Drive Cleaner Probleme! |
||
|---|---|---|
| #0
| ||
|
21.05.2007, 20:49
...neu hier
Beiträge: 5 |
||
 
|
|
|
|
21.05.2007, 21:45
Ehrenmitglied
 Beiträge: 6028 |
#2
Arbeite dies mal ab,aber nicht als Anhang posten
http://board.protecus.de/t23188.htm __________ MfG Argus |
|
|
|
|
|
|
21.05.2007, 21:56
...neu hier
Themenstarter Beiträge: 5 |
#3
Wie hab ich doch ... aber das ist soviel und da steht man soll das denn in eine Text-Datei machen. Es passt nämlich hier nicht rein. Und ich kann auch immer nur eine Antwort geben, somit ist es mir unmöglich irgendwie hier alles reinzubekommen.
Langsam werd ich traurig, wie soll ich das denn hinbekommen. :-( Ich hab das echt alles artig abgearbeitet und es ist alles in der Datei gespeichert als .txt! Anhang: logdatein.txt Dieser Beitrag wurde am 21.05.2007 um 22:07 Uhr von Steffinchen editiert.
|
|
|
|
|
|
|
22.05.2007, 20:24
...neu hier
Beiträge: 1 |
#4
hallo. irgendwie bin ich wohl sogar zu doof im forum einen beitrag zu posten, deswegen hoffe ich mal du kannst mir auf diesem wege auch schnell helfen, hoffe alle angaben die du benötigst kann ich nun liefern:
"Danh Biesgen" - 2007-05-22 19:54:17 Service Pack 2 ComboFix 07-05.21.6.V - Running from: "C:\Dokumente und Einstellungen\Danh Biesgen\Desktop\" ((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-22 )))))))))))))))))))))))))))))))))) 2007-05-11 21:01 40,960 --a------ C:\WINDOWS\unS385_.dll 2007-05-09 13:51 <DIR> d-------- C:\Programme\Generic 2007-04-25 14:33 <DIR> d-------- C:\Programme\Real 2007-04-25 14:33 <DIR> d-------- C:\Programme\Gemeinsame Dateien\xing shared 2007-04-25 14:33 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Real 2007-04-25 14:32 <DIR> d-------- C:\DOKUME~1\DANHBI~1\ANWEND~1\Real 2007-04-24 09:35 <DIR> d-------- C:\Programme\QIP2 2007-04-22 20:13 43,584 --a------ C:\WINDOWS\system32\drivers\avipbb.sys 2007-04-22 20:13 28,352 --a------ C:\WINDOWS\system32\drivers\ssmdrv.sys (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-05-22 17:53:25 13,440 ----a-w C:\WINDOWS\system32\drivers\USBCRFT.SYS 2007-05-21 17:52:49 -------- d-----w C:\DOKUME~1\DANHBI~1\ANWEND~1\teamspeak2 2007-05-14 23:08:51 10,626 ----a-w C:\DOKUME~1\DANHBI~1\ANWEND~1\wklnhst.dat 2007-05-13 11:08:20 -------- d-----w C:\Programme\World of Warcraft 2007-05-11 19:03:28 -------- d--h--w C:\Programme\InstallShield Installation Information 2007-05-08 18:15:48 -------- d-----w C:\Programme\TrackMania Nations ESWC 2007-05-08 13:33:14 -------- d-----w C:\DOKUME~1\DANHBI~1\ANWEND~1\AdobeUM 2007-04-19 15:39:49 -------- d-----w C:\Programme\qip 2007-04-19 15:24:13 -------- d-----w C:\Programme\ICQLite 2007-04-18 18:14:11 -------- d-----w C:\DOKUME~1\DANHBI~1\ANWEND~1\ICQ 2007-04-14 23:47:32 -------- d-----w C:\Programme\BearShare 2007-04-04 14:42:20 4,212 ---h--w C:\WINDOWS\system32\zllictbl.dat 2007-03-25 12:33:38 63,700 ----a-w C:\WINDOWS\system32\perfc007.dat 2007-03-25 12:33:38 391,348 ----a-w C:\WINDOWS\system32\perfh007.dat 2007-03-23 18:53:44 -------- d-----w C:\Programme\Postal2 2007-03-23 18:52:16 -------- d-----w C:\DOKUME~1\DANHBI~1\ANWEND~1\DVD Shrink 2007-03-13 00:01:57 -------- d-----w C:\DOKUME~1\DANHBI~1\ANWEND~1\Skype 2007-03-08 22:02:26 42,648 ----a-w C:\WINDOWS\zllsputility_loc0407.dll 2007-03-08 22:02:24 54,936 ----a-w C:\WINDOWS\system32\vsutil_loc0407.dll 2007-03-08 22:02:20 22,168 ----a-w C:\WINDOWS\system32\imsinstall_loc0407.dll 2007-03-08 22:02:20 18,072 ----a-w C:\WINDOWS\system32\imslsp_install_loc0407.dll 2007-03-08 22:02:00 75,512 ----a-w C:\WINDOWS\zllsputility.exe 2007-03-08 22:01:42 1,087,216 ----a-w C:\WINDOWS\system32\zpeng24.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-05-15 00:47] {53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Programme\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Cmaudio"="cmicnfg.cpl" [] "Dit"="Dit.exe" [] "CHotkey"="mHotkey.exe" [] "ledpointer"="CNYHKey.exe" [] "NIC Monitor"="VNICMon.exe" [2002-09-26 15:03 C:\WINDOWS\system32\VNICMon.exe] "ATIPTA"="C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-01-27 14:30] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 15:50] "avgnt"="C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" [2007-04-22 20:13] "SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43] "snppro"="C:\WINDOWS\vsnppro.exe" [2004-12-16 20:56] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [] "ZoneAlarm Client"="C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 00:02] "TkBellExe"="C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" [2007-04-25 14:33] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"="C:\Programme\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04] "MSMSGS"="C:\Programme\Messenger\msmsgs.exe" [2004-10-13 18:24] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService] "C:\Programme\Home Cinema\PowerCinema\PCMService.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] "c:\progra~1\steam\steam.ex" -silent ******************************************************************** catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-05-22 19:59:24 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ******************************************************************** Completion time: 2007-05-22 20:00:38 --- E O F --- Logfile of HijackThis v1.99.1 Scan saved at 20:16:57, on 22.05.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\AntiVir PersonalEdition Classic\sched.exe C:\Programme\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\RunDll32.exe C:\WINDOWS\Dit.exe C:\WINDOWS\mHotkey.exe C:\WINDOWS\CNYHKey.exe C:\WINDOWS\system32\VNICMon.exe C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe C:\Programme\Java\jre1.6.0_01\bin\jusched.exe C:\WINDOWS\vsnppro.exe C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\Programme\Spybot - Search & Destroy\TeaTimer.exe C:\Programme\Logitech\SetPoint\SetPoint.exe C:\Programme\Gemeinsame Dateien\Logitech\KHAL\KHALMNPR.EXE C:\Programme\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Dokumente und Einstellungen\Danh Biesgen\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ar.atwola.com/redir/B0/v-OTBWvZTe-lpIs2VhfeShOQvjBwiM4WwU4sobj96xSBz47cc6xEOA$$/http://as1.falkag.de/sel?cmd=lnk&kid=261417&dat=583074&opt=0&rdm=1 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [Dit] Dit.exe O4 - HKLM\..\Run: [CHotkey] mHotkey.exe O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe O4 - HKLM\..\Run: [NIC Monitor] VNICMon.exe O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [snppro] C:\WINDOWS\vsnppro.exe O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} (A9Helper.A9) - file://F:\components\A9.ocx O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe DOWN.txt Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 646C-F78F Verzeichnis von C:\WINDOWS\Downloaded Program Files 2007-03-23 12:17 1,292 erma.inf 2006-04-17 14:24 65 desktop.ini 2006-03-27 13:00 5,019 swflash.inf 2004-02-19 23:00 294,912 hidinputmonitorx.ocx 2004-02-19 23:00 49,152 A9.ocx 2003-06-30 22:41 1,689 WMV9VCM.inf 6 Datei(en) 352,129 Bytes 0 Verzeichnis(se), 12,244,959,232 Bytes frei SYSTEM32.txt Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 646C-F78F Verzeichnis von C:\WINDOWS\system32 2007-05-22 19:52 55,080 vsconfig.xml 2007-05-14 15:24 2,206 wpa.dbl 2007-04-25 14:33 185,952 rmoc3260.dll 2007-04-25 14:33 5,632 pndx5032.dll 2007-04-25 14:33 6,656 pndx5016.dll 2007-04-25 14:33 278,528 pncrt.dll 2007-04-23 17:28 4,254 jupdate-1.6.0_01-b06.log 2007-04-04 16:42 4,212 zllictbl.dat 2007-03-25 14:33 380,658 perfh009.dat 2007-03-25 14:33 1,606 PerfStringBackup.TMP 2007-03-25 14:33 63,700 perfc007.dat 2007-03-25 14:33 52,880 perfc009.dat 2007-03-25 14:33 391,348 perfh007.dat 2007-03-14 02:04 69,632 javacpl.cpl 2007-03-14 02:04 139,264 javaws.exe 2007-03-14 00:31 135,168 javaw.exe 2007-03-14 00:31 135,168 java.exe 2007-03-09 00:02 54,936 vsutil_loc0407.dll 2007-03-09 00:02 22,168 imsinstall_loc0407.dll 2007-03-09 00:02 18,072 imslsp_install_loc0407.dll 2007-03-09 00:02 394,192 vsdatant.sys 2007-03-09 00:01 1,087,216 zpeng24.dll 2007-03-09 00:01 71,408 zlcommdb.dll 2007-03-09 00:01 100,080 vsxml.dll 2007-03-09 00:01 83,696 zlcomm.dll 2007-03-09 00:01 46,832 vswmi.dll 2007-03-09 00:01 472,816 vsutil.dll 2007-03-09 00:01 71,408 vsregexp.dll 2007-03-09 00:01 276,208 vspubapi.dll 2007-03-09 00:01 104,176 vsmonapi.dll 2007-03-09 00:01 157,424 vsinit.dll 2007-03-09 00:01 83,696 vsdata.dll 2007-01-22 18:50 172,280 FNTCACHE.DAT 2006-11-16 07:20 10,474,920 MRT.exe 2006-11-04 15:14 1,245,696 msxml4.dll systemtemp.txt Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 646C-F78F Verzeichnis von C:\DOKUME~1\DANHBI~1\LOKALE~1\Temp 2007-05-22 19:30 201,640 jusched.log 2007-05-22 16:14 0 CacheInfo.dnl 2007-05-16 09:15 1,101 TWAIN.LOG 2007-05-16 09:15 4 Twain001.Mtx 2007-05-16 09:15 156 Twunk001.MTX 2007-05-14 15:30 16,384 ~DF3FA1.tmp 2007-05-14 15:30 16,384 ~DF3F51.tmp 2007-05-14 15:30 16,384 ~DF3F29.tmp 2007-05-14 15:30 16,384 ~DF3F79.tmp 2007-05-14 15:30 16,384 ~DF2011.tmp 2007-05-14 15:30 16,384 ~DF192D.tmp 2007-05-13 19:22 16,384 ~DFFE38.tmp 2007-05-13 19:22 16,384 ~DFF631.tmp 2007-05-09 13:54 670 MP3 Player.log 2007-05-08 17:00 16,384 ~DFA971.tmp 2007-05-08 15:33 18,064 ZTR6C.tmp 2007-05-08 15:33 18,604 ZTR67.tmp 2007-05-08 15:33 28,760 ZTR62.tmp 2007-05-08 15:33 19,236 ZTR5D.tmp 2007-05-08 15:27 9,052 ZTR57.tmp 2007-05-08 15:27 11,748 ZTR52.tmp 2007-05-08 15:27 14,056 ZTR4D.tmp 2007-05-08 15:27 50,084 ZTR48.tmp 2007-05-08 15:27 31,792 ZTR43.tmp 2007-05-01 14:01 16,384 ~DFEC47.tmp 2007-04-30 14:12 0 fla31.tmp 2007-04-28 17:55 16,384 ~DFC60.tmp 2007-04-25 14:38 220 01.08.rm.ram 2007-04-25 14:37 220 01.02.rm.ram 2007-04-25 14:36 220 01.01.rm.ram 2007-04-25 14:27 220 01.01-1.rm 2007-04-25 14:26 220 01.01.rm 2007-04-24 09:38 40,188 java_install_reg.log 2007-04-23 21:04 0 .tm58.tmp 2007-04-23 21:03 0 .tm57.tmp 2007-04-23 21:03 0 .tm56.tmp 2007-04-23 21:02 0 .tm55.tmp 2007-04-23 21:02 0 .tm54.tmp 2007-04-23 21:02 0 .tm53.tmp 2007-04-23 21:02 0 .tm52.tmp 2007-04-23 21:02 0 .tm51.tmp 2007-04-23 21:02 0 .tm50.tmp 2007-04-23 21:01 0 .tm4F.tmp 2007-04-23 21:01 0 .tm4E.tmp 2007-04-23 21:01 0 .tm4D.tmp 2007-04-23 17:26 1,142 jinstall.cfg 2007-04-21 20:34 0 fla11.tmp 2007-04-21 20:33 0 flaF.tmp 2007-04-18 17:34 16,384 ~DF673A.tmp 2007-04-18 17:34 16,384 ~DF60A5.tmp 2007-04-17 17:30 16,384 ~DF356C.tmp 2007-04-17 17:30 16,384 ~DF2F37.tmp 2007-04-17 00:13 16,384 ~DF1D78.tmp 2007-04-17 00:13 16,384 ~DF1684.tmp 2007-04-15 13:13 0 LAUD.tmp 2007-04-14 17:17 0 fla23.tmp 2007-04-14 00:12 16,384 ~DF39CB.tmp 2007-04-14 00:12 16,384 ~DF331F.tmp 2007-04-12 12:16 98,304 ~DFD9FE.tmp 2007-04-10 14:49 0 flaF4.tmp 2007-04-10 08:55 232 1F1205F7.TMP 2007-04-04 21:45 16,384 ~DF6E1B.tmp 2007-04-04 21:45 16,384 ~DF673D.tmp 2007-04-04 16:53 98,304 ~DFFE2.tmp 2007-04-04 16:41 71,680 GLB1B.tmp 2007-04-04 16:39 71,680 GLBB.tmp 2007-04-04 16:21 16,384 ~DFADCA.tmp 2007-04-04 16:21 16,384 ~DFAD7A.tmp 2007-04-04 16:21 16,384 ~DFADA2.tmp 2007-04-04 16:21 16,384 ~DFAD52.tmp 2007-04-04 15:58 16,384 ~DF3FD0.tmp 2007-04-04 15:58 16,384 ~DF3943.tmp 2007-04-03 22:24 16,384 ~DF73AB.tmp 2007-04-03 22:24 16,384 ~DF6AD6.tmp 2007-04-03 11:56 16,384 ~DF5CE3.tmp 2007-04-03 11:56 16,384 ~DF5CBB.tmp 2007-04-03 11:56 16,384 ~DF5C6B.tmp 2007-04-03 11:56 16,384 ~DF5C93.tmp 2007-04-03 11:36 16,384 ~DF9142.tmp 2007-04-03 11:36 16,384 ~DF916A.tmp 2007-04-03 11:36 16,384 ~DF911A.tmp 2007-04-03 11:36 16,384 ~DF90F2.tmp 2007-04-03 11:23 16,384 ~DF67BA.tmp 2007-04-03 11:23 16,384 ~DF6757.tmp 2007-04-03 11:23 16,384 ~DF670E.tmp 2007-04-03 11:23 16,384 ~DF6691.tmp 2007-04-03 11:22 16,384 ~DF9621.tmp 2007-04-03 11:22 16,384 ~DF8DFC.tmp 2007-03-22 23:17 0 fla22.tmp 2007-03-22 23:17 0 fla21.tmp 2007-03-22 23:17 0 fla15.tmp 2007-03-22 23:17 0 fla13.tmp 2007-03-21 20:59 16,384 ~DF6015.tmp 2007-03-21 20:59 16,384 ~DF5A0F.tmp 2007-03-21 18:14 16,384 ~DFCA3B.tmp 2007-03-21 18:13 16,384 ~DFC3B6.tmp 2007-03-21 15:13 0 m742.tmp 2007-03-17 23:21 16,384 ~DFD438.tmp 2007-03-17 23:21 16,384 ~DFB309.tmp 2007-03-12 00:21 16,384 ~DFDA85.tmp 2007-03-12 00:21 16,384 ~DFD370.tmp 2007-02-23 19:37 13,055 ICQ21.tmp 2007-02-23 19:37 4,350 ICQ20.tmp 2007-02-21 21:34 11,358 ICQ1F.tmp 2007-02-21 21:34 4,077 ICQ1C.tmp 2007-02-21 21:28 18,735 ICQ1B.tmp 2007-02-21 21:28 5,816 ICQA.tmp 2007-02-09 18:26 16,384 ~DF7B0E.tmp 2007-02-09 18:26 16,384 ~DF7AE6.tmp 2007-02-09 18:26 16,384 ~DF7ABE.tmp 2007-02-09 18:26 16,384 ~DF7A96.tmp 2007-02-09 18:20 16,384 ~DFCF18.tmp 2007-02-09 18:20 16,384 ~DFC9A9.tmp 2007-02-08 20:44 16,384 ~DF75F4.tmp 2007-02-08 20:44 512 ~DF6AE8.tmp 2007-02-08 20:44 16,384 ~DF6A59.tmp 2007-02-04 19:48 13,806 ICQ2B.tmp 2007-02-04 19:48 4,696 ICQ2A.tmp 2007-02-04 19:34 5,080 ICQ26.tmp 2007-02-04 19:34 15,601 ICQ27.tmp 2007-02-04 19:32 3,968 ICQ24.tmp 2007-02-04 19:32 11,442 ICQ25.tmp 2007-02-04 19:06 11,002 ICQ1A.tmp 2007-02-04 19:06 3,851 ICQ19.tmp 2007-02-04 19:06 11,158 ICQ14.tmp 2007-02-04 19:06 3,887 ICQ13.tmp 2007-02-04 19:04 10,915 ICQ12.tmp 2007-02-04 19:04 3,829 ICQ11.tmp 2007-02-04 19:03 11,013 ICQC.tmp 2007-02-04 19:03 3,853 ICQB.tmp 2007-02-03 20:17 14,403 ICQ10.tmp 2007-02-03 20:17 4,779 ICQF.tmp 2007-02-03 20:14 14,514 ICQE.tmp 2007-02-03 20:14 4,868 ICQD.tmp 2007-01-30 16:36 0 flaC.tmp 2007-01-29 21:50 16,384 ~DFA3C3.tmp 2007-01-29 21:50 16,384 ~DF9C4A.tmp tmp.txt Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 646C-F78F Verzeichnis von C:\WINDOWS\Temp 2007-05-22 19:52 256 ZLT04f30.TMP 2007-05-22 19:52 256 ZLT04f2d.TMP 2007-05-20 02:12 0 UpdB.tmp 2007-05-18 00:09 0 UpdA.tmp 2007-05-14 19:45 0 Upd45.tmp 2007-05-13 19:45 0 UpdA3.tmp 2007-05-12 19:45 0 Upd34.tmp 2007-05-11 19:45 0 Upd5.tmp 2007-05-09 13:54 0 Upd2A.tmp 2007-05-09 13:54 0 Upd29.tmp 2007-05-09 13:54 0 Upd27.tmp 2007-05-06 19:30 0 Upd18.tmp 2007-05-04 19:17 0 Upd2C.tmp 2007-05-01 13:57 0 Upd32.tmp 2007-04-30 13:57 0 Upd25.tmp 2007-04-29 18:52 0 Upd1.tmp 2007-04-26 20:06 0 Upd24.tmp 2007-04-25 20:06 0 Upd28.tmp 2007-04-24 20:06 0 Upd42.tmp 2007-04-23 20:06 0 Upd4B.tmp 2007-04-22 20:13 0 Upd23.tmp 2007-04-22 20:13 0 Upd22.tmp 2007-04-17 15:37 256 ZLT076ca.TMP 2007-04-17 15:37 256 ZLT05cee.TMP 2007-04-15 01:22 256 ZLT006ad.TMP 2007-04-15 01:22 256 ZLT03236.TMP 2007-04-14 10:46 256 ZLT0145c.TMP 2007-04-14 10:46 256 ZLT01458.TMP 2007-04-13 14:23 256 ZLT02a33.TMP 2007-04-13 14:23 256 ZLT06c08.TMP 2007-04-13 10:54 256 ZLT00651.TMP 2007-04-13 10:54 256 ZLT04bfe.TMP 2007-04-12 22:25 256 ZLT00ee2.TMP 2007-04-12 22:25 256 ZLT00ede.TMP 2007-04-11 18:51 256 ZLT01cbe.TMP 2007-04-11 18:51 256 ZLT01cbb.TMP 2007-04-10 02:04 256 ZLT04bde.TMP 2007-04-10 02:04 256 ZLT04bdb.TMP 2007-04-08 01:14 256 ZLT0090e.TMP 2007-04-08 01:14 256 ZLT0090b.TMP 2007-04-06 16:26 256 ZLT03278.TMP 2007-04-06 16:26 256 ZLT02747.TMP 2007-04-05 19:07 256 ZLT0545f.TMP 2007-04-05 19:07 256 ZLT0545b.TMP 2007-04-04 21:45 256 ZLT07f0d.TMP 2007-04-04 21:45 256 ZLT07f09.TMP 2007-04-02 20:39 256 ZLT02ff3.TMP 2007-04-02 20:39 256 ZLT02ff0.TMP 2007-04-02 17:15 256 ZLT013e4.TMP 2007-04-02 17:15 256 ZLT013e1.TMP 2007-04-01 23:03 256 ZLT02e22.TMP 2007-04-01 23:03 256 ZLT050a1.TMP 2007-04-01 19:30 256 ZLT0517a.TMP 2007-04-01 19:30 256 ZLT02da8.TMP 2007-03-30 18:26 256 ZLT0600d.TMP 2007-03-25 23:28 256 ZLT040bf.TMP 2007-03-25 23:28 256 ZLT040bb.TMP 2007-03-24 12:46 256 ZLT04b22.TMP 2007-03-24 12:46 256 ZLT006cf.TMP 2007-03-21 15:10 256 ZLT00aa0.TMP 2007-03-21 15:10 256 ZLT00a9d.TMP 2007-03-20 21:27 256 ZLT05cf6.TMP 2007-03-20 21:27 256 ZLT05cec.TMP 2007-03-20 17:19 256 ZLT05265.TMP 2007-03-20 17:19 256 ZLT01f64.TMP 2007-03-18 01:19 256 ZLT0363d.TMP 2007-03-18 01:19 256 ZLT024bd.TMP 2007-03-17 14:32 256 ZLT034ff.TMP 2007-03-17 14:32 256 ZLT034fc.TMP 2007-03-13 11:20 256 ZLT06a03.TMP 2007-03-13 11:20 256 ZLT069ff.TMP 2007-03-07 15:09 256 ZLT06c8a.TMP 2007-03-07 15:09 256 ZLT04475.TMP 2007-03-06 10:34 256 ZLT023c8.TMP 2007-03-06 10:34 256 ZLT023c5.TMP 2007-03-05 18:21 256 ZLT03af3.TMP 2007-03-05 18:21 256 ZLT03af0.TMP 2007-03-05 15:11 256 ZLT046b3.TMP 2007-03-05 15:11 256 ZLT02995.TMP 2007-03-04 00:30 256 ZLT0390e.TMP 2007-03-04 00:30 256 ZLT03904.TMP 2007-03-03 11:47 256 ZLT070d6.TMP 2007-03-03 11:47 256 ZLT070d2.TMP 2007-03-02 17:57 256 ZLT03df1.TMP 2007-03-02 17:57 256 ZLT03ded.TMP 2007-02-28 19:59 256 ZLT03ca2.TMP 2007-02-28 19:59 256 ZLT07f16.TMP 2007-02-28 14:59 256 ZLT019c5.TMP 2007-02-28 14:59 256 ZLT019c2.TMP 2007-02-27 22:17 256 ZLT01adb.TMP 2007-02-27 22:17 256 ZLT01ad8.TMP 2007-02-25 02:00 256 ZLT05b53.TMP 2007-02-25 02:00 256 ZLT05b4d.TMP 2007-02-24 14:09 256 ZLT07ea1.TMP 2007-02-24 14:09 256 ZLT03ad4.TMP 2007-02-24 11:37 256 ZLT046e3.TMP 2007-02-24 11:37 256 ZLT046e0.TMP 2007-02-23 21:37 256 ZLT043fa.TMP 2007-02-23 21:37 256 ZLT043f7.TMP 2007-02-23 18:16 256 ZLT029ec.TMP 2007-02-23 18:16 256 ZLT029e9.TMP 2007-02-21 14:33 256 ZLT02080.TMP 2007-02-21 14:33 256 ZLT06335.TMP 2007-02-20 17:40 256 ZLT023ee.TMP 2007-02-20 17:40 256 ZLT023eb.TMP 2007-02-20 16:29 256 ZLT06dcb.TMP 2007-02-20 16:29 256 ZLT06dc8.TMP 2007-02-20 10:16 256 ZLT02a81.TMP 2007-02-20 10:16 256 ZLT04fbc.TMP 2007-02-18 22:49 256 ZLT0614d.TMP 2007-02-18 22:49 256 ZLT07468.TMP 2007-02-16 18:22 256 ZLT00b3d.TMP 2007-02-16 18:22 256 ZLT00b3a.TMP 2007-02-13 11:17 256 ZLT01b14.TMP 2007-02-13 11:17 256 ZLT05b74.TMP 2007-02-12 20:26 256 ZLT0317f.TMP 2007-02-12 20:26 256 ZLT0317c.TMP 2007-02-09 18:18 256 ZLT04747.TMP 2007-02-09 18:18 256 ZLT065ae.TMP 2007-02-08 20:43 256 ZLT0064f.TMP 2007-02-08 20:43 256 ZLT00635.TMP 2007-02-06 10:06 256 ZLT002b5.TMP 2007-02-06 10:06 256 ZLT002b1.TMP 2007-02-05 19:51 256 ZLT073ca.TMP 2007-02-05 19:51 256 ZLT073c4.TMP 2007-02-03 14:57 256 ZLT0664f.TMP 2007-02-03 14:57 256 ZLT0766e.TMP 2007-02-01 20:04 256 ZLT0453f.TMP 2007-02-01 20:04 256 ZLT0453c.TMP 2007-01-30 10:36 256 ZLT07678.TMP 2007-01-30 10:36 256 ZLT07674.TMP 2007-01-29 20:30 256 ZLT069cf.TMP 2007-01-29 20:30 256 ZLT06edd.TMP 2007-01-29 16:37 256 ZLT007c2.TMP 2007-01-29 16:37 256 ZLT03ccd.TMP 2007-01-28 14:28 256 ZLT01bbe.TMP 2007-01-28 14:28 256 ZLT00b7d.T system.txt Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 646C-F78F Verzeichnis von C:\WINDOWS 2007-05-22 19:53 0 0.log 2007-05-22 19:52 1,686,506 WindowsUpdate.log 2007-05-22 19:52 50 wiaservc.log 2007-05-22 19:52 159 wiadebug.log 2007-05-22 19:52 2,048 bootstat.dat 2007-05-22 19:51 32,618 SchedLgU.Txt 2007-05-22 19:36 461 SUPERLEX.INI 2007-05-22 19:31 918 win.ini 2007-05-20 17:39 49 NeroDigital.ini 2007-05-17 16:29 1,059,580 setupapi.log 2007-05-17 16:08 54,156 QTFont.qfn 2007-05-13 17:51 104,399 wmsetup.log 2007-05-11 21:25 736 DigimaxMaster.INI 2007-04-29 22:51 24 cdplayer.ini 2007-03-09 00:02 42,648 zllsputility_loc0407.dll 2007-03-09 00:02 75,512 zllsputility.exe 2007-02-27 18:27 86 KE.log 2007-02-27 18:27 203,488 setupact.log 2007-02-17 17:36 1,409 QTFont.for 2007-01-15 21:21 1,454 COM+.log sys.txt Volumeseriennummer: 646C-F78F Verzeichnis von C:\ 2007-05-22 19:58 0 sys.txt 2007-05-22 19:58 542 down.txt 2007-05-22 19:57 18,363 tmp.txt 2007-05-22 19:57 11,263 system.txt 2007-05-22 19:56 56,738 systemtemp.txt 2007-05-22 19:56 95,226 system32.txt 2007-05-22 19:54 64 ComboFix.txt.bat 2007-05-22 19:52 1,610,612,736 pagefile.sys 2007-02-23 19:39 230,424 img3-001.raw 2006-10-07 20:49 0 logwmemory.bin 2006-05-29 17:54 211 boot.ini 2006-04-22 13:07 47,564 NTDETECT.COM 2006-04-22 13:07 251,184 ntldr 2006-04-17 14:25 0 IO.SYS 2006-04-17 14:25 0 CONFIG.SYS 2006-04-17 14:25 0 MSDOS.SYS 2006-04-17 14:25 0 AUTOEXEC.BAT 2003-04-02 14:00 4,952 bootfont.bin 18 Datei(en) 1,611,329,267 Bytes 0 Verzeichnis(se), 12,244,889,600 Bytes frei also bei mir hat sich halt der drive cleaner geöffnet und ich habe auf abbrechen geklickt und dann gegoogelt um was es sich darum handelt und bin dann darauf hin auf euer forum gestoßen wo soweit ich das beurteilen kann so verfahren werden soll. hoffe ihr könnt mir schnell helfen |
|
|
|
|
|
|
23.05.2007, 15:26
...neu hier
Beiträge: 1 |
#5
Hallo,
ich habe genau das gleiche Problem wie der Threadstarter. Daher poste ich die gefragten Logs einfach mal hier, in der Hoffnung, das mir geholfen wird. Falls das hier so nicht üblich ist, kann ich auch gerne einen eigenen Thread dazu eröffnen, man möge mir das dann nur mitteilen. Alle in der Anleitung verlinkten Logs habe ich hier hochgeladen. Ich hoffe, dass mir jemand helfen kann. |
|
|
|
|
|
|
24.05.2007, 01:15
...neu hier
Themenstarter Beiträge: 5 |
#6
Hmm hier nochmal der Threadstarter. Ich freu mich ja sehr das es dieses Forum gibt, aber irgendwie hilft mir keiner und dann sind hier noch soviele die ihr Problem mit posten und somit meines nach hinten rutscht.
Ist denn da draussen jemand der mir wirklich helfen möchte? Bitte Bitte ... das wäre lieb! |
|
|
|
|
|
|
24.05.2007, 01:39
Ehrenmitglied
Beiträge: 6028 |
#7
http://board.protecus.de/t23188.htm
1.CleanUp brauchts du nur zu installieren,dein rechner damit scannen und neu starten Davon brauchen wir keinen log 2.Combofix die textdatei abkopieren und in diesen Thread posten 3.Hijack This dasselbe __________ MfG Argus |
|
|
|
|
|
|
24.05.2007, 09:49
...neu hier
Themenstarter Beiträge: 5 |
#8
ok super danke ... und los gehts
"Steffi" - 2007-05-21 20:31:47 Service Pack 2 ComboFix 07-05.21.6.V - Running from: "C:\Programme\Mozilla Firefox\" (((((((((((((((((((((((((((((((((((((((((((((((((( V Log ))))))))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\hjkkj.bak1 C:\WINDOWS\system32\hjkkj.ini C:\WINDOWS\system32\hjkkj.ini2 C:\WINDOWS\system32\hjkkj.tmp C:\WINDOWS\system32\hjkkj.bak1 C:\WINDOWS\system32\hjkkj.ini C:\WINDOWS\system32\hjkkj.ini2 C:\WINDOWS\system32\hjkkj.tmp C:\WINDOWS\system32\jkkjh.dll C:\WINDOWS\system32\byxvwvw.dll * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * ((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-21 )))))))))))))))))))))))))))))))))) 2007-05-20 23:05 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\Spybot - Search & Destroy 2007-05-20 22:46 <DIR> d-------- C:\Avenger 2007-05-19 19:24 <DIR> d-------- C:\Programme\Adverts 2007-05-17 01:36 <DIR> d-------- C:\DOKUME~1\Steffi\ANWEND~1\vlc 2007-05-16 23:19 <DIR> d-------- C:\Programme\VideoLAN 2007-05-12 19:57 <DIR> d-------- C:\Programme\Lavasoft 2007-05-12 19:57 <DIR> d-------- C:\DOKUME~1\Steffi\ANWEND~1\Lavasoft 2007-05-11 17:17 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll 2007-05-11 17:17 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll 2007-05-09 10:25 <DIR> d-------- C:\Programme\Microsoft CAPICOM 2.1.0.2 2007-05-01 17:29 <DIR> d-------- C:\Programme\Paint.NET 2007-04-26 21:04 43,584 --a------ C:\WINDOWS\system32\drivers\avipbb.sys 2007-04-26 21:04 28,352 --a------ C:\WINDOWS\system32\drivers\ssmdrv.sys 2007-04-26 20:19 122,880 --a------ C:\WINDOWS\system32\spacklsp.dll 2007-04-26 20:19 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\T-Online DSL-Manager 2007-04-26 20:08 <DIR> d-------- C:\DOKUME~1\Steffi\ANWEND~1\T-Online 2007-04-26 20:07 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\T-Online 2007-04-26 20:06 <DIR> d-------- C:\Programme\T-Online 2007-04-26 20:06 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Marmiko Shared 2007-04-26 20:05 <DIR> d--hs---- C:\WINDOWS\ftpcache 2007-04-26 19:59 <DIR> d-------- C:\Programme\Gemeinsame Dateien\SWF Studio 2007-04-25 21:18 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\Zylom (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-05-20 17:57:45 -------- d-----w C:\Programme\Lexmark X1100 Series 2007-05-19 17:24:08 -------- d-----w C:\Programme\MSN Messenger 2007-05-19 17:24:08 -------- d-----w C:\Programme\Messenger Plus! Live 2007-05-12 17:57:02 -------- d-----w C:\Programme\Gemeinsame Dateien\Wise Installation Wizard 2007-05-02 18:35:00 75,392 ----a-w C:\WINDOWS\system32\perfc007.dat 2007-05-02 18:35:00 416,044 ----a-w C:\WINDOWS\system32\perfh007.dat 2007-05-01 15:09:45 -------- d-----w C:\Programme\Mozilla Thunderbird 2007-05-01 13:30:26 -------- d--h--w C:\Programme\InstallShield Installation Information 2007-04-26 05:50:53 -------- d-----w C:\Programme\Gemeinsame Dateien\Symantec Shared 2007-04-16 20:14:36 -------- d-----w C:\DOKUME~1\Steffi\ANWEND~1\SecondLife 2007-04-16 20:12:09 -------- d-----w C:\Programme\SecondLife 2007-04-16 17:58:55 -------- d-----w C:\DOKUME~1\Steffi\ANWEND~1\Real 2007-04-16 17:57:41 -------- d-----w C:\Programme\Gemeinsame Dateien\xing shared 2007-04-16 17:57:39 -------- d-----w C:\Programme\Gemeinsame Dateien\Real 2007-04-16 17:57:23 -------- d-----w C:\Programme\Real 2007-04-11 12:02:00 -------- d-----w C:\Programme\Skype 2007-04-11 05:54:33 -------- d-----w C:\Programme\Die Gilde 2 2007-03-19 18:47:50 -------- d-----w C:\Programme\ICQLite 2007-03-18 21:03:27 -------- d-----w C:\DOKUME~1\Steffi\ANWEND~1\New Yorker Radio 2007-03-17 13:44:25 293,376 ----a-w C:\WINDOWS\system32\winsrv.dll 2007-03-12 22:46:34 -------- d-----w C:\Programme\SopCast 2007-03-09 16:47:28 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2007-03-09 09:35:00 393,216 ----a-w C:\WINDOWS\system32\igxpun.exe 2007-03-08 15:36:30 579,072 ----a-w C:\WINDOWS\system32\user32.dll 2007-03-08 15:36:30 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll 2007-03-08 15:36:30 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll 2007-03-08 15:32:24 1,843,712 ----a-w C:\WINDOWS\system32\win32k.sys 2007-03-05 21:28:52 -------- d-----w C:\Programme\Gemeinsame Dateien\Jasc Software Inc 2007-03-05 21:28:27 -------- d-----w C:\Programme\Gemeinsame Dateien\InstallShield 2007-03-05 21:28:03 -------- d-----w C:\Programme\Jasc Software Inc 2007-03-05 21:28:03 -------- d-----w C:\DOKUME~1\Steffi\ANWEND~1\Jasc Software Inc 2007-02-26 10:34:34 204,800 ----a-w C:\WINDOWS\system32\igfxCoIn_v4785.dll 2007-02-26 09:59:40 2,555,904 ----a-w C:\WINDOWS\system32\igxpdx32.dll 2007-02-26 09:58:52 57,344 ----a-w C:\WINDOWS\system32\igxprd32.dll 2007-02-26 09:58:46 149,504 ----a-w C:\WINDOWS\system32\igxpgd32.dll 2007-02-26 09:58:32 1,612,576 ----a-w C:\WINDOWS\system32\igxpdv32.dll 2007-02-26 08:59:48 450,560 ----a-w C:\WINDOWS\system32\igldev32.dll 2007-02-26 08:58:12 2,334,720 ----a-w C:\WINDOWS\system32\iglicd32.dll 2007-02-26 08:36:54 192,512 ----a-w C:\WINDOWS\system32\igfxres.dll 2007-02-26 08:35:34 528,384 ----a-w C:\WINDOWS\system32\igfxcfg.exe 2007-02-26 08:34:28 155,648 ----a-w C:\WINDOWS\system32\hkcmd.exe 2007-02-26 08:34:28 131,072 ----a-w C:\WINDOWS\system32\igfxtray.exe 2007-02-26 08:34:04 200,704 ----a-w C:\WINDOWS\system32\igfxpph.dll 2007-02-26 08:33:58 24,576 ----a-w C:\WINDOWS\system32\igfxexps.dll 2007-02-26 08:33:56 159,744 ----a-w C:\WINDOWS\system32\igfxext.exe 2007-02-26 08:33:56 135,168 ----a-w C:\WINDOWS\system32\igfxdo.dll 2007-02-26 08:33:56 131,072 ----a-w C:\WINDOWS\system32\igfxpers.exe 2007-02-26 08:33:48 47,616 ----a-w C:\WINDOWS\system32\igfxsrvc.dll 2007-02-26 08:33:46 245,760 ----a-w C:\WINDOWS\system32\igfxsrvc.exe 2007-02-26 08:33:40 163,840 ----a-w C:\WINDOWS\system32\igfxzoom.exe 2007-02-26 08:33:30 102,400 ----a-w C:\WINDOWS\system32\hccutils.dll 2007-02-26 08:33:26 204,800 ----a-w C:\WINDOWS\system32\igfxdev.dll 2007-02-26 08:33:16 3,293,184 ----a-w C:\WINDOWS\system32\igfxress.dll 2007-02-05 20:18:44 185,856 ----a-w C:\WINDOWS\system32\upnphost.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04] {5CA3D70E-1895-11CF-8E15-001234567890}=C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-10-06 06:20] {9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-07-07 13:29] {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}=C:\Programme\Windows Live Toolbar\msntb.dll [2006-09-27 18:45] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="C:\Programme\Synaptics\SynTP\SynTPEnh.exe" [2005-12-17 01:32] "RTHDCPL"="RTHDCPL.EXE" [] "Alcmtr"="ALCMTR.EXE" [] "AGRSMMSG"="AGRSMMSG.exe" [] "THotkey"="C:\Programme\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-05 15:02] "TPSMain"="TPSMain.exe" [2005-08-03 17:16 C:\WINDOWS\system32\TPSMain.exe] "NDSTray.exe"="NDSTray.exe" [] "SmoothView"="C:\Programme\TOSHIBA\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe" [2005-05-13 12:01] "TFncKy"="TFncKy.exe" [] "TDispVol"="TDispVol.exe" [2005-09-16 14:53 C:\WINDOWS\system32\TDispVol.exe] "DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-10-06 06:20] "Tvs"="C:\Programme\TOSHIBA\Tvs\TvsTray.exe" [2005-11-30 13:25] "IntelZeroConfig"="C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 13:37] "IntelWireless"="C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 12:41] "CFSServ.exe"="CFSServ.exe" [] "Lexmark X1100 Series"="C:\Programme\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 16:51] "PCSuiteTrayApplication"="C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2005-03-22 10:39] "DataLayer"="C:\Programme\Gemeinsame Dateien\PCSuite\DataLayer\DataLayer.exe" [2005-03-31 10:30] "WinampAgent"="C:\Programme\Winamp\winampa.exe" [2006-11-21 19:38] "ICQ Lite"="C:\Programme\ICQLite\ICQLite.exe" [2006-07-11 12:06] "QuickTime Task"="C:\Programme\QuickTime\qttask.exe" [2007-02-08 00:46] "TkBellExe"="C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" [2007-04-16 19:57] "avgnt"="C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" [2007-04-26 21:04] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-02-26 10:34] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-02-26 10:34] "Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-02-26 10:33] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15:00] "TOSCDSPD"="C:\Programme\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-12 11:05] "MsnMsgr"="C:\Programme\MSN Messenger\MsnMsgr.exe" [2007-01-19 13:55] "SpybotSD TeaTimer"="C:\Programme\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce] "FFTI"=C:\Dokumente und Einstellungen\Steffi\Anwendungsdaten\Mozilla\Firefox\Profiles\0ebrqqre.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Dokumente und Einstellungen\Steffi\Anwendungsdaten\Mozilla\Firefox\Profiles/0ebrqqre.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}" ******************************************************************** catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-05-21 20:36:43 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ******************************************************************** Completion time: 2007-05-21 20:39:26 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-05-21 20:39 --- E O F --- Und hier Hijack This Logfile of HijackThis v1.99.1 Scan saved at 09:48:22, on 24.05.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Intel\Wireless\Bin\EvtEng.exe C:\Programme\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Programme\AntiVir PersonalEdition Classic\sched.exe C:\Programme\AntiVir PersonalEdition Classic\avguard.exe C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe C:\Programme\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Toshiba\TOSHIBA Applet\TAPPSRV.exe C:\WINDOWS\Explorer.EXE C:\Programme\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\AGRSMMSG.exe C:\Programme\Toshiba\Toshiba Applet\thotkey.exe C:\WINDOWS\system32\TPSMain.exe C:\Programme\TOSHIBA\ConfigFree\NDSTray.exe C:\Programme\Synaptics\SynTP\Toshiba.exe C:\Programme\TOSHIBA\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe C:\Programme\TOSHIBA\TOSHIBA Controls\TFncKy.exe C:\WINDOWS\system32\TDispVol.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Programme\TOSHIBA\Tvs\TvsTray.exe C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe C:\Programme\TOSHIBA\ConfigFree\CFSServ.exe C:\Programme\Lexmark X1100 Series\lxbkbmgr.exe C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Programme\Lexmark X1100 Series\lxbkbmon.exe C:\Programme\Gemeinsame Dateien\PCSuite\DataLayer\DataLayer.exe C:\WINDOWS\system32\TPSBattM.exe C:\Programme\Winamp\winampa.exe C:\Programme\ICQLite\ICQLite.exe C:\PROGRA~1\GEMEIN~1\PCSuite\Services\SERVIC~1.EXE C:\Programme\QuickTime\qttask.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\TOSHIBA\ConfigFree\CFXFER.exe C:\Programme\TOSHIBA\TOSCDSPD\toscdspd.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Programme\MSN Messenger\MsnMsgr.Exe C:\Programme\T-Online\DSL-Manager\TODslMgr.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\Programme\T-Online\DSL-Manager\TODslSvc.exe C:\Programme\Mozilla Thunderbird\thunderbird.exe C:\Programme\MSN Messenger\usnsvc.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\DOKUME~1\Steffi\LOKALE~1\Temp\Temporäres Verzeichnis 2 für hijackthis.zip\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [THotkey] C:\Programme\Toshiba\Toshiba Applet\thotkey.exe O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [SmoothView] C:\Programme\TOSHIBA\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe O4 - HKLM\..\Run: [TFncKy] TFncKy.exe O4 - HKLM\..\Run: [TDispVol] TDispVol.exe O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [Tvs] C:\Programme\TOSHIBA\Tvs\TvsTray.exe O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [IntelWireless] "C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Programme\Lexmark X1100 Series\lxbkbmgr.exe" O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray O4 - HKLM\..\Run: [DataLayer] C:\Programme\Gemeinsame Dateien\PCSuite\DataLayer\DataLayer.exe O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe O4 - HKLM\..\Run: [ICQ Lite] "C:\Programme\ICQLite\ICQLite.exe" -minimize O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [TOSCDSPD] C:\Programme\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\RunOnce: [FFTI] C:\Dokumente und Einstellungen\Steffi\Anwendungsdaten\Mozilla\Firefox\Profiles\0ebrqqre.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Dokumente und Einstellungen\Steffi\Anwendungsdaten\Mozilla\Firefox\Profiles/0ebrqqre.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}" O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot O4 - Startup: Microsoft Office OneNote 2003 Schnellstart.lnk = C:\Programme\Microsoft Office\OFFICE11\ONENOTEM.EXE O4 - Startup: T-Online DSL-Manager.lnk = C:\Programme\T-Online\DSL-Manager\TODslMgr.exe O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Windows Live Search - res://C:\Programme\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: In neuer Registerkarte im Hintergrund öffnen - res://C:\Programme\Windows Live Toolbar\Components\de-de\msntabres.dll.mui/229?e6220d09e73e43cfb21a9355de242fc6 O8 - Extra context menu item: In neuer Registerkarte im Vordergrund öffnen - res://C:\Programme\Windows Live Toolbar\Components\de-de\msntabres.dll.mui/230?e6220d09e73e43cfb21a9355de242fc6 O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra button: eBay - {2D941D56-1B19-44AE-8CF5-08331A3B4CCF} - C:\Programme\Internet Explorer\Signup\ToshibaGotoEbay.exe (HKCU) O10 - Unknown file in Winsock LSP: c:\windows\system32\spacklsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\spacklsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\spacklsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\spacklsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\spacklsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\spacklsp.dll O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game12.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: T-Online WLAN Adapter Steuerungsdienst (MZCCntrl) - Deutsche Telekom AG, Marmiko IT-Solutions GmbH - C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Programme\Toshiba\TOSHIBA Applet\TAPPSRV.exe O23 - Service: T-Online DSL-Manager (TODslService) - T-Systems International GmbH - C:\Programme\T-Online\DSL-Manager\TODslSvc.exe |
|
|
|
|
|
|
24.05.2007, 10:36
Ehrenmitglied
Beiträge: 6028 |
#9
@Steffinchen
 Schliesse alle Fenster und starte Hijack This Klicke: Do a Systemscan only Setze ein Häckchen in das Kästchen vor den genannten Eintrag bei O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE klicke: Fix checked Download: RemoveVideoActiveXObject by Smeenk,zum Desktop Danach dopplelklicken Moeglich startet der Uninstaller von ein Roquescanner schliesse es nicht ab aber lass es seine Arbeit tun Rechner neu starten und nochmals RemoveVideoActiveXObject.exe Doppelklicken Poste nachher den logfile C:\RVAXO-results.log in dein folgender Bericht __________ MfG Argus Dieser Beitrag wurde am 24.05.2007 um 19:20 Uhr von Arnold editiert.
|
|
|
|
|
|
|
22.08.2007, 22:01
...neu hier
Beiträge: 2 |
#10
Hi, hab selbes Problem...wär super wenn mir jemand helfen könnte!!
hab mal alles so gemacht wie ichs hier gefunden hab... Combofix: ComboFix 07-08-17.2 - "Tyria" 2007-08-22 21:42:23.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1031.18.199 [GMT 2:00] * Created a new restore point ((((((((((((((((((((((((( Files Created from 2007-07-22 to 2007-08-22 ))))))))))))))))))))))))))))))) 2007-08-22 21:41 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-08-22 11:32 120,200 --a------ C:\WINDOWS\system32\DLLDEV32i.dll 2007-08-22 11:32 <DIR> d-------- C:\Programme\Gemeinsame Dateien\MAGIX 2007-08-16 09:49 <DIR> d-------- C:\Programme\phase5 2007-08-14 23:35 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2007-08-02 21:48 <DIR> d-------- C:\Programme\ICQ6 2007-08-02 21:48 <DIR> d-------- C:\DOKUME~1\Tyria\ANWEND~1\InstallShield 2007-07-31 15:18 <DIR> d-------- C:\DOKUME~1\Tyria\ANWEND~1\Opera 2007-07-31 15:17 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\Adobe Systems 2007-07-31 14:54 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared 2007-07-31 14:52 16,384 --a------ C:\WINDOWS\system32\FileOps.exe 2007-07-30 01:22 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll 2007-07-30 01:22 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll 2007-07-30 01:22 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys 2007-07-29 20:12 719,872 --a------ C:\WINDOWS\system32\devil.dll 2007-07-29 20:12 70,656 --a------ C:\WINDOWS\system32\yv12vfw.dll 2007-07-29 20:12 70,656 --a------ C:\WINDOWS\system32\i420vfw.dll 2007-07-29 20:12 66,560 --a------ C:\WINDOWS\MOTA113.exe 2007-07-29 20:12 502,784 --a------ C:\WINDOWS\x2.64.exe 2007-07-29 20:12 394,240 --a------ C:\WINDOWS\system32\Smab.dll 2007-07-29 20:12 318,976 --a------ C:\WINDOWS\system32\avisynth.dll 2007-07-29 20:12 27,648 --a------ C:\WINDOWS\system32\AVSredirect.dll 2007-07-29 20:12 240,128 --a------ C:\WINDOWS\system32\x.264.exe 2007-07-29 20:12 217,073 --a------ C:\WINDOWS\meta4.exe 2007-07-29 19:59 <DIR> d-------- C:\DOKUME~1\Tyria\ANWEND~1\vlc 2007-07-29 19:58 <DIR> d-------- C:\Programme\VideoLAN (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-08-22 21:22 --------- d-------- C:\DOKUME~1\Tyria\ANWEND~1\OpenOffice.org2 2007-08-22 20:42 --------- d-------- C:\Programme\MAGIX 2007-08-22 20:07 --------- d-------- C:\Programme\ICQToolbar 2007-08-18 20:56 --------- d--h----- C:\Programme\InstallShield Installation Information 2007-08-15 23:52 --------- d-------- C:\Programme\No23 Recorder 2007-08-13 23:48 --------- d-------- C:\DOKUME~1\Tyria\ANWEND~1\ICQ Toolbar 2007-08-02 21:49 --------- d-------- C:\DOKUME~1\Tyria\ANWEND~1\ICQ 2007-06-26 08:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll 2007-06-19 16:26 667648 --a------ C:\WINDOWS\system32\mgxoschk.dll 2007-06-19 15:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll 2007-06-13 15:21 1036288 --a------ C:\WINDOWS\explorer.exe 2005-03-31 22:17 40960 --a------ C:\Programme\Uninstall_CDS.exe ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NVRaidService"="C:\WINDOWS\system32\nvraidservice.exe" [2004-06-11 05:15] "RemoteControl"="C:\Programme\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-08 17:35] "InCD"="C:\Programme\Ahead\InCD\InCD.exe" [2005-06-10 16:20] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50] "avgnt"="C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" [2007-04-19 23:21] "TkBellExe"="C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" [2006-07-29 00:23] "QuickTime Task"="C:\Programme\QuickTime\qttask.exe" [2006-08-21 11:56] "HYPERFOLIO BROWSER SPY"="C:\Programme\hyperfolio\hfbspy.exe" [2000-09-28 13:42] "QuickFinder Scheduler"="C:\Programme\WordPerfect Office 11\Programs\QFSCHD110.EXE" [2003-03-07 05:01] "WinampAgent"="C:\Programme\Winamp\winampa.exe" [2006-09-26 16:49] "SoundMan"="SOUNDMAN.EXE" [2005-05-17 12:48 C:\WINDOWS\SOUNDMAN.EXE] "SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43] "ZoneAlarm Client"="C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 00:02] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00] "PowerBar"="C:\Programme\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" [2004-04-21 10:26] "updateMgr"="C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45] "MySpaceIM"="C:\Programme\MySpace\IM\MySpaceIM.exe" [2007-05-30 03:34] "ICQ"="C:\Programme\ICQ6\ICQ.exe" [2007-07-19 14:24] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "MySpaceIM"=C:\Programme\MySpace\IM\MySpaceIM.exe C:\Dokumente und Einstellungen\Tyria\Startmen\Programme\Autostart\ OpenOffice.org 2.0.lnk - C:\Programme\OpenOffice.org 2.0\program\quickstart.exe [2006-01-25 19:42:22] C:\Dokumente und Einstellungen\All Users\Startmen\Programme\Autostart\ Adobe Reader - Schnellstart.lnk - C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26] R1 avgio;avgio;\??\C:\Programme\AntiVir PersonalEdition Classic\avgio.sys R1 avipbb;avipbb;C:\WINDOWS\system32\DRIVERS\avipbb.sys R1 DumaNT;NVIDIA Stereo Helper Service;C:\WINDOWS\system32\DRIVERS\dumant.sys R2 GDTdiInterceptor;GDTdiInterceptor;\??\C:\WINDOWS\system32\drivers\GDTdiIcpt.sys R3 avgntflt;avgntflt;\??\C:\Programme\AntiVir PersonalEdition Classic\avgntflt.sys R3 HCWBT8XX;Hauppauge WinTV 848/9 WDM Video Driver;C:\WINDOWS\system32\drivers\HCWBT8XX.sys S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;D:\Musik Manager\Common\Database\bin\fbserver.exe S3 GMSIPCI;GMSIPCI;\??\E:\INSTALL\GMSIPCI.SYS S3 MSICPL;MSICPL;\??\E:\install4\MSICPL.sys S3 NTACCESS;NTACCESS;\??\E:\NTACCESS.sys S3 SetupNTGLM7X;SetupNTGLM7X;\??\E:\NTGLM7X.sys S3 ssmdrv;ssmdrv;C:\WINDOWS\system32\DRIVERS\ssmdrv.sys S3 usbsermptxp;Motorola USB Modem Driver for MPT XP;C:\WINDOWS\system32\DRIVERS\usbsermptxp.sys [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cc9cd8d1-1e5b-11db-9d2f-806d6172696f}] AutoRun\command- E:\Bin\assetup.exe Contents of the 'Scheduled Tasks' folder 2007-08-22 18:21:32 C:\WINDOWS\Tasks\1-Klick-Wartung.job - C:\Programme\TuneUp Utilities 2007\SystemOptimizer.exe ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-08-22 21:45:01 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-08-22 21:45:44 --- E O F --- und hier hijackthis Logfile of HijackThis v1.99.1 Scan saved at 21:12:36, on 22.08.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\nvraidservice.exe C:\Programme\CyberLink DVD Solution\PowerDVD\PDVDServ.exe C:\Programme\Ahead\InCD\InCD.exe C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\Programme\QuickTime\qttask.exe C:\Programme\hyperfolio\hfbspy.exe C:\Programme\Winamp\winampa.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programme\Java\jre1.6.0_01\bin\jusched.exe C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe C:\Programme\MySpace\IM\MySpaceIM.exe C:\Programme\OpenOffice.org 2.0\program\soffice.exe C:\Programme\OpenOffice.org 2.0\program\soffice.BIN C:\Programme\AntiVir PersonalEdition Classic\sched.exe C:\Programme\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\system32\svchost.exe C:\Programme\ArcorOnline\AOButler.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\Programme\Adobe\Acrobat 7.0\Reader\AcroRd32.exe C:\WINDOWS\explorer.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Dokumente und Einstellungen\Tyria\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.arcor.de R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.arcor.de R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Arcor AG & Co. KG R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: HyperFolio IE Site Restrictor Class - {22C1B5B2-ACB4-11D3-A719-0060089C5699} - C:\Programme\hyperfolio\HFIER10.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Programme\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [InCD] C:\Programme\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [HYPERFOLIO BROWSER SPY] C:\Programme\hyperfolio\hfbspy.exe "C:\Programme\hyperfolio\hfolio.exe" O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Programme\WordPerfect Office 11\Programs\QFSCHD110.EXE" O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [PowerBar] "C:\Programme\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime O4 - HKCU\..\Run: [updateMgr] C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 O4 - HKCU\..\Run: [MySpaceIM] C:\Programme\MySpace\IM\MySpaceIM.exe O4 - HKCU\..\Run: [ICQ] "C:\Programme\ICQ6\ICQ.exe" silent O4 - Startup: OpenOffice.org 2.0.lnk = C:\Programme\OpenOffice.org 2.0\program\quickstart.exe O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing) O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{992A4949-D335-49BC-98EB-048A06CF3B77}: NameServer = 195.50.140.252 195.50.140.114 O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - D:\Musik Manager\Common\Database\bin\fbserver.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Programme\Ahead\InCD\InCDsrv.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe danke schonmal! |
|
|
|
|
|
|
22.08.2007, 23:08
Ehrenmitglied
Beiträge: 6028 |
||
|
|
|
|
|
23.08.2007, 09:08
...neu hier
Beiträge: 2 |
#12
oh ok komisch...aber danke trotzdem!!!
|
|
|
|
|
|
|
23.08.2007, 14:07
Member
 Beiträge: 694 |
#13
@Julsche
Hatte mal einen Fall ..., daher: Hosts-File anzeigen: Lade das Host-file (C:\WINDOWS\system32\drivers\etc\hosts) in einen Texteditor (im Explorer drauf klicken, rechte Maus, senden an -> editor). Kopiere den Inhalt und poste ihn hier... Chris |
|
|
|
|
|
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!
bitte erst » hier kostenlos registrieren!!
Folgende Themen könnten Dich auch interessieren:
Seite(n): 1
Copyright © 2024, Protecus.de - Protecus Team - Impressum / Mediadaten
also ich habe dieses Drive Cleaner Problem. Es öffnen sich immer irgendwelche Internetseiten wo steht das ich Viren habe oder Sexseiten besucht wurden. Ich solle doch Drive Cleaner runterladen. Hab ich nicht gemacht, aber es verfolgt mich trotzdem.
Ich habe alle Logs gemacht und in die angehängte Datei kopiert.
Ich hoffe ihr könnt mir helfen.
Danke
Steffi