOWS.0\system32\LogonDll.dll 2007-01-16 10:52 12,104,192 --a------ C:\$Persi0.sys 2007-01-16 10:52 <DIR> d-------- C:\Programme\Faronics 2007-01-15 00:14 <DIR> d-------- C:\Programme\Winamp 2007-01-14 18:44 <DIR> d-------- C:\DOKUME~1\AYTACT~1\Anwendungsdaten\ATI 2007-01-14 18:29 90,112 --a------ C:\WINDOWS.0\system32\ati2evxx.dll 2007-01-14 18:29 77,824 --a------ C:\WINDOWS.0\system32\Oemdspif.dll 2007-01-14 18:29 6,684,672 --a------ C:\WINDOWS.0\system32\atioglx1.dll 2007-01-14 18:29 53,248 --a------ C:\WINDOWS.0\system32\ATIDDC.DLL 2007-01-14 18:29 5,144,576 --a------ C:\WINDOWS.0\system32\atioglxx.dll 2007-01-14 18:29 49,152 --a------ C:\WINDOWS.0\system32\drivers\ati2erec.dll 2007-01-14 18:29 425,984 --a------ C:\WINDOWS.0\system32\ati2evxx.exe 2007-01-14 18:29 41,984 --a------ C:\WINDOWS.0\system32\ati2edxx.dll 2007-01-14 18:29 307,200 --a------ C:\WINDOWS.0\system32\atiiiexx.dll 2007-01-14 18:29 303,104 --a------ C:\WINDOWS.0\system32\ATIDEMGR.dll 2007-01-14 18:29 294,912 --a------ C:\WINDOWS.0\system32\ati2cqag.dll 2007-01-14 18:29 260,608 --a------ C:\WINDOWS.0\system32\ati2dvag.dll 2007-01-14 18:29 26,112 --a------ C:\WINDOWS.0\system32\Ati2mdxx.exe 2007-01-14 18:29 221,184 --a------ C:\WINDOWS.0\system32\atikvmag.dll 2007-01-14 18:29 2,415,648 --a------ C:\WINDOWS.0\system32\ati3duag.dll 2007-01-14 18:29 17,408 --a------ C:\WINDOWS.0\system32\atitvo32.dll 2007-01-14 18:29 118,784 --a------ C:\WINDOWS.0\system32\atipdlxx.dll 2007-01-14 18:29 1,754,624 --a------ C:\WINDOWS.0\system32\drivers\ati2mtag.sys 2007-01-14 18:29 1,086,144 --a------ C:\WINDOWS.0\system32\ativvaxx.dll 2007-01-14 18:26 <DIR> d-------- C:\ATI 2007-01-14 17:07 <DIR> d-------- C:\DOKUME~1\AYTACT~1\Anwendungsdaten\Help 2007-01-14 16:38 <DIR> d-------- C:\Programme\Acon Digital Media 2007-01-14 16:33 <DIR> d-------- C:\Programme\d-lusion 2007-01-14 16:27 <DIR> d-------- C:\WINDOWS.0\LastGood.Tmp 2007-01-14 12:47 348,160 --a------ C:\WINDOWS.0\system32\eSellerateEngine.dll 2007-01-14 12:47 <DIR> d-------- C:\Programme\Acoustica MP3 Audio Mixer 2007-01-14 12:32 <DIR> d-------- C:\Programme\Audacity 2007-01-14 12:28 <DIR> d-------- C:\Programme\MixMeister BPM Analyzer 2007-01-14 10:17 <DIR> d-------- C:\DOKUME~1\AYTACT~1\Anwendungsdaten\Sun 2007-01-14 09:27 <DIR> d-------- C:\DOKUME~1\AYTACT~1\Anwendungsdaten\CamfrogBot 2007-01-12 08:31 <DIR> d-------- C:\DOKUME~1\AYTACT~1\Anwendungsdaten\BearShare 2007-01-11 13:00 <DIR> d-------- C:\DOKUME~1\AYTACT~1\Anwendungsdaten\DivX 2007-01-11 12:43 <DIR> d-------- C:\DOKUME~1\AYTACT~1\Anwendungsdaten\Camfrog 2007-01-11 12:37 <DIR> d-------- C:\DOKUME~1\AYTACT~1\AyTaC 2007-01-11 12:36 <DIR> d-------- C:\Programme\Aytac Togay 2007-01-11 12:35 <DIR> d-------- C:\Programme\AytacTogay 2007-01-11 12:31 16,896 --a------ C:\WINDOWS.0\system32\winkey.dll 2007-01-11 12:31 <DIR> dr-h----- C:\DOKUME~1\AYTACT~1\Anwendungsdaten 2007-01-11 12:31 <DIR> dr------- C:\DOKUME~1\AYTACT~1\Startmen 2007-01-11 12:31 <DIR> dr------- C:\DOKUME~1\AYTACT~1\Favoriten 2007-01-11 12:31 <DIR> d--h----- C:\DOKUME~1\AYTACT~1\Vorlagen 2007-01-11 12:31 <DIR> d--h----- C:\DOKUME~1\AYTACT~1\Netzwerkumgebung 2007-01-11 12:31 <DIR> d--h----- C:\DOKUME~1\AYTACT~1\Lokale Einstellungen 2007-01-11 12:31 <DIR> d--h----- C:\DOKUME~1\AYTACT~1\Druckumgebung 2007-01-11 12:23 <DIR> d-------- C:\Programme\microsoft frontpage 2007-01-11 12:16 <DIR> d-------- C:\DOKUME~1\ADMINI~1.FFF\Anwendungsdaten\Pegasys Inc 2007-01-11 12:10 167 --a------ C:\Delme.bat 2007-01-11 12:08 <DIR> d-------- C:\DOKUME~1\ADMINI~1.FFF\AVM_Driver 2007-01-11 12:01 502,368 --a------ C:\WINDOWS.0\system32\drivers\amon.sys 2007-01-11 12:01 274,432 --a------ C:\WINDOWS.0\system32\imon.dll 2007-01-10 19:34 8,192 --a------ C:\WINDOWS.0\system32\tsbyuv.dll 2007-01-10 19:34 50,176 --a------ C:\WINDOWS.0\system32\vfwwdm32.dll 2007-01-10 19:34 45,568 --a------ C:\WINDOWS.0\system32\iyuv_32.dll 2007-01-10 19:34 <DIR> d-------- C:\Programme\WebcamMax 2007-01-10 13:11 6,852 --a------ C:\WINDOWS.0\system32\drivers\Vcs.sys 2007-01-10 12:32 <DIR> d-------- C:\WINDOWS.0\system32\language 2007-01-10 12:32 <DIR> d-------- C:\WINDOWS.0\system32\Images 2007-01-10 12:32 <DIR> d-------- C:\WINDOWS.0\system32\Download 2007-01-10 09:30 <DIR> d--hs---- C:\WINDOWS.0\ftpcache 2007-01-06 04:13 <DIR> d-------- C:\Programme\Shareaza 2007-01-06 03:24 <DIR> d-------- C:\Programme\PowerQuest 2007-01-06 01:11 69,632 --a------ C:\WINDOWS.0\system32\lfgif13n.dll 2007-01-06 01:11 57,344 --a------ C:\WINDOWS.0\system32\lfbmp13n.dll 2007-01-06 01:11 462,848 --a------ C:\WINDOWS.0\system32\ltkrn13n.dll 2007-01-06 01:11 450,560 --a------ C:\WINDOWS.0\system32\ltimg13n.dll 2007-01-06 01:11 401,408 --a------ C:\WINDOWS.0\system32\lfcmp13n.dll 2007-01-06 01:11 299,008 --a------ C:\WINDOWS.0\system32\ltdis13n.dll 2007-01-06 01:11 206,336 --a------ C:\WINDOWS.0\system32\ltefx13n.dll 2007-01-06 01:11 163,840 --a------ C:\WINDOWS.0\system32\ltfil13n.dll 2007-01-05 00:23 <DIR> d-------- C:\DOKUME~1\ALLUSE~1.0\Anwendungsdaten\Messenger Plus! 2007-01-05 00:22 <DIR> d-------- C:\Programme\MessengerPlus! 3 2007-01-04 23:57 36,864 --a------ C:\WINDOWS.0\system32\wbsys.dll 2006-12-30 21:00 <DIR> d-------- C:\DOKUME~1\ALLUSE~1.0\Anwendungsdaten\Amokflapatomopen 2006-12-29 19:45 <DIR> d-------- C:\Programme\Steam 2006-12-29 15:59 <DIR> d-------- C:\WINDOWS.0\system32\QuickTime 2006-12-29 02:53 <DIR> d-------- C:\Programme\BearShare Applications 2006-12-25 11:26 <DIR> d-------- C:\Programme\Camfrog 2006-12-25 01:56 <DIR> d-------- C:\Programme\CoolRick Software 2006-12-24 22:35 <DIR> d-------- C:\divx 2006-12-24 18:58 13,824 --a------ C:\WINDOWS.0\system32\drivers\splitcam.sys 2006-12-24 18:57 <DIR> d-------- C:\Programme\SplitCam 2006-12-24 17:58 98,816 --a------ C:\WINDOWS.0\system32\dmstyle.dll 2006-12-24 17:58 83,968 --a------ C:\WINDOWS.0\system32\drivers\nabtsfec.sys 2006-12-24 17:58 80,896 --a------ C:\WINDOWS.0\system32\dpvsetup.exe 2006-12-24 17:58 8,192 --a------ C:\WINDOWS.0\system32\d3d8thk.dll 2006-12-24 17:58 797,184 --a------ C:\WINDOWS.0\system32\d3dim700.dll 2006-12-24 17:58 78,336 --a------ C:\WINDOWS.0\system32\gcdef.dll 2006-12-24 17:58 76,800 --a------ C:\WINDOWS.0\system32\dmscript.dll 2006-12-24 17:58 733,184 --a------ C:\WINDOWS.0\system32\qedwipes.dll 2006-12-24 17:58 70,656 --a------ C:\WINDOWS.0\system32\dsdmoprp.dll 2006-12-24 17:58 7,424 --a------ C:\WINDOWS.0\system32\drivers\mskssrv.sys 2006-12-24 17:58 68,096 --a------ C:\WINDOWS.0\system32\dpnhupnp.dll 2006-12-24 17:58 64,512 --a------ C:\WINDOWS.0\system32\amstream.dll 2006-12-24 17:58 602,624 --a------ C:\WINDOWS.0\system32\dx7vb.dll 2006-12-24 17:58 590,336 --a------ C:\WINDOWS.0\system32\d3dramp.dll 2006-12-24 17:58 58,368 --a------ C:\WINDOWS.0\system32\dmcompos.dll 2006-12-24 17:58 57,856 --a------ C:\WINDOWS.0\system32\dpwsockx.dll 2006-12-24 17:58 53,248 --a------ C:\WINDOWS.0\system32\devenum.dll 2006-12-24 17:58 525,824 --a------ C:\WINDOWS.0\system32\qedit.dll 2006-12-24 17:58 52,096 --a------ C:\WINDOWS.0\system32\drivers\msdv.sys 2006-12-24 17:58 5,504 --a------ C:\WINDOWS.0\system32\drivers\mstee.sys 2006-12-24 17:58 5,248 --a------ C:\WINDOWS.0\system32\drivers\mspclock.sys 2006-12-24 17:58 48,512 --a------ C:\WINDOWS.0\system32\drivers\stream.sys 2006-12-24 17:58 47,616 --a------ C:\WINDOWS.0\system32\d3dxof.dll 2006-12-24 17:58 47,104 --a------ C:\WINDOWS.0\system32\wstdecod.dll 2006-12-24 17:58 46,592 --a------ Verzeichnis von C:\WINDOWS.0\system32 11.01.2007 12:31 16.896 winkey.dll 11.01.2007 12:23 98.256 FNTCACHE.DAT 11.01.2007 12:01 274.432 imon.dll 24.12.2006 14:42 274.432 imon(2).dll Verzeichnis von C:\WINDOWS.0\ 11.01.2007 12:19 110.676 ktd32.atm 31.10.2006 13:28 4.979 Paltalk Messenger Uninstall Log.txt 31.10.2006 13:18 14.298 Paltalk Messenger Setup Log.txt Anhang: Neu Textdokument.txt Dieser Beitrag wurde am 16.01.2007 um 15:25 Uhr von gh-angel editiert.
|
|
|
||
16.01.2007, 15:37
Ehrenmitglied
Beiträge: 29434 |
#4
poste combofix noch mal (komplett) , falls notwendig auch als anhang
__________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
16.01.2007, 15:53
Member
Themenstarter Beiträge: 35 |
||
|
||
16.01.2007, 16:40
Ehrenmitglied
Beiträge: 29434 |
#6
gh-angel
Avenger http://virus-protect.org/artikel/tools/avenger.html kopiere rein: Zitat Registry values to delete:Klicke die gruene Ampel das Script wird nun ausgeführt, dann wird der PC automatisch neustarten öffne das HijackThis -- Button "scan" -- vor diese Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten Zitat F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS.0\system32\fservice.exePC neustarten »» scanne mit dr.web und poste den scanreport http://virus-protect.org/cureit.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
19.01.2007, 23:58
Member
Themenstarter Beiträge: 35 |
#7
OK dass problem hab ich weg SAbina mit fservice.exe aber jetzt ist Noch was dazu gekommen unzwar Eine Meldung in der drin steht your computer is infected windows has detected spyware infection und da ist so ein roter punkt mit einem weißen kreuz drin mein Taskmanager war deaktiviert den hab ich schon wieder aktiviert und hab dazu noch mein desktop wieder freigemacht
also meine hijackthis logs Logfile of HijackThis v1.99.1 Scan saved at 23:44:45, on 19.01.2007 Platform: Windows XP (WinNT 5.01.2600) MSIE: Unable to get Internet Explorer version! Running processes: C:\WINDOWS.0\System32\smss.exe C:\WINDOWS.0\system32\winlogon.exe C:\WINDOWS.0\system32\services.exe C:\WINDOWS.0\system32\lsass.exe C:\WINDOWS.0\System32\Ati2evxx.exe C:\WINDOWS.0\system32\svchost.exe C:\WINDOWS.0\System32\svchost.exe C:\WINDOWS.0\system32\Ati2evxx.exe C:\WINDOWS.0\system32\spoolsv.exe C:\Programme\Eset\nod32krn.exe C:\WINDOWS.0\System32\svchost.exe C:\WINDOWS.0\Explorer.EXE C:\Programme\Java\jre1.5.0_10\bin\jusched.exe C:\WINDOWS.0\SOUNDMAN.EXE C:\Programme\QuickTime\qttask.exe C:\Programme\WebcamMax\CAMTHINS.exe C:\Programme\Eset\nod32kui.exe C:\WINDOWS.0\System32\ctfmon.exe C:\Programme\Messenger\msmsgs.exe C:\Windows\xpupdate.exe C:\Programme\Camfrog\Camfrog Video Chat 3.80\Camfrog Video Chat.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\WINDOWS.0\System32\wuauclt.exe C:\Programme\Aytac Togay\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Programme\Outlook Express\msimn.exe" //mailurl:mailto:admin@number1turkey.net O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_10\bin\ssv.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS.0\System32\msdxm.ocx O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.5.0_10\bin\jusched.exe" O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\FRITZWLANMini.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [WebcamMaxMoniter] "C:\Programme\WebcamMax\CAMTHINS.exe" /m O4 - HKLM\..\Run: [nod32kui] "C:\Programme\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe O4 - HKLM\..\Run: [System] C:\WINDOWS.0\System32\kernels88.exe O4 - HKLM\..\RunServices: [SystemTools] C:\WINDOWS.0\System32\kernels88.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS.0\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Camfrog] "C:\Programme\Camfrog\Camfrog Video Chat 3.80\CamfrogNet.exe" 1 C:\Programme\Camfrog\Camfrog Video Chat 3.80\Camfrog Video Chat.exe O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programme\MessengerPlus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS.0\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS.0\web\related.htm O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by135fd.bay135.hotmail.msn.com/resources/MsnPUpld.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS.0\system32\WPDShServiceObj.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS.0\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS.0\system32\ati2sgag.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Unknown owner - c:\programme\gemeinsame dateien\logitech\lvmvfm\LVPrcSrv.exe (file missing) O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - C:\Programme\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing) O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programme\Eset\nod32krn.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS.0\SYSTEM32\slserv.exe O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - C:\Programme\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing) UND DA HAB ICH NOCH EIN ANHANG MIT DATFIND UND COMBOFIX LOGS KRIEG DEN KACK NIMMER WEG WÄR NETT WENN DU HELFEN WÜRDEST SABINA Anhang: LOGS.txt
|
|
|
||
20.01.2007, 00:04
Ehrenmitglied
Beiträge: 29434 |
#8
Avenger
http://virus-protect.org/artikel/tools/avenger.html kopiere rein: Zitat Registry values to delete:smitfraud.fix abarbeiten (Option 1 und 2 - lasse auch die Registry mitreinigen) http://virus-protect.org/artikel/tools/smitfrautfix.html poste hier den scanreport von Option 1 und 2 »» scanne mit sophos und poste den scanreport http://virus-protect.org/artikel/tools/sdfix.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
20.01.2007, 00:09
Member
Themenstarter Beiträge: 35 |
#9
SmitFraudFix v2.132
Scan done at 0:06:29,06, 20.01.2007 Run from C:\Programme\Aytac Togay\Desktop\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS.0 »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS.0\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS.0\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS.0\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS.0\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» C:\Dokumente und Einstellungen\AytacTogay »»»»»»»»»»»»»»»»»»»»»»»» C:\Dokumente und Einstellungen\AytacTogay\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Start Menu »»»»»»»»»»»»»»»»»»»»»»»» C:\DOKUME~1\AYTACT~1\FAVORI~1 »»»»»»»»»»»»»»»»»»»»»»»» Desktop »»»»»»»»»»»»»»»»»»»»»»»» C:\Programme »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Die derzeitige Homepage" »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32 »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End |
|
|
||
20.01.2007, 00:10
Ehrenmitglied
Beiträge: 29434 |
#10
Avenger
http://virus-protect.org/artikel/tools/avenger.html kopiere rein: Zitat Registry values to delete:»» scanne mit sophos und poste den scanreport http://virus-protect.org/artikel/tools/sdfix.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
20.01.2007, 02:13
Member
Themenstarter Beiträge: 35 |
#11
So Dass Ist Was Sophos Ausgespuckt hat
Sophos Anti-Virus Version 4.13.0 [Win32/Intel] Virus data version 4.13, January 2007 Includes detection for 209127 viruses, trojans and worms Copyright (c) 1989-2007 Sophos Plc, www.sophos.com System time 01:21:17, System date 20 January 2007 Command line qualifiers are: -nb --stop-scan IDE directory is: C:\SDFix\IDE Using IDE file ds061130.ide Using IDE file bckd-pqp.ide Using IDE file bagle-qs.ide Using IDE file strat-cf.ide Using IDE file looke-bb.ide Using IDE file nesht-a.ide Using IDE file baglezip.ide Using IDE file bagle-qt.ide Using IDE file poebo-jd.ide Using IDE file qqro-abd.ide Using IDE file pardon-c.ide Using IDE file banc-axx.ide Using IDE file line-afb.ide Using IDE file strat-aj.ide Using IDE file looke-bc.ide Using IDE file rjump-g.ide Using IDE file wow-im.ide Using IDE file ds061204.ide Using IDE file strat-cg.ide Using IDE file rbot-fvz.ide Using IDE file bombka-p.ide Using IDE file qqhelp-p.ide Using IDE file strat-ch.ide Using IDE file ds061205.ide Using IDE file strat-al.ide Using IDE file kidala-i.ide Using IDE file strd-fam.ide Using IDE file remadm-p.ide Using IDE file dloa-arb.ide Using IDE file vb-cuz.ide Using IDE file dloadrwz.ide Using IDE file dloa-are.ide Using IDE file dref-r.ide Using IDE file ds061207.ide Using IDE file ldpi-aze.ide Using IDE file zhengt-a.ide Using IDE file bagdl-bw.ide Using IDE file grayb-ec.ide Using IDE file banl-ase.ide Using IDE file ruindl-x.ide Using IDE file tileb-ic.ide Using IDE file ds061208.ide Using IDE file qqrb-abq.ide Using IDE file look-be.ide Using IDE file lowzo-ds.ide Using IDE file rbot-fyf.ide Using IDE file sharp-t.ide Using IDE file mofei-t.ide Using IDE file sillyf-g.ide Using IDE file xorpix-h.ide Using IDE file dref-s.ide Using IDE file fakea-ah.ide Using IDE file starbo-e.ide Using IDE file gold-eh.ide Using IDE file dwnl-fxo.ide Using IDE file vixup-bz.ide Using IDE file stinx-y.ide Using IDE file bagle-qw.ide Using IDE file tileb-ga.ide Using IDE file strat-cj.ide Using IDE file rootk-ba.ide Using IDE file pardon-d.ide Using IDE file look-bf.ide Using IDE file agen-dwm.ide Using IDE file ds061214.ide Using IDE file bagle-qy.ide Using IDE file mmthie-s.ide Using IDE file murlo-q.ide Using IDE file dnsbus-n.ide Using IDE file zlob-ox.ide Using IDE file sdbo-cwa.ide Using IDE file bagle-qx.ide Using IDE file bront-ai.ide Using IDE file traxg-e.ide Using IDE file click-ea.ide Using IDE file smal-dnt.ide Using IDE file poebo-jt.ide Using IDE file mytob-jn.ide Using IDE file qqspygen.ide Using IDE file steph-b.ide Using IDE file sdb-cwb.ide Using IDE file looke-aq.ide Using IDE file dloa-arl.ide Using IDE file dref-q.ide Using IDE file banc-aqr.ide Using IDE file kebede-f.ide Using IDE file forbo-gn.ide Using IDE file tileb-hn.ide Using IDE file semail-a.ide Using IDE file horst-hf.ide Using IDE file skyper-a.ide Using IDE file zlob-wq.ide Using IDE file clagg-ag.ide Using IDE file sohana-f.ide Using IDE file dloa-arp.ide Using IDE file allapl-b.ide Using IDE file strati-g.ide Using IDE file dref-t.ide Using IDE file qqrobabt.ide Using IDE file mytob-in.ide Using IDE file down-aav.ide Using IDE file nordex-a.ide Using IDE file wowpw-an.ide Using IDE file vb-cvk.ide Using IDE file rbot-fzd.ide Using IDE file bagl-rb.ide Using IDE file rbot-fze.ide Using IDE file stradl-b.ide Using IDE file stradl-c.ide Using IDE file fujack-a.ide Using IDE file rbot-fzo.ide Using IDE file cwsmeu-d.ide Using IDE file rbot-fzq.ide Using IDE file slate-a.ide Using IDE file feebd-aa.ide Using IDE file feebszip.ide Using IDE file bagdl-bx.ide Using IDE file dref-v.ide Using IDE file agen-dyg.ide Using IDE file zlob-xi.ide Using IDE file msnvb-b.ide Using IDE file banc-avs.ide Using IDE file flukan-c.ide Using IDE file ds070102.ide Using IDE file everda-b.ide Using IDE file nofere-b.ide Using IDE file bagle-rc.ide Using IDE file strat-by.ide Using IDE file piggi-a.ide Using IDE file ds070103.ide Using IDE file bront-cg.ide Using IDE file sdbo-cwl.ide Using IDE file wuke-a.ide Using IDE file strat-ci.ide Using IDE file pardon-e.ide Using IDE file star-bda.ide Using IDE file limpne-a.ide Using IDE file rbot-fmw.ide Using IDE file smdldr-l.ide Using IDE file sforce-b.ide Using IDE file zybot-d.ide Using IDE file zlob-xs.ide Using IDE file rbot-gaa.ide Using IDE file sdbo-cwo.ide Using IDE file looke-bj.ide Using IDE file pardon-f.ide Using IDE file bank-dnm.ide Using IDE file haxdo-dl.ide Using IDE file wrbotgac.ide Using IDE file ircbo-tk.ide Using IDE file dref-u.ide Using IDE file qqro-abx.ide Using IDE file clerix-b.ide Using IDE file lager-u.ide Using IDE file pardon-g.ide Using IDE file clagg-aq.ide Using IDE file sillyf-i.ide Using IDE file kbroy-g.ide Using IDE file agob-aht.ide Using IDE file kraze-b.ide Using IDE file ircbo-tl.ide Using IDE file spybo-nc.ide Using IDE file fujack-d.ide Using IDE file looke-bi.ide Using IDE file rbot-gap.ide Using IDE file zlobnsaa.ide Using IDE file cyadoo-b.ide Using IDE file fujack-g.ide Using IDE file counto-h.ide Using IDE file codbo-ew.ide Using IDE file sniffe-n.ide Using IDE file krepp-bf.ide Using IDE file salit-aa.ide Using IDE file flood-hh.ide Using IDE file zapch-bx.ide Using IDE file pws-adx.ide Using IDE file lin-aiq.ide Using IDE file rbot-gaw.ide Using IDE file rbot-gay.ide Using IDE file wow-aj.ide Using IDE file levona-c.ide Using IDE file gladis-a.ide Using IDE file ircbo-cx.ide Using IDE file shipup-b.ide Using IDE file levona-d.ide Using IDE file busky-e.ide Using IDE file bront-bb.ide Using IDE file puce-t.ide Using IDE file tileb-ii.ide Using IDE file ds070116.ide Using IDE file dloadaky.ide Using IDE file cimuz-bk.ide Using IDE file rustok-n.ide Using IDE file rbot-fwm.ide Using IDE file rbot-gbx.ide Using IDE file agentdww.ide Using IDE file dwnl-fyb.ide Using IDE file bront-ae.ide Using IDE file fujack-i.ide Using IDE file looke-bk.ide Using IDE file psyme-dd.ide Using IDE file danmec-v.ide Using IDE file zalon-b.ide Using IDE file ds070118.ide Using IDE file sfdc-l.ide Using IDE file bront-ci.ide Using IDE file dwnl-fyd.ide Using IDE file tileb-ik.ide Using IDE file look-bo.ide Using IDE file ds070119.ide Using IDE file fujack-u.ide Using IDE file servu-ej.ide Quick Scanning >>> Virus 'Mal/Packer' found in file C:\Programme\Aytac Togay\Desktop\AyTaC\efbot.exe >>> Virus 'Mal/Packer' found in file C:\Programme\Aytac Togay\Desktop\AyTaC\MSNLoader.exe >>> Virus 'Mal/Packer' found in file C:\Programme\Camfrog\Camfrog Video Chat 3.80\keygen.exe >>> Virus 'Mal/HckPk-A' found in file C:\Programme\Camfrog\Camfrog Video Chat 3.80\run.exe >>> Virus 'Mal/HckPk-A' found in file C:\System Volume Information\_restore{90708A36-D052-485F-B871-31B0DC14E5DF}\RP1\A0000082.exe 2 boot sectors swept. 37373 files swept in 50 minutes and 10 seconds. 5 viruses were discovered. 5 files out of 37373 were infected. Please send infected samples to Sophos for analysis. For advice consult www.sophos.com, email support@sophos.com or telephone +44 1235 559933 Ending Sophos Anti-Virus. |
|
|
||
20.01.2007, 14:50
Ehrenmitglied
Beiträge: 29434 |
||
|
||
20.01.2007, 21:29
Member
Themenstarter Beiträge: 35 |
#13
HAB ICH GEMACHT
Sophos Anti-Virus Version 4.13.0 [Win32/Intel] Virus data version 4.13, January 2007 Includes detection for 209135 viruses, trojans and worms Copyright (c) 1989-2007 Sophos Plc, www.sophos.com System time 15:43:32, System date 20 January 2007 Command line qualifiers are: -f -remove -nc -nb --stop-scan Full Scanning >>> Virus 'Mal/Packer' found in file C:\Programme\Aytac Togay\Desktop\AyTaC\efbot.exe Removal successful Aborted checking C:\Programme\Aytac Togay\Desktop\AyTaC\FST 05-06\_setup.dll - appears to be a 'zip bomb' >>> Virus 'Mal/Packer' found in file C:\Programme\Aytac Togay\Desktop\AyTaC\MSNLoader.exe Removal successful >>> Virus 'Mal/Packer' found in file C:\Programme\Camfrog\Camfrog Video Chat 3.80\keygen.exe Removal successful >>> Virus 'Mal/HckPk-A' found in file C:\Programme\Camfrog\Camfrog Video Chat 3.80\run.exe Removal successful >>> Virus 'Mal/HckPk-A' found in file C:\System Volume Information\_restore{90708A36-D052-485F-B871-31B0DC14E5DF}\RP1\A0000082.exe Removal successful >>> Virus 'Mal/Packer' found in file C:\System Volume Information\_restore{90708A36-D052-485F-B871-31B0DC14E5DF}\RP1\A0000211.exe Removal successful >>> Virus 'Mal/Packer' found in file C:\System Volume Information\_restore{90708A36-D052-485F-B871-31B0DC14E5DF}\RP1\A0000212.exe Removal successful >>> Virus 'Mal/Packer' found in file C:\System Volume Information\_restore{90708A36-D052-485F-B871-31B0DC14E5DF}\RP1\A0000213.exe Removal successful >>> Virus 'Mal/HckPk-A' found in file C:\System Volume Information\_restore{90708A36-D052-485F-B871-31B0DC14E5DF}\RP1\A0000214.exe Removal successful 2 boot sectors swept. 37729 files swept in 1 hour, 9 minutes and 34 seconds. 1 error was encountered. 9 viruses were discovered. 9 files out of 37729 were infected. Please send infected samples to Sophos for analysis. For advice consult www.sophos.com, email support@sophos.com or telephone +44 1235 559933 Ending Sophos Anti-Virus. IST MEIN PC JETZT VIRENFREI? |
|
|
||
20.01.2007, 22:16
Ehrenmitglied
Beiträge: 29434 |
#14
es muesste wieder alles sauber sein
pass in Zukunft auf, was du laedst...... __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
20.01.2007, 22:51
Member
Themenstarter Beiträge: 35 |
#15
BOAH DU BIST ECHT DIE BESTE DANKE FÜR ALLES ICH EMPFEHL EUCH WEITER !!! BUSSILE xD
|
|
|
||
C:\WINDOWS.0\system32\fservice.exe" konnte nicht gefunden werden. Stellen Sie sicher, dass sie den Namen korrekt eingegeben haben und wiederholen Sie den Vorgang. Klicken sie auf "Start" und anschließend auf "Suchen", um eine Datei zu suchen.
hier mal meine Logs von HijackThis ich kann mein Pc Nicht Mal Formatieren Weil da kommt eine fehlermeldung REGISTRY_ERROR bla bla bla mit blauen Bildschirm naja Meine Logs :
Logfile of HijackThis v1.99.1
Scan saved at 12:30:13, on 16.01.2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Running processes:
C:\WINDOWS.0\System32\smss.exe
C:\WINDOWS.0\system32\winlogon.exe
C:\WINDOWS.0\system32\services.exe
C:\WINDOWS.0\system32\lsass.exe
C:\Programme\Faronics\Deep Freeze\Install C-0\DF5Serv.exe
C:\WINDOWS.0\System32\Ati2evxx.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\WINDOWS.0\system32\spoolsv.exe
C:\Programme\Eset\nod32krn.exe
C:\WINDOWS.0\System32\svchost.exe
C:\WINDOWS.0\system32\Ati2evxx.exe
C:\WINDOWS.0\Explorer.exe
C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS.0\SOUNDMAN.EXE
C:\Programme\QuickTime\qttask.exe
C:\Dokumente und Einstellungen\All Users.WINDOWS.0\Anwendungsdaten\Amokflapatomopen\Pop Team.exe
C:\Programme\MessengerPlus! 3\MsgPlus.exe
C:\Programme\WebcamMax\CAMTHINS.exe
C:\Programme\Eset\nod32kui.exe
C:\Programme\Winamp\winampa.exe
C:\WINDOWS.0\System32\CTFMON.EXE
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe
C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS.0\System32\wuauclt.exe
C:\Programme\Java\jre1.5.0_06\bin\jucheck.exe
C:\Programme\WinRAR\WinRAR.exe
C:\DOKUME~1\AYTAC~1.FFF\LOKALE~1\Temp\Rar$EX00.125\HijackThis.exe
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS.0\system32\fservice.exe
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: (no name) - {B7D3E479-CC68-42B5-A338-938ECE35F419} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS.0\System32\msdxm.ocx
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\FRITZWLANMini.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AtomOpenBlehPure] C:\Dokumente und Einstellungen\All Users.WINDOWS.0\Anwendungsdaten\Amokflapatomopen\Pop Team.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programme\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [WebcamMaxMoniter] "C:\Programme\WebcamMax\CAMTHINS.exe" /m
O4 - HKLM\..\Run: [Hindustan] C:\DOKUME~1\AYTAC~1.FFF\LOKALE~1\Temp\Rar$EX01.953\msmsgs.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Programme\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS.0\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS.0\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS.0\web\related.htm
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by135fd.bay135.hotmail.msn.com/resources/MsnPUpld.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: DfLogon - C:\WINDOWS.0\SYSTEM32\LogonDll.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS.0\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS.0\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS.0\system32\ati2sgag.exe
O23 - Service: DF5Serv - Faronics Corporation - C:\Programme\Faronics\Deep Freeze\Install C-0\DF5Serv.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Unknown owner - c:\programme\gemeinsame dateien\logitech\lvmvfm\LVPrcSrv.exe (file missing)
O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - C:\Programme\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programme\Eset\nod32krn.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS.0\SYSTEM32\slserv.exe
O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - C:\Programme\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing)