Microsoft Warning W32.Myzor.FK@yf Malware + Spyware Locked eingefangen... |
||
---|---|---|
#0
| ||
05.04.2007, 01:27
...neu hier
Beiträge: 4 |
||
|
||
05.04.2007, 17:16
Ehrenmitglied
Beiträge: 29434 |
#2
dapoowinnie
« Folgen den Anweisungen unter http://virus-protect.org/cleanup.html und stelle den CleanUp genauso ein, wie dort angegeben, dann den Rechner neustarten (so werden die temporaeren Dateien geloescht) « Combofix - Textdatei im Thead posten http://virus-protect.org/artikel/tools/combofix.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
05.04.2007, 17:33
...neu hier
Themenstarter Beiträge: 4 |
#3
hatte ich oben schon reineditiert (nach dem ich mich hier ein bisschen mehr eingelesen hab - sorry)
hab beides noch mal durchgeführt! und am ende noch mal die datfinds logs angehängt combofix report: ComboFix 07-04-05 - Running from: "C:\Documents and Settings\Antonio Krahl\My Documents\download\CleanUp" ((((((((((((((((((((((((((((((( Files Created from 2007-03-05 to 2007-04-05 )))))))))))))))))))))))))))))))))) 2007-04-05 00:31 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP 2007-04-05 00:31 <DIR> d-------- C:\Program Files\SpywareLocked 3.3 2007-04-05 00:31 <DIR> d-------- C:\Program Files\Internet Security 2007-03-29 09:37 <DIR> d-------- C:\Program Files\PokerStars 2007-03-08 21:11 <DIR> d-------- C:\Program Files\TVAnts (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-04-05 17:27 -------- d-------- C:\Program Files\sophos sweep for nt 2007-04-05 10:50 89984 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\sptd2109.sys 2007-04-04 12:16 43611 --a------ C:\WINDOWS\SYSTEM32\nvmodes.dat 2007-04-04 12:12 -------- d-------- C:\Program Files\diablo ii 2007-04-04 12:09 43520 --a------ C:\WINDOWS\SYSTEM32\cmdlineext03.dll 2007-04-03 21:09 7680 --a-s---- C:\WINDOWS\SYSTEM32\pkgvyg.dll 2007-03-29 09:38 -------- d-------- C:\Program Files\pokerstars.net 2007-03-04 18:54 28256 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\MxlW2k.sys 2007-02-26 13:34 -------- d-------- C:\Program Files\pacificpoker 2007-01-14 06:18 36846 --a------ C:\WINDOWS\diiunin.dat 2007-01-14 06:17 21840 --a--c-t- C:\WINDOWS\SYSTEM32\sintfnt.dll 2007-01-14 06:17 17212 --a--c-t- C:\WINDOWS\SYSTEM32\sintf32.dll 2007-01-14 06:17 12067 --a--c-t- C:\WINDOWS\SYSTEM32\sintf16.dll 2007-01-14 04:08 2829 --a------ C:\WINDOWS\diiunin.pif 2007-01-14 04:08 102400 --a------ C:\WINDOWS\diiunin.exe (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "ctfmon.exe"="C:\\WINDOWS\\System32\\ctfmon.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup" "DVDSentry"="C:\\WINDOWS\\System32\\DSentry.exe" "LVCOMS"="C:\\Program Files\\Common Files\\Logitech\\QCDriver\\LVCOMS.EXE" "PCTVOICE"="pctspk.exe" "Broadcom Wireless Manager UI"="C:\\WINDOWS\\System32\\WLTRAY.exe" "nwiz"="nwiz.exe /installquiet" "SpywareLocked 3.3"="\"C:\\Program Files\\SpywareLocked 3.3\\Spy-Locked.exe\" /h" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "AltnetPointsManager"="c:\\program files\\altnet\\points manager\\points manager.exe -s" "mmtask"="C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mmtask.exe" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "ICQ Lite"="C:\\Program Files\\ICQLite\\ICQLite.exe -minimize" "Apoint"="C:\\Program Files\\Apoint\\Apoint.exe" "nwiz"="nwiz.exe /installquiet" "PCTVOICE"="pctspk.exe" "TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk] "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Gamma Loader.exe.lnk" "backup"="C:\\WINDOWS\\pss\\Adobe Gamma Loader.exe.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE " "item"="Adobe Gamma Loader.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Gamma Loader.lnk" "backup"="C:\\WINDOWS\\pss\\Adobe Gamma Loader.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE " "item"="Adobe Gamma Loader" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 8.0 Tray Icon.lnk] "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\America Online 8.0 Tray Icon.lnk" "backup"="C:\\WINDOWS\\pss\\America Online 8.0 Tray Icon.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\AMERIC~1.0\\aoltray.exe -check" "item"="America Online 8.0 Tray Icon" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Image Transfer.lnk] "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Image Transfer.lnk" "backup"="C:\\WINDOWS\\pss\\Image Transfer.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\SONYCO~1\\IMAGET~1\\SonyTray.exe " "item"="Image Transfer" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Antonio Krahl^Start Menu^Programs^Startup^Screen Saver Control.lnk] "path"="C:\\Documents and Settings\\Antonio Krahl\\Start Menu\\Programs\\Startup\\Screen Saver Control.lnk" "backup"="C:\\WINDOWS\\pss\\Screen Saver Control.lnkStartup" "location"="Startup" "command"="C:\\WINDOWS\\FSScrCtl.exe " "item"="Screen Saver Control" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Apoint" "hkey"="HKLM" "command"="C:\\Program Files\\Apoint\\Apoint.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bacstray] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="BacsTray" "hkey"="HKLM" "command"="BacsTray.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="mmtask" "hkey"="HKLM" "command"="C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mmtask.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="nwiz" "hkey"="HKLM" "command"="nwiz.exe /installquiet" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="qttask" "hkey"="HKLM" "command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="realsched" "hkey"="HKLM" "command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VVSN] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="VVSN" "hkey"="HKLM" "command"="C:\\Program Files\\VVSN\\VVSN.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler] "{b0ded443-5e68-4001-a81b-0a0001621ab8}"="excreted" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run] "user32.dll"="C:\\Program Files\\Internet Security\\isamntr.exe" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0 [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 Usnsvc REG_MULTI_SZ usnsvc\0\0 ******************************************************************** catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 http://www.gmer.net scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 ******************************************************************** Completion time: 07-04-05 17:34:05 C:\ComboFix-quarantined-files.txt ... 07-04-05 17:34 C:\ComboFix2.txt ... 07-04-05 16:48 Anhang: forum datfind.txt Dieser Beitrag wurde am 05.04.2007 um 17:40 Uhr von dapoowinnie editiert.
|
|
|
||
05.04.2007, 20:19
Ehrenmitglied
Beiträge: 29434 |
#4
dapoowinnie
Info: spywarelocked http://virus-protect.org/artikel/spyware/spywarelocked_remove.html ------------------------------------------------------------------------ «« http://virus-protect.org/artikel/tools/regsearch.html und doppelklicken, um zu starten. in: "Enter search strings" (reinschreiben oder reinkopieren) SpywareLocked in edit und klicke "Ok". Notepad wird sich öffnen -- kopiere den Text ab und poste ihn. in: "Enter search strings" (reinschreiben oder reinkopieren) Internet Security in edit und klicke "Ok". Notepad wird sich öffnen -- kopiere den Text ab und poste ihn. --------------------------------------------------------------------------------------------- http://virus-protect.org/artikel/tools/agentransack.html gib ein in Suche: SpywareLocked 3.3 poste laut Anleitung, was erscheint __________________________________________________________ «« öffne das HijackThis -- Button "scan" -- vor diese Einträge Häkchen setzen -- Button "Fix checked" Zitat R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://xwebsearch.biz/sp.htmAvenger http://virus-protect.org/artikel/tools/avenger.html Input script manually (anhaken) kopiere in: View/edit script Zitat Registry values to delete:Klicke die gruene Ampel das Script wird nun ausgeführt, dann wird der PC automatisch neustarten ------------------------------------------------------------------------------------- smitfraud.fix abarbeiten (Option 1 und 2 - lasse auch die Registry mitreinigen) http://virus-protect.org/artikel/tools/smitfrautfix.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
06.04.2007, 09:21
...neu hier
Themenstarter Beiträge: 4 |
#5
Windows Registry Editor Version 5.00
; Registry Search 2.0 by Bobbi Flekman © 2005 ; Version: 2.0.2.0 ; Results at 06.04.2007 09:05:08 for strings: ; 'spywarelocked' ; Strings excluded from search: ; (None) ; Search in: ; Registry Keys Registry Values Registry Data ; HKEY_LOCAL_MACHINE HKEY_USERS [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{AE68E48B-1A55-49D7-BF9F-A8DFDA47A91F}\1.0\0\win32] @="C:\\Program Files\\SpywareLocked 3.3\\Spy-Locked.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{AE68E48B-1A55-49D7-BF9F-A8DFDA47A91F}\1.0\HELPDIR] @="C:\\Program Files\\SpywareLocked 3.3\\" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Spy-Locked.exe] @="C:\\Program Files\\SpywareLocked 3.3\\Spy-Locked.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpywareLocked 3.3"="\"C:\\Program Files\\SpywareLocked 3.3\\Spy-Locked.exe\" /h" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpywareLocked 3.3] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpywareLocked 3.3] "DisplayName"="SpywareLocked 3.3" "UninstallString"="C:\\Program Files\\SpywareLocked 3.3\\uninst.exe" "DisplayIcon"="C:\\Program Files\\SpywareLocked 3.3\\Spy-Locked.exe" "NSIS:StartMenuDir"="SpywareLocked 3.3" "Publisher"="SpywareLocked" [HKEY_LOCAL_MACHINE\SOFTWARE\SpywareLocked 3.3] [HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache] "C:\\Program Files\\SpywareLocked 3.3\\Spy-Locked.exe"="Anti- spyware and adware" ; End Of The Log... --------------------------------------------------------------------------- Windows Registry Editor Version 5.00 ; Registry Search 2.0 by Bobbi Flekman © 2005 ; Version: 2.0.2.0 ; Results at 06.04.2007 09:08:22 for strings: ; 'internet security' ; Strings excluded from search: ; (None) ; Search in: ; Registry Keys Registry Values Registry Data ; HKEY_LOCAL_MACHINE HKEY_USERS [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A6ACAE64-F798-4930-AD86-BD3FB32038DB}\InprocServer32] @="C:\\Program Files\\Internet Security\\isadd.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run] "user32.dll"="C:\\Program Files\\Internet Security\\isamntr.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Security Add-On] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Security Add-On] "DisplayName"="Internet Security Add-On" "UninstallString"="\"C:\\Program Files\\Internet Security\\isunst.exe\"" ; End Of The Log... --------------------------------------------------------------------------- C:\Documents and Settings\Antonio Krahl\Application Data\Microsoft\Internet Explorer\Quick Launch\SpywareLocked 3.3.lnk (1 KB, 05.04.2007 00:31:53) C:\Documents and Settings\Antonio Krahl\Desktop\SpywareLocked 3.3.lnk (1 KB, 05.04.2007 00:31:53) C:\Documents and Settings\Antonio Krahl\Start Menu\SpywareLocked 3.3.lnk (1 KB, 05.04.2007 00:31:53) C:\Documents and Settings\Antonio Krahl\Start Menu\Programs\SpywareLocked 3.3 (05.04.2007 00:31:53) C:\Documents and Settings\Antonio Krahl\Start Menu\Programs\SpywareLocked 3.3\SpywareLocked 3.3 Website.lnk (1 KB, 05.04.2007 00:31:53) C:\Documents and Settings\Antonio Krahl\Start Menu\Programs\SpywareLocked 3.3\SpywareLocked 3.3.lnk (1 KB, 05.04.2007 00:31:53) C:\Documents and Settings\Antonio Krahl\Start Menu\Programs\SpywareLocked 3.3\Uninstall SpywareLocked 3.3.lnk (1 KB, 05.04.2007 00:31:53) C:\Program Files\SpywareLocked 3.3 (05.04.2007 00:33:15) C:\Program Files\SpywareLocked 3.3\SpywareLocked 3.3.url (1 KB, 05.04.2007 00:31:53) ------------------------------------------------------------------------------------------------ so hijackthis hat bei diesem scan nicht alle einträge (wieder) gefunden. ich poste nochmal das neue Log und habe die einträge, die da waren gefixt. folgender eintrag war nach einem erneuten scan immer noch vorhanden: O2 - BHO: (no name) - {A6ACAE64-F798-4930-AD86-BD3FB32038DB} - C:\Program Files\Internet Security\isadd.dll Logfile of HijackThis v1.99.1 Scan saved at 09:26:02, on 06.04.2007 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Programme\Sophos\Remote Update\cachemgr.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS C:\Program Files\Internet Security\isamntr.exe C:\WINDOWS\System32\DSentry.exe C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE C:\WINDOWS\System32\pctspk.exe C:\WINDOWS\System32\WLTRAY.exe C:\Program Files\SpywareLocked 3.3\Spy-Locked.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Sophos SWEEP for NT\ICMON.EXE C:\Programme\Sophos\Remote Update\imonitor.exe C:\Program Files\Internet Security\isamini.exe C:\WINDOWS\System32\wuauclt.exe C:\Documents and Settings\Antonio Krahl\My Documents\download\hijackthis\HijackThis.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://xwebsearch.biz/sp.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://xwebsearch.biz/sp.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {A6ACAE64-F798-4930-AD86-BD3FB32038DB} - C:\Program Files\Internet Security\isadd.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\System32\WLTRAY.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [SpywareLocked 3.3] "C:\Program Files\SpywareLocked 3.3\Spy-Locked.exe" /h O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - Global Startup: InterCheck Monitor.LNK = C:\Program Files\Sophos SWEEP for NT\ICMON.EXE O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Remote Update Monitor.lnk = C:\Programme\Sophos\Remote Update\imonitor.exe O4 - Global Startup: VPN Client.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: (no name) - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab O16 - DPF: {427273CC-764E-11D3-823D-006097F90453} (Pixami Image Editor Control) - http://www.imagestation.com/common/classes/BPImageEditor.cab?ver=1,1,0,30 O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,72/mcinsctl.cab O16 - DPF: {5E943D9C-F8DC-4258-8E3F-A61BB3405A33} - http://www.imagestation.com/common/classes/batchdwnl.cab?version=4,3,2,20802 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1160562176459 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://housecall.trendmicro-europe.com/housecall/Xscan53.cab O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,15/mcgdmgr.cab O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O23 - Service: Sophos Cache Manager (CacheMgr) - SOPHOS Plc - C:\Programme\Sophos\Remote Update\cachemgr.exe O23 - Service: Cisco Systems, Inc. Installer service (CiscoVpnInstallService) - Unknown owner - C:\Temp\INSTAL~1.EXE (file missing) O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: Sophos Anti-Virus Network (SweepNet) - Sophos Plc - C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE O23 - Service: Sophos Anti-Virus (SWEEPSRV.SYS) - Sophos Plc - C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE ------------------------------------------------------------------------------------------ poste auch noch sicherheitshalber den avenger log im anhang, da ein paar sachen da wohl nicht geklappt haben... ----------------------------------------------------------------------------------------- hier der Rapport vom smitfraud - musste das Säubern im Normal Modus durchführen, da es irgendwie nicht möglich war im abgesicherten Modus zu starten - da kamen dan nur verzerrte blaue Balken und eine Andeutung von einem verzerrten Mauszeiger. Hoffe das ist trotzdem okay! : SmitFraudFix v2.164 Scan done at 10:00:28,66, 06.04.2007 Run from C:\Documents and Settings\Antonio Krahl\Desktop\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 localhost 127.0.0.1 localhost »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files C:\Documents and Settings\Antonio Krahl\Application Data\Microsoft\Internet Explorer\Quick Launch\SpywareLocked 3.3.lnk Deleted C:\DOCUME~1\ANTONI~1\STARTM~1\SpywareLocked 3.3.lnk Deleted C:\DOCUME~1\ANTONI~1\STARTM~1\Programs\SpywareLocked 3.3 Deleted C:\DOCUME~1\ANTONI~1\Desktop\SpywareLocked 3.3.lnk Deleted »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: Dell TrueMobile 1300 WLAN Mini-PCI Karte - Packet Scheduler Miniport DNS Server Search Order: 212.6.108.140 DNS Server Search Order: 212.6.108.141 HKLM\SYSTEM\CCS\Services\Tcpip\..\{0FB6EDA1-D812-4076-BD18-4D46301CB1BD}: DhcpNameServer=212.6.108.140 212.6.108.141 HKLM\SYSTEM\CCS\Services\Tcpip\..\{37D08955-45AB-4A32-91E3-908CB7BB6675}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS1\Services\Tcpip\..\{0FB6EDA1-D812-4076-BD18-4D46301CB1BD}: DhcpNameServer=212.6.108.140 212.6.108.141 HKLM\SYSTEM\CS1\Services\Tcpip\..\{37D08955-45AB-4A32-91E3-908CB7BB6675}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS2\Services\Tcpip\..\{0FB6EDA1-D812-4076-BD18-4D46301CB1BD}: DhcpNameServer=212.6.108.140 212.6.108.141 HKLM\SYSTEM\CS2\Services\Tcpip\..\{37D08955-45AB-4A32-91E3-908CB7BB6675}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.6.108.140 212.6.108.141 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.6.108.140 212.6.108.141 HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=212.6.108.140 212.6.108.141 »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End ---------------------------------------------------------------------------------------------- sieht bis jetzt alles ganz gut aus, krieg jedenfalls keine sstem warnungen mehr und start page ist auch wieder normal. was jetzt? Anhang: avenger.txt Dieser Beitrag wurde am 06.04.2007 um 10:15 Uhr von dapoowinnie editiert.
|
|
|
||
06.04.2007, 14:52
Ehrenmitglied
Beiträge: 29434 |
#6
dapoowinnie
das obrige Hijackthis hast du vor anwendung vom Avenger + smitfraudfix gemacht ??? poste bitte das neue log vom HijackTHis __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
07.04.2007, 02:42
...neu hier
Themenstarter Beiträge: 4 |
#7
ja hatte ich davor gemacht!
hier das aktuelle: Logfile of HijackThis v1.99.1 Scan saved at 02:43:19, on 07.04.2007 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Programme\Sophos\Remote Update\cachemgr.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS C:\WINDOWS\System32\DSentry.exe C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE C:\WINDOWS\System32\pctspk.exe C:\WINDOWS\System32\WLTRAY.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Sophos SWEEP for NT\ICMON.EXE C:\Programme\Sophos\Remote Update\imonitor.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe C:\Documents and Settings\Antonio Krahl\My Documents\download\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\System32\WLTRAY.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - Global Startup: InterCheck Monitor.LNK = C:\Program Files\Sophos SWEEP for NT\ICMON.EXE O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Remote Update Monitor.lnk = C:\Programme\Sophos\Remote Update\imonitor.exe O4 - Global Startup: VPN Client.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: (no name) - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab O16 - DPF: {427273CC-764E-11D3-823D-006097F90453} (Pixami Image Editor Control) - http://www.imagestation.com/common/classes/BPImageEditor.cab?ver=1,1,0,30 O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,72/mcinsctl.cab O16 - DPF: {5E943D9C-F8DC-4258-8E3F-A61BB3405A33} - http://www.imagestation.com/common/classes/batchdwnl.cab?version=4,3,2,20802 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1160562176459 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://housecall.trendmicro-europe.com/housecall/Xscan53.cab O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,15/mcgdmgr.cab O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O23 - Service: Sophos Cache Manager (CacheMgr) - SOPHOS Plc - C:\Programme\Sophos\Remote Update\cachemgr.exe O23 - Service: Cisco Systems, Inc. Installer service (CiscoVpnInstallService) - Unknown owner - C:\Temp\INSTAL~1.EXE (file missing) O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: Sophos Anti-Virus Network (SweepNet) - Sophos Plc - C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE O23 - Service: Sophos Anti-Virus (SWEEPSRV.SYS) - Sophos Plc - C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE |
|
|
||
07.04.2007, 13:57
Ehrenmitglied
Beiträge: 29434 |
#8
es ist alles wieder im gruenen Bereich
p:s: ich verstehe nicht, wie du ohne Windowsupdates im Net und bei ebay rumpaddelst..... der Rechner ist voellig ungeschuetzt.... __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
11.05.2007, 13:34
Member
Beiträge: 21 |
#9
Hallöchen.
Habe ein ähnliches Problem. Beim Startes des Internet Explorers erscheint ein Fenster (Warning! W32.Myzor.FK@yf ....) und als Startseite habe ich stets "ieframe.dll/navcancl.thm". Habe sowohl Symantec als auch Avira ANTIVIR durchlaufen lassen, aber es hat nichts geholfen. Wäre super, wenn ihr mir helfen könntet. Hier meine Hijack-this Logfile: Logfile of HijackThis v1.99.1 Scan saved at 13:32:47, on 11.05.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16441) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Programme\AntiVir PersonalEdition Classic\avguard.exe C:\Programme\Analog Devices\Core\smax4pnp.exe C:\Programme\Analog Devices\SoundMAX\Smax4.exe C:\Programme\CyberLink\PowerDVD\PDVDServ.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Programme\ICQLite\ICQLite.exe C:\Programme\QuickTime\qttask.exe C:\Programme\iTunes\iTunesHelper.exe C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Skype\Phone\Skype.exe C:\Programme\MSN Messenger\MsnMsgr.Exe C:\Programme\Messenger\msmsgs.exe C:\Programme\AntiVir PersonalEdition Classic\sched.exe C:\Programme\DT\Sinus 154 stick\Wifiusb.exe C:\WINDOWS\ATKKBService.exe C:\Programme\Symantec AntiVirus\DefWatch.exe C:\WINDOWS\system32\nvsvc32.exe C:\Programme\Symantec AntiVirus\Rtvscan.exe C:\Programme\OpenOffice.org 2.1\program\soffice.exe C:\Programme\OpenOffice.org 2.1\program\soffice.BIN C:\Programme\iPod\bin\iPodService.exe C:\Programme\Internet Explorer\iexplore.exe C:\Programme\Microsoft Office\OFFICE11\WINWORD.EXE C:\nocd\hijackthis\HijackThis.exe R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\tbu4\toolbaru.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Programme\ICQToolbar\tbu4\toolbaru.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {7A8F5B7A-A74F-495E-8A33-DF6226D2BAD8} - C:\Programme\Video ActiveX Access\iesplg.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\tbu4\toolbaru.dll O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [SoundMAX] "C:\Programme\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [ICQ Lite] "C:\Programme\ICQLite\ICQLite.exe" -minimize O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Steam] "C:\Programme\Valve\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot O4 - Startup: OpenOffice.org 2.1.lnk = C:\Programme\OpenOffice.org 2.1\program\quickstart.exe O4 - Global Startup: Sinus 154 stick WLAN Manager.lnk = C:\Programme\DT\Sinus 154 stick\Wifiusb.exe O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Programme\Symantec AntiVirus\DefWatch.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Programme\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Programme\Symantec AntiVirus\Rtvscan.exe Sollte ich sonst noch irgendetwas posten, bitte Bescheid geben. Ich bin wirklich auf Hilfe angewiesen und wäre für Selbige sehr dankbar. Mit freundlichen Grüßen Heir of Mu |
|
|
||
11.05.2007, 15:14
Ehrenmitglied
Beiträge: 6028 |
#10
RemoveVideoActiveXObject
Download: RemoveVideoActiveXObject zum Desktop Danach dopplelklicken Moeglich startet der Uninstaller von ein Roquescanner schliesse es nicht ab aber lass es seine Arbeit tun Rechner neu starten und nochmals RemoveVideoActiveXObject.exe Doppelklicken Poste nachher den logfile C:\RVAXO-results.log in dein folgender Bericht zusammen mit ein log von HijackThis __________ MfG Argus |
|
|
||
11.05.2007, 16:18
Member
Beiträge: 21 |
#11
Hier also die erwünschten Log-Dateien:
----------------RemoveVideoActiveXObject.exe first run------------- Files found: Uninstallers Rogue scanners: Folders Found: C:\Programme\Video ActiveX Access Logfile of HijackThis v1.99.1 Scan saved at 16:18:22, on 11.05.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16441) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Programme\AntiVir PersonalEdition Classic\avguard.exe C:\Programme\Analog Devices\Core\smax4pnp.exe C:\Programme\Analog Devices\SoundMAX\Smax4.exe C:\Programme\CyberLink\PowerDVD\PDVDServ.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Programme\ICQLite\ICQLite.exe C:\Programme\QuickTime\qttask.exe C:\Programme\iTunes\iTunesHelper.exe C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Valve\Steam\Steam.exe C:\Programme\Skype\Phone\Skype.exe C:\Programme\MSN Messenger\MsnMsgr.Exe C:\Programme\Messenger\msmsgs.exe C:\Programme\DT\Sinus 154 stick\Wifiusb.exe C:\Programme\OpenOffice.org 2.1\program\soffice.exe C:\Programme\OpenOffice.org 2.1\program\soffice.BIN C:\Programme\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\ATKKBService.exe C:\Programme\Symantec AntiVirus\DefWatch.exe C:\WINDOWS\system32\nvsvc32.exe C:\Programme\Symantec AntiVirus\Rtvscan.exe C:\Programme\iPod\bin\iPodService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Programme\Internet Explorer\IEXPLORE.EXE C:\nocd\hijackthis\HijackThis.exe R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\tbu4\toolbaru.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Programme\ICQToolbar\tbu4\toolbaru.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\tbu4\toolbaru.dll O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [SoundMAX] "C:\Programme\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [ICQ Lite] "C:\Programme\ICQLite\ICQLite.exe" -minimize O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Steam] "C:\Programme\Valve\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot O4 - Startup: OpenOffice.org 2.1.lnk = C:\Programme\OpenOffice.org 2.1\program\quickstart.exe O4 - Global Startup: Sinus 154 stick WLAN Manager.lnk = C:\Programme\DT\Sinus 154 stick\Wifiusb.exe O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Programme\Symantec AntiVirus\DefWatch.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Programme\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Programme\Symantec AntiVirus\Rtvscan.exe |
|
|
||
11.05.2007, 16:34
Ehrenmitglied
Beiträge: 6028 |
||
|
||
11.05.2007, 17:01
Member
Beiträge: 21 |
#13
Hat super geklappt. Vielen herzlichen Dank.
Ich werde diese Forum hier weiterhin wärmstens empfehlen. Nochmals danke. Mit freundlichen Grüßen Heir of Mu |
|
|
||
11.05.2007, 17:05
Ehrenmitglied
Beiträge: 6028 |
||
|
||
dort bekomme ich eine Microsoft Internet Explorer Warnung dass mein System vom Virus W32.Myzor.FK@yf befallen ist und werde auf folgende Seite weitergeleitet: //malwarewiped.com/?aid=239
Ausserdem hat sich SpywareLocked 3.3 selbstständig installiert und gibt mir Systemwarnungen über Spyware!
Schei...!
hijackthis log file:
Logfile of HijackThis v1.99.1
Scan saved at 01:08:23, on 05.04.2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Sophos\Remote Update\cachemgr.exe
C:\Temp\INSTAL~1.EXE
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE
C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS
C:\Program Files\Internet Security\isamntr.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\WINDOWS\System32\pctspk.exe
C:\WINDOWS\System32\WLTRAY.exe
C:\Program Files\SpywareLocked 3.3\Spy-Locked.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Sophos SWEEP for NT\ICMON.EXE
C:\Programme\Sophos\Remote Update\imonitor.exe
C:\Program Files\Internet Security\isamini.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Antonio Krahl\My Documents\download\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://xwebsearch.biz/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://education.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://xwebsearch.biz/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://xwebsearch.biz/sp.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://xwebsearch.biz/sp.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {A6ACAE64-F798-4930-AD86-BD3FB32038DB} - C:\Program Files\Internet Security\isadd.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\System32\WLTRAY.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [SpywareLocked 3.3] "C:\Program Files\SpywareLocked 3.3\Spy-Locked.exe" /h
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: InterCheck Monitor.LNK = C:\Program Files\Sophos SWEEP for NT\ICMON.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Remote Update Monitor.lnk = C:\Programme\Sophos\Remote Update\imonitor.exe
O4 - Global Startup: VPN Client.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {427273CC-764E-11D3-823D-006097F90453} (Pixami Image Editor Control) - http://www.imagestation.com/common/classes/BPImageEditor.cab?ver=1,1,0,30
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,72/mcinsctl.cab
O16 - DPF: {5E943D9C-F8DC-4258-8E3F-A61BB3405A33} - http://www.imagestation.com/common/classes/batchdwnl.cab?version=4,3,2,20802
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1160562176459
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://housecall.trendmicro-europe.com/housecall/Xscan53.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,15/mcgdmgr.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter: text/html - (no CLSID) - (no file)
O23 - Service: Sophos Cache Manager (CacheMgr) - SOPHOS Plc - C:\Programme\Sophos\Remote Update\cachemgr.exe
O23 - Service: Cisco Systems, Inc. Installer service (CiscoVpnInstallService) - Unknown owner - C:\Temp\INSTAL~1.EXE
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Sophos Anti-Virus Network (SweepNet) - Sophos Plc - C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE
O23 - Service: Sophos Anti-Virus (SWEEPSRV.SYS) - Sophos Plc - C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
hab keine ahnung von nix und wäre sehr dankbar für hilfe!!!
datfind logs im anhang
winnie
--------
Directory of C:\WINDOWS\SYSTEM32
05.04.2007 16:40 43.611 nvModes.001
05.04.2007 16:39 17.112 nvapps.xml
04.04.2007 12:16 43.611 nvModes.dat
04.04.2007 12:09 43.520 CmdLineExt03.dll
03.04.2007 21:09 7.680 pkgvyg.dll