MSN VIRUS " Hier meine heißen Fotos:-P" |
||
---|---|---|
#0
| ||
09.07.2007, 18:17
Member
Beiträge: 24 |
||
|
||
09.07.2007, 18:21
Ehrenmitglied
Beiträge: 6028 |
||
|
||
09.07.2007, 18:25
Member
Themenstarter Beiträge: 24 |
#3
es gab soviele beiträge..irgendeiner sagte das ich n paar schritte durchführen soll und dann hier posten...hab ich was falsch gemacht, moice?... ich möchte es doch einfach nur weg haben
|
|
|
||
09.07.2007, 18:40
Ehrenmitglied
Beiträge: 6028 |
#4
Es gibt auch eine Anleitung http://board.protecus.de/t30133.htm
Nur musst du unter punkt 8. nicht die HJ betà benutzen sondern diese http://www.trendsecure.com/portal/en-US/Thread_analytics/HiJackThis.zip __________ MfG Argus |
|
|
||
09.07.2007, 20:10
Member
Themenstarter Beiträge: 24 |
#5
Unable to Open the Requested Page
The page you have tried to open either does not exist, or does not permit direct access without authorization. Please visit the main TrendSecure page for your region instead. der zweite link geht nicht :o) achja..und zwischen durch steht auch das die logs in den thread kopiert werden sollen, warum? |
|
|
||
09.07.2007, 20:46
Ehrenmitglied
Beiträge: 6028 |
||
|
||
10.07.2007, 21:34
Member
Themenstarter Beiträge: 24 |
#7
SOOO...ich habe die besagte Anleitung durchgeführt.
Der Erwido Report und der Cureit.log waren nicht zu speichern... Ne Menge Viren wurden erkannt und gelöscht,..unter anderem der "myAlbum2007.zip" Ich füge dann hier jetzt Combofix, Hijack und darFind hinzu: "TUGCE" - 2007-07-10 21:20:51 - ComboFix 07-07-10.1 - Service Pack 2 ((((((((((((((((((((((((( Files Created from 2007-06-10 to 2007-07-10 ))))))))))))))))))))))))))))))) 2007-07-10 21:15 <DIR> d-------- C:\WINDOWS\LastGood 2007-07-10 15:37 <DIR> d-------- C:\DOKUME~1\TUGCE\DoctorWeb 2007-07-10 15:27 <DIR> d-------- C:\WINDOWS\ERUNT 2007-07-10 15:26 1,048,576 --ah----- C:\DOKUME~1\ADMINI~1\NTUSER.DAT 2007-07-10 15:26 <DIR> dr-h----- C:\DOKUME~1\ADMINI~1\Anwendungsdaten 2007-07-10 15:26 <DIR> dr------- C:\DOKUME~1\ADMINI~1\Startmen 2007-07-10 15:26 <DIR> dr------- C:\DOKUME~1\ADMINI~1\Favoriten 2007-07-10 15:26 <DIR> dr------- C:\DOKUME~1\ADMINI~1\Eigene Dateien 2007-07-10 15:26 <DIR> d--h----- C:\DOKUME~1\ADMINI~1\Vorlagen 2007-07-10 15:26 <DIR> d--h----- C:\DOKUME~1\ADMINI~1\Netzwerkumgebung 2007-07-10 15:26 <DIR> d--h----- C:\DOKUME~1\ADMINI~1\Lokale Einstellungen 2007-07-10 15:26 <DIR> d--h----- C:\DOKUME~1\ADMINI~1\Druckumgebung 2007-07-10 15:26 <DIR> d-------- C:\DOKUME~1\ADMINI~1\ANWEND~1\Symantec 2007-07-10 15:26 <DIR> d-------- C:\DOKUME~1\ADMINI~1\ANWEND~1\ATI 2007-07-10 14:45 <DIR> d-------- C:\Programme\CCleaner 2007-07-09 17:52 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-07-05 02:31 <DIR> d-------- C:\KAV 2007-07-04 19:09 <DIR> d-------- C:\WINDOWS\SxsCaPendDel (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-07-10 19:12:09 -------- d-----w C:\Programme\ICQToolbar 2007-07-10 13:13:26 -------- d-----w C:\DOKUME~1\TUGCE\ANWEND~1\ICQ Toolbar 2007-07-10 13:11:45 -------- d-----w C:\Programme\MSN Messenger 2007-07-10 12:44:49 63,976 ----a-w C:\WINDOWS\system32\perfc007.dat 2007-07-10 12:44:49 391,574 ----a-w C:\WINDOWS\system32\perfh007.dat 2007-06-29 22:54:26 -------- d-----w C:\Programme\Gemeinsame Dateien\Symantec Shared 2007-06-17 19:01:57 -------- d-----w C:\DOKUME~1\TUGCE\ANWEND~1\LimeWire 2007-05-31 09:32:28 -------- d-----w C:\Programme\Gemeinsame Dateien\Deterministic Networks 2007-05-31 09:32:25 -------- d-----w C:\Programme\Cisco Systems 2007-05-16 15:11:44 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-04-25 14:22:27 144,896 ----a-w C:\WINDOWS\system32\schannel.dll 2007-04-18 16:13:24 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll 2007-04-16 20:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll 2007-04-16 20:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll 2007-04-16 20:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll 2007-04-16 20:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll 2007-04-16 20:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll 2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll 2007-04-16 20:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe 2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}] 2006-06-07 11:09 399352 --a------ C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}] 2006-10-10 11:18 701952 --a------ C:\PROGRA~1\ICQTOO~1\toolbaru.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] 2004-12-14 01:56 63136 --a------ C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] 2006-07-07 12:29 324416 --a------ C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9394EDE7-C8B5-483E-8773-474BF36AF6E4}] 2004-08-13 18:42 155648 --a------ C:\Programme\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] 2007-01-20 00:55 2427968 -ra------ c:\programme\google\googletoolbar2.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] 2007-07-03 22:46 325048 --a------ C:\Programme\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}] 2006-01-17 17:04 282624 --a------ C:\Programme\MSN Apps\MSN Toolbar\01.02.5000.1021\de\msntb.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}] 2004-08-25 10:31 210048 --a------ C:\Programme\Norton AntiVirus\NavShExt.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\Programme\Java\jre1.5.0\bin\jusched.exe" [2006-08-29 15:09] "ATICCC"="C:\Programme\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 18:41] "RTHDCPL"="RTHDCPL.EXE" [2006-04-05 02:44 C:\WINDOWS\RTHDCPL.exe] "EDS"="C:\Programme\Samsung\Samsung EDS\EDSAgent.exe" [2006-03-28 13:27] "SynTPEnh"="C:\Programme\Synaptics\SynTP\SynTPEnh.exe" [2005-12-07 23:44] "AGRSMMSG"="AGRSMMSG.exe" [2006-06-29 22:32 C:\WINDOWS\AGRSMMSG.exe] "AVStation Premium 3.75"="C:\Programme\Samsung\AVStation Premium 3.75\AVSAgent.exe" [2006-05-12 17:27] "MagicKeyboard"="C:\Programme\SAMSUNG\MagicKBD\PreMKBD.exe" [2006-05-17 22:24] "farstone"="" [] "RestoreIT!"="C:\Programme\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.exe" [2004-09-23 19:27] "RemoteControl"="C:\Programme\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24] "BatteryManager"="C:\Programme\Samsung\Samsung Battery Manager\BatteryManager.exe" [2006-04-25 14:05] "DMHotKey"="C:\Programme\Samsung\DisplayManager\DMLoader.exe" [2005-11-23 11:18] "DisplayManager"="C:\Programme\Samsung\DisplayManager\DisplayManager.exe" [2006-05-03 19:22] "ccApp"="C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" [2004-08-25 09:33] "msgdiscoveryx"="C:\Program Files\MessengerDiscovery\msgdiscoveryx.exe" [] "QuickTime Task"="C:\Programme\QuickTime\qttask.exe" [2006-10-25 19:58] "iTunesHelper"="C:\Programme\iTunes\iTunesHelper.exe" [2006-10-30 10:36] "BearShare"="C:\Programme\BearShare\BearShare.exe" [] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00] "MSMSGS"="C:\Programme\Messenger\msmsgs.exe" [] "MessengerPlus3"="C:\Programme\MessengerPlus! 3\MsgPlus.exe" [] "swg"="C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-03 22:46] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce] "ICQ Lite"=C:\Programme\ICQLite\ICQLite.exe -trayboot [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "InfoCockpit"=C:\Programme\T-Online\T-Online_Software_6\Info-Cockpit\INFOCOCKPIT.EXE /nosplash Contents of the 'Scheduled Tasks' folder 2007-07-06 18:42:39 C:\WINDOWS\tasks\Norton AntiVirus - Meinen Computer prüfen - TUGCE.job ************************************************************************** catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-07-10 21:22:32 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-07-10 21:22:58 C:\ComboFix-quarantined-files.txt ... 2007-07-10 21:22 C:\ComboFix2.txt ... 2007-07-09 18:08 --- E O F --- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:31:29, on 10.07.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Programme\Cisco Systems\VPN Client\cvpnd.exe C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe C:\Programme\Norton AntiVirus\navapsvc.exe C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Java\jre1.5.0\bin\jusched.exe C:\Programme\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\RTHDCPL.EXE C:\Programme\Samsung\Samsung EDS\EDSAgent.exe C:\Programme\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\AGRSMMSG.exe C:\Programme\Samsung\AVStation Premium 3.75\AVSAgent.exe C:\Programme\CyberLink\PowerDVD\PDVDServ.exe C:\Programme\Samsung\Samsung Battery Manager\BatteryManager.exe C:\Programme\Samsung\DisplayManager\DisplayManager.exe C:\Programme\Samsung\DisplayManager\dmhkcore.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe C:\Programme\QuickTime\qttask.exe C:\Programme\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Programme\SAMSUNG\MagicKBD\MagicKBD.exe C:\Programme\iPod\bin\iPodService.exe C:\Programme\ATI Technologies\ATI.ACE\cli.exe C:\Programme\ATI Technologies\ATI.ACE\cli.exe C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\kernel.exe C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\sc_watch.exe C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis2\PROFIL~1.EXE C:\PROGRA~1\T-Online\T-ONLI~1\Notifier\Notifier.exe C:\Programme\ICQLite\ICQLite.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\explorer.exe C:\Dokumente und Einstellungen\TUGCE\Desktop\virus clean\HiJackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programme\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\01.02.5000.1021\de\msntb.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\01.02.5000.1021\de\msntb.dll O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0\bin\jusched.exe O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [EDS] C:\Programme\Samsung\Samsung EDS\EDSAgent.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [AVStation Premium 3.75] C:\Programme\Samsung\AVStation Premium 3.75\AVSAgent.exe O4 - HKLM\..\Run: [MagicKeyboard] C:\Programme\SAMSUNG\MagicKBD\PreMKBD.exe O4 - HKLM\..\Run: [RestoreIT!] "C:\Programme\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE" VBStart O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe O4 - HKLM\..\Run: [BatteryManager] C:\Programme\Samsung\Samsung Battery Manager\BatteryManager.exe O4 - HKLM\..\Run: [DMHotKey] C:\Programme\Samsung\DisplayManager\DMLoader.exe O4 - HKLM\..\Run: [DisplayManager] C:\Programme\Samsung\DisplayManager\DisplayManager.exe O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [msgdiscoveryx] "C:\Program Files\MessengerDiscovery\msgdiscoveryx.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [BearShare] "C:\Programme\BearShare\BearShare.exe" /pause O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programme\MessengerPlus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [InfoCockpit] C:\Programme\T-Online\T-Online_Software_6\Info-Cockpit\INFOCOCKPIT.EXE /nosplash (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: VPN Client.lnk = ? O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (file missing) O16 - DPF: {34635AA6-B593-4F06-9EDD-5FF60FC13310} (Speaky Chat) - http://download.speakyweb.com/speakyldr.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://catlakkiz30041989.spaces.live.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{D08CAD8E-D14F-4953-8BA7-50C10D3F75A5}: NameServer = 217.237.149.142 217.237.150.205 O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Automatisches LiveUpdate - Scheduler - Symantec Corporation - C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Samsung Update Plus - Unknown owner - C:\Programme\Samsung\Samsung Update Plus\SLUBackgroundService.exe O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe O23 - Service: SNM WLAN Service - Unknown owner - C:\Programme\samsung\Samsung Network Manager\SNMWLANService.exe (file missing) O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe -- End of file - 11415 bytes . . Bitte nur die Eintraege der letzten 3 Monate pro Ordner posten . . Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: CC9C-82C5 Verzeichnis von C:\WINDOWS\system32 10.07.2007 15:36 1.158 wpa.dbl 10.07.2007 14:44 391.574 perfh007.dat 10.07.2007 14:44 53.098 perfc009.dat 10.07.2007 14:44 380.684 perfh009.dat 10.07.2007 14:44 63.976 perfc007.dat 10.07.2007 14:44 897.778 PerfStringBackup.INI 06.06.2007 08:38 15.747.032 MRT.exe 16.05.2007 17:11 683.520 inetcomm.dll 08.05.2007 10:59 3.583.488 mshtml.dll 25.04.2007 16:22 144.896 schannel.dll 25.04.2007 09:42 822.784 wininet.dll 25.04.2007 09:42 232.960 webcheck.dll 25.04.2007 09:42 1.152.000 urlmon.dll 25.04.2007 09:42 105.984 url.dll 25.04.2007 09:42 670.720 mstime.dll 25.04.2007 09:42 102.400 occache.dll 25.04.2007 09:42 193.024 msrating.dll 25.04.2007 09:42 477.696 mshtmled.dll 25.04.2007 09:41 459.264 msfeeds.dll 25.04.2007 09:41 52.224 msfeedsbs.dll 25.04.2007 09:41 27.648 jsproxy.dll 25.04.2007 09:41 1.824.768 inetcpl.cpl 25.04.2007 09:41 267.776 iertutil.dll 25.04.2007 09:41 6.058.496 ieframe.dll 25.04.2007 09:41 44.544 iernonce.dll 25.04.2007 09:41 384.512 iedkcs32.dll 25.04.2007 09:41 383.488 ieapfltr.dll 25.04.2007 09:41 153.088 ieakeng.dll 25.04.2007 09:41 132.608 extmgr.dll 25.04.2007 09:41 230.400 ieaksie.dll 25.04.2007 09:41 124.928 advpack.dll 24.04.2007 16:26 13.824 ieudinit.exe 24.04.2007 15:36 178.648 FNTCACHE.DAT 24.04.2007 11:58 56.832 ie4uinit.exe 24.04.2007 09:34 161.792 ieakui.dll 18.04.2007 18:13 2.854.400 msi.dll 17.04.2007 11:32 2.455.488 ieapfltr.dat 16.04.2007 22:47 33.624 wups.dll 16.04.2007 22:47 30.040 wuapi.dll.mui 16.04.2007 22:47 30.040 wuaucpl.cpl.mui 16.04.2007 22:45 1.710.936 wuaueng.dll 16.04.2007 22:45 549.720 wuapi.dll 16.04.2007 22:45 325.976 wucltui.dll 16.04.2007 22:45 216.408 wuaucpl.cpl 16.04.2007 22:45 203.096 wuweb.dll 16.04.2007 22:45 92.504 cdm.dll 16.04.2007 22:45 20.824 wuaueng.dll.mui 16.04.2007 22:45 43.352 wups2.dll 16.04.2007 22:45 53.080 wuauclt.exe 16.04.2007 22:44 34.136 wucltui.dll.mui 16.04.2007 17:53 1.058.304 kernel32.dll Joa....das wärs..vielen Dank für die kommende Hilfe. |
|
|
||
10.07.2007, 22:38
Ehrenmitglied
Beiträge: 6028 |
#8
Dein Rechner ist sauber!
Dein Java software ist veraltet,download jre-6u2-windows-i586-p.exe Srcolle runter nach ---->Java Runtime Environment (JRE) 6u2 The Java SE Runtime Environment (JRE) allows end-users to run Java applications. Klicke auf "Download" Setze in haeckchen bei --->"Accept License Agreement". Klicke “Windows Offline Installation, Multi-language” um “jre-6-windows-i586.exe”zum Desktop zu installieren Schliesse alle Programme auch dein Webbrowser Ueber "Start -> Einstellungen -> Systemsteuerung -> Software Und entferne alle aeltere versionen von Java Runtime Environment (JRE of J2SE) Nachdem alles entfernt wurde --->Rechner neu starten Installiere jetzt vom Desktop aus ---> “jre-6u2-windows-i586-p.exe” __________ MfG Argus |
|
|
||
10.07.2007, 23:35
Member
Themenstarter Beiträge: 24 |
||
|
||
"TUGCE" - 2007-07-09 18:08:00 - ComboFix 07-07-09.3 - Service Pack 2
((((((((((((((((((((((((( Files Created from 2007-06-09 to 2007-07-09 )))))))))))))))))))))))))))))))
2007-07-09 17:52 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-06 23:07 12,516 --a------ C:\DOKUME~1\TUGCE\jqypaz.exe
2007-07-06 22:00 12,516 --a------ C:\DOKUME~1\TUGCE\qnlywm.exe
2007-07-06 21:53 12,516 --a------ C:\DOKUME~1\TUGCE\wtvxti.exe
2007-07-06 21:48 35,840 --a------ C:\WINDOWS\system32\msvcrtd.exe
2007-07-06 21:46 12,516 --a------ C:\DOKUME~1\TUGCE\duuefv.exe
2007-07-06 10:39 296,664 --a------ C:\WINDOWS\system32\rtcshare.dll
2007-07-06 10:39 120,525 --a------ C:\hqtsf.exe
2007-07-06 10:39 12,516 --a------ C:\DOKUME~1\TUGCE\qhibrc.exe
2007-07-05 02:31 <DIR> d-------- C:\KAV
2007-07-04 19:09 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-07-04 16:34 24,040 --a------ C:\WINDOWS\system32\sysprinters.dll
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-07-09 16:04:03 -------- d-----w C:\Programme\ICQToolbar
2007-07-09 16:02:24 63,976 ----a-w C:\WINDOWS\system32\perfc007.dat
2007-07-09 16:02:24 391,574 ----a-w C:\WINDOWS\system32\perfh007.dat
2007-07-09 15:24:29 -------- d-----w C:\Programme\MSN Messenger
2007-06-29 22:54:26 -------- d-----w C:\Programme\Gemeinsame Dateien\Symantec Shared
2007-06-17 19:01:57 -------- d-----w C:\DOKUME~1\TUGCE\ANWEND~1\LimeWire
2007-06-06 22:33:05 -------- d-----w C:\Programme\Windows Live
2007-06-06 22:33:05 -------- d-----w C:\Programme\Messenger Plus! Live
2007-05-31 09:32:28 -------- d-----w C:\Programme\Gemeinsame Dateien\Deterministic Networks
2007-05-31 09:32:25 -------- d-----w C:\Programme\Cisco Systems
2007-05-16 15:11:44 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-04-25 14:22:27 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:13:24 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 20:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-16 20:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-16 20:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-16 20:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-16 20:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 20:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
2006-06-07 11:09 399352 --a------ C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}]
2006-10-10 11:18 701952 --a------ C:\PROGRA~1\ICQTOO~1\toolbaru.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2004-12-14 01:56 63136 --a------ C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
2006-07-07 12:29 324416 --a------ C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9394EDE7-C8B5-483E-8773-474BF36AF6E4}]
2004-08-13 18:42 155648 --a------ C:\Programme\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
2007-01-20 00:55 2427968 -ra------ c:\programme\google\googletoolbar2.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
2007-07-03 22:46 325048 --a------ C:\Programme\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
2006-01-17 17:04 282624 --a------ C:\Programme\MSN Apps\MSN Toolbar\01.02.5000.1021\de\msntb.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}]
2004-08-25 10:31 210048 --a------ C:\Programme\Norton AntiVirus\NavShExt.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Programme\Java\jre1.5.0\bin\jusched.exe" [2006-08-29 15:09]
"ATICCC"="C:\Programme\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 18:41]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-05 02:44 C:\WINDOWS\RTHDCPL.exe]
"@"="" []
"EDS"="C:\Programme\Samsung\Samsung EDS\EDSAgent.exe" [2006-03-28 13:27]
"SynTPEnh"="C:\Programme\Synaptics\SynTP\SynTPEnh.exe" [2005-12-07 23:44]
"AGRSMMSG"="AGRSMMSG.exe" [2006-06-29 22:32 C:\WINDOWS\AGRSMMSG.exe]
"AVStation Premium 3.75"="C:\Programme\Samsung\AVStation Premium 3.75\AVSAgent.exe" [2006-05-12 17:27]
"MagicKeyboard"="C:\Programme\SAMSUNG\MagicKBD\PreMKBD.exe" [2006-05-17 22:24]
"farstone"="" []
"RestoreIT!"="C:\Programme\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.exe" [2004-09-23 19:27]
"RemoteControl"="C:\Programme\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24]
"BatteryManager"="C:\Programme\Samsung\Samsung Battery Manager\BatteryManager.exe" [2006-04-25 14:05]
"DMHotKey"="C:\Programme\Samsung\DisplayManager\DMLoader.exe" [2005-11-23 11:18]
"DisplayManager"="C:\Programme\Samsung\DisplayManager\DisplayManager.exe" [2006-05-03 19:22]
"ccApp"="C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" [2004-08-25 09:33]
"msgdiscoveryx"="C:\Program Files\MessengerDiscovery\msgdiscoveryx.exe" []
"QuickTime Task"="C:\Programme\QuickTime\qttask.exe" [2006-10-25 19:58]
"iTunesHelper"="C:\Programme\iTunes\iTunesHelper.exe" [2006-10-30 10:36]
"BearShare"="C:\Programme\BearShare\BearShare.exe" []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00]
"MSMSGS"="C:\Programme\Messenger\msmsgs.exe" [2004-10-13 18:24]
"MessengerPlus3"="C:\Programme\MessengerPlus! 3\MsgPlus.exe" [2006-12-01 22:25]
"swg"="C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-03 22:46]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"ICQ Lite"=C:\Programme\ICQLite\ICQLite.exe -trayboot
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"InfoCockpit"=C:\Programme\T-Online\T-Online_Software_6\Info-Cockpit\INFOCOCKPIT.EXE /nosplash
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Usnsvc usnsvc
*Newly Created Service* - CATCHME
Contents of the 'Scheduled Tasks' folder
2007-07-06 18:42:39 C:\WINDOWS\tasks\Norton AntiVirus - Meinen Computer prüfen - TUGCE.job
**************************************************************************
catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-09 18:08:36
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-07-09 18:08:59
C:\ComboFix-quarantined-files.txt ... 2007-07-09 18:08
--- E O F ---
Logfile of HijackThis v1.99.1
Scan saved at 18:10:12, on 09.07.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Java\jre1.5.0\bin\jusched.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programme\Samsung\Samsung EDS\EDSAgent.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programme\Samsung\AVStation Premium 3.75\AVSAgent.exe
C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
C:\Programme\Samsung\Samsung Battery Manager\BatteryManager.exe
C:\Programme\Samsung\DisplayManager\DisplayManager.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\Samsung\DisplayManager\dmhkcore.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programme\SAMSUNG\MagicKBD\MagicKBD.exe
C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\kernel.exe
C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\sc_watch.exe
C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis2\PROFIL~1.EXE
C:\PROGRA~1\T-Online\T-ONLI~1\Notifier\Notifier.exe
C:\WINDOWS\explorer.exe
C:\Programme\ICQLite\ICQLite.exe
C:\Dokumente und Einstellungen\TUGCE\Eigene Dateien\ICQ Lite\308814441\MC_Double_B_302039418\hijackthis_199\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programme\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\01.02.5000.1021\de\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\01.02.5000.1021\de\msntb.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [EDS] C:\Programme\Samsung\Samsung EDS\EDSAgent.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [AVStation Premium 3.75] C:\Programme\Samsung\AVStation Premium 3.75\AVSAgent.exe
O4 - HKLM\..\Run: [MagicKeyboard] C:\Programme\SAMSUNG\MagicKBD\PreMKBD.exe
O4 - HKLM\..\Run: [RestoreIT!] "C:\Programme\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE" VBStart
O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [BatteryManager] C:\Programme\Samsung\Samsung Battery Manager\BatteryManager.exe
O4 - HKLM\..\Run: [DMHotKey] C:\Programme\Samsung\DisplayManager\DMLoader.exe
O4 - HKLM\..\Run: [DisplayManager] C:\Programme\Samsung\DisplayManager\DisplayManager.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [msgdiscoveryx] "C:\Program Files\MessengerDiscovery\msgdiscoveryx.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BearShare] "C:\Programme\BearShare\BearShare.exe" /pause
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programme\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: VPN Client.lnk = ?
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {34635AA6-B593-4F06-9EDD-5FF60FC13310} (Speaky Chat) - http://download.speakyweb.com/speakyldr.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://catlakkiz30041989.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D08CAD8E-D14F-4953-8BA7-50C10D3F75A5}: NameServer = 217.237.149.142 217.237.150.205
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatisches LiveUpdate - Scheduler - Symantec Corporation - C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Microsoft security update service (msupdate) - Unknown owner - c:\windows\system32\msvcrtd.exe
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Samsung Update Plus - Unknown owner - C:\Programme\Samsung\Samsung Update Plus\SLUBackgroundService.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: SNM WLAN Service - Unknown owner - C:\Programme\samsung\Samsung Network Manager\SNMWLANService.exe (file missing)
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: CC9C-82C5
Verzeichnis von C:\WINDOWS\system32
09.07.2007 18:02 380.684 perfh009.dat
09.07.2007 18:02 53.098 perfc009.dat
09.07.2007 18:02 391.574 perfh007.dat
09.07.2007 18:02 63.976 perfc007.dat
09.07.2007 18:02 897.778 PerfStringBackup.INI
09.07.2007 17:58 1.158 wpa.dbl
09.07.2007 17:00 12.419 form.txt
06.07.2007 21:48 35.840 msvcrtd.exe
06.07.2007 10:39 296.664 rtcshare.dll
04.07.2007 16:34 24.040 sysprinters.dll
06.06.2007 08:38 15.747.032 MRT.exe
16.05.2007 17:11 683.520 inetcomm.dll
08.05.2007 10:59 3.583.488 mshtml.dll
Und wie kriege ich den Virus jetzt weg?...achja das ist einer der schickt sich an jedem in der msn liste....
liebe Grüsse: Baris