Problem mit Drive Cleaner!Thema ist geschlossen! |
||
|---|---|---|
Thema ist geschlossen! |
||
| #0
| ||
|
29.05.2007, 12:51
...neu hier
Beiträge: 6 |
||
 
|
|
|
|
29.05.2007, 13:56
Moderator
Beiträge: 7805 |
#2
HM, das ist ja interessant. Hake bitte folgende Dinge in Hijackthis an und druecke fix checked:
O4 - HKLM\..\Run: [NI.UWA6PU_0001_N91M2107] "C:\Dokumente und Einstellungen\JoNeS\Anwendungsdaten\winantiviruspro2006freeinstall_de[1].exe" -nag O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\system32\sxutmknl.dll",realset Starte neu, benenne hijackthis in test um starte es und schaue, ob die obigen Eintraege wirklich verschwunden sind und poste dann das entsprechende Hijackthis log und erstelle ein neuen Combofix Report. Nachtrag: Datfindbatreport waere auch hilfreich __________ MfG Ralf SEO-Spam Hunter |
|
|
|
|
|
|
29.05.2007, 19:07
...neu hier
Themenstarter Beiträge: 6 |
#3
Logfile of HijackThis v1.99.1
Scan saved at 18:14:18, on 29.05.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16441) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Intel\Wireless\Bin\EvtEng.exe C:\Programme\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\AntiVir PersonalEdition Classic\avguard.exe C:\Programme\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\RTHDCPL.EXE C:\Programme\Launch Manager\LaunchAp.exe C:\Programme\Launch Manager\HotkeyApp.exe C:\Programme\Launch Manager\OSD.exe C:\Programme\Launch Manager\Wbutton.exe C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe C:\Programme\Synaptics\SynTP\SynTPEnh.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe C:\Programme\Sceneo\Bonavista\Services\ODSBC\ODSBCApp.exe C:\Programme\Intel\Wireless\Bin\RegSrvc.exe C:\Programme\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\ehome\RMSvc.exe C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe C:\Programme\Sceneo\Bonavista\Services\PVR\PVRService.exe C:\Programme\Messenger\msmsgs.exe C:\Programme\Windows Media Player\WMPNSCFG.exe C:\WINDOWS\ehome\RMSysTry.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\explorer.exe C:\Programme\ICQLite\ICQLite.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Dokumente und Einstellungen\JoNeS\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.aldi.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 195.175.37.6:8080 O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: (no name) - {88BFDB37-7947-48F3-9D05-00D8C6BC69B6} - C:\WINDOWS\system32\ttyftuwk.dll (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar3.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar3.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [LaunchAp] "C:\Programme\Launch Manager\LaunchAp.exe" O4 - HKLM\..\Run: [HotkeyApp] "C:\Programme\Launch Manager\HotkeyApp.exe" O4 - HKLM\..\Run: [CtrlVol] "C:\Programme\Launch Manager\CtrlVol.exe" O4 - HKLM\..\Run: [LMgrOSD] "C:\Programme\Launch Manager\OSD.exe" O4 - HKLM\..\Run: [Wbutton] "C:\Programme\Launch Manager\Wbutton.exe" O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [IntelWireless] "C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [BullGuard] "C:\Programme\BullGuard Software\BullGuard\bullguard.exe" -boot O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [LanguageShortcut] "C:\Programme\Home Cinema\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [InstantOn] "C:\Programme\CyberLink\PowerCinema Linux\ion_install.exe /c " O4 - HKLM\..\Run: [ICQ Lite] "C:\Programme\ICQLite\ICQLite.exe" -minimize O4 - HKLM\..\Run: [TVBroadcast] C:\Programme\Sceneo\Bonavista\Services\ODSBC\ODSBCApp.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [NI.UWA6PU_0001_N91M2107] "C:\Dokumente und Einstellungen\JoNeS\Anwendungsdaten\winantiviruspro2006freeinstall_de[1].exe" -nag O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Programme\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O4 - Global Startup: Extender-Ressourcenüberwachung.lnk = C:\WINDOWS\ehome\RMSysTry.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Poker\CDPoker\casino.exe O9 - Extra 'Tools' menuitem: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Poker\CDPoker\casino.exe O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1163614636698 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\CyberLink\Shared Files\RichVideo.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Sceneo PVR Service (srvcPVR) - Buhl Data Service GmbH - C:\Programme\Sceneo\Bonavista\Services\PVR\PVRService.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe "JoNeS" - 2007-05-29 19:04:26 Service Pack 2 ComboFix 07-05.27.V - Running from: "C:\Dokumente und Einstellungen\JoNeS\Desktop\" ((((((((((((((((((((((((((((((( Files Created from 2007-04-28 to 2007-05-29 )))))))))))))))))))))))))))))))))) 2007-05-29 12:42 49,152 --a------ C:\WINDOWS\nircmd.exe 2007-05-21 23:16 <DIR> d-------- C:\DOKUME~1\JoNeS\ANWEND~1\Leadertech 2007-05-19 14:53 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\AntiVir PersonalEdition Classic 2007-05-19 13:39 1,572,864 --ah----- C:\DOKUME~1\MCX1\NTUSER.DAT 2007-05-19 13:39 <DIR> dr-h----- C:\DOKUME~1\MCX1\Anwendungsdaten 2007-05-19 13:39 <DIR> dr------- C:\DOKUME~1\MCX1\Startmen 2007-05-19 13:39 <DIR> dr------- C:\DOKUME~1\MCX1\Favoriten 2007-05-19 13:39 <DIR> dr------- C:\DOKUME~1\MCX1\Eigene Dateien 2007-05-19 13:39 <DIR> d--h----- C:\DOKUME~1\MCX1\Vorlagen 2007-05-19 13:39 <DIR> d--h----- C:\DOKUME~1\MCX1\Netzwerkumgebung 2007-05-19 13:39 <DIR> d--h----- C:\DOKUME~1\MCX1\Lokale Einstellungen 2007-05-19 13:39 <DIR> d--h----- C:\DOKUME~1\MCX1\Druckumgebung 2007-05-19 13:39 <DIR> d---s---- C:\DOKUME~1\MCX1\UserData 2007-05-19 13:39 <DIR> d-------- C:\DOKUME~1\MCX1\ANWEND~1\VMedia 2007-05-19 13:39 <DIR> d-------- C:\DOKUME~1\MCX1\ANWEND~1\Sonavis 2007-05-19 13:39 <DIR> d-------- C:\DOKUME~1\MCX1\ANWEND~1\OfficeUpdate12 2007-05-19 13:39 <DIR> d-------- C:\DOKUME~1\MCX1\ANWEND~1\Intel 2007-05-19 13:39 <DIR> d-------- C:\DOKUME~1\MCX1\ANWEND~1\Google 2007-05-19 13:39 <DIR> d-------- C:\DOKUME~1\MCX1\ANWEND~1\CyberLink 2007-05-19 13:39 <DIR> d-------- C:\DOKUME~1\MCX1\ANWEND~1\BullGuard 2007-05-19 13:39 <DIR> d-------- C:\DOKUME~1\MCX1\ANWEND~1\Ahead 2007-05-19 13:38 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy 2007-05-19 13:36 <DIR> d-------- C:\f5fe67dafe4f4fe51e6e2d4bb343 2007-05-14 20:09 <DIR> d-------- C:\de324f32dce2349f5098b1f44def52 2007-05-14 20:03 4,718,592 --a------ C:\Dokumente und Einstellungen\JoNeS\ntuser.dat 2007-05-14 20:03 4,718,592 --a------ C:\DOKUME~1\JoNeS\ntuser.dat (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-05-19 11:37:55 -------- d-----w C:\Programme\Windows Media Connect 2 2007-05-11 15:18:07 -------- d-----w C:\Programme\PartyGaming.Net 2007-04-26 19:30:56 -------- d-----w C:\Programme\PokerStars 2007-04-21 13:37:35 -------- d-----w C:\Programme\Full Tilt Poker 2007-04-20 13:33:29 -------- d-----w C:\Programme\eMule 2007-04-18 16:13:24 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll 2007-04-13 17:22:41 -------- d-----w C:\DOKUME~1\JoNeS\ANWEND~1\FreeStone Group 2007-04-13 17:22:39 -------- d-----w C:\Programme\Magical Glass 2007-04-12 13:42:05 76,218 ----a-w C:\WINDOWS\system32\perfc007.dat 2007-04-12 13:42:05 417,500 ----a-w C:\WINDOWS\system32\perfh007.dat 2007-04-03 20:30:51 -------- d-----w C:\Programme\PE 2007-04-02 14:39:12 -------- d-----w C:\Programme\Turning River 2007-04-02 14:38:16 -------- d-----w C:\Programme\Gemeinsame Dateien\Buhl Data Service 2007-04-02 14:36:33 -------- d-----w C:\Programme\Gemeinsame Dateien\WinAntiVirus Pro 2006 2007-04-02 14:36:29 -------- d-----w C:\Programme\WinAntiVirus Pro 2006 2007-04-02 14:33:03 91,856 ----a-w C:\DOKUME~1\JoNeS\ANWEND~1\winantiviruspro2006freeinstall_de[1].exe 2007-03-20 14:41:25 0 ----a-w C:\WINDOWS\Poker.com 2007-03-17 13:44:25 293,376 ----a-w C:\WINDOWS\system32\winsrv.dll 2007-03-08 15:36:30 579,072 ----a-w C:\WINDOWS\system32\user32.dll 2007-03-08 15:36:30 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll 2007-03-08 15:36:30 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll 2007-03-08 15:32:24 1,843,712 ----a-w C:\WINDOWS\system32\win32k.sys 2007-02-02 11:56:00 0 --sh--w C:\WINDOWS\system32\tracert.com 2007-02-02 11:56:00 0 --sh--w C:\WINDOWS\system32\tasklist.com 2007-02-02 11:56:00 0 --sh--w C:\WINDOWS\system32\taskkill.com 2007-02-02 11:56:00 0 --sh--w C:\WINDOWS\system32\regedit.com 2007-02-02 11:56:00 0 --sh--w C:\WINDOWS\system32\ping.com 2007-02-02 11:56:00 0 --sh--w C:\WINDOWS\system32\netstat.com 2007-02-02 11:56:00 0 --sh--w C:\WINDOWS\system32\cmd.com 2006-11-15 19:12:35 8 --sh--r C:\WINDOWS\system32\8679CB5C67.sys 2006-11-15 19:12:35 4,704 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Programme\Java\jre1.5.0_09\bin\ssv.dll [2006-10-12 04:25] {88BFDB37-7947-48F3-9D05-00D8C6BC69B6}=C:\WINDOWS\system32\ttyftuwk.dll [] {AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\programme\google\googletoolbar3.dll [2007-01-20 00:55] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [] "SkyTel"="SkyTel.EXE" [] "Alcmtr"="ALCMTR.EXE" [] "LaunchAp"="C:\Programme\Launch Manager\LaunchAp.exe" [2005-07-25 14:36] "HotkeyApp"="C:\Programme\Launch Manager\HotkeyApp.exe" [2006-09-04 16:44] "CtrlVol"="C:\Programme\Launch Manager\CtrlVol.exe" [2003-09-16 15:28] "LMgrOSD"="C:\Programme\Launch Manager\OSD.exe" [2005-03-16 14:52] "Wbutton"="C:\Programme\Launch Manager\Wbutton.exe" [2006-07-10 20:02] "SynTPEnh"="C:\Programme\Synaptics\SynTP\SynTPEnh.exe" [2006-05-25 21:02] "IntelZeroConfig"="C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-02 01:38] "IntelWireless"="C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-02 01:32] "BullGuard"="C:\Programme\BullGuard Software\BullGuard\bullguard.exe" [] "NWEReboot"="" [] "NeroFilterCheck"="C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe" [2006-01-12 17:40] "LanguageShortcut"="C:\Programme\Home Cinema\PowerDVD\Language\Language.exe" [2006-05-18 12:29] "InstantOn"="C:\Programme\CyberLink\PowerCinema Linux\ion_install.exe" [2005-09-23 06:19] "ICQ Lite"="C:\Programme\ICQLite\ICQLite.exe" [2006-07-11 12:15] "TVBroadcast"="C:\Programme\Sceneo\Bonavista\Services\ODSBC\ODSBCApp.exe" [2006-11-06 22:11] "Adobe Photo Downloader"="C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [] "NI.UWA6PU_0001_N91M2107"="C:\Dokumente und Einstellungen\JoNeS\Anwendungsdaten\winantiviruspro2006freeinstall_de[1].exe" [2007-04-02 16:33] "avgnt"="C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" [2007-04-02 10:35] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-09-06 19:08] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="C:\Programme\Messenger\msmsgs.exe" [2004-10-13 18:24] "WMPNSCFG"="C:\Programme\Windows Media Player\WMPNSCFG.exe" [2006-11-03 10:56] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-24 14:00] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce] "ICQ Lite"=C:\Programme\ICQLite\ICQLite.exe -trayboot [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Usnsvc usnsvc QWAVE QWAVE ******************************************************************** catchme 0.3.681 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-05-29 19:06:40 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ******************************************************************** Completion time: 2007-05-29 19:07:05 C:\ComboFix-quarantined-files.txt ... 2007-05-29 19:06 C:\ComboFix2.txt ... 2007-05-29 18:25 C:\ComboFix3.txt ... 2007-05-29 12:47 |
|
|
|
|
|
|
29.05.2007, 19:22
Moderator
Beiträge: 7805 |
#4
Suche bitte die Dateien
C:\WINDOWS\system32\sxutmknl.dll C:\Programme\outlook\outlook.exe und teste sie bei VT oder Jotti. Hake in Hijackthis noch folgendes an und druecke fix checked: O2 - BHO: (no name) - {88BFDB37-7947-48F3-9D05-00D8C6BC69B6} - C:\WINDOWS\system32\ttyftuwk.dll (file missing) O4 - HKLM\..\Run: [outlook] C:\Programme\outlook\outlook.exe /auto O4 - HKLM\..\Run: [NI.UWA6PU_0001_N91M2107] "C:\Dokumente und Einstellungen\JoNeS\Anwendungsdaten\winantiviruspro2006freeinstall_de[1].exe" -nag Wieder neu starten und neues Hijackthis Log bitte. __________ MfG Ralf SEO-Spam Hunter |
|
|
|
|
|
|
30.05.2007, 14:49
...neu hier
Themenstarter Beiträge: 6 |
#5
hallo!
habe die beiden dateien nicht gefunden. außerdem gab es O4 - HKLM\..\Run: [outlook] C:\Programme\outlook\outlook.exe /auto nicht zum abhaken und O4 - HKLM\..\Run: [NI.UWA6PU_0001_N91M2107] "C:\Dokumente und Einstellungen\JoNeS\Anwendungsdaten\winantiviruspro2006freeinstall_de[1].exe" -nag hatte ich abgehakt und fix checked gemacht, allerdings stand es nach mehrmaligem versuchen immer noch in der liste. hier der log: Logfile of HijackThis v1.99.1 Scan saved at 14:46:34, on 30.05.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16441) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Intel\Wireless\Bin\EvtEng.exe C:\Programme\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\AntiVir PersonalEdition Classic\avguard.exe C:\Programme\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Programme\Intel\Wireless\Bin\RegSrvc.exe C:\Programme\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\ehome\RMSvc.exe C:\Programme\Sceneo\Bonavista\Services\PVR\PVRService.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\RTHDCPL.EXE C:\Programme\Launch Manager\LaunchAp.exe C:\Programme\Launch Manager\HotkeyApp.exe C:\Programme\Launch Manager\OSD.exe C:\Programme\Launch Manager\Wbutton.exe C:\Programme\Synaptics\SynTP\SynTPEnh.exe C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe C:\Programme\Sceneo\Bonavista\Services\ODSBC\ODSBCApp.exe C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe C:\Programme\Messenger\msmsgs.exe C:\Programme\Windows Media Player\WMPNSCFG.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\ehome\RMSysTry.exe C:\WINDOWS\explorer.exe C:\Programme\ICQLite\ICQLite.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Dokumente und Einstellungen\JoNeS\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.aldi.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 195.175.37.6:8080 O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar3.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar3.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [LaunchAp] "C:\Programme\Launch Manager\LaunchAp.exe" O4 - HKLM\..\Run: [HotkeyApp] "C:\Programme\Launch Manager\HotkeyApp.exe" O4 - HKLM\..\Run: [CtrlVol] "C:\Programme\Launch Manager\CtrlVol.exe" O4 - HKLM\..\Run: [LMgrOSD] "C:\Programme\Launch Manager\OSD.exe" O4 - HKLM\..\Run: [Wbutton] "C:\Programme\Launch Manager\Wbutton.exe" O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [IntelWireless] "C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [BullGuard] "C:\Programme\BullGuard Software\BullGuard\bullguard.exe" -boot O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [LanguageShortcut] "C:\Programme\Home Cinema\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [InstantOn] "C:\Programme\CyberLink\PowerCinema Linux\ion_install.exe /c " O4 - HKLM\..\Run: [ICQ Lite] "C:\Programme\ICQLite\ICQLite.exe" -minimize O4 - HKLM\..\Run: [TVBroadcast] C:\Programme\Sceneo\Bonavista\Services\ODSBC\ODSBCApp.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [NI.UWA6PU_0001_N91M2107] "C:\Dokumente und Einstellungen\JoNeS\Anwendungsdaten\winantiviruspro2006freeinstall_de[1].exe" -nag O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Programme\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O4 - Global Startup: Extender-Ressourcenüberwachung.lnk = C:\WINDOWS\ehome\RMSysTry.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Poker\CDPoker\casino.exe O9 - Extra 'Tools' menuitem: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Poker\CDPoker\casino.exe O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1163614636698 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\CyberLink\Shared Files\RichVideo.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Sceneo PVR Service (srvcPVR) - Buhl Data Service GmbH - C:\Programme\Sceneo\Bonavista\Services\PVR\PVRService.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe |
|
|
|
|
|
|
30.05.2007, 14:57
Moderator
Beiträge: 7805 |
#6
Also der Eintrag muss immer noch raus.
O4 - HKLM\..\Run: [NI.UWA6PU_0001_N91M2107] "C:\Dokumente und Einstellungen\JoNeS\Anwendungsdaten\winantiviruspro2006freeinstall_de[1].exe" -nag im Zweifelsfalle verwuche es im abgesicherten Modus. Dein Antivir ist eingestellt, wie hier beschrieben? http://board.protecus.de/t23979.htm __________ MfG Ralf SEO-Spam Hunter |
|
|
|
|
|
|
30.05.2007, 15:15
...neu hier
Themenstarter Beiträge: 6 |
#7
ich habe jetzt mein antivir so eingestellt wie im link, allerdings funktioniert das mit dem löschen dieser datei immer noch nicht. was heißt im abgesicherten modus?
|
|
|
|
|
|
|
30.05.2007, 15:23
Moderator
Beiträge: 7805 |
#8
abgesicherter Modus: http://www.bsi.bund.de/av/texte/wiederher.htm
__________ MfG Ralf SEO-Spam Hunter |
|
|
|
|
|
|
30.05.2007, 20:45
...neu hier
Themenstarter Beiträge: 6 |
#9
so habe es jetzt glaub ich im abgesicherten modus hinbekommen!
Logfile of HijackThis v1.99.1 Scan saved at 20:39:16, on 30.05.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16441) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\Dokumente und Einstellungen\JoNeS\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.aldi.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 195.175.37.6:8080 O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar3.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar3.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [LaunchAp] "C:\Programme\Launch Manager\LaunchAp.exe" O4 - HKLM\..\Run: [HotkeyApp] "C:\Programme\Launch Manager\HotkeyApp.exe" O4 - HKLM\..\Run: [CtrlVol] "C:\Programme\Launch Manager\CtrlVol.exe" O4 - HKLM\..\Run: [LMgrOSD] "C:\Programme\Launch Manager\OSD.exe" O4 - HKLM\..\Run: [Wbutton] "C:\Programme\Launch Manager\Wbutton.exe" O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [IntelWireless] "C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [BullGuard] "C:\Programme\BullGuard Software\BullGuard\bullguard.exe" -boot O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [LanguageShortcut] "C:\Programme\Home Cinema\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [InstantOn] "C:\Programme\CyberLink\PowerCinema Linux\ion_install.exe /c " O4 - HKLM\..\Run: [ICQ Lite] "C:\Programme\ICQLite\ICQLite.exe" -minimize O4 - HKLM\..\Run: [TVBroadcast] C:\Programme\Sceneo\Bonavista\Services\ODSBC\ODSBCApp.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Programme\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O4 - Global Startup: Extender-Ressourcenüberwachung.lnk = C:\WINDOWS\ehome\RMSysTry.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Poker\CDPoker\casino.exe O9 - Extra 'Tools' menuitem: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Poker\CDPoker\casino.exe O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1163614636698 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\CyberLink\Shared Files\RichVideo.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Sceneo PVR Service (srvcPVR) - Buhl Data Service GmbH - C:\Programme\Sceneo\Bonavista\Services\PVR\PVRService.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe |
|
|
|
|
|
|
30.05.2007, 20:55
Moderator
Beiträge: 7805 |
#10
Da sieht eigentlich gut aus. Du kannst ja noch einen Kontrollscan mit Drweb cureit und Ewido Micro machen:
http://freedrweb.com/?lng=de http://downloads.ewido.net/ewido_micro.exe __________ MfG Ralf SEO-Spam Hunter |
|
|
|
|
|
|
03.06.2007, 01:13
Member
Beiträge: 16 |
#11
Ich hänge mich mal hier an!
Hatte eben den ersten Kontakt zu diesem fiesen Programm! Soweit alles weggeklickt, bevor sich viel Laden konnte! Meine Frage jetzt, wie sicher bin ich, was habe ich gefangen? Nach kurzem suchen hier wurden jeweils einige Verzeichnisse angegeben, die ich bei mir noch nicht gefunden habe! Nun habe ich aber noch nicht neugestartet, gibt es eine Gefährdung die ich vor dem Neustart direkt bekämpfen kann? DANKE! Anbei mal ein Log: Logfile of HijackThis v1.99.1 Scan saved at 00:53:35, on 03.06.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16441) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\ibmpmsvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Intel\Wireless\Bin\EvtEng.exe C:\Programme\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe C:\Programme\IBM\IBM Rapid Restore Ultra\rrpcsb.exe C:\Programme\Norton AntiVirus\navapsvc.exe C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\System32\QCONSVC.EXE C:\Programme\Intel\Wireless\Bin\RegSrvc.exe C:\Programme\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\TPHDEXLG.EXE C:\WINDOWS\system32\TpKmpSVC.exe C:\Programme\Synaptics\SynTP\SynTPLpr.exe C:\Programme\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\TpShocks.exe C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe C:\Programme\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe C:\Programme\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe C:\IBMTOOLS\UTILS\ibmprc.exe C:\Programme\ThinkPad\ConnectUtilities\QCWLICON.EXE C:\WINDOWS\system32\rundll32.exe C:\Programme\Java\jre1.5.0_06\bin\jusched.exe C:\Programme\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Digital Line Detect\DLG.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\PC Connectivity Solution\ServiceLayer.exe C:\Programme\PC Connectivity Solution\NclBTHandler.exe C:\Programme\Opera\Opera.exe C:\PROGRA~1\WINZIP\winzip32.exe C:\Programme\Messenger\msmsgs.exe C:\Dokumente und Einstellungen\Falk Banse\Lokale Einstellungen\Temp\wzd827\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Programme\ThinkPad\Utilities\TpKmapAp.exe -helper O4 - HKLM\..\Run: [TpShocks] TpShocks.exe O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe O4 - HKLM\..\Run: [TP4EX] tp4ex.exe O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [SoundMAX] C:\Programme\Analog Devices\SoundMAX\Smax4.exe /tray O4 - HKLM\..\Run: [UpdateManager] "C:\Programme\Gemeinsame Dateien\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe O4 - HKLM\..\Run: [QCWLICON] C:\Programme\ThinkPad\ConnectUtilities\QCWLICON.EXE O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Digital Line Detect.lnk = ? O8 - Extra context menu item: Senden an &Bluetooth - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\inetrepl.dll O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: ThinkPad-Software - Aktualisierung - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Programme\Lenovo\PkgMgr\PkgMgr.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O11 - Options group: [JAVA_IBM] Java (IBM) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1151794165062 O17 - HKLM\System\CCS\Services\Tcpip\..\{4870F8CD-095E-4327-A344-03CC0FC994D3}: NameServer = 192.168.0.1 O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll O20 - Winlogon Notify: QConGina - C:\WINDOWS\SYSTEM32\QConGina.dll O20 - Winlogon Notify: tphotkey - C:\WINDOWS\SYSTEM32\tphklock.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Automatisches LiveUpdate - Scheduler - Symantec Corporation - C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe O23 - Service: EvtEng - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Programme\IBM\IBM Rapid Restore Ultra\rrpcsb.exe O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: lmab_device - Unknown owner - C:\WINDOWS\system32\LMabcoms.exe O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing) O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE O23 - Service: RegSrvc - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: ServiceLayer - Nokia. - C:\Programme\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: IBM HDD APS Logging Service (TPHDEXLGSVC) - IBM Corporation - C:\WINDOWS\System32\TPHDEXLG.EXE O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe |
|
|
|
|
|
|
03.06.2007, 09:27
Moderator
Beiträge: 7805 |
#12
Du musst ein Combofix Report erstellen und posten, ansonsten sieht man einige Malware nicht.
__________ MfG Ralf SEO-Spam Hunter |
|
|
|
|
|
|
11.06.2007, 12:10
Member
Beiträge: 16 |
#13
Zitat raman posteteSo, nun hatte ich mal Zeit mich drum zu kümmern, hier der Logfile von combofix: ComboFix 07-06-11.3 - C:\Dokumente und Einstellungen\Falk Banse\Desktop\ComboFix.exe "Falk Banse" - 2007-06-11 11:56:52 - Service Pack 2 NTFS ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\drivers\npf.sys C:\WINDOWS\system32\packet.dll C:\WINDOWS\system32\pthreadVC.dll C:\WINDOWS\system32\wanpacket.dll C:\WINDOWS\system32\wpcap.dll ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) -------\LEGACY_NM -------\LEGACY_NPF -------\nm -------\NPF ((((((((((((((((((((((((( Files Created from 2007-05-11 to 2007-06-11 ))))))))))))))))))))))))))))))) 2007-06-11 11:56 49,152 --a------ C:\WINDOWS\nircmd.exe (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-06-11 10:02:08 -------- d-----w C:\Programme\Norton AntiVirus 2007-06-02 23:26:16 -------- d-----w C:\Programme\Opera 2007-06-02 23:16:52 -------- d-----w C:\Programme\Symantec 2007-06-02 23:16:09 -------- d-----w C:\Programme\Gemeinsame Dateien\Symantec Shared 2007-05-31 15:25:06 75,392 ----a-w C:\WINDOWS\system32\perfc007.dat 2007-05-31 15:25:06 416,044 ----a-w C:\WINDOWS\system32\perfh007.dat 2007-05-16 17:09:50 -------- d-----w C:\DOKUME~1\FALKBA~1\ANWEND~1\StarOffice8 2007-04-25 21:14:36 -------- d-----w C:\DOKUME~1\FALKBA~1\ANWEND~1\CoreFTP 2007-04-18 16:13:24 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll 2007-03-28 16:41:32 517,848 ----a-w C:\WINDOWS\system32\SymNeti.dll 2007-03-28 16:41:28 132,824 ----a-w C:\WINDOWS\system32\SymRedir.dll 2007-03-17 13:45:59 293,376 ----a-w C:\WINDOWS\system32\winsrv.dll ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04] {5CA3D70E-1895-11CF-8E15-001234567890}=C:\WINDOWS\system32\dla\tfswshx.dll [2004-09-02 01:05] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Programme\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43] {BDF3E430-B101-42AD-A544-FADC6B084872}=C:\Programme\Norton AntiVirus\NavShExt.dll [2006-01-18 14:26] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPLpr"="C:\Programme\Synaptics\SynTP\SynTPLpr.exe" [2004-11-08 11:17] "SynTPEnh"="C:\Programme\Synaptics\SynTP\SynTPEnh.exe" [2004-11-08 11:17] "TPKMAPHELPER"="C:\Programme\ThinkPad\Utilities\TpKmapAp.exe" [2004-02-04 18:39] "TpShocks"="TpShocks.exe" [2005-04-05 15:14 C:\WINDOWS\system32\TpShocks.exe] "TPHOTKEY"="C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe" [2005-04-04 12:43] "TP4EX"="tp4ex.exe" [2004-11-12 01:07 C:\WINDOWS\system32\TP4EX.exe] "EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2005-03-23 02:11] "SoundMAXPnP"="C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 09:11] "SoundMAX"="C:\Programme\Analog Devices\SoundMAX\Smax4.exe" [2004-08-06 07:27] "UpdateManager"="C:\Programme\Gemeinsame Dateien\Sonic\Update Manager\sgtray.exe" [2003-08-19 01:01] "@"="" [] "ccApp"="C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" [2007-02-21 17:49] "IBMPRC"="C:\IBMTOOLS\UTILS\ibmprc.exe" [2005-04-27 09:53] "QCWLICON"="C:\Programme\ThinkPad\ConnectUtilities\QCWLICON.EXE" [2005-03-18 03:07] "PWRMGRTR"="C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2005-04-14 01:01] "BLOG"="C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2005-04-14 01:01] "Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-06-03 01:16] "SunJavaUpdateSched"="C:\Programme\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 13:03] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"="C:\Programme\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "PcSync"=C:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\QConGina] QConGina.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey] tphklock.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages scecli pwdmon [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader - Schnellstart.lnk] path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk backup=C:\WINDOWS\pss\Adobe Reader - Schnellstart.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^BTTray.lnk] path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk backup=C:\WINDOWS\pss\BTTray.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ibmmessages] C:\Programme\IBM\Messages By IBM\ibmmessages.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime Contents of the 'Scheduled Tasks' folder 2007-04-27 10:31:01 C:\WINDOWS\tasks\AppleSoftwareUpdate.job 2007-06-01 18:41:03 C:\WINDOWS\tasks\Norton AntiVirus - Meinen Computer prüfen - Falk Banse.job 2007-06-11 10:03:13 C:\WINDOWS\tasks\PMTask.job ************************************************************************** catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-06-11 12:02:41 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-06-11 12:05:08 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-06-11 12:04 --- E O F --- |
|
|
|
|
|
|
11.06.2007, 12:25
Moderator
Beiträge: 7805 |
#14
Das sieht auch relativ gut aus, sprich kein Vundo oder aehnliches zu sehen.
Mache ansonsten noch ein paar Kontrollscans mit drweb und Ewido: http://freedrweb.com/?lng=de http://downloads.ewido.net/ewido_micro.exe __________ MfG Ralf SEO-Spam Hunter |
|
|
|
|
|
|
11.06.2007, 13:51
Member
Beiträge: 16 |
#15
Wunderbar!
Hier noch ein Log vom ewido: __________________________________________________ ewido anti-spyware online scanner http://www.ewido.net __________________________________________________ Name: TrackingCookie.2o7 Path: C:\Dokumente und Einstellungen\Falk Banse\Cookies\falk_banse@2o7[1].txt Risk: Medium Name: TrackingCookie.71i Path: C:\Dokumente und Einstellungen\Falk Banse\Cookies\falk_banse@adicqserver.71i[1].txt Risk: Medium Name: TrackingCookie.Adtech Path: C:\Dokumente und Einstellungen\Falk Banse\Cookies\falk_banse@adtech[1].txt Risk: Medium Name: TrackingCookie.Advertising Path: C:\Dokumente und Einstellungen\Falk Banse\Cookies\falk_banse@advertising[2].txt Risk: Medium Name: TrackingCookie.Coremetrics Path: C:\Dokumente und Einstellungen\Falk Banse\Cookies\falk_banse@data.coremetrics[1].txt Risk: Medium Name: TrackingCookie.Doubleclick Path: C:\Dokumente und Einstellungen\Falk Banse\Cookies\falk_banse@doubleclick[2].txt Risk: Medium Name: TrackingCookie.Ivwbox Path: C:\Dokumente und Einstellungen\Falk Banse\Cookies\falk_banse@ivwbox[1].txt Risk: Medium Name: TrackingCookie.Webtrends Path: C:\Dokumente und Einstellungen\Falk Banse\Cookies\falk_banse@m.webtrends[2].txt Risk: Medium Name: TrackingCookie.2o7 Path: C:\Dokumente und Einstellungen\Falk Banse\Cookies\falk_banse@sevenoneintermedia.112.2o7[1].txt Risk: Medium Name: Logger.Krepper.b Path: C:\Programme\PantsOff\PantsOffHk.dll Risk: High Der andere Scanner fand gar nichts! Danke für die Hilfe, nun kann ich wieder beruhigt am Laptop arbeiten! |
|
|
|
|
|
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!
bitte erst » hier kostenlos registrieren!!
Folgende Themen könnten Dich auch interessieren:
Seite(n): 1
Copyright © 2024, Protecus.de - Protecus Team - Impressum / Mediadaten
ich bitte euch um hilfe.
hier der hijackthis.log:
Logfile of HijackThis v1.99.1
Scan saved at 12:28:05, on 29.05.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Intel\Wireless\Bin\EvtEng.exe
C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\Launch Manager\LaunchAp.exe
C:\Programme\Launch Manager\HotkeyApp.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Programme\Launch Manager\OSD.exe
C:\Programme\Launch Manager\Wbutton.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe
C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programme\ICQLite\ICQLite.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\Sceneo\Bonavista\Services\ODSBC\ODSBCApp.exe
C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
C:\Programme\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\Programme\Sceneo\Bonavista\Services\PVR\PVRService.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Windows Media Player\WMPNSCFG.exe
C:\Programme\Magical Glass\Magical Glass.exe
C:\Programme\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Dokumente und Einstellungen\JoNeS\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.aldi.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 195.175.37.6:8080
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [LaunchAp] "C:\Programme\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [HotkeyApp] "C:\Programme\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Programme\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Programme\Launch Manager\OSD.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Programme\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [BullGuard] "C:\Programme\BullGuard Software\BullGuard\bullguard.exe" -boot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Programme\Home Cinema\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [InstantOn] "C:\Programme\CyberLink\PowerCinema Linux\ion_install.exe /c "
O4 - HKLM\..\Run: [ICQ Lite] "C:\Programme\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [TVBroadcast] C:\Programme\Sceneo\Bonavista\Services\ODSBC\ODSBCApp.exe
O4 - HKLM\..\Run: [outlook] C:\Programme\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [NI.UWA6PU_0001_N91M2107] "C:\Dokumente und Einstellungen\JoNeS\Anwendungsdaten\winantiviruspro2006freeinstall_de[1].exe" -nag
O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\system32\sxutmknl.dll",realset
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Magical Glass] "C:\Programme\Magical Glass\Magical Glass.exe" /a
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Programme\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Extender-Ressourcenüberwachung.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Poker\CDPoker\casino.exe
O9 - Extra 'Tools' menuitem: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Poker\CDPoker\casino.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1163614636698
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sceneo PVR Service (srvcPVR) - Buhl Data Service GmbH - C:\Programme\Sceneo\Bonavista\Services\PVR\PVRService.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
und hier combofit.txt:
"JoNeS" - 2007-05-29 12:44:59 Service Pack 2
ComboFix 07-05.27.V - Running from: "C:\Dokumente und Einstellungen\JoNeS\Desktop\"
((((((((((((((((((((((((((((((( Files Created from 2007-04-28 to 2007-05-29 ))))))))))))))))))))))))))))))))))
2007-05-29 12:42 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-05-21 23:16 <DIR> d-------- C:\DOKUME~1\JoNeS\ANWEND~1\Leadertech
2007-05-19 14:53 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\AntiVir PersonalEdition Classic
2007-05-19 13:39 1,572,864 --ah----- C:\DOKUME~1\MCX1\NTUSER.DAT
2007-05-19 13:39 <DIR> dr-h----- C:\DOKUME~1\MCX1\Anwendungsdaten
2007-05-19 13:39 <DIR> dr------- C:\DOKUME~1\MCX1\Startmen
2007-05-19 13:39 <DIR> dr------- C:\DOKUME~1\MCX1\Favoriten
2007-05-19 13:39 <DIR> dr------- C:\DOKUME~1\MCX1\Eigene Dateien
2007-05-19 13:39 <DIR> d--h----- C:\DOKUME~1\MCX1\Vorlagen
2007-05-19 13:39 <DIR> d--h----- C:\DOKUME~1\MCX1\Netzwerkumgebung
2007-05-19 13:39 <DIR> d--h----- C:\DOKUME~1\MCX1\Lokale Einstellungen
2007-05-19 13:39 <DIR> d--h----- C:\DOKUME~1\MCX1\Druckumgebung
2007-05-19 13:39 <DIR> d---s---- C:\DOKUME~1\MCX1\UserData
2007-05-19 13:39 <DIR> d-------- C:\DOKUME~1\MCX1\ANWEND~1\VMedia
2007-05-19 13:39 <DIR> d-------- C:\DOKUME~1\MCX1\ANWEND~1\Sonavis
2007-05-19 13:39 <DIR> d-------- C:\DOKUME~1\MCX1\ANWEND~1\OfficeUpdate12
2007-05-19 13:39 <DIR> d-------- C:\DOKUME~1\MCX1\ANWEND~1\Intel
2007-05-19 13:39 <DIR> d-------- C:\DOKUME~1\MCX1\ANWEND~1\Google
2007-05-19 13:39 <DIR> d-------- C:\DOKUME~1\MCX1\ANWEND~1\CyberLink
2007-05-19 13:39 <DIR> d-------- C:\DOKUME~1\MCX1\ANWEND~1\BullGuard
2007-05-19 13:39 <DIR> d-------- C:\DOKUME~1\MCX1\ANWEND~1\Ahead
2007-05-19 13:38 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2007-05-19 13:36 <DIR> d-------- C:\f5fe67dafe4f4fe51e6e2d4bb343
2007-05-14 20:09 <DIR> d-------- C:\de324f32dce2349f5098b1f44def52
2007-05-14 20:03 4,718,592 --a------ C:\Dokumente und Einstellungen\JoNeS\ntuser.dat
2007-05-14 20:03 4,718,592 --a------ C:\DOKUME~1\JoNeS\ntuser.dat
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-05-19 11:37:55 -------- d-----w C:\Programme\Windows Media Connect 2
2007-05-11 15:18:07 -------- d-----w C:\Programme\PartyGaming.Net
2007-04-26 19:30:56 -------- d-----w C:\Programme\PokerStars
2007-04-21 13:37:35 -------- d-----w C:\Programme\Full Tilt Poker
2007-04-20 13:33:29 -------- d-----w C:\Programme\eMule
2007-04-18 16:13:24 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-13 17:22:41 -------- d-----w C:\DOKUME~1\JoNeS\ANWEND~1\FreeStone Group
2007-04-13 17:22:39 -------- d-----w C:\Programme\Magical Glass
2007-04-12 13:42:05 76,218 ----a-w C:\WINDOWS\system32\perfc007.dat
2007-04-12 13:42:05 417,500 ----a-w C:\WINDOWS\system32\perfh007.dat
2007-04-03 20:30:51 -------- d-----w C:\Programme\PE
2007-04-02 14:39:12 -------- d-----w C:\Programme\Turning River
2007-04-02 14:38:16 -------- d-----w C:\Programme\Gemeinsame Dateien\Buhl Data Service
2007-04-02 14:36:33 -------- d-----w C:\Programme\Gemeinsame Dateien\WinAntiVirus Pro 2006
2007-04-02 14:36:29 -------- d-----w C:\Programme\WinAntiVirus Pro 2006
2007-04-02 14:33:03 91,856 ----a-w C:\DOKUME~1\JoNeS\ANWEND~1\winantiviruspro2006freeinstall_de[1].exe
2007-03-20 14:41:25 0 ----a-w C:\WINDOWS\Poker.com
2007-03-17 13:44:25 293,376 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-08 15:36:30 579,072 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:36:30 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:36:30 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 15:32:24 1,843,712 ----a-w C:\WINDOWS\system32\win32k.sys
2007-02-02 11:56:00 0 --sh--w C:\WINDOWS\system32\tracert.com
2007-02-02 11:56:00 0 --sh--w C:\WINDOWS\system32\tasklist.com
2007-02-02 11:56:00 0 --sh--w C:\WINDOWS\system32\taskkill.com
2007-02-02 11:56:00 0 --sh--w C:\WINDOWS\system32\regedit.com
2007-02-02 11:56:00 0 --sh--w C:\WINDOWS\system32\ping.com
2007-02-02 11:56:00 0 --sh--w C:\WINDOWS\system32\netstat.com
2007-02-02 11:56:00 0 --sh--w C:\WINDOWS\system32\cmd.com
2006-11-15 19:12:35 8 --sh--r C:\WINDOWS\system32\8679CB5C67.sys
2006-11-15 19:12:35 4,704 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Programme\Java\jre1.5.0_09\bin\ssv.dll [2006-10-12 04:25]
{88BFDB37-7947-48F3-9D05-00D8C6BC69B6}=C:\WINDOWS\system32\ttyftuwk.dll []
{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\programme\google\googletoolbar3.dll [2007-01-20 00:55]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" []
"SkyTel"="SkyTel.EXE" []
"Alcmtr"="ALCMTR.EXE" []
"LaunchAp"="C:\Programme\Launch Manager\LaunchAp.exe" [2005-07-25 14:36]
"HotkeyApp"="C:\Programme\Launch Manager\HotkeyApp.exe" [2006-09-04 16:44]
"CtrlVol"="C:\Programme\Launch Manager\CtrlVol.exe" [2003-09-16 15:28]
"LMgrOSD"="C:\Programme\Launch Manager\OSD.exe" [2005-03-16 14:52]
"Wbutton"="C:\Programme\Launch Manager\Wbutton.exe" [2006-07-10 20:02]
"SynTPEnh"="C:\Programme\Synaptics\SynTP\SynTPEnh.exe" [2006-05-25 21:02]
"IntelZeroConfig"="C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-02 01:38]
"IntelWireless"="C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-02 01:32]
"BullGuard"="C:\Programme\BullGuard Software\BullGuard\bullguard.exe" []
"NWEReboot"="" []
"NeroFilterCheck"="C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe" [2006-01-12 17:40]
"LanguageShortcut"="C:\Programme\Home Cinema\PowerDVD\Language\Language.exe" [2006-05-18 12:29]
"InstantOn"="C:\Programme\CyberLink\PowerCinema Linux\ion_install.exe" [2005-09-23 06:19]
"ICQ Lite"="C:\Programme\ICQLite\ICQLite.exe" [2006-07-11 12:15]
"TVBroadcast"="C:\Programme\Sceneo\Bonavista\Services\ODSBC\ODSBCApp.exe" [2006-11-06 22:11]
"Adobe Photo Downloader"="C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" []
"NI.UWA6PU_0001_N91M2107"="C:\Dokumente und Einstellungen\JoNeS\Anwendungsdaten\winantiviruspro2006freeinstall_de[1].exe" [2007-04-02 16:33]
"avgnt"="C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" [2007-04-02 10:35]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-09-06 19:08]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-24 14:00]
"MSMSGS"="C:\Programme\Messenger\msmsgs.exe" [2004-10-13 18:24]
"WMPNSCFG"="C:\Programme\Windows Media Player\WMPNSCFG.exe" [2006-11-03 10:56]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Usnsvc usnsvc
QWAVE QWAVE
********************************************************************
catchme 0.3.681 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-29 12:47:04
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
********************************************************************
Completion time: 2007-05-29 12:47:34
C:\ComboFix-quarantined-files.txt ... 2007-05-29 12:47
--- E O F ---
vielen dank schon einmal im vorraus!!!!!
mfg jones