TR/Vundo.Gen kann nicht gelöscht werden |
||
|---|---|---|
| #0
| ||
|
26.05.2007, 17:58
Member
 Beiträge: 125 |
||
 
|
|
|
|
26.05.2007, 18:11
Moderator
Beiträge: 7805 |
#2
Poste bitte die Reporte von Combofix und Hijackthis: http://board.protecus.de/t23188.htm
__________ MfG Ralf SEO-Spam Hunter |
|
|
|
|
|
|
26.05.2007, 18:42
Member
Themenstarter Beiträge: 125 |
#3
So hier ist idr Combofix logfile. Hoffe wie vorhin das es die richtige ist.
"Seppe" - 2007-05-26 18:29:58 Service Pack 2 ComboFix 07-05.26.3.V - Running from: "C:\Dokumente und Einstellungen\Seppe\Desktop\" (((((((((((((((((((((((((((((((((((((((((((((((((( V Log ))))))))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\ycbeg.bak1 C:\WINDOWS\system32\ycbeg.bak2 C:\WINDOWS\system32\ycbeg.ini C:\WINDOWS\system32\ycbeg.ini2 C:\WINDOWS\system32\ycbeg.tmp C:\WINDOWS\system32\ycbeg.bak1 C:\WINDOWS\system32\ycbeg.bak2 C:\WINDOWS\system32\ycbeg.ini C:\WINDOWS\system32\ycbeg.ini2 C:\WINDOWS\system32\ycbeg.tmp C:\WINDOWS\system32\ycbeg.bak1 C:\WINDOWS\system32\ycbeg.bak2 C:\WINDOWS\system32\ycbeg.ini C:\WINDOWS\system32\ycbeg.ini2 C:\WINDOWS\system32\ycbeg.tmp C:\WINDOWS\system32\gebcy.dll C:\WINDOWS\system32\khfgeca.dll * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) "C:\install.log" ((((((((((((((((((((((((((((((( Files Created from 2007-04-26 to 2007-05-26 )))))))))))))))))))))))))))))))))) 2007-05-20 12:18 <DIR> d-------- C:\Programme\mresreg 2007-05-16 22:26 <DIR> d-------- C:\DOKUME~1\Seppe\ANWEND~1\ICQLite 2007-05-15 21:00 <DIR> d-------- C:\DOKUME~1\Seppe\ANWEND~1\ICQ 2007-05-13 11:58 <DIR> d-------- C:\Programme\QuickTime 2007-05-12 12:32 25,896 --a------ C:\WINDOWS\system32\drivers\scramby.sys 2007-05-11 14:41 299,520 --a------ C:\WINDOWS\uninst.exe 2007-05-10 20:59 <DIR> d-------- C:\Programme\Save 2007-05-09 20:58 2,704,625 --a------ C:\WINDOWS\system32\Luxor Game Screensaver.scr 2007-05-09 20:58 <DIR> d-------- C:\Programme\Desktop XP (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-05-26 16:32:11 -------- d-----w C:\Programme\BOINC 2007-05-26 16:27:45 -------- d-----w C:\DOKUME~1\Seppe\ANWEND~1\Xfire 2007-05-26 09:50:33 -------- d-----w C:\DOKUME~1\Seppe\ANWEND~1\teamspeak2 2007-05-19 18:29:44 -------- d-----w C:\Programme\Google 2007-05-19 08:09:30 -------- d-----w C:\DOKUME~1\Seppe\ANWEND~1\BitTorrent 2007-05-16 20:15:47 -------- d--h--w C:\Programme\InstallShield Installation Information 2007-05-16 13:18:33 -------- d-----w C:\DOKUME~1\Seppe\ANWEND~1\Skype 2007-05-03 13:29:50 -------- d-----w C:\DOKUME~1\Seppe\ANWEND~1\NetPumper 2007-04-27 10:24:59 73,736 ----a-w C:\WINDOWS\system32\perfc007.dat 2007-04-27 10:24:59 372,796 ----a-w C:\WINDOWS\system32\perfh007.dat 2007-04-18 16:13:24 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll 2007-03-30 15:36:59 -------- d-----w C:\Programme\Skype 2007-03-30 15:36:59 -------- d-----w C:\Programme\Gemeinsame Dateien\Skype 2007-03-22 19:55:15 812,063 ----a-w C:\WINDOWS\nikefootball.exe 2007-03-22 19:55:15 29,696 ----a-w C:\WINDOWS\mickey32.dll 2007-03-22 19:55:15 199,352 ----a-w C:\WINDOWS\nikefootball.scr 2007-03-19 10:42:53 37,869 ----a-w C:\WINDOWS\system32\kbdsl132.dll 2007-03-17 13:44:25 293,376 ----a-w C:\WINDOWS\system32\winsrv.dll 2007-03-08 15:36:30 579,072 ----a-w C:\WINDOWS\system32\user32.dll 2007-03-08 15:36:30 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll 2007-03-08 15:36:30 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll 2007-03-08 15:32:24 1,843,712 ----a-w C:\WINDOWS\system32\win32k.sys (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {13FCB71A-8896-F743-3F61-27829C396522}=C:\DOKUME~1\Seppe\ANWEND~1\WAITVI~1\stupidmore.exe [] {74CC49F7-EB32-4A08-B204-948962A6E3DB}=C:\Programme\HbTools\Bin\4.8.7.0\HbtHostIE.dll [] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Programme\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43] {8C4771BF-817E-A6A4-83D0-09A49FDD4803}=C:\DOKUME~1\Seppe\ANWEND~1\WAITVI~1\stupidmore.exe [] {9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 21:33] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AudioDrvEmulator"="C:\Programme\Creative\Shared Files\Module Loader\DLLML.exe" [] "nwiz"="nwiz.exe" [2006-10-22 13:22 C:\WINDOWS\system32\nwiz.exe] "avgnt"="C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" [2007-04-23 12:49] "CTHelper"="CTHELPER.EXE" [] "CTxfiHlp"="CTXFIHLP.EXE" [2005-08-08 00:10 C:\WINDOWS\system32\CTXFIHLP.EXE] "Adobe Photo Downloader"="C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-23 20:33] "WorksFUD"="C:\Programme\Microsoft Works\wkfud.exe" [2000-07-12 12:59] "Microsoft Works Portfolio"="C:\Programme\Microsoft Works\WksSb.exe" [2000-07-12 14:14] "Microsoft Works Update Detection"="C:\Programme\Microsoft Works\WkDetect.exe" [2000-07-21 16:39] "RemoteControl"="C:\Programme\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 03:01] "OM_Monitor"="D:\Nützliches\Digital Kamera\FirstStart.exe" [] "Delete pop boob joy"="C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\software axis delete pop\bows store.exe" [] "VirtualCloneDrive"="C:\Programme\VirtualCloneDrive\VCDDaemon.exe" [2006-04-29 15:21] "SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43] "baitcashboldbody"="C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\tons settings bait cash\dogsend.exe" [] "IP Changer 2.0"="D:\Progiez\IP Changer\IPChanger.exe" [] "@"="" [] "Sony Ericsson PC Suite"="C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 18:17] "WeatherOnTray"="C:\Programme\HbTools\Bin\4.8.7.0\HbtWeatherOnTray.exe" [] "HbTools"="C:\Programme\HbTools\Bin\4.8.7.0\HbtOEAddOn.exe" [2007-01-03 15:15] "iTunesHelper"="C:\Programme\iTunes\iTunesHelper.exe" [2007-03-14 20:05] "Tarantula"="C:\Programme\Razer\Tarantula\razerhid.exe" [2006-09-30 16:48] "QuickTime Task"="C:\Programme\QuickTime\qttask.exe" [2007-04-27 09:41] "ICQ Lite"="D:\Progiez\ICQLite\ICQLite.exe" [2006-07-11 12:15] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Creative Detector"="C:\Programme\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 18:23] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00] "OM_Monitor"="D:\Nützliches\Digital Kamera\Monitor.exe" [] "aceaudio"="C:\DOKUME~1\Seppe\ANWEND~1\MEOWBA~1\Link Each.exe" [] "Steam"="d:\games\steam\steam.exe" [2007-01-10 18:09] "MSMSGS"="C:\Programme\Messenger\msmsgs.exe" [2004-10-13 18:24] "msnmsgr"="C:\Programme\MSN Messenger\msnmsgr.exe" [2007-01-19 13:55] "WMPNSCFG"="C:\Programme\Windows Media Player\WMPNSCFG.exe" [2006-10-24 21:05] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce] "ICQ Lite"=D:\Progiez\ICQLite\ICQLite.exe -trayboot Contents of the 'Scheduled Tasks' folder 2007-05-26 16:00:00 C:\WINDOWS\tasks\ACFFE64191809891.job 2007-05-20 09:56:00 C:\WINDOWS\tasks\AppleSoftwareUpdate.job ******************************************************************** catchme 0.3.681 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-05-26 18:34:31 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ******************************************************************** Completion time: 2007-05-26 18:38:10 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-05-26 18:37 --- E O F --- |
|
|
|
|
|
|
26.05.2007, 18:46
Moderator
Beiträge: 7805 |
#4
Bitte noch ein neues Hijackthis log erstellen und posten, damit man sehen kann, was combofix bereits geloescht hat
__________ MfG Ralf SEO-Spam Hunter |
|
|
|
|
|
|
26.05.2007, 18:47
Member
Themenstarter Beiträge: 125 |
#5
Ah ok sry hab ich überlesen.
DANK NOCHMAL! Logfile of HijackThis v1.99.1 Scan saved at 18:42:41, on 26.05.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16441) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Programme\AntiVir PersonalEdition Classic\sched.exe C:\Programme\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\nvsvc32.exe D:\Progiez\Scramby\ScrambyServer.exe C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\CTHELPER.EXE C:\WINDOWS\system32\CTXFIHLP.EXE C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Programme\CyberLink\PowerDVD\PDVDServ.exe C:\Programme\VirtualCloneDrive\VCDDaemon.exe C:\WINDOWS\SYSTEM32\CTXFISPI.EXE C:\Programme\Java\jre1.6.0_01\bin\jusched.exe C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\Programme\HbTools\Bin\4.8.7.0\HbtOEAddOn.exe C:\Programme\iTunes\iTunesHelper.exe C:\Programme\Razer\Tarantula\razerhid.exe C:\Programme\QuickTime\qttask.exe D:\Progiez\ICQLite\ICQLite.exe C:\Programme\Creative\MediaSource\Detector\CTDetect.exe C:\Programme\Gemeinsame Dateien\Teleca Shared\CapabilityManager.exe C:\WINDOWS\system32\ctfmon.exe D:\games\steam\steam.exe C:\Programme\Messenger\msmsgs.exe C:\Programme\MSN Messenger\msnmsgr.exe C:\Programme\iPod\bin\iPodService.exe C:\Programme\Windows Media Player\WMPNSCFG.exe C:\Programme\BOINC\boincmgr.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\wkcalrem.exe C:\Programme\DT\Sinus 154 stick\Wifiusb.exe C:\Programme\BOINC\boinc.exe D:\Progiez\Xfire\Xfire.exe C:\WINDOWS\system32\svchost.exe C:\Programme\BOINC\projects\boinc.bakerlab.org_rosetta\rosetta_5.67_windows_intelx86.exe C:\Programme\Razer\Tarantula\razertra.exe C:\Programme\MSN Messenger\usnsvc.exe C:\Programme\MSN Messenger\livecall.exe C:\Programme\Gemeinsame Dateien\Teleca Shared\Generic.exe C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\WINDOWS\system32\notepad.exe C:\Programme\Mozilla Firefox\firefox.exe D:\Progiez\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {13FCB71A-8896-F743-3F61-27829C396522} - C:\DOKUME~1\Seppe\ANWEND~1\WAITVI~1\stupidmore.exe (file missing) O2 - BHO: HbTools - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Programme\HbTools\Bin\4.8.7.0\HbtHostIE.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {8C4771BF-817E-A6A4-83D0-09A49FDD4803} - C:\DOKUME~1\Seppe\ANWEND~1\WAITVI~1\stupidmore.exe (file missing) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: H&otbar - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Programme\HbTools\Bin\4.8.7.0\HbtHostIE.dll (file missing) O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Programme\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Programme\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll" O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [WorksFUD] C:\Programme\Microsoft Works\wkfud.exe O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Programme\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Microsoft Works\WkDetect.exe O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe O4 - HKLM\..\Run: [OM_Monitor] D:\Nützliches\Digital Kamera\FirstStart.exe O4 - HKLM\..\Run: [Delete pop boob joy] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\software axis delete pop\bows store.exe O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Programme\VirtualCloneDrive\VCDDaemon.exe" /s O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [baitcashboldbody] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\tons settings bait cash\dogsend.exe O4 - HKLM\..\Run: [IP Changer 2.0] "D:\Progiez\IP Changer\IPChanger.exe" O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [WeatherOnTray] C:\Programme\HbTools\Bin\4.8.7.0\HbtWeatherOnTray.exe O4 - HKLM\..\Run: [HbTools] C:\Programme\HbTools\Bin\4.8.7.0\HbtOEAddOn.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Tarantula] C:\Programme\Razer\Tarantula\razerhid.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ICQ Lite] "D:\Progiez\ICQLite\ICQLite.exe" -minimize O4 - HKCU\..\Run: [Creative Detector] C:\Programme\Creative\MediaSource\Detector\CTDetect.exe /R O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [OM_Monitor] D:\Nützliches\Digital Kamera\Monitor.exe -NoStart O4 - HKCU\..\Run: [aceaudio] C:\DOKUME~1\Seppe\ANWEND~1\MEOWBA~1\Link Each.exe O4 - HKCU\..\Run: [Steam] "d:\games\steam\steam.exe" -silent O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\RunOnce: [ICQ Lite] D:\Progiez\ICQLite\ICQLite.exe -trayboot O4 - Startup: Xfire.lnk = D:\Progiez\Xfire\Xfire.exe O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: BOINC Manager.lnk = C:\Programme\BOINC\boincmgr.exe O4 - Global Startup: Erinnerungen in Microsoft Works-Kalender.lnk = ? O4 - Global Startup: Sinus 154 stick WLAN Manager.lnk = C:\Programme\DT\Sinus 154 stick\Wifiusb.exe O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Recherche-Assistent - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Reference 2001\EROProj.dll O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Progiez\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Progiez\ICQLite\ICQLite.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1156755463171 O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - D:\Nützliches\Sony Vegas\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Scramby Service (ScrambySrv) - RapidSolution - D:\Progiez\Scramby\ScrambyServer.exe O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - D:\Nützliches\Sony Vegas\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing) O23 - Service: Voice Tuner (voicetuner) - RapidSolution - D:\Progiez\Scramby\voicetunerserver.exe |
|
|
|
|
|
|
26.05.2007, 20:31
Moderator
Beiträge: 7805 |
#6
Hake bitte in Hijackthis folgendes an und druecke dann fix checked:
O2 - BHO: (no name) - {13FCB71A-8896-F743-3F61-27829C396522} - C:\DOKUME~1\Seppe\ANWEND~1\WAITVI~1\stupidmore.exe (file missing) O2 - BHO: HbTools - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Programme\HbTools\Bin\4.8.7.0\HbtHostIE.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {8C4771BF-817E-A6A4-83D0-09A49FDD4803} - C:\DOKUME~1\Seppe\ANWEND~1\WAITVI~1\stupidmore.exe (file missing) O3 - Toolbar: H&otbar - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Programme\HbTools\Bin\4.8.7.0\HbtHostIE.dll (file missing) O4 - HKLM\..\Run: [Delete pop boob joy] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\software axis delete pop\bows store.exe O4 - HKCU\..\Run: [aceaudio] C:\DOKUME~1\Seppe\ANWEND~1\MEOWBA~1\Link Each.exe Loesche noch folgende Dateien und Ordner: C:\WINDOWS\tasks\ACFFE64191809891.job C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\software axis delete pop C:\DOKUME~1\Seppe\ANWEND~1\MEOWBA~1 C:\DOKUME~1\Seppe\ANWEND~1\WAITVI~1 Einiges an Malware wurde durch Netpumper installiert. Starte neu und zur Kontrolle nutze noch bitte Drwebs Cureit: http://virus-protect.org/cureit.html __________ MfG Ralf SEO-Spam Hunter |
|
|
|
|
|
|
27.05.2007, 11:33
Member
Themenstarter Beiträge: 125 |
||
|
|
|
|
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!
bitte erst » hier kostenlos registrieren!!
Folgende Themen könnten Dich auch interessieren:
Seite(n): 1
Copyright © 2024, Protecus.de - Protecus Team - Impressum / Mediadaten
Hab ein Problem mit TR/Vundo.Gen, der kan nicht gelöscht werden. Ich hoff das ich die richtige logfile hochgeladen hab, denn ich kenn mich mit HijackThis nich aus^^
DANKE schon im vorraus!!
Gruß Seppe
Logfile of HijackThis v1.99.1
Scan saved at 13:44:41, on 25.05.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
D:\Progiez\Scramby\ScrambyServer.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
C:\Programme\VirtualCloneDrive\VCDDaemon.exe
C:\Programme\Java\jre1.6.0_01\bin\jusched.exe
C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programme\HbTools\Bin\4.8.7.0\HbtOEAddOn.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\Razer\Tarantula\razerhid.exe
C:\Programme\QuickTime\qttask.exe
D:\Progiez\ICQLite\ICQLite.exe
C:\Programme\Gemeinsame Dateien\Teleca Shared\CapabilityManager.exe
C:\Programme\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\ctfmon.exe
D:\games\steam\steam.exe
D:\Progiez\Torrent\bittorrent.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\MSN Messenger\msnmsgr.exe
C:\Programme\Windows Media Player\WMPNSCFG.exe
C:\Programme\iPod\bin\iPodService.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\BOINC\boincmgr.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Programme\DT\Sinus 154 stick\Wifiusb.exe
C:\Programme\BOINC\boinc.exe
D:\Progiez\Xfire\Xfire.exe
C:\Programme\Razer\Tarantula\razertra.exe
C:\Programme\MSN Messenger\usnsvc.exe
C:\Programme\MSN Messenger\livecall.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Programme\Gemeinsame Dateien\Teleca Shared\Generic.exe
C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\BOINC\projects\boinc.bakerlab.org_rosetta\rosetta_5.67_windows_intelx86.exe
C:\Dokumente und Einstellungen\Seppe\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O3 - Toolbar: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: H&otbar - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Programme\HbTools\Bin\4.8.7.0\HbtHostIE.dll (file missing)
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Programme\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Programme\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [EPSON Stylus C64 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C64 Series" /O6 "USB001" /M "Stylus C64"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [WorksFUD] C:\Programme\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Programme\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [OM_Monitor] D:\Nützliches\Digital Kamera\FirstStart.exe
O4 - HKLM\..\Run: [Delete pop boob joy] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\software axis delete pop\bows store.exe
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Programme\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [baitcashboldbody] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\tons settings bait cash\dogsend.exe
O4 - HKLM\..\Run: [IP Changer 2.0] "D:\Progiez\IP Changer\IPChanger.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WeatherOnTray] C:\Programme\HbTools\Bin\4.8.7.0\HbtWeatherOnTray.exe
O4 - HKLM\..\Run: [HbTools] C:\Programme\HbTools\Bin\4.8.7.0\HbtOEAddOn.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Tarantula] C:\Programme\Razer\Tarantula\razerhid.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ICQ Lite] "D:\Progiez\ICQLite\ICQLite.exe" -minimize
O4 - HKCU\..\Run: [Creative Detector] C:\Programme\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OM_Monitor] D:\Nützliches\Digital Kamera\Monitor.exe -NoStart
O4 - HKCU\..\Run: [aceaudio] C:\DOKUME~1\Seppe\ANWEND~1\MEOWBA~1\Link Each.exe
O4 - HKCU\..\Run: [Steam] "d:\games\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] D:\Progiez\ICQLite\ICQLite.exe -trayboot
O4 - Startup: Xfire.lnk = D:\Progiez\Xfire\Xfire.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BOINC Manager.lnk = C:\Programme\BOINC\boincmgr.exe
O4 - Global Startup: Erinnerungen in Microsoft Works-Kalender.lnk = ?
O4 - Global Startup: Sinus 154 stick WLAN Manager.lnk = C:\Programme\DT\Sinus 154 stick\Wifiusb.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Recherche-Assistent - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Progiez\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Progiez\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1156755463171
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - D:\Nützliches\Sony Vegas\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Scramby Service (ScrambySrv) - RapidSolution - D:\Progiez\Scramby\ScrambyServer.exe
O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - D:\Nützliches\Sony Vegas\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing)
O23 - Service: Voice Tuner (voicetuner) - RapidSolution - D:\Progiez\Scramby\voicetunerserver.exe