hijackThis-Check Up |
||
---|---|---|
#0
| ||
05.05.2007, 14:20
Member
Beiträge: 62 |
||
|
||
05.05.2007, 15:11
Ehrenmitglied
Beiträge: 6028 |
#2
Dein Java ist veraltet
http://java.sun.com/javase/downloads/index.jsp Srcolle runter nach "Java Runtime Environment (JRE) 6u1 The Java SE Runtime Environment (JRE) allows end-users to run Java applications. Klicke auf "Download" Setze in haeckchen bei "Accept License Agreement". Klicke “Windows Offline Installation, Multi-language” um “jre-6-windows-i586.exe”zum Desktop zu installieren Schliesse alle Programme auch dein Webbrowser Ueber "Start -> Einstellungen -> Systemsteuerung -> Software Und entferne alle aeltere versionen von Java Runtime Environment (JRE of J2SE) Nachdem alles entfernt wurde,Rechner neu starten Installiere jetzt vom Desktop aus “jre-6-windows-i586.exe” Es gibt ein schoenes um zu schecken ob man alle Updates hat:Software Inspector http://secunia.com/software_inspector/ So sollte es am ende aussehen __________ MfG Argus |
|
|
||
05.05.2007, 16:37
Member
Themenstarter Beiträge: 62 |
#3
danke für die schnelle hilfe. ich werde jetzt das neue Java installieren....
ich hab nochmal einen Rootkid Revealer Scan gemacht: Zitat HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg 23.02.2007 17:49 0 bytes Access is denied.was soll ich damit jetzt eigentlich tun? |
|
|
||
05.05.2007, 16:57
Ehrenmitglied
Beiträge: 6028 |
||
|
||
05.05.2007, 17:01
Member
Themenstarter Beiträge: 62 |
#5
ok, aber ich muss den Rootkid Revealer jetz schließen, wegen dem neustart vor der Java installation. aber da ist ja eh keine repair funktion oder so -.-
ich hab zeit... |
|
|
||
05.05.2007, 19:44
Moderator
Beiträge: 7805 |
#6
Das was Rootkitrevealer da meldet, kannst du ignorieren. Was du mal machen koenntest waere die Daentraegerreinigung zu nutzen (ausser alte Dateien komprimieren) Zusaetzlich noch die Systemwiederherstellung uber "weitere Optionen" saeubern.
http://support.microsoft.com/default.aspx?scid=kb;de;315246 __________ MfG Ralf SEO-Spam Hunter |
|
|
||
08.05.2007, 19:07
Member
Themenstarter Beiträge: 62 |
#7
hä, wenn ich laut der verlinkten anleitung vorgehe, also das hier:
Zitat Zum Starten des Dienstprogramms Datenträgerbereinigung klicken Sie auf Start, zeigen auf Programme, zeigen auf Zubehör, zeigen auf Systemprogramme und klicken anschließend auf Datenträgerbereinigung.dann kommt bei mir nur ein kleines Fenster mit der Auswahl der partition/Festplatte, wenn ich dann OK klicke gehts gleich los. wo ist denn da die auswahl, wo ich "alte dateien koprimieren" deaktiviren kann. eine konsole ist da auch nicht. auch kein "weitere optionen button"... bin ich im falschen fenster? |
|
|
||
08.05.2007, 19:16
Moderator
Beiträge: 7805 |
#8
Du musst halt warten, bis die Anzeige erscheint. DAs kann je nach Rechner einige Minuten dauern....
__________ MfG Ralf SEO-Spam Hunter |
|
|
||
09.05.2007, 06:43
Member
Themenstarter Beiträge: 62 |
#9
nein, da kommt nur das fenster. danach nichts
|
|
|
||
09.05.2007, 08:00
Moderator
Beiträge: 7805 |
#10
Auch, wenn du es im abgesicherten Modus macht und unter start/Ausfuehren cleanmgr eingibst?
__________ MfG Ralf SEO-Spam Hunter |
|
|
||
16.05.2007, 12:55
Member
Beiträge: 11 |
#11
Guten Tag an das Team
Da ich mit lästigen IE-Pop´s belästigt werde, obwohl ich mit dem Firefox-Explorer arbeite, bitte ich höflich um Hilfestellung. Da ich alleine mit HijackThis nicht schlau werde, möchte ich Euch im Forum fragen, was das Logfile aussagt. Logfile of HijackThis v1.99.1 Scan saved at 12:47:29, on 16.05.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Acer\Empowering Technology\eRecovery\eRAgent.exe C:\WINDOWS\system32\SysMonitor.exe C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe C:\Program Files\Fichiers communs\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\OO Software\CleverCache\ooccctrl.exe C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe C:\Program Files\SAGEM WiFi manager\WLANUTL.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Acer\Empowering Technology\ePerformance\MemCheck.exe C:\Program Files\Intel\IntelDH\CCU\AlertService.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\OO Software\CleverCache\ooccag.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\rsvp.exe C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe C:\Program Files\Microsoft Office\Office10\WINWORD.EXE C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\msagent\AgentSvr.exe C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe C:\WINDOWS\retadpu1000272.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\PROGRA~1\WINZIP\winzip32.exe C:\PROGRA~1\WINZIP\winzip32.exe C:\PROGRA~1\WINZIP\winzip32.exe C:\HijackThis.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\rsvp.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wetter.com/v2/?SID=&LANG=CH&LOC=7000&LOCFROM=0203&type=WORLD&id=62041 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file) R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\WINDOWS\system32\SysMonitor.exe O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe O4 - HKLM\..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Fichiers communs\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup O4 - HKLM\..\Run: [ImageItEncrypt] C:\WINDOWS\system32\ImageItEncrypt.exe O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\FR\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=051807 serial=DR12CES-7976137-NGQ lang=FR O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [ooccctrl.exe] C:\Program Files\OO Software\CleverCache\ooccctrl.exe /tasktray O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0 O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Acer Empowering Technology.lnk = ? O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ? O8 - Extra context menu item: Markierte Adresse als Outlook-Kontakt speichern - C:\Program Files\SmartTools\OlAdrAss\STPAdrAssIE.hat O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1175267227625 O20 - Winlogon Notify: urqrron - C:\WINDOWS\SYSTEM32\urqrron.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Intel(R) Alert Service (AlertService) - Intel Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Intel(R) Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - Unknown owner - C:\WINDOWS\System32\FTRTSVC.exe (file missing) O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe O23 - Service: Serveur Média Intel(R) Viiv(TM) (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe O23 - Service: O&O CleverCache Agent (OOCleverCacheAgent) - O&O Software GmbH - C:\Program Files\OO Software\CleverCache\ooccag.exe O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe Vielen Dank für Eure Unterstützung. Herzliche Grüsse Manuela |
|
|
||
16.05.2007, 15:16
Moderator
Beiträge: 7805 |
#12
Nutze bitte Combofix und poste den erstellten Report.
http://virus-protect.org/artikel/tools/combofix.html __________ MfG Ralf SEO-Spam Hunter |
|
|
||
16.05.2007, 16:04
Member
Beiträge: 11 |
#13
Hallo Ralf
Danke für Deine Antwort. Ich habe Deine Anweisung befolgt. "Olivier Wilhelm" - 2007-05-16 15:38:24 Service Pack 2 ComboFix 07-05.13.2.V - Running from: "C:\Documents and Settings\Olivier Wilhelm\Bureau\" (((((((((((((((((((((((((((((((((((((((((((((((((( V Log ))))))))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\ssqrr.dll C:\WINDOWS\system32\tuvtsts.dll * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\Program Files\Fichiers communs\Yazzle1162OinUninstaller.exe C:\WINDOWS\retadpu1000272.exe C:\WINDOWS\system32\bund1\temp.txt C:\WINDOWS\system32\taskmgr.com C:\WINDOWS\regedit.com C:\WINDOWS\system32\bund1 C:\WINDOWS\system32\drivers\core.sys ((((((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) -------\LEGACY_CORE -------\core ((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-16 )))))))))))))))))))))))))))))))))) 2007-05-16 15:00 <REP> d-------- C:\Program Files\Roguescanfix 2007-05-16 13:36 <REP> d-------- C:\VundoFix Backups 2007-05-16 13:15 4,704 --a------ C:\WINDOWS\system32\tmp.reg 2007-05-16 12:03 82,944 --a------ C:\intvuvmp.exe 2007-05-16 12:03 17,408 --a------ C:\WINDOWS\system32\winkve32.dll 2007-05-16 11:54 <REP> d-------- C:\Program Files\XoftSpySE 2007-05-15 10:04 <REP> d-------- C:\DOCUME~1\OLIVIE~1\APPLIC~1\Help 2007-05-11 13:23 <REP> d-------- C:\DOCUME~1\OLIVIE~1\APPLIC~1\WinRAR 2007-05-11 07:58 <REP> d-------- C:\Program Files\CasinoOnNet 2007-04-26 11:51 89,168 --a------ C:\DOCUME~1\OLIVIE~1\APPLIC~1\GDIPFONTCACHEV1.DAT (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-05-16 12:29:29 -------- d-----w C:\DOCUME~1\OLIVIE~1\APPLIC~1\AdobeUM 2007-05-16 08:39:54 2,560 ----a-w C:\WINDOWS\system32\BitCometRes.dll 2007-05-10 05:53:49 848 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys 2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-04-30 15:41:55 85,952 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys 2007-04-30 15:41:42 94,552 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys 2007-04-30 15:39:41 23,416 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys 2007-04-30 15:38:51 43,176 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys 2007-04-30 15:37:23 26,888 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys 2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AVASTSS.scr 2007-04-10 05:27:06 -------- d--h--w C:\Program Files\InstallShield Installation Information 2007-04-10 05:27:06 -------- d-----w C:\Program Files\SAGEM WiFi manager 2007-04-10 05:27:00 -------- d-----w C:\Program Files\SAGEM 2007-04-10 05:10:24 -------- d-----w C:\Program Files\Wanadoo 2007-04-09 12:09:38 -------- d-----w C:\DOCUME~1\OLIVIE~1\APPLIC~1\Lavasoft 2007-04-09 12:09:33 -------- d-----w C:\Program Files\Lavasoft 2007-04-09 12:09:12 -------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard 2007-04-06 15:12:08 -------- d-----w C:\DOCUME~1\OLIVIE~1\APPLIC~1\Apple Computer 2007-04-06 12:16:10 -------- d-----w C:\Program Files\QuickTime 2007-04-06 12:15:12 -------- d-----w C:\Program Files\Apple Software Update 2007-04-05 17:56:42 -------- d--h--w C:\Program Files\Zero G Registry 2007-04-05 13:53:27 646,392 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2007-04-05 10:23:31 1,168 ----a-w C:\WINDOWS\mozver.dat 2007-04-05 10:12:06 -------- d-----w C:\DOCUME~1\OLIVIE~1\APPLIC~1\Talkback 2007-04-05 10:11:49 0 ----a-w C:\WINDOWS\nsreg.dat 2007-04-04 18:56:21 -------- d-----w C:\Program Files\Ubi Soft 2007-04-04 12:20:10 -------- d-----w C:\Program Files\OO Software 2007-04-04 10:44:01 -------- d-----w C:\Program Files\SmartTools 2007-04-02 21:09:13 -------- d-----w C:\Program Files\WinISO 2007-03-30 17:07:10 -------- d-----w C:\Program Files\Ahead 2007-03-30 17:07:07 -------- d-----w C:\Program Files\Fichiers communs\Ahead 2007-03-30 16:39:16 -------- d-----w C:\Program Files\Yahoo! 2007-03-29 19:43:33 64,688 ----a-w C:\WINDOWS\system32\perfc00C.dat 2007-03-29 19:43:33 446,896 ----a-w C:\WINDOWS\system32\perfh00C.dat 2007-03-29 19:36:23 -------- d-----w C:\Program Files\Windows Plus 2007-03-29 19:36:17 -------- d-----w C:\Program Files\Windows NT 2007-03-29 19:36:14 -------- d-----w C:\Program Files\Services en ligne 2007-03-29 19:36:03 -------- d-----w C:\Program Files\Realtek 2007-03-29 19:36:02 -------- d-----w C:\Program Files\Online Services 2007-03-29 19:36:02 -------- d-----w C:\Program Files\Oca History Tool 2007-03-29 19:35:16 -------- d-----w C:\Program Files\NewTech Infosystems 2007-03-29 19:35:04 -------- d-----w C:\Program Files\MSN Gaming Zone 2007-03-29 19:34:56 -------- d-----w C:\Program Files\Movie Maker 2007-03-29 19:34:53 -------- d-----w C:\Program Files\microsoft frontpage 2007-03-29 19:34:53 -------- d-----w C:\Program Files\Messenger 2007-03-29 19:34:39 -------- d-----w C:\Program Files\GemMasterFrench 2007-03-29 19:34:37 -------- d-----w C:\Program Files\FrenchOtto 2007-03-29 19:34:28 -------- d-----w C:\Program Files\Fichiers communs\SpeechEngines 2007-03-29 19:34:28 -------- d-----w C:\Program Files\Fichiers communs\ODBC 2007-03-29 19:34:28 -------- d-----w C:\Program Files\Fichiers communs\NewTech Infosystems 2007-03-29 19:34:26 -------- d-----w C:\Program Files\Fichiers communs\muvee Technologies 2007-03-29 19:34:26 -------- d-----w C:\Program Files\Fichiers communs\MSSoap 2007-03-29 19:34:01 -------- d-----w C:\Program Files\CyberLink 2007-03-29 19:33:13 -------- d-----w C:\Program Files\Acer Zone 2007-03-29 19:33:13 -------- d-----w C:\Program Files\Acer WLAN 11g USB Dongle 2007-03-29 18:55:36 -------- d-----w C:\Program Files\Fichiers communs\Corel 2007-03-29 18:55:35 -------- d-----w C:\DOCUME~1\OLIVIE~1\APPLIC~1\Corel 2007-03-29 18:55:20 -------- d-----w C:\Program Files\Corel 2007-03-29 18:04:52 -------- d-----w C:\DOCUME~1\OLIVIE~1\APPLIC~1\vlc 2007-03-29 17:21:58 -------- d-----w C:\Program Files\Fichiers communs\InstallShield 2007-03-29 16:38:03 -------- d-----w C:\Program Files\Fichiers communs\Macromedia Shared 2007-03-29 16:18:18 -------- d-----w C:\DOCUME~1\OLIVIE~1\APPLIC~1\CyberLink 2007-03-29 15:34:33 -------- d-----w C:\Program Files\BitComet 2007-03-29 15:25:06 -------- d-----w C:\Program Files\Opanda 2007-03-29 14:25:19 -------- d-----w C:\Program Files\Microsoft Office Personal Portfolio 2007-03-29 14:25:16 -------- d-----w C:\Program Files\directx 2007-03-29 13:52:08 -------- d-----w C:\Program Files\Fichiers communs\Adobe Systems Shared 2007-03-29 13:06:48 -------- d-----w C:\DOCUME~1\OLIVIE~1\APPLIC~1\Uniblue 2007-03-29 13:04:54 -------- d-----w C:\DOCUME~1\OLIVIE~1\APPLIC~1\WordToPDF 2007-03-29 13:03:56 -------- d-----w C:\Program Files\VideoLAN 2007-03-29 12:51:14 -------- d-----w C:\Program Files\MSXML 4.0 2007-03-29 12:44:37 -------- d-----w C:\Program Files\Fichiers communs\Symantec Shared 2007-03-29 12:26:01 -------- d-----w C:\Program Files\Alwil Software 2007-03-29 12:25:25 -------- d-----w C:\DOCUME~1\OLIVIE~1\APPLIC~1\Dossier de téléchargement Share-to-Web 2007-03-29 11:56:44 -------- d-----w C:\Program Files\Hewlett-Packard 2007-03-29 11:56:42 82,380 ----a-w C:\WINDOWS\system32\drivers\AFS2K.SYS 2007-03-29 11:55:53 -------- d-----w C:\DOCUME~1\OLIVIE~1\APPLIC~1\Dossier de téléchargement Share-to-Web 2007-03-29 11:55:17 -------- d-----w C:\Program Files\Fichiers communs\Hewlett-Packard 2007-03-29 11:39:58 -------- d-----w C:\Program Files\Securitoo 2007-03-29 11:09:39 -------- d--h--w C:\DOCUME~1\OLIVIE~1\APPLIC~1\GTek 2007-03-29 11:09:34 29,184 ----a-w C:\WINDOWS\system32\drivers\goprot51.sys 2007-03-29 11:08:39 -------- d-----w C:\Program Files\Intel 2007-03-29 11:08:39 -------- d-----w C:\Program Files\Fichiers communs\Intel 2007-03-17 13:44:47 293,376 ----a-w C:\WINDOWS\system32\winsrv.dll 2007-03-08 15:37:50 578,560 ----a-w C:\WINDOWS\system32\user32.dll 2007-03-08 15:37:50 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll 2007-03-08 15:37:50 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll 2007-03-08 15:33:58 1,843,712 ----a-w C:\WINDOWS\system32\win32k.sys 2007-02-05 20:19:06 185,344 ----a-w C:\WINDOWS\system32\upnphost.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 01:56] {53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10 13:22] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe" "LaunchApp"="Alaunch" "RTHDCPL"="RTHDCPL.EXE" "Alcmtr"="ALCMTR.EXE" "ntiMUI"="c:\\Program Files\\NewTech Infosystems\\NTI CD & DVD-Maker 7\\ntiMUI.exe" @="" "RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\"" "IAAnotif"="C:\\Program Files\\Intel\\Intel Matrix Storage Manager\\iaanotif.exe" "IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32" "IMEKRMIG6.1"="C:\\WINDOWS\\ime\\imkr6_1\\IMEKRMIG.EXE" "MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC" "PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC" "PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName" "SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe" "Acer Empowering Technology Monitor"="C:\\WINDOWS\\system32\\SysMonitor.exe" "eRecoveryService"="C:\\Acer\\Empowering Technology\\eRecovery\\eRAgent.exe" "CCUTRAYICON"="C:\\Program Files\\Intel\\IntelDH\\CCU\\CCU_TrayIcon.exe" "NMSSupport"="\"C:\\Program Files\\Fichiers communs\\Intel\\IntelDH\\NMS\\Support\\IntelHCTAgent.exe\" /startup" "ImageItEncrypt"="C:\\WINDOWS\\system32\\ImageItEncrypt.exe" "Share-to-Web Namespace Daemon"="C:\\Program Files\\Hewlett-Packard\\HP Share-to-Web\\hpgs2wnd.exe" "avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe" "CorelDRAW Graphics Suite 11b"="C:\\Program Files\\Corel\\Corel Graphics 12\\Languages\\FR\\Programs\\Registration.exe /title=\"CorelDRAW Graphics Suite 12\" /date=051807 serial=DR12CES-7976137-NGQ lang=FR" "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe" "ooccctrl.exe"="C:\\Program Files\\OO Software\\CleverCache\\ooccctrl.exe /tasktray" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 14:01] "LaunchApp"="Alaunch" []) "RTHDCPL"="RTHDCPL.EXE" []) "Alcmtr"="ALCMTR.EXE" []) "ntiMUI"="c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 18:15] "@"="" []) "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24] "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-10-12 12:30] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 22:00] "IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-10 22:00] "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 22:00] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 22:00] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 22:00] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 13:03] "Acer Empowering Technology Monitor"="C:\WINDOWS\system32\SysMonitor.exe" [2006-04-18 19:54] "eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-04-28 16:43] "CCUTRAYICON"="C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe" [2006-04-13 02:03] "NMSSupport"="C:\Program Files\Fichiers communs\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" [2006-03-29 18:10] "ImageItEncrypt"="C:\WINDOWS\system32\ImageItEncrypt.exe" [2005-12-30 14:02] "Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 10:42] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 17:42] "CorelDRAW Graphics Suite 11b"="C:\Program Files\Corel\Corel Graphics 12\Languages\FR\Programs\Registration.exe" [2003-12-03 01:52] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 15:40] "ooccctrl.exe"="C:\Program Files\OO Software\CleverCache\ooccctrl.exe" [2005-11-09 02:08] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 22:00] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2004-11-22 08:18] "Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-03-27 15:22] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe" "MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background" "updateMgr"="C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe AcRdB7_0_0" "Yahoo! Pager"="\"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE\" -quiet" "SpybotSD TeaTimer"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\ 63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\ 6d,73,73,74,79,6c,65,73,00 "InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\ 73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{EDA72771-EEC5-493C-867D-3713DC90657E}"="C:\WINDOWS\system32\urqrron.dll" [] HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages msv1_0\0\0 Security Packages kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages scecli\0\0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter HTTPFilter\0\0 LocalService Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService DnsCache\0\0 DcomLaunch DcomLaunch\0TermService\0\0 rpcss RpcSs\0\0 imgsvc StiSvc\0\0 termsvcs TermService\0\0 HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\AppleSoftwareUpdate.job ******************************************************************** catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-05-16 15:42:05 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 ******************************************************************** Completion time: 2007-05-16 15:43:20 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-05-16 15:43 Freundliche Grüsse Manuela PS: Gerade sehe ich, dass ein Ordner namens Casinoonnet auf der Festplatte gespeichert ist. Das habe ich nicht installiert. Das Problem ist damit aber nicht verbunden? Dieser Beitrag wurde am 16.05.2007 um 16:09 Uhr von MFBasel editiert.
|
|
|
||
16.05.2007, 16:39
Moderator
Beiträge: 7805 |
||
|
||
16.05.2007, 17:02
Member
Beiträge: 11 |
#15
Hallo Ralf
Diese Datei kann ich im Ordner System32 gar nicht finden. Also habe ich die Suche laufen lassen und stelle fest, dass sie zu den heruntergeladenen Programm "VundoFix" gehört. Das Programm wird hier um Forum empfohlen. Genauer gesagt folgt nach dem "dll" noch ein "bat". Der Virenscanner meldet Alarm, wenn ich diese Datei anklicke, um mit dem Rechtsklick in die Eigenschaften zu sehen. Freundliche Grüsse Manuela |
|
|
||
Logfile of HijackThis v1.99.1
Scan saved at 14:19:22, on 05.05.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
F:\PROGZ\AntiVir PersonalEdition Classic\sched.exe
F:\PROGZ\AntiVir PersonalEdition Classic\avguard.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\wscntfy.exe
F:\PROGZ\AntiVir PersonalEdition Classic\avgnt.exe
E:\Programme\ATI Technologies\ATI.ACE\cli.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Programme\ATI Technologies\ATI.ACE\cli.exe
E:\Programme\ATI Technologies\ATI.ACE\cli.exe
F:\PROGZ\Winamp\winamp.exe
F:\PROGZ\ICQ6\ICQ.exe
F:\PROGZ\Mozilla Firefox\firefox.exe
F:\PROGZ\HiJack This\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Programme\Java\jre1.5.0_11\bin\ssv.dll
O4 - HKLM\..\Run: [avgnt] "F:\PROGZ\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ATICCC] "E:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://F:\PROGZ\OFFICE~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with BitPump - F:\PROGZ\BitPump\ieint.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Programme\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Programme\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - F:\PROGZ\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - F:\PROGZ\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - F:\PROGZ\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - F:\PROGZ\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Programme\Messenger\msmsgs.exe
O23 - Service: Adobe LM Service - Unknown owner - E:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - F:\PROGZ\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - F:\PROGZ\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe