Infiziert: TR/SpyBZub.EC.2 und TR/proxy.cimuz.BW6 csvhost.exe |
||
---|---|---|
#0
| ||
08.02.2007, 13:50
Member
Beiträge: 37 |
||
|
||
08.02.2007, 13:53
Ehrenmitglied
Beiträge: 29434 |
#2
Diddlina
LSPfix http://www.spychecker.com/program/lspfix.html - hake an: "I know what Im doing" -- Remove - und lösche die rsvp32_2.dll (eventuell musst du die dll von links nach rechts bringen) + Remove ----------------------- stelle den CleanUp genauso ein, wie hier angegeben: http://virus-protect.org/cleanup.html Kopiere diese 6 Textdateien ab . (rechtsklick mit der Maus -> den Text markieren -> kopieren -> einfügen) Sie sind nach Datum geordnet. (kopiere nur die letzten 3 Monate ab) http://virus-protect.org/datfindbat.html ----- «« http://virus-protect.org/artikel/tools/sdfix.html SDFix.zip entpacken es erscheint folgende Meldung: "The SDFix Folder has been extracted to %systemdrive% - Please run from that location. (%systemdrive% = drive that contains the Windows directory - typically C:\SDFix )" unter C:\ findet man nun den SDFix-Ordner boote in den abgesicherten Modus (die Taste F8 drücken, während der Rechner neustartet) gehe in den Ordner C:\SDFix RunThis.bat doppelt klicken schreibe: Y folge allen Anweisungen, während gescannt wird - dann wird der Rechner neustarten kopiere mit der rechten Maustaste den Text ab, der erscheint - und in den Beitrag, __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
08.02.2007, 14:21
Member
Themenstarter Beiträge: 37 |
#3
Verzeichnis von C:\WINDOWS\system32
08.02.2007 14:13 1.158 wpa.dbl 08.02.2007 13:27 100 LuResult.txt 08.02.2007 12:41 2.365 form.txt 08.01.2007 19:20 3.584 hook.dll 03.01.2007 00:19 10.980.776 MRT.exe 19.12.2006 17:38 6.678 thawte.bmp 19.12.2006 17:38 8.078 verisign.bmp 19.12.2006 17:38 13.038 barc.bmp 07.12.2006 20:00 7.280 wuredist.cab 07.12.2006 06:29 2.374.472 wmvcore.dll 27.11.2006 18:20 75 adv.txt 08.11.2006 06:06 679.424 inetcomm.dll 04.11.2006 14:14 1.245.696 msxml4.dll 02.11.2006 17:02 483.328 actskn45.ocx Datentr„ger in Laufwerk C: ist 448987 Volumeseriennummer: 0845-3DF5 Verzeichnis von C:\DOKUME~1\STEFFE~1\LOKALE~1\Temp 08.02.2007 14:17 206 jusched.log 1 Datei(en) 206 Bytes 0 Verzeichnis(se), 65.699.815.424 Bytes frei Datentr„ger in Laufwerk C: ist 448987 Volumeseriennummer: 0845-3DF5 Verzeichnis von C:\WINDOWS 08.02.2007 14:12 0 0.log 08.02.2007 14:12 4.126 ModemLog_Motorola SM56 Data Fax Modem.txt 08.02.2007 14:12 1.616.177 WindowsUpdate.log 08.02.2007 14:12 159 wiadebug.log 08.02.2007 14:12 50 wiaservc.log 08.02.2007 14:11 2.048 bootstat.dat 08.02.2007 14:10 32.634 SchedLgU.Txt 08.02.2007 13:56 11.664 setupapi.log 10.01.2007 07:37 260.663 comsetup.log 10.01.2007 07:37 120.554 iis6.log 10.01.2007 07:37 156.570 ntdtcsetup.log 10.01.2007 07:37 1.374 imsins.log 10.01.2007 07:37 297.805 tsoc.log 10.01.2007 07:37 42.052 ocmsn.log 10.01.2007 07:37 12.787 KB929969.log 10.01.2007 07:37 370.334 ocgen.log 10.01.2007 07:37 38.430 msgsocm.log 10.01.2007 07:37 779.410 FaxSetup.log 09.01.2007 08:35 1.754 wincmd.ini 09.01.2007 07:52 229 NeroDigital.ini 08.01.2007 19:30 227 system.ini 08.01.2007 19:26 678 win.ini 08.01.2007 19:11 215.166 setupact.log 31.12.2006 04:58 151 PhotoSnapViewer.INI 17.12.2006 06:58 1.393 imsins.BAK 17.12.2006 06:58 37.549 KB925454.log 17.12.2006 06:58 40.845 updspapi.log 17.12.2006 06:58 10.943 KB925398.log 17.12.2006 06:58 1.032.783 setupapi.log.0.old 17.12.2006 06:57 12.318 KB923689.log 17.12.2006 06:57 13.193 KB926255.log 17.12.2006 06:56 13.037 KB923694.log 19.11.2006 10:47 18.963 KB923980.log 19.11.2006 10:47 21.885 KB924270.log 19.11.2006 10:46 20.923 KB920213.log 19.11.2006 10:46 34.090 KB922760.log 10.11.2006 08:02 0 DRM_Serial.txt 09.11.2006 10:14 706 cdplayer.ini Datentr„ger in Laufwerk C: ist 448987 Volumeseriennummer: 0845-3DF5 Verzeichnis von C:\WINDOWS\Temp 08.02.2007 14:13 409 WGANotify.settings 08.02.2007 14:12 0 T30DebugLogFile.txt 08.02.2007 14:11 255 WGAErrLog.txt 3 Datei(en) 664 Bytes 0 Verzeichnis(se), 65.699.823.616 Bytes frei Datentr„ger in Laufwerk C: ist 448987 Volumeseriennummer: 0845-3DF5 Verzeichnis von C:\WINDOWS\Downloaded Program Files 15.06.2006 17:33 1.132.192 EPUWALcontrol.dll 03.03.2006 13:19 65 desktop.ini 16.06.2004 05:02 323.584 isusweb.dll 25.07.2002 17:13 24.576 dwusplay.dll 25.07.2002 17:13 196.608 dwusplay.exe 5 Datei(en) 1.677.025 Bytes 0 Verzeichnis(se), 65.699.823.616 Bytes frei Datentr„ger in Laufwerk C: ist 448987 Volumeseriennummer: 0845-3DF5 Verzeichnis von C:\ 08.02.2007 14:19 0 sys.txt 08.02.2007 14:19 493 down.txt 08.02.2007 14:18 384 tmp.txt 08.02.2007 14:16 8.978 system.txt 08.02.2007 14:14 129 systemtemp.txt 08.02.2007 14:14 98.638 system32.txt 08.02.2007 14:11 1.409.286.144 pagefile.sys 08.01.2007 19:30 211 boot.ini 09.10.2006 14:13 146 YServer.txt Alles fertig.... SDFix: Version 1.63 08.02.2007 - 14:27:49,17 Microsoft Windows XP [Version 5.1.2600] Running From: C:\SDFix Safe Mode: Checking Services: Name: Path: Restoring Windows Registry Entries Restoring Default Hosts File Rebooting... Normal Mode: Checking Files: Below files will be copied to Backups folder then removed: C:\WINDOWS\system32\adv.txt - Deleted C:\WINDOWS\system32\form.txt - Deleted C:\WINDOWS\system32\hook.dll - Deleted C:\WINDOWS\system32\msn.exe - Deleted ADS Check: C:\WINDOWS\system32 No streams found. Final Check: Remaining Services: ------------------ Authorized Application Key Export: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Programme\\IncrediMail\\bin\\IMApp.exe"="C:\\Programme\\IncrediMail\\bin\\IMApp.exe:*:Enabled:IncrediMail" "C:\\Programme\\IncrediMail\\bin\\IncMail.exe"="C:\\Programme\\IncrediMail\\bin\\IncMail.exe:*:Enabled:IncrediMail" "C:\\Programme\\IncrediMail\\bin\\ImpCnt.exe"="C:\\Programme\\IncrediMail\\bin\\ImpCnt.exe:*:Enabled:IncrediMail" "C:\\Programme\\Yahoo!\\Messenger\\YPager.exe"="C:\\Programme\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger" "C:\\Programme\\Yahoo!\\Messenger\\YServer.exe"="C:\\Programme\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server" "C:\\Dokumente und Einstellungen\\Steffen Home\\My Documents\\Morpheus Shared\\Downloads\\utorrent.exe"="C:\\Dokumente und Einstellungen\\Steffen Home\\My Documents\\Morpheus Shared\\Downloads\\utorrent.exe:*:Enabled:µTorrent" "C:\\Programme\\Messenger\\Msmsgs.exe"="C:\\Programme\\Messenger\\Msmsgs.exe:*:Enabled:Windows Messenger" "C:\\Programme\\LimeWire\\LimeWire.exe"="C:\\Programme\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire" "C:\\Dokumente und Einstellungen\\Steffen Home\\Lokale Einstellungen\\Temporary Internet Files\\Content.IE5\\4H6J8XYN\\pics[1].exe"="C:\\Dokumente und Einstellungen\\Steffen Home\\Lokale Einstellungen\\Temporary Internet Files\\Content.IE5\\4H6J8XYN\\pics[1].exe:*:ENABLED:0" "C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer" "C:\\Dokumente und Einstellungen\\Steffen Home\\Lokale Einstellungen\\Temporary Internet Files\\Content.IE5\\EB01SJWD\\pics[1].exe"="C:\\Dokumente und Einstellungen\\Steffen Home\\Lokale Einstellungen\\Temporary Internet Files\\Content.IE5\\EB01SJWD\\pics[1].exe:*:ENABLED:0" "c:\\windows\\zupacha.exe"="c:\\windows\\zupacha.exe:*:Enabled:zupacha" "c:\\windows\\system32\\csvhost.exe"="c:\\windows\\system32\\csvhost.exe:*:Enabled:csvhost" "C:\\Programme\\IncrediMail\\bin\\IncrediMail_Install.exe"="C:\\Programme\\IncrediMail\\bin\\IncrediMail_Install.exe:*:Enabled:IncrediMail Installer" "C:\\Dokumente und Einstellungen\\Steffen Home\\Lokale Einstellungen\\Temp\\ImInstaller\\IncrediMail\\IncrediMail_Install.exe"="C:\\Dokumente und Einstellungen\\Steffen Home\\Lokale Einstellungen\\Temp\\ImInstaller\\IncrediMail\\IncrediMail_Install.exe:*:Enabled:IncrediMail Installer" "C:\\Programme\\MSN Messenger\\msnmsgr.exe"="C:\\Programme\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0" "C:\\Programme\\MSN Messenger\\msncall.exe"="C:\\Programme\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Programme\\MSN Messenger\\msnmsgr.exe"="C:\\Programme\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0" "C:\\Programme\\MSN Messenger\\msncall.exe"="C:\\Programme\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)" Remaining Files: --------------- C:\WINDOWS\system32\rsvp32_2.dll Found - LSP Backups Folder: - C:\SDFix\backups\backups.zip Checking For Files with Hidden Attributes : Finished Dieser Beitrag wurde am 08.02.2007 um 14:37 Uhr von Diddlina editiert.
|
|
|
||
08.02.2007, 15:46
Ehrenmitglied
Beiträge: 29434 |
#4
Diddlina
08.02.2007 12:41 2.365 form.txt - hier findest du alles, was schon von deinem system an infos geklaut wurde... Avenger http://virus-protect.org/artikel/tools/avenger.html Input script manually (anhaken) kopiere in: View/edit script Zitat Registry values to delete:Klicke die gruene Ampel das Script wird nun ausgeführt, dann wird der PC automatisch neustarten --------- öffne das HijackThis -- Button "scan" -- vor diese Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten Zitat R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssbPC neustarten «« im Normalmodus http://virus-protect.org/artikel/tools/sdfix.html RunThis.bat doppelt klicken reinschreiben: 3 3 : wird Sophos geladen - waehle 6 - scanne und post den scanreport __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
08.02.2007, 16:28
Member
Themenstarter Beiträge: 37 |
#5
sorry sabina... wie kann ich sehen was die geklaut haben???
ich finde diese form.txt nicht |
|
|
||
08.02.2007, 16:43
Ehrenmitglied
Beiträge: 29434 |
#6
ist im backup vom sdfix (bitte nicht oeffnen)
C:\WINDOWS\system32\form.txt - Deleted «« poste hier das log vom avenger, was nach neustart erscheint __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
08.02.2007, 16:52
Member
Themenstarter Beiträge: 37 |
#7
Musste den avenger 2 mal laufen lassen, beim ersten mal hat er keine log datei gegeben...- du, er hat mir gerade gewarnt, im avenger wäre der Trojana zupacha.exe drin...?????????
na, hier erst mal das log: Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\kjhkxwtw ******************* Script file located at: \??\C:\WINDOWS\system32\bglyyphw.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Registry value HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List|C:\Dokumente und Einstellungen\Steffen Home\Lokale Einstellungen\Temporary Internet Files\Content.IE5\4H6J8XYN\pics[1].exe deleted successfully. Registry value HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List|C:\Program Files\Internet Explorer\IEXPLORE.EXE deleted successfully. Registry value HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List|C:\Dokumente und Einstellungen\Steffen Home\Lokale Einstellungen\Temporary Internet Files\Content.IE5\EB01SJWD\pics[1].exe deleted successfully. Registry value HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List|c:\windows\zupacha.exe deleted successfully. Registry value HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List|c:\windows\system32\csvhost.exe deleted successfully. File c:\windows\zupacha.exe deleted successfully. File C:\WINDOWS\system32\msn.exe not found! Deletion of file C:\WINDOWS\system32\msn.exe failed! Could not process line: C:\WINDOWS\system32\msn.exe Status: 0xc0000034 File c:\windows\system32\actskn45.ocx deleted successfully. File c:\windows\system32\csvhost.exe not found! Deletion of file c:\windows\system32\csvhost.exe failed! Could not process line: c:\windows\system32\csvhost.exe Status: 0xc0000034 File c:\windows\system32\LuResult.txt deleted successfully. File C:\WINDOWS\system32\ipv6monl.dll not found! Deletion of file C:\WINDOWS\system32\ipv6monl.dll failed! Could not process line: C:\WINDOWS\system32\ipv6monl.dll Status: 0xc0000034 File c:\windows\system32\form.txt not found! Deletion of file c:\windows\system32\form.txt failed! Could not process line: c:\windows\system32\form.txt Status: 0xc0000034 File c:\windows\system32\hook.dll not found! Deletion of file c:\windows\system32\hook.dll failed! Could not process line: c:\windows\system32\hook.dll Status: 0xc0000034 File c:\windows\system32\thawte.bmp deleted successfully. File c:\windows\system32\verisign.bmp deleted successfully. File c:\windows\system32\barc.bmp deleted successfully. File C:\Dokumente und Einstellungen\Steffen Home\Desktop\BearShare Downloads.lnk not found! Deletion of file C:\Dokumente und Einstellungen\Steffen Home\Desktop\BearShare Downloads.lnk failed! Could not process line: C:\Dokumente und Einstellungen\Steffen Home\Desktop\BearShare Downloads.lnk Status: 0xc0000034 File C:\Dokumente und Einstellungen\Steffen Home\Desktop\BearShare.lnk not found! Deletion of file C:\Dokumente und Einstellungen\Steffen Home\Desktop\BearShare.lnk failed! Could not process line: C:\Dokumente und Einstellungen\Steffen Home\Desktop\BearShare.lnk Status: 0xc0000034 Folder C:\Programme\BearShare applications not found! Deletion of folder C:\Programme\BearShare applications failed! Could not process line: C:\Programme\BearShare applications Status: 0xc0000034 Folder C:\Programme\BearShare not found! Deletion of folder C:\Programme\BearShare failed! Could not process line: C:\Programme\BearShare Status: 0xc0000034 Folder C:\Dokumente und Einstellungen\Steffen Home\Anwendungsdaten\BearShare not found! Deletion of folder C:\Dokumente und Einstellungen\Steffen Home\Anwendungsdaten\BearShare failed! Could not process line: C:\Dokumente und Einstellungen\Steffen Home\Anwendungsdaten\BearShare Status: 0xc0000034 Folder C:\Dokumente und Einstellungen\Steffen Home\Lokale Einstellungen\Temporary Internet Files\Content.IE5\4H6J8XYN not found! Deletion of folder C:\Dokumente und Einstellungen\Steffen Home\Lokale Einstellungen\Temporary Internet Files\Content.IE5\4H6J8XYN failed! Could not process line: C:\Dokumente und Einstellungen\Steffen Home\Lokale Einstellungen\Temporary Internet Files\Content.IE5\4H6J8XYN Status: 0xc0000034 Folder C:\Dokumente und Einstellungen\Steffen Home\Lokale Einstellungen\Temporary Internet Files\Content.IE5\EB01SJWD not found! Deletion of folder C:\Dokumente und Einstellungen\Steffen Home\Lokale Einstellungen\Temporary Internet Files\Content.IE5\EB01SJWD failed! Could not process line: C:\Dokumente und Einstellungen\Steffen Home\Lokale Einstellungen\Temporary Internet Files\Content.IE5\EB01SJWD Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73364D99-1240-4dff-B11A-67E448373048} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73364D99-1240-4dff-B11A-67E448373048} failed! Status: 0xc0000034 Registry key HKLM\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{73364D99-1240-4dff-B11A-67E448373048} not found! Deletion of registry key HKLM\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{73364D99-1240-4dff-B11A-67E448373048} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare not found! Deletion of registry key HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare failed! Status: 0xc0000034 Completed script processing. ******************* Finished! Terminate. |
|
|
||
08.02.2007, 17:05
Ehrenmitglied
Beiträge: 29434 |
#8
»»
loesche das backup vom Avenger + leere den Papierkorb ««« fixe mit hijackThis, was ich oben angegeben habe + PC neustarten ** «« im Normalmodus http://virus-protect.org/artikel/tools/sdfix.html RunThis.bat doppelt klicken reinschreiben: 3 3 : wird Sophos geladen - waehle 6 - scanne und post den scanreport __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
08.02.2007, 17:43
Member
Themenstarter Beiträge: 37 |
#9
Sophos Anti-Virus
Version 4.14.0 [Win32/Intel] Virus data version 4.14, February 2007 Includes detection for 214956 viruses, trojans and worms Copyright (c) 1989-2007 Sophos Plc, www.sophos.com System time 17:05:06, System date 08 February 2007 Command line qualifiers are: -f -remove -nc -nb --stop-scan Full Scanning Could not open C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\Norton AntiVirus\Quarantine\2B2D7648.EXE Could not open C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\Norton AntiVirus\Quarantine\37896A0F.exe Password protected file C:\Dokumente und Einstellungen\Steffen Home\Anwendungsdaten\Adobe\Acrobat\7.0\Messages\DEU\read0600win_DEUyhoo0010.pdf Password protected file C:\Dokumente und Einstellungen\Steffen Home\Anwendungsdaten\Adobe\Acrobat\7.0\Messages\DEU\read0700win_DEUadbe0700.pdf Password protected file C:\Programme\Adobe\Acrobat 7.0\Reader\Messages\DEU\RdrMsgDEU.pdf Password protected file C:\Programme\Adobe\Acrobat 7.0\Reader\Messages\DEU\read0600win_DEUyhoo0010.pdf Password protected file C:\Programme\Adobe\Acrobat 7.0\Reader\Messages\ENU\RdrMsgENU.pdf Password protected file C:\Programme\Adobe\Acrobat 7.0\Reader\Messages\ENU\read0600win_ENUyhoo0010.pdf Password protected file C:\Programme\Adobe\Acrobat 7.0\Reader\Messages\RdrMsgSplash.pdf Password protected file C:\Programme\Adobe\Acrobat 7.0\Reader\WebSearch\WebSearchENU.pdf Could not open C:\System Volume Information\_restore{2D0EDB43-BC7C-407B-AA2A-2CE60FB5F65B}\RP182\A0067248.dll Could not open C:\System Volume Information\_restore{2D0EDB43-BC7C-407B-AA2A-2CE60FB5F65B}\RP184\A0068245.dll Could not open C:\System Volume Information\_restore{2D0EDB43-BC7C-407B-AA2A-2CE60FB5F65B}\RP184\A0069245.dll Could not open C:\System Volume Information\_restore{2D0EDB43-BC7C-407B-AA2A-2CE60FB5F65B}\RP185\A0069296.dll Could not open C:\System Volume Information\_restore{2D0EDB43-BC7C-407B-AA2A-2CE60FB5F65B}\RP185\A0069407.dll Could not open C:\System Volume Information\_restore{2D0EDB43-BC7C-407B-AA2A-2CE60FB5F65B}\RP187\A0069479.dll Could not open C:\System Volume Information\_restore{2D0EDB43-BC7C-407B-AA2A-2CE60FB5F65B}\RP188\A0069578.dll Could not open C:\System Volume Information\_restore{2D0EDB43-BC7C-407B-AA2A-2CE60FB5F65B}\RP188\A0069594.dll Could not open C:\System Volume Information\_restore{2D0EDB43-BC7C-407B-AA2A-2CE60FB5F65B}\RP191\A0069649.dll Could not open C:\System Volume Information\_restore{2D0EDB43-BC7C-407B-AA2A-2CE60FB5F65B}\RP191\A0069662.dll Could not open C:\System Volume Information\_restore{2D0EDB43-BC7C-407B-AA2A-2CE60FB5F65B}\RP197\A0070665.dll Could not open C:\System Volume Information\_restore{2D0EDB43-BC7C-407B-AA2A-2CE60FB5F65B}\RP197\A0070726.dll Could not open C:\System Volume Information\_restore{2D0EDB43-BC7C-407B-AA2A-2CE60FB5F65B}\RP197\A0070777.dll Could not open C:\System Volume Information\_restore{2D0EDB43-BC7C-407B-AA2A-2CE60FB5F65B}\RP200\A0070809.dll Could not open C:\System Volume Information\_restore{2D0EDB43-BC7C-407B-AA2A-2CE60FB5F65B}\RP201\A0070825.dll Could not open C:\System Volume Information\_restore{2D0EDB43-BC7C-407B-AA2A-2CE60FB5F65B}\RP201\A0070844.dll Could not open C:\System Volume Information\_restore{2D0EDB43-BC7C-407B-AA2A-2CE60FB5F65B}\RP202\A0071841.dll Could not open C:\System Volume Information\_restore{2D0EDB43-BC7C-407B-AA2A-2CE60FB5F65B}\RP202\A0071860.dll Could not open C:\System Volume Information\_restore{2D0EDB43-BC7C-407B-AA2A-2CE60FB5F65B}\RP203\A0071876.dll Could not open C:\System Volume Information\_restore{2D0EDB43-BC7C-407B-AA2A-2CE60FB5F65B}\RP206\A0072882.dll Could not open C:\System Volume Information\_restore{2D0EDB43-BC7C-407B-AA2A-2CE60FB5F65B}\RP208\A0072932.dll Could not open C:\System Volume Information\_restore{2D0EDB43-BC7C-407B-AA2A-2CE60FB5F65B}\RP209\A0072948.dll Could not open C:\System Volume Information\_restore{2D0EDB43-BC7C-407B-AA2A-2CE60FB5F65B}\RP209\A0073949.dll Could not open C:\System Volume Information\_restore{2D0EDB43-BC7C-407B-AA2A-2CE60FB5F65B}\RP210\A0073967.dll Could not open C:\System Volume Information\_restore{2D0EDB43-BC7C-407B-AA2A-2CE60FB5F65B}\RP211\A0073988.dll Could not open C:\System Volume Information\_restore{2D0EDB43-BC7C-407B-AA2A-2CE60FB5F65B}\RP211\A0074986.dll Could not open C:\System Volume Information\_restore{2D0EDB43-BC7C-407B-AA2A-2CE60FB5F65B}\RP212\A0075008.dll Could not open C:\System Volume Information\_restore{2D0EDB43-BC7C-407B-AA2A-2CE60FB5F65B}\RP212\A0076006.dll Could not open C:\System Volume Information\_restore{2D0EDB43-BC7C-407B-AA2A-2CE60FB5F65B}\RP214\A0076109.dll Could not open C:\System Volume Information\_restore{2D0EDB43-BC7C-407B-AA2A-2CE60FB5F65B}\RP214\A0076121.dll Could not open C:\System Volume Information\_restore{2D0EDB43-BC7C-407B-AA2A-2CE60FB5F65B}\RP214\A0076138.dll Could not open C:\System Volume Information\_restore{2D0EDB43-BC7C-407B-AA2A-2CE60FB5F65B}\RP215\A0076155.dll Could not open C:\System Volume Information\_restore{2D0EDB43-BC7C-407B-AA2A-2CE60FB5F65B}\RP215\A0076178.dll Could not open C:\System Volume Information\_restore{2D0EDB43-BC7C-407B-AA2A-2CE60FB5F65B}\RP216\A0076201.dll Could not open C:\System Volume Information\_restore{2D0EDB43-BC7C-407B-AA2A-2CE60FB5F65B}\RP217\A0076222.dll Could not open C:\System Volume Information\_restore{2D0EDB43-BC7C-407B-AA2A-2CE60FB5F65B}\RP218\A0076242.dll Could not open C:\System Volume Information\_restore{2D0EDB43-BC7C-407B-AA2A-2CE60FB5F65B}\RP219\A0076258.dll Could not open C:\System Volume Information\_restore{2D0EDB43-BC7C-407B-AA2A-2CE60FB5F65B}\RP219\A0076275.dll Could not open C:\System Volume Information\_restore{2D0EDB43-BC7C-407B-AA2A-2CE60FB5F65B}\RP221\A0076303.dll Could not open C:\System Volume Information\_restore{2D0EDB43-BC7C-407B-AA2A-2CE60FB5F65B}\RP222\A0076320.dll Could not open C:\System Volume Information\_restore{2D0EDB43-BC7C-407B-AA2A-2CE60FB5F65B}\RP222\A0076342.dll Could not open C:\System Volume Information\_restore{2D0EDB43-BC7C-407B-AA2A-2CE60FB5F65B}\RP223\A0076368.dll Could not open C:\System Volume Information\_restore{2D0EDB43-BC7C-407B-AA2A-2CE60FB5F65B}\RP223\A0076381.dll Could not open C:\System Volume Information\_restore{2D0EDB43-BC7C-407B-AA2A-2CE60FB5F65B}\RP225\A0076406.dll Could not open C:\System Volume Information\_restore{2D0EDB43-BC7C-407B-AA2A-2CE60FB5F65B}\RP225\A0076419.dll Could not open C:\System Volume Information\_restore{2D0EDB43-BC7C-407B-AA2A-2CE60FB5F65B}\RP226\A0076444.dll Could not open C:\System Volume Information\_restore{2D0EDB43-BC7C-407B-AA2A-2CE60FB5F65B}\RP226\A0076459.dll Could not open C:\System Volume Information\_restore{2D0EDB43-BC7C-407B-AA2A-2CE60FB5F65B}\RP227\A0076483.dll Could not open C:\System Volume Information\_restore{2D0EDB43-BC7C-407B-AA2A-2CE60FB5F65B}\RP227\A0076495.dll Could not open C:\System Volume Information\_restore{2D0EDB43-BC7C-407B-AA2A-2CE60FB5F65B}\RP227\A0076515.dll Could not open C:\System Volume Information\_restore{2D0EDB43-BC7C-407B-AA2A-2CE60FB5F65B}\RP228\A0076537.dll Could not open C:\System Volume Information\_restore{2D0EDB43-BC7C-407B-AA2A-2CE60FB5F65B}\RP228\A0076558.dll Could not open C:\System Volume Information\_restore{2D0EDB43-BC7C-407B-AA2A-2CE60FB5F65B}\RP228\A0077561.dll Could not open C:\System Volume Information\_restore{2D0EDB43-BC7C-407B-AA2A-2CE60FB5F65B}\RP252\A0079461.exe Could not open C:\System Volume Information\_restore{2D0EDB43-BC7C-407B-AA2A-2CE60FB5F65B}\RP256\A0082804.dll Could not open C:\System Volume Information\_restore{2D0EDB43-BC7C-407B-AA2A-2CE60FB5F65B}\RP256\A0082805.exe Could not open C:\System Volume Information\_restore{2D0EDB43-BC7C-407B-AA2A-2CE60FB5F65B}\RP259\A0083202.exe Could not open C:\System Volume Information\_restore{2D0EDB43-BC7C-407B-AA2A-2CE60FB5F65B}\RP259\A0083235.exe Could not open C:\WINDOWS\system32\drivers\sptd.sys Could not open C:\WINDOWS\system32\drivers\sptd8269.sys Could not open C:\WINDOWS\system32\rsvp32_2.dll Could not open LOGICAL:0005:00000000 Could not open F:\ Could not check G:\Musik\Gr”nemeier\Herbert Gr”nemeyer Discografie bis2002\Herbert Gr”nemeyer - 1988 - Bochum Picture CD\herbert_groenemeyer_-_4630_bochum_limited_edition_a.jpg (virus scan failed) 3 boot sectors swept. 24270 files swept in 36 minutes and 46 seconds. 74 errors were encountered. No viruses were discovered. Du, mein Antivir hat derweil hier verrückt gespielt.. bei all den files die er nicht geöffnet hat... Trojan hier, Trojan dort.. bin immer auf Zugriff verweigern gegangen. stop... der hier ist aktuell- war noch nicht alles im Report.._: 3 boot sectors swept. 24270 files swept in 36 minutes and 46 seconds. 74 errors were encountered. No viruses were discovered. 8 encrypted files were not checked. Ending Sophos Anti-Virus. |
|
|
||
08.02.2007, 18:23
Ehrenmitglied
Beiträge: 29434 |
#10
««
LSPfix http://www.spychecker.com/program/lspfix.html Anschließend auf den 'Finished' Button klicken. - Danach bitte den Rechner neu starten. «« dann poste das neue log vom HijackThis (am besten noch nicht die systemwiederherstellung deaktivieren, denn die rsvp32_2.dll wird noch einige Arbeit kosten, FALLS SIE NOCH IM WINSOCK IST...) - und falls es schief geht, kommst du nicht mehr ins Internet, deshalb also: noch nicht die systemwiederherstellung deaktivieren) __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
08.02.2007, 18:32
Member
Themenstarter Beiträge: 37 |
#11
der lspfix schreibt no problem found
hier das log: Logfile of HijackThis v1.99.1 Scan saved at 18:31:27, on 08.02.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\AntiVir PersonalEdition Classic\sched.exe C:\Programme\AntiVir PersonalEdition Classic\avguard.exe C:\Programme\Gemeinsame Dateien\Autodata Limited Shared\Service\ADCDLicSvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\system32\UMonit.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\sm56hlpr.exe C:\Programme\Power Manager\PM.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\Programme\Java\jre1.5.0_07\bin\jusched.exe C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Siemens\Gigaset USB Stick 108\Gcc.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Siemens\Gigaset USB Stick 108\OdHost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Programme\Internet Explorer\iexplore.exe C:\PROGRA~1\INCRED~1\bin\IMApp.exe G:\Proggies\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn1\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn1\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_07\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn1\yt.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [Verknüpfung mit der High Definition Audio-Eigenschaftenseite] HDAShCut.exe O4 - HKLM\..\Run: [ATIPTA] "C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [UMonit] C:\WINDOWS\system32\UMonit.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe O4 - HKLM\..\Run: [PowerManager] C:\Programme\Power Manager\PM.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_07\bin\jusched.exe O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Gigaset WLAN Adapter Monitor.lnk = C:\Programme\Siemens\Gigaset USB Stick 108\Gcc.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Programme\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Programme\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Programme\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra button: @c:\Programme\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: @c:\Programme\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Programme\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Programme\Gemeinsame Dateien\Autodata Limited Shared\Service\ADCDLicSvc.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - The Firebird Project - C:\MAGIX\Common\Database\bin\fbserver.exe |
|
|
||
08.02.2007, 20:34
Ehrenmitglied
Beiträge: 29434 |
#12
suche
C:\WINDOWS\system32\rsvp32_2.dll benenne die dll um (mit rechtsklick) - in dl wenn du dann nicht mehr ins net kommen solltest, aendere wieder in dll. ---------- berichte, ob du Zugriff auf die dll hattest und sie umbenennen konntest __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
09.02.2007, 08:44
Member
Themenstarter Beiträge: 37 |
#13
Guten Morgen und Hallo Sabina
Dank erst einmal für deine Ausdauer und Hilfe Also habe die Datei im 3.Versuch-und nur mit dem alten Wincommander austricksen können.. bei den ersten 2 Versuchen ist der Rechner komplett hängen geblieben.. es kam ein Beep vom Antivir und nix ging mehr. Jetzt habe ich sie umbenennen können in C:\WINDOWS\system32\rsvp32_2.dl Gruß Diddlina Habe zum gleichen Datum und zur gleichen Uhrzeit auch dieses hier gefunden.. hängt das damit zusammen??? C:\WINDOWS\system32\sporder.dll Die sind in dem Report der letzten 3 Monate nicht drin, da sie das Datum 25.10.06 haben.. hab ich jetzt erst gesehen! Hilft das weiter?? So, habe das ganze noch einmal abgearbeitet... nun der Report von Sophos.: Sophos Anti-Virus Version 4.14.0 [Win32/Intel] Virus data version 4.14, February 2007 Includes detection for 216328 viruses, trojans and worms Copyright (c) 1989-2007 Sophos Plc, www.sophos.com System time 10:13:26, System date 09 February 2007 Command line qualifiers are: -f -remove -nc -nb --stop-scan IDE directory is: C:\SDFix\IDE Full Scanning Could not open C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\Norton AntiVirus\Quarantine\2B2D7648.EXE Could not open C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\Norton AntiVirus\Quarantine\37896A0F.exe Password protected file C:\Dokumente und Einstellungen\Steffen Home\Anwendungsdaten\Adobe\Acrobat\7.0\Messages\DEU\read0600win_DEUyhoo0010.pdf Password protected file C:\Dokumente und Einstellungen\Steffen Home\Anwendungsdaten\Adobe\Acrobat\7.0\Messages\DEU\read0700win_DEUadbe0700.pdf Password protected file C:\Programme\Adobe\Acrobat 7.0\Reader\Messages\DEU\RdrMsgDEU.pdf Password protected file C:\Programme\Adobe\Acrobat 7.0\Reader\Messages\DEU\read0600win_DEUyhoo0010.pdf Password protected file C:\Programme\Adobe\Acrobat 7.0\Reader\Messages\ENU\RdrMsgENU.pdf Password protected file C:\Programme\Adobe\Acrobat 7.0\Reader\Messages\ENU\read0600win_ENUyhoo0010.pdf Password protected file C:\Programme\Adobe\Acrobat 7.0\Reader\Messages\RdrMsgSplash.pdf Password protected file C:\Programme\Adobe\Acrobat 7.0\Reader\WebSearch\WebSearchENU.pdf Could not open C:\System Volume Information\_restore{2D0EDB43-BC7C-407B-AA2A-2CE60FB5F65B}\RP182\A0067248.dll Could not open C:\System Volume Information\_restore{2D0EDB43-BC7C-407B-AA2A-2CE60FB5F65B}\RP184\A0068245.dll Could not open C:\System Volume Information\_restore{2D0EDB43-BC7C-407B-AA2A-2CE60FB5F65B}\RP184\A0069245.dll Could not open C:\System Volume Information\_restore{2D0EDB43-BC7C-407B-AA2A-2CE60FB5F65B}\RP185\A0069296.dll Could not open C:\System Volume Information\_restore{2D0EDB43-BC7C-407B-AA2A-2CE60FB5F65B}\RP185\A0069309.dll Could not open C:\System Volume Information\_restore{2D0EDB43-BC7C-407B-AA2A-2CE60FB5F65B}\RP185\A0069407.dll Could not open C:\System Volume Information\_restore{2D0EDB43-BC7C-407B-AA2A-2CE60FB5F65B}\RP187\A0069479.dll Could not open C:\System Volume Information\_restore{2D0EDB43-BC7C-407B-AA2A-2CE60FB5F65B}\RP188\A0069578.dll Could not open C:\System Volume Information\_restore{2D0EDB43-BC7C-407B-AA2A-2CE60FB5F65B}\RP188\A0069594.dll Could not open C:\System Volume Information\_restore{2D0EDB43-BC7C-407B-AA2A-2CE60FB5F65B}\RP191\A0069649.dll Could not open C:\System Volume Information\_restore{2D0EDB43-BC7C-407B-AA2A-2CE60FB5F65B}\RP191\A0069662.dll Could not open C:\System Volume Information\_restore{2D0EDB43-BC7C-407B-AA2A-2CE60FB5F65B}\RP197\A0070665.dll Could not open C:\System Volume Information\_restore{2D0EDB43-BC7C-407B-AA2A-2CE60FB5F65B}\RP197\A0070726.dll Could not open C:\System Volume Information\_restore{2D0EDB43-BC7C-407B-AA2A-2CE60FB5F65B}\RP197\A0070765.dll Could not open C:\System Volume Information\_restore{2D0EDB43-BC7C-407B-AA2A-2CE60FB5F65B}\RP197\A0070777.dll Could not open C:\System Volume Information\_restore{2D0EDB43-BC7C-407B-AA2A-2CE60FB5F65B}\RP200\A0070809.dll Could not open C:\System Volume Information\_restore{2D0EDB43-BC7C-407B-AA2A-2CE60FB5F65B}\RP201\A0070825.dll Could not open C:\System Volume Information\_restore{2D0EDB43-BC7C-407B-AA2A-2CE60FB5F65B}\RP201\A0070844.dll Could not open C:\System Volume Information\_restore{2D0EDB43-BC7C-407B-AA2A-2CE60FB5F65B}\RP202\A0071841.dll Could not open C:\System Volume Information\_restore{2D0EDB43-BC7C-407B-AA2A-2CE60FB5F65B}\RP202\A0071860.dll Could not open C:\System Volume Information\_restore{2D0EDB43-BC7C-407B-AA2A-2CE60FB5F65B}\RP203\A0071876.dll Could not open C:\System Volume Information\_restore{2D0EDB43-BC7C-407B-AA2A-2CE60FB5F65B}\RP206\A0072882.dll Could not open C:\System Volume Information\_restore{2D0EDB43-BC7C-407B-AA2A-2CE60FB5F65B}\RP208\A0072932.dll Could not open C:\System Volume Information\_restore{2D0EDB43-BC7C-407B-AA2A-2CE60FB5F65B}\RP209\A0072948.dll Could not open C:\System Volume Information\_restore{2D0EDB43-BC7C-407B-AA2A-2CE60FB5F65B}\RP209\A0073949.dll Could not open C:\System Volume Information\_restore{2D0EDB43-BC7C-407B-AA2A-2CE60FB5F65B}\RP210\A0073967.dll Could not open C:\System Volume Information\_restore{2D0EDB43-BC7C-407B-AA2A-2CE60FB5F65B}\RP211\A0073988.dll Could not open C:\System Volume Information\_restore{2D0EDB43-BC7C-407B-AA2A-2CE60FB5F65B}\RP211\A0074986.dll Could not open C:\System Volume Information\_restore{2D0EDB43-BC7C-407B-AA2A-2CE60FB5F65B}\RP212\A0075008.dll Could not open C:\System Volume Information\_restore{2D0EDB43-BC7C-407B-AA2A-2CE60FB5F65B}\RP212\A0076006.dll Could not open C:\System Volume Information\_restore{2D0EDB43-BC7C-407B-AA2A-2CE60FB5F65B}\RP214\A0076109.dll Could not open C:\System Volume Information\_restore{2D0EDB43-BC7C-407B-AA2A-2CE60FB5F65B}\RP214\A0076121.dll Could not open C:\System Volume Information\_restore{2D0EDB43-BC7C-407B-AA2A-2CE60FB5F65B}\RP214\A0076138.dll Could not open C:\System Volume Information\_restore{2D0EDB43-BC7C-407B-AA2A-2CE60FB5F65B}\RP215\A0076155.dll Could not open C:\System Volume Information\_restore{2D0EDB43-BC7C-407B-AA2A-2CE60FB5F65B}\RP215\A0076178.dll Could not open C:\System Volume Information\_restore{2D0EDB43-BC7C-407B-AA2A-2CE60FB5F65B}\RP216\A0076201.dll Could not open C:\System Volume Information\_restore{2D0EDB43-BC7C-407B-AA2A-2CE60FB5F65B}\RP217\A0076222.dll Could not open C:\System Volume Information\_restore{2D0EDB43-BC7C-407B-AA2A-2CE60FB5F65B}\RP218\A0076242.dll Could not open C:\System Volume Information\_restore{2D0EDB43-BC7C-407B-AA2A-2CE60FB5F65B}\RP219\A0076258.dll Could not open C:\System Volume Information\_restore{2D0EDB43-BC7C-407B-AA2A-2CE60FB5F65B}\RP219\A0076275.dll Could not open C:\System Volume Information\_restore{2D0EDB43-BC7C-407B-AA2A-2CE60FB5F65B}\RP221\A0076303.dll Could not open C:\System Volume Information\_restore{2D0EDB43-BC7C-407B-AA2A-2CE60FB5F65B}\RP222\A0076320.dll Could not open C:\System Volume Information\_restore{2D0EDB43-BC7C-407B-AA2A-2CE60FB5F65B}\RP222\A0076342.dll Could not open C:\System Volume Information\_restore{2D0EDB43-BC7C-407B-AA2A-2CE60FB5F65B}\RP223\A0076368.dll Could not open C:\System Volume Information\_restore{2D0EDB43-BC7C-407B-AA2A-2CE60FB5F65B}\RP223\A0076381.dll Could not open C:\System Volume Information\_restore{2D0EDB43-BC7C-407B-AA2A-2CE60FB5F65B}\RP225\A0076406.dll Could not open C:\System Volume Information\_restore{2D0EDB43-BC7C-407B-AA2A-2CE60FB5F65B}\RP225\A0076419.dll Could not open C:\System Volume Information\_restore{2D0EDB43-BC7C-407B-AA2A-2CE60FB5F65B}\RP226\A0076444.dll Could not open C:\System Volume Information\_restore{2D0EDB43-BC7C-407B-AA2A-2CE60FB5F65B}\RP226\A0076459.dll Could not open C:\System Volume Information\_restore{2D0EDB43-BC7C-407B-AA2A-2CE60FB5F65B}\RP227\A0076483.dll Could not open C:\System Volume Information\_restore{2D0EDB43-BC7C-407B-AA2A-2CE60FB5F65B}\RP227\A0076495.dll Could not open C:\System Volume Information\_restore{2D0EDB43-BC7C-407B-AA2A-2CE60FB5F65B}\RP227\A0076515.dll Could not open C:\System Volume Information\_restore{2D0EDB43-BC7C-407B-AA2A-2CE60FB5F65B}\RP228\A0076537.dll Could not open C:\System Volume Information\_restore{2D0EDB43-BC7C-407B-AA2A-2CE60FB5F65B}\RP228\A0076558.dll Could not open C:\System Volume Information\_restore{2D0EDB43-BC7C-407B-AA2A-2CE60FB5F65B}\RP228\A0077561.dll Could not open C:\System Volume Information\_restore{2D0EDB43-BC7C-407B-AA2A-2CE60FB5F65B}\RP252\A0079461.exe Could not open C:\System Volume Information\_restore{2D0EDB43-BC7C-407B-AA2A-2CE60FB5F65B}\RP256\A0082804.dll Could not open C:\System Volume Information\_restore{2D0EDB43-BC7C-407B-AA2A-2CE60FB5F65B}\RP256\A0082805.exe Could not open C:\System Volume Information\_restore{2D0EDB43-BC7C-407B-AA2A-2CE60FB5F65B}\RP259\A0083202.exe Could not open C:\System Volume Information\_restore{2D0EDB43-BC7C-407B-AA2A-2CE60FB5F65B}\RP259\A0083235.exe Could not open C:\System Volume Information\_restore{2D0EDB43-BC7C-407B-AA2A-2CE60FB5F65B}\RP259\A0084316.dll Could not open C:\System Volume Information\_restore{2D0EDB43-BC7C-407B-AA2A-2CE60FB5F65B}\RP259\A0084335.dll Could not open C:\System Volume Information\_restore{2D0EDB43-BC7C-407B-AA2A-2CE60FB5F65B}\RP259\A0084392.EXE Could not open C:\System Volume Information\_restore{2D0EDB43-BC7C-407B-AA2A-2CE60FB5F65B}\RP259\A0084393.exe Could not open C:\WINDOWS\system32\drivers\sptd.sys Could not open C:\WINDOWS\system32\drivers\sptd8269.sys Could not open LOGICAL:0005:00000000 Could not open F:\ Could not open LOGICAL:0006:00000000 Could not open G:\ 3 boot sectors swept. 24053 files swept in 37 minutes and 34 seconds. 80 errors were encountered. No viruses were discovered. 8 encrypted files were not checked. Ending Sophos Anti-Virus. nach Neustart sind die dateien C:\WINDOWS\system32\rsvp32_2.dll C:\WINDOWS\system32\sporder.dll weg.. ist er nun clean??? Dieser Beitrag wurde am 09.02.2007 um 11:05 Uhr von Diddlina editiert.
|
|
|
||
09.02.2007, 12:33
Ehrenmitglied
Beiträge: 29434 |
#14
ja, der Rechner ist wieder sauber
«« Arbeitsplatz --> Rechtsklick, dann auf Eigenschaften --> Reiter Systemwiederherstellung --> Häkchen setzen bei Systemwiederherstellung auf allen Laufwerken deaktivieren. (dann wieder aktivieren) »» dann buegel noch mal im abgesicherten Modus mit deinem Antivirus drueber + berichte __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
Logfile of HijackThis v1.99.1
Scan saved at 13:49:28, on 08.02.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\UMonit.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\sm56hlpr.exe
C:\Programme\Power Manager\PM.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Java\jre1.5.0_07\bin\jusched.exe
C:\Programme\Softwin\BitDefender8\bdmcon.exe
C:\Programme\Softwin\BitDefender8\bdnagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Siemens\Gigaset USB Stick 108\Gcc.exe
C:\Programme\Siemens\Gigaset USB Stick 108\OdHost.exe
C:\Programme\Gemeinsame Dateien\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Internet Explorer\iexplore.exe
G:\Proggies\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de.yahoo.com/fsc/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.yahoo.com/fsc/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\My Downloads\ICQToolbar\toolbaru.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn1\yt.dll
R3 - URLSearchHook: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Programme\BearShare applications\BearShare MediaBar\MediaBar.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: XTTBPos00 Class - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\My Downloads\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {73364D99-1240-4dff-B11A-67E448373048} - C:\WINDOWS\system32\ipv6monl.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll
O2 - BHO: XBTP02634 - {F97DA966-F09D-4cab-BF29-75A0026986EA} - C:\PROGRA~1\BEARSH~2\BEARSH~1\MediaBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\My Downloads\ICQToolbar\toolbaru.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Programme\BearShare applications\BearShare MediaBar\MediaBar.dll
O4 - HKLM\..\Run: [Verknüpfung mit der High Definition Audio-Eigenschaftenseite] HDAShCut.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [UMonit] C:\WINDOWS\system32\UMonit.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [PowerManager] C:\Programme\Power Manager\PM.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [BDMCon] "C:\Programme\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Programme\Softwin\BitDefender8\bdnagent.exe"
O4 - HKLM\..\Run: [csvhost.exe] c:\windows\system32\csvhost.exe
O4 - HKLM\..\Run: [ImInstaller_IncrediMail] C:\DOKUME~1\STEFFE~1\LOKALE~1\Temp\ImInstaller\IncrediMail\IncrediMail_Install.exe -startup -product IncrediMail -skip_dialog info -skip_dialog language
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Gigaset WLAN Adapter Monitor.lnk = C:\Programme\Siemens\Gigaset USB Stick 108\Gcc.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Programme\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Programme\AIM95\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Programme\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Programme\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: @c:\Programme\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @c:\Programme\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Programme\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'rsvp32_2.dll' missing
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Programme\Gemeinsame Dateien\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - The Firebird Project - C:\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)