Home » Spyware & Browser Hijacker Support Forum » Ich habe eine datei die 37,985.00 mb gros ist "Windows Safety Alert" » Themenansicht

Ich habe eine datei die 37,985.00 mb gros ist "Windows Safety Alert"
#0
10.07.2007, 16:56
moopzero
...neu hier

Beiträge: 5
#1 Also ich bin ein noob in sowas und weis net weiter die fenster nerven und ich weis netz weiter Hilfe bitte.
Seitenanfang Seitenende
10.07.2007, 17:05
Argus
Ehrenmitglied
Avatar Argus

Beiträge: 6028
#2 Arbeite das mal ab http://board.protecus.de/t23188.htm
__________
MfG Argus
Seitenanfang Seitenende
11.07.2007, 00:42
moopzero
...neu hier

Themenstarter

Beiträge: 5
#3 Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:41:44, on 11.07.2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe
C:\Programme\ICQLite\ICQLite.exe
C:\WINDOWS\System32\ZoneLabs\isafe.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Programme\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Programme\Gemeinsame Dateien\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\notepad.exe
C:\Dokumente und Einstellungen\Dennis\Desktop\hj\HJT.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1FC80E00-41B0-4F74-BC16-2C83ED49CAC9} - (no file)
O2 - BHO: (no name) - {733FD72F-103E-4B9E-BCB9-A76064AF3C72} - C:\WINDOWS\System32\jkkkhif.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: H - {AC1266E4-D472-4557-9A5C-F43E5C485453} - ferma12.dll (file missing)
O2 - BHO: (no name) - {B8C5186E-EC37-4889-9C2E-F73649FFB7BB} - C:\Programme\Video ActiveX Access\iesplg.dll (file missing)
O2 - BHO: (no name) - {F64FA245-A97D-40B8-A38A-AAAA2EBBAAD0} - C:\WINDOWS\System32\khhih.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Protection Bar - {DF4E7A0C-E233-4906-B4C1-A404356541FF} - C:\Programme\Video ActiveX Access\iesbpl.dll (file missing)
O4 - HKLM\..\Run: [AudioDeck] C:\Programme\VIA\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [WordPerfect Office 1215] C:\Programme\WordPerfect Office 12\Programs\Registration.exe /title="WordPerfect Office 12" /date=071607 serial=wo12wrx-0000035-uzu lang=DE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ICQ Lite] "C:\Programme\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: processes.txt
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyGaming.Net\PartyPokerNet\RunPF.exe
O16 - DPF: {00001023-A15C-11D4-97A4-0050BF0FBE67} (NetmarbleStarter23 Class) - http://download.netmarble.com/web/nmstarter/NMStarter23.cab
O16 - DPF: {00001024-A15C-11D4-97A4-0050BF0FBE67} (NetmarbleStarter24 Class) - http://download.netmarble.com/web/nmstarter/NMStarter24.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/CursorManiaFWBInitialSetup1.0.0.15-3.cab
O16 - DPF: {20050325-D35A-4233-926E-2E801AE25949} (NMJPStarter17 Class) - http://game.netmarble.jp/_common/cab/NMStarterJP7.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040105/qtinstall.info.apple.com/mickey/de/win/QuickTimeInstaller.exe
O16 - DPF: {6FC19219-C47E-4880-9A79-D218A1C374F9} (NMJTransX Control) - http://www.netmarble.jp/_common/cab/NMJTransX.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://msnde.oberon-media.com/online2/MSN_INTL_GERMANY/luxor_2/mjolauncher.cab
O16 - DPF: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B} - http://download.netmarble.com/kdefence/kdfense8237.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin10USA.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://arcade.icq.com/online/online2/bejeweled2/popcaploader_v6.cab
O18 - Protocol: bw+0 - {92055116-481B-4F48-A5DC-ABE4FDCE3B45} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {92055116-481B-4F48-A5DC-ABE4FDCE3B45} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {92055116-481B-4F48-A5DC-ABE4FDCE3B45} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {92055116-481B-4F48-A5DC-ABE4FDCE3B45} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {92055116-481B-4F48-A5DC-ABE4FDCE3B45} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {92055116-481B-4F48-A5DC-ABE4FDCE3B45} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {92055116-481B-4F48-A5DC-ABE4FDCE3B45} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {92055116-481B-4F48-A5DC-ABE4FDCE3B45} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {92055116-481B-4F48-A5DC-ABE4FDCE3B45} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {92055116-481B-4F48-A5DC-ABE4FDCE3B45} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {92055116-481B-4F48-A5DC-ABE4FDCE3B45} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {92055116-481B-4F48-A5DC-ABE4FDCE3B45} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {92055116-481B-4F48-A5DC-ABE4FDCE3B45} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {92055116-481B-4F48-A5DC-ABE4FDCE3B45} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {92055116-481B-4F48-A5DC-ABE4FDCE3B45} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {92055116-481B-4F48-A5DC-ABE4FDCE3B45} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {92055116-481B-4F48-A5DC-ABE4FDCE3B45} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {92055116-481B-4F48-A5DC-ABE4FDCE3B45} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {92055116-481B-4F48-A5DC-ABE4FDCE3B45} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {92055116-481B-4F48-A5DC-ABE4FDCE3B45} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {92055116-481B-4F48-A5DC-ABE4FDCE3B45} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {92055116-481B-4F48-A5DC-ABE4FDCE3B45} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {92055116-481B-4F48-A5DC-ABE4FDCE3B45} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {92055116-481B-4F48-A5DC-ABE4FDCE3B45} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {92055116-481B-4F48-A5DC-ABE4FDCE3B45} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {92055116-481B-4F48-A5DC-ABE4FDCE3B45} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {92055116-481B-4F48-A5DC-ABE4FDCE3B45} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {92055116-481B-4F48-A5DC-ABE4FDCE3B45} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {92055116-481B-4F48-A5DC-ABE4FDCE3B45} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {92055116-481B-4F48-A5DC-ABE4FDCE3B45} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {92055116-481B-4F48-A5DC-ABE4FDCE3B45} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {92055116-481B-4F48-A5DC-ABE4FDCE3B45} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {92055116-481B-4F48-A5DC-ABE4FDCE3B45} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {92055116-481B-4F48-A5DC-ABE4FDCE3B45} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {92055116-481B-4F48-A5DC-ABE4FDCE3B45} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {92055116-481B-4F48-A5DC-ABE4FDCE3B45} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {92055116-481B-4F48-A5DC-ABE4FDCE3B45} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {92055116-481B-4F48-A5DC-ABE4FDCE3B45} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {92055116-481B-4F48-A5DC-ABE4FDCE3B45} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {92055116-481B-4F48-A5DC-ABE4FDCE3B45} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {92055116-481B-4F48-A5DC-ABE4FDCE3B45} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {92055116-481B-4F48-A5DC-ABE4FDCE3B45} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {92055116-481B-4F48-A5DC-ABE4FDCE3B45} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {92055116-481B-4F48-A5DC-ABE4FDCE3B45} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {92055116-481B-4F48-A5DC-ABE4FDCE3B45} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {92055116-481B-4F48-A5DC-ABE4FDCE3B45} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {92055116-481B-4F48-A5DC-ABE4FDCE3B45} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {92055116-481B-4F48-A5DC-ABE4FDCE3B45} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {92055116-481B-4F48-A5DC-ABE4FDCE3B45} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {92055116-481B-4F48-A5DC-ABE4FDCE3B45} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {92055116-481B-4F48-A5DC-ABE4FDCE3B45} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {92055116-481B-4F48-A5DC-ABE4FDCE3B45} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {92055116-481B-4F48-A5DC-ABE4FDCE3B45} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {92055116-481B-4F48-A5DC-ABE4FDCE3B45} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {92055116-481B-4F48-A5DC-ABE4FDCE3B45} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {92055116-481B-4F48-A5DC-ABE4FDCE3B45} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {92055116-481B-4F48-A5DC-ABE4FDCE3B45} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {92055116-481B-4F48-A5DC-ABE4FDCE3B45} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {92055116-481B-4F48-A5DC-ABE4FDCE3B45} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {92055116-481B-4F48-A5DC-ABE4FDCE3B45} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {92055116-481B-4F48-A5DC-ABE4FDCE3B45} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {92055116-481B-4F48-A5DC-ABE4FDCE3B45} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {92055116-481B-4F48-A5DC-ABE4FDCE3B45} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {92055116-481B-4F48-A5DC-ABE4FDCE3B45} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {92055116-481B-4F48-A5DC-ABE4FDCE3B45} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {92055116-481B-4F48-A5DC-ABE4FDCE3B45} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {92055116-481B-4F48-A5DC-ABE4FDCE3B45} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {92055116-481B-4F48-A5DC-ABE4FDCE3B45} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {92055116-481B-4F48-A5DC-ABE4FDCE3B45} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {92055116-481B-4F48-A5DC-ABE4FDCE3B45} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {92055116-481B-4F48-A5DC-ABE4FDCE3B45} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {92055116-481B-4F48-A5DC-ABE4FDCE3B45} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {92055116-481B-4F48-A5DC-ABE4FDCE3B45} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {92055116-481B-4F48-A5DC-ABE4FDCE3B45} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {92055116-481B-4F48-A5DC-ABE4FDCE3B45} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {92055116-481B-4F48-A5DC-ABE4FDCE3B45} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {92055116-481B-4F48-A5DC-ABE4FDCE3B45} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: jkkkhif - jkkkhif.dll (file missing)
O20 - Winlogon Notify: khhih - C:\WINDOWS\System32\khhih.dll (file missing)
O20 - Winlogon Notify: rlx51dom - rlx51dom.dll (file missing)
O22 - SharedTaskScheduler: depreciable - {716002db-288c-4bf0-80cd-a467e78d8b55} - (no file)
O22 - SharedTaskScheduler: admissibility - {da3b49f6-8c54-4429-a275-21a86dcca413} - C:\WINDOWS\System32\xuoce.dll (file missing)
O23 - Service: AFSEGTGF Windows Service - Unknown owner - C:\WINDOWS\System32\dsykz.exe (file missing)
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\System32\ZoneLabs\isafe.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 19080 bytes






11.07.2007 00:28 392.432 perfh009.dat
11.07.2007 00:28 58.732 perfc009.dat
11.07.2007 00:28 405.448 perfh007.dat
11.07.2007 00:28 70.784 perfc007.dat
11.07.2007 00:28 938.224 PerfStringBackup.INI
11.07.2007 00:26 43.598 vsconfig.xml
11.07.2007 00:17 45 commands.xml
10.07.2007 17:02 246.272 clcl12.exe
10.07.2007 15:59 119.744 FNTCACHE.DAT
09.07.2007 23:50 2.206 wpa.dbl
09.07.2007 23:24 1 ps.dat
09.07.2007 23:24 45.309 ferma12.dll
09.07.2007 23:24 26.915 help.txt
09.07.2007 23:24 45.309 fertili.dll
Seitenanfang Seitenende
11.07.2007, 00:51
Argus
Ehrenmitglied
Avatar Argus

Beiträge: 6028
#4 @moopzero
So steht es da nicht beschrieben,wo ist das log von Combofix
__________
MfG Argus
Seitenanfang Seitenende
11.07.2007, 02:37
moopzero
...neu hier

Themenstarter

Beiträge: 5
#5 also die datei is komischer weise weg aber der speicher is noch nit da =(

"Dennis" - 2007-07-11 0:19:39 - ComboFix 07-07-10.1 - Service Pack 1

/wow section - STAGE #3

(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\cr3m.dll
C:\WINDOWS\system32\dmphvvrt.dll
C:\WINDOWS\system32\lpmhbgiu.dll
C:\WINDOWS\system32\ltwudrqw.dll
C:\WINDOWS\system32\oedjnokp.dll
C:\WINDOWS\system32\onscjekl.dll
C:\WINDOWS\system32\uyulmhjf.dll
C:\WINDOWS\system32\pkonjdeo.ini


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOKUME~1\Dennis\ANWEND~1.\macromedia\Flash Player\#SharedObjects\HG3T372P\www.broadcaster.com
C:\DOKUME~1\Dennis\ANWEND~1.\macromedia\Flash Player\#SharedObjects\HG3T372P\www.broadcaster.com\played_list.sol
C:\DOKUME~1\Dennis\ANWEND~1.\macromedia\Flash Player\#SharedObjects\HG3T372P\www.broadcaster.com\video_queue.sol
C:\DOKUME~1\Dennis\ANWEND~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\DOKUME~1\Dennis\ANWEND~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Dokumente und Einstellungen\Dennis.\err.log
C:\Dokumente und Einstellungen\Dennis.\ResErrors.log
C:\Programme\Gemeinsame Dateien\winantivirus pro 2006
C:\Programme\Gemeinsame Dateien\winantivirus pro 2006\err.log
C:\Programme\Gemeinsame Dateien\winantivirus pro 2006\WapCHK.dll
C:\Programme\Gemeinsame Dateien\winantivirus pro 2007
C:\Programme\Gemeinsame Dateien\winantivirus pro 2007\err.log
C:\Programme\Gemeinsame Dateien\winantivirus pro 2007\mfc71.dll
C:\Programme\Gemeinsame Dateien\winantivirus pro 2007\msvcp71.dll
C:\Programme\Gemeinsame Dateien\winantivirus pro 2007\msvcr71.dll
C:\Programme\Gemeinsame Dateien\winantivirus pro 2007\up.dat
C:\Programme\spycrush 3.1
C:\Programme\spycrush 3.1\ignored.lst
C:\Programme\spycrush 3.1\sd.ini
C:\Programme\spycrush 3.1\SpyCrush 3.1.exe
C:\Programme\SpyLocked 3.6
C:\Programme\SpyLocked 3.6\ignored.lst
C:\Programme\SpyLocked 3.6\sd.ini
C:\Programme\SpyLocked 3.6\SpyLocked 3.6.exe
C:\Programme\video activex access
C:\Programme\video activex access\iesbpl.dll
C:\Programme\video activex access\iesbunst.exe
C:\Programme\video activex access\imsmn.exe
C:\Programme\video activex access\imsunst.exe
C:\Programme\video activex access\ot.ico
C:\Programme\video activex access\ts.ico
C:\Programme\video activex access\uninst.exe
C:\Programme\video ax object
C:\Programme\video ax object\ot.ico
C:\Programme\video ax object\ts.ico
C:\UWA7P
C:\WINDOWS\aapfr.exe
C:\WINDOWS\mywinsys.ini
C:\WINDOWS\system32\boa.dat
C:\WINDOWS\system32\ckimzeb.dll
C:\WINDOWS\system32\codif123.dll
C:\WINDOWS\system32\cookie.dat
C:\WINDOWS\system32\cr3m.dll
C:\WINDOWS\system32\drivers\asc3550u.sys
C:\WINDOWS\system32\info.txt
C:\WINDOWS\system32\ipv6monk.dll
C:\WINDOWS\system32\ipv6monl.dll
C:\WINDOWS\system32\ksl48.bin
C:\WINDOWS\system32\nvs2.inf
C:\WINDOWS\system32\rtwwf.exe
C:\WINDOWS\system32\sgtomjp.dat
C:\WINDOWS\system32\sgtomjp.exe
C:\WINDOWS\system32\sgtomjp_nav.dat
C:\WINDOWS\system32\sgtomjp_navps.dat
C:\WINDOWS\system32\svehost.exe


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_FWDRV.SYS
-------\asc3550u
-------\fwdrv.sys
-------\vspf


((((((((((((((((((((((((( Files Created from 2007-06-10 to 2007-07-10 )))))))))))))))))))))))))))))))


2007-07-11 00:19 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-10 17:05 <DIR> d-------- C:\WINDOWS\LastGood.Tmp
2007-07-10 17:02 246,272 --a------ C:\WINDOWS\system32\clcl12.exe
2007-07-09 23:24 45,309 --a------ C:\WINDOWS\system32\fertili.dll
2007-07-09 23:24 45,309 --a------ C:\WINDOWS\system32\ferma12.dll
2007-07-09 23:24 1 --a------ C:\WINDOWS\system32\ps.dat
2007-07-06 17:56 <DIR> d-------- C:\DOKUME~1\Dennis\ANWEND~1\dvdcss
2007-07-06 15:00 113,880 --a------ C:\WINDOWS\jsa8asfd.exe
2007-07-06 10:10 1,617 --a------ C:\WINDOWS\2z6r5ztf.exe
2007-07-05 15:11 <DIR> d-------- C:\Programme\Take2
2007-07-05 01:35 37,854 --a------ C:\0x57.exe
2007-07-02 14:09 51,584 --a------ C:\WINDOWS\system32\drivers\i8042prt.sys
2007-07-02 14:09 24,064 --a------ C:\WINDOWS\system32\drivers\kbdclass.sys
2007-07-02 14:09 22,528 --a------ C:\WINDOWS\system32\drivers\mouclass.sys
2007-07-02 12:13 28,160 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-07-02 12:13 20,480 --a------ C:\WINDOWS\system32\hidserv.dll
2007-06-30 18:05 <DIR> d-------- C:\Programme\StepMania
2007-06-29 21:18 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\Google
2007-06-28 21:24 <DIR> d-------- C:\Programme\Ò½ï¢Ö›¶‡
2007-06-27 17:42 <DIR> d-------- C:\Programme\Metin2
2007-06-27 13:07 45,617 --a------ C:\WINDOWS\winbbo.exe
2007-06-27 13:07 2,048 --a------ C:\WINDOWS\winrmv.exe
2007-06-25 22:24 <DIR> d-------- C:\DOKUME~1\Dennis\ANWEND~1\BYOND
2007-06-25 22:23 <DIR> d-------- C:\Programme\BYOND
2007-06-25 18:43 <DIR> d--h----- C:\DOKUME~1\Dennis\ANWEND~1\ijjigame
2007-06-24 15:49 <DIR> d-------- C:\WINDOWS\LogFiles
2007-06-24 00:34 <DIR> d-------- C:\Programme\Games-Masters.com
2007-06-22 16:30 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-06-11 02:04 0 -ra------ C:\logwmemory.bin
2007-06-11 02:02 <DIR> d-------- C:\Soldat


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-10 22:28:14 70,784 ----a-w C:\WINDOWS\system32\perfc007.dat
2007-07-10 22:28:14 405,448 ----a-w C:\WINDOWS\system32\perfh007.dat
2007-07-10 19:57:39 -------- d-----w C:\DOKUME~1\Dennis\ANWEND~1\teamspeak2
2007-07-10 19:33:23 -------- d-----w C:\DOKUME~1\Dennis\ANWEND~1\uTorrent
2007-07-10 15:38:59 -------- d-----w C:\Programme\QuickTime
2007-07-10 15:36:17 -------- d--h--w C:\Programme\InstallShield Installation Information
2007-07-10 15:14:42 -------- d-----w C:\Programme\KONAMI
2007-07-10 13:50:17 -------- d-----w C:\Programme\SimpleScreenshot
2007-07-10 13:45:20 -------- d-----w C:\Programme\Gemeinsame Dateien\Real
2007-07-10 13:45:18 -------- d-----w C:\DOKUME~1\Dennis\ANWEND~1\Real
2007-07-10 13:41:51 -------- d-----w C:\Programme\Diablo II
2007-07-09 23:12:50 -------- d-----w C:\Programme\ICQLite
2007-07-05 14:59:11 -------- d-----w C:\DOKUME~1\Dennis\ANWEND~1\Hamachi
2007-07-04 23:35:46 167,552 ----a-w C:\WINDOWS\system32\drivers\ndis.sys
2007-07-04 13:33:25 -------- d-----w C:\Programme\Teamspeak2_RC2
2007-07-03 21:56:55 -------- d-----w C:\DOKUME~1\Dennis\ANWEND~1\LimeWire
2007-06-28 19:24:37 -------- d-----w C:\Programme\Ê¢´óÍøÂç
2007-06-23 12:59:25 -------- d-----w C:\Programme\PartyGaming.Net
2007-06-17 10:27:24 -------- d-----w C:\Programme\Conquer 2.0
2007-06-15 22:12:32 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2007-06-10 19:52:19 -------- d-----w C:\Programme\ICQToolbar
2007-06-08 20:41:16 -------- d-----w C:\DOKUME~1\Dennis\ANWEND~1\Thies Gerken
2007-06-08 13:22:32 -------- d-----w C:\DOKUME~1\Dennis\ANWEND~1\Logitech
2007-06-08 13:19:15 118,784 ------r C:\WINDOWS\bwUnin-7.2.0.137-8876480SL.exe
2007-06-08 13:18:59 -------- d-----w C:\Programme\Logitech
2007-06-08 13:17:58 -------- d-----w C:\Programme\Gemeinsame Dateien\Logitech
2007-06-07 10:41:48 388,096 ----a-w C:\WINDOWS\system32\oceuewxu.exe
2007-06-05 21:29:06 -------- d-----w C:\Programme\LittleFighter2
2007-06-05 10:40:16 -------- d-----w C:\Programme\MyWebSearch
2007-06-04 21:08:02 -------- d-----w C:\Programme\MSN Messenger
2007-06-04 18:51:25 -------- d-----w C:\Programme\FunWebProducts
2007-06-04 18:49:22 -------- d-----w C:\DOKUME~1\Dennis\ANWEND~1\FunWebProducts
2007-06-03 20:58:51 28,440 ---ha-w C:\WINDOWS\Adulti.exe
2007-05-31 13:30:16 -------- d-----w C:\DOKUME~1\Dennis\ANWEND~1\Corel
2007-05-27 19:42:34 1,021,504 ----a-w C:\WINDOWS\system32\vete.dll
2007-05-27 19:42:19 645,904 ----a-w C:\WINDOWS\system32\drivers\vetmonnt.sys
2007-05-27 19:42:19 115,088 ----a-w C:\WINDOWS\system32\drivers\vetfddnt.sys
2007-05-27 19:19:45 4,212 ---h--w C:\WINDOWS\system32\zllictbl.dat
2007-05-27 15:37:41 -------- d-----w C:\Programme\Sudden Strike II
2007-05-27 15:37:36 -------- d-----w C:\Programme\Lavalys
2007-05-27 15:37:34 -------- d-----w C:\Programme\Gemeinsame Dateien\Oberon Media
2007-05-26 19:07:31 -------- d-----w C:\Programme\Oberon Media
2007-05-17 16:30:12 -------- d-----w C:\Programme\uTorrent
2007-05-15 16:31:04 -------- d-----w C:\Programme\Steganos Tuning 7
2007-05-14 22:09:20 -------- d-----w C:\DOKUME~1\Dennis\ANWEND~1\ICQ Toolbar
2007-05-13 18:25:50 -------- d-----w C:\Programme\KaM - The Peasants Rebellion
2007-05-12 12:50:56 -------- d-----w C:\Programme\Blitzkrieg 2 Demo
2007-05-08 20:50:45 172,032 --sh--r C:\WINDOWS\system32\winsys32_070414.dll
2007-05-08 11:48:08 608,971 --sh--w C:\WINDOWS\system32\hihhk.bak2
2007-05-07 19:44:47 2,177,024 ----a-w C:\WINDOWS\system32\TUKernel.exe
2007-05-07 13:23:29 4,130 ----a-w C:\sysblrc.exe
2007-04-24 13:30:04 204,800 ----a-w C:\WINDOWS\system32\NMJ_Util.exe
2007-04-19 13:59:55 164,902,513 ----a-w C:\WINDOWS\DJMAX400.exe
2007-04-16 20:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-16 20:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-16 20:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-16 20:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-16 20:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 20:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-16 07:58:16 528,384 ----a-w C:\WINDOWS\NMWizardJP7.exe
2007-04-16 07:57:40 77,824 ----a-w C:\WINDOWS\NMUninstJP7.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2006-10-22 23:08 62080 --a------ C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1FC80E00-41B0-4F74-BC16-2C83ED49CAC9}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{733FD72F-103E-4B9E-BCB9-A76064AF3C72}]
C:\WINDOWS\System32\jkkkhif.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
2006-08-31 21:33 322368 --a------ C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AC1266E4-D472-4557-9A5C-F43E5C485453}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B8C5186E-EC37-4889-9C2E-F73649FFB7BB}]
C:\Programme\Video ActiveX Access\iesplg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F64FA245-A97D-40B8-A38A-AAAA2EBBAAD0}]
C:\WINDOWS\System32\khhih.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AudioDeck"="C:\Programme\VIA\VIAudioi\SBADeck\ADeck.exe" [2006-11-02 17:57]
"QuickTime Task"="C:\Programme\QuickTime\qttask.exe" [2007-03-24 04:49]
"ISUSPM Startup"="C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 06:03]
"ISUSScheduler"="C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" [2004-06-16 06:03]
"WordPerfect Office 1215"="C:\Programme\WordPerfect Office 12\Programs\Registration.exe" []
"Adobe Photo Downloader"="C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-23 20:33]
"ICQ Lite"="C:\Programme\ICQLite\ICQLite.exe" [2006-07-11 12:06]
"Adobe Reader Speed Launcher"="C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2002-08-29 04:43]
"msnmsgr"="C:\Programme\MSN Messenger\msnmsgr.exe" [2007-01-19 13:55]
"LDM"="C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-06-08 15:19]
"SimpleScreenshot"="" []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"ICQ Lite"=C:\Programme\ICQLite\ICQLite.exe -trayboot

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{da3b49f6-8c54-4429-a275-21a86dcca413}"="C:\WINDOWS\System32\xuoce.dll" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{733FD72F-103E-4B9E-BCB9-A76064AF3C72}"="C:\WINDOWS\System32\jkkkhif.dll" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkkhif]
jkkkhif.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khhih]
C:\WINDOWS\System32\khhih.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rlx51dom]
rlx51dom.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - netsvcs
UxTuneUp

*Newly Created Service* - ALG
*Newly Created Service* - IPNAT

Contents of the 'Scheduled Tasks' folder
2007-07-06 15:15:00 C:\WINDOWS\tasks\1-Klick-Wartung.job

**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-11 00:25:38
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-11 0:32:48 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-11 00:30

--- E O F ---

und denn hab ich noch das

Code

2004-10-07 14:39      1060864    --a------    C:\Qoobox\Quarantine\C\Programme\Gemeinsame Dateien\WinAntiVirus Pro 2007\mfc71.dll.vir
2004-10-07 14:39      348160    --a------    C:\Qoobox\Quarantine\C\Programme\Gemeinsame Dateien\WinAntiVirus Pro 2007\msvcr71.dll.vir
2004-10-07 14:39      499712    --a------    C:\Qoobox\Quarantine\C\Programme\Gemeinsame Dateien\WinAntiVirus Pro 2007\msvcp71.dll.vir
2006-09-29 18:20      48128    --a------    C:\Qoobox\Quarantine\C\Programme\Gemeinsame Dateien\WinAntiVirus Pro 2006\WapCHK.dll.vir
2007-02-09 16:13      30    --a------    C:\Qoobox\Quarantine\C\Programme\Gemeinsame Dateien\WinAntiVirus Pro 2007\up.dat.vir
2007-04-02 00:59      630784    --a------    C:\Qoobox\Quarantine\C\WINDOWS\aapfr.exe.vir
2007-04-02 00:59      630784    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\rtwwf.exe.vir
2007-04-02 01:09      0    --a------    C:\Qoobox\Quarantine\C\Programme\Gemeinsame Dateien\WinAntiVirus Pro 2007\err.log.vir
2007-04-02 01:15      0    --a------    C:\Qoobox\Quarantine\C\Dokumente und Einstellungen\Dennis\err.log.vir
2007-04-02 01:18      1716    --a------    C:\Qoobox\Quarantine\C\Dokumente und Einstellungen\Dennis\ResErrors.log.vir
2007-04-02 11:13      0    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\ksl48.bin.vir
2007-04-02 21:01      48708    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\uyulmhjf.dll.vir
2007-04-03 13:19      89    --a------    C:\Qoobox\Quarantine\C\DOKUME~1\Dennis\ANWEND~1\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol.vir
2007-04-08 15:10      0    --a------    C:\Qoobox\Quarantine\C\Programme\Gemeinsame Dateien\WinAntiVirus Pro 2006\err.log.vir
2007-04-09 15:17      22    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\nvs2.inf.vir
2007-04-16 15:58      417    --a------    C:\Qoobox\Quarantine\C\WINDOWS\mywinsys.ini.vir
2007-04-18 14:20      125460    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\ltwudrqw.dll.vir
2007-04-19 14:48      73728    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\svehost.exe.vir
2007-04-26 21:01      49204    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\lpmhbgiu.dll.vir
2007-04-28 21:02      131604    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\onscjekl.dll.vir
2007-05-04 18:54      132660    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\oedjnokp.dll.vir
2007-05-05 17:34      2580480    --a------    C:\Qoobox\Quarantine\C\Programme\SpyLocked 3.6\SpyLocked 3.6.exe.vir
2007-05-06 00:00      4286    --a------    C:\Qoobox\Quarantine\C\Programme\Video AX Object\ot.ico.vir
2007-05-06 00:00      4286    --a------    C:\Qoobox\Quarantine\C\Programme\Video AX Object\ts.ico.vir
2007-05-06 00:02      0    --a------    C:\Qoobox\Quarantine\C\Programme\SpyLocked 3.6\ignored.lst.vir
2007-05-06 00:02      356    --a------    C:\Qoobox\Quarantine\C\Programme\SpyLocked 3.6\sd.ini.vir
2007-05-06 19:43      131604    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\dmphvvrt.dll.vir
2007-05-08 15:19      2007    --a------    C:\Qoobox\Quarantine\C\DOKUME~1\Dennis\ANWEND~1\Macromedia\Flash Player\#SharedObjects\HG3T372P\www.broadcaster.com\video_queue.sol.vir
2007-05-08 15:19      241    --a------    C:\Qoobox\Quarantine\C\DOKUME~1\Dennis\ANWEND~1\Macromedia\Flash Player\#SharedObjects\HG3T372P\www.broadcaster.com\played_list.sol.vir
2007-06-07 16:27      1822720    --a------    C:\Qoobox\Quarantine\C\Programme\SpyCrush 3.1\SpyCrush 3.1.exe.vir
2007-06-08 17:07      8192    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\ckimzeb.dll.vir
2007-06-08 17:15      12800    --a------    C:\Qoobox\Quarantine\C\Programme\Video ActiveX Access\iesbunst.exe.vir
2007-06-08 17:15      24576    --a------    C:\Qoobox\Quarantine\C\Programme\Video ActiveX Access\imsunst.exe.vir
2007-06-08 17:15      37482    --a------    C:\Qoobox\Quarantine\C\Programme\Video ActiveX Access\uninst.exe.vir
2007-06-08 17:15      4286    --a------    C:\Qoobox\Quarantine\C\Programme\Video ActiveX Access\ot.ico.vir
2007-06-08 17:15      4286    --a------    C:\Qoobox\Quarantine\C\Programme\Video ActiveX Access\ts.ico.vir
2007-06-08 17:15      66048    --a------    C:\Qoobox\Quarantine\C\Programme\Video ActiveX Access\iesbpl.dll.vir
2007-06-08 17:15      6656    --a------    C:\Qoobox\Quarantine\C\Programme\Video ActiveX Access\imsmn.exe.vir
2007-06-08 17:17      0    --a------    C:\Qoobox\Quarantine\C\Programme\SpyCrush 3.1\ignored.lst.vir
2007-06-08 17:17      356    --a------    C:\Qoobox\Quarantine\C\Programme\SpyCrush 3.1\sd.ini.vir
2007-06-14 23:49      42551    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\cr3m.dll.vir
2007-07-04 05:41      83124    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\ipv6monl.dll.vir
2007-07-05 01:36      45135    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\codif123.dll.vir
2007-07-06 15:00      81624    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\ipv6monk.dll.vir
2007-07-09 23:24      1    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\boa.dat.vir
2007-07-09 23:24      1    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\cookie.dat.vir
2007-07-10 17:02      67936    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\asc3550u.sys.vir
2007-07-10 17:39      262465    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\sgtomjp_nav.dat.vir
2007-07-10 17:39      269824    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\sgtomjp.exe.vir
2007-07-10 22:16      17816    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\info.txt.vir
2007-07-11 00:19      1110945    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\pkonjdeo.ini.vir
2007-07-11 00:22      1122    --a------    C:\Qoobox\Quarantine\Registry_backups\services_fwdrv.reg.cf
2007-07-11 00:22      1346    --a------    C:\Qoobox\Quarantine\Registry_backups\LEGACY_FWDRV.SYS.reg.cf
2007-07-11 00:22      2496    --a------    C:\Qoobox\Quarantine\Registry_backups\services_vspf.reg.cf
2007-07-11 00:22      732    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\sgtomjp_navps.dat.vir
2007-07-11 00:22      7409    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\sgtomjp.dat.vir
2007-07-11 00:22      780    --a------    C:\Qoobox\Quarantine\Registry_backups\services_asc3550u.reg.cf


Auflistung der Ordnerpfade
Volumenummer: 71F3E346 84D8:11A5
C:\QOOBOX
\---Quarantine
    +---C
    |   +---Dokumente und Einstellungen
    |   |   \---Dennis
    |   |           err.log.vir
    |   |           ResErrors.log.vir
    |   |           
    |   +---DOKUME~1
    |   |   \---Dennis
    |   |       \---ANWEND~1
    |   |           \---Macromedia
    |   |               \---Flash Player
    |   |                   +---#SharedObjects
    |   |                   |   \---HG3T372P
    |   |                   |       \---www.broadcaster.com
    |   |                   |               played_list.sol.vir
    |   |                   |               video_queue.sol.vir
    |   |                   |               
    |   |                   \---macromedia.com
    |   |                       \---support
    |   |                           \---flashplayer
    |   |                               \---sys
    |   |                                   \---#www.broadcaster.com
    |   |                                           settings.sol.vir
    |   |                                           
    |   +---Programme
    |   |   +---Gemeinsame Dateien
    |   |   |   +---WinAntiVirus Pro 2006
    |   |   |   |       err.log.vir
    |   |   |   |       WapCHK.dll.vir
    |   |   |   |       
    |   |   |   \---WinAntiVirus Pro 2007
    |   |   |           err.log.vir
    |   |   |           mfc71.dll.vir
    |   |   |           msvcp71.dll.vir
    |   |   |           msvcr71.dll.vir
    |   |   |           up.dat.vir
    |   |   |           
    |   |   +---SpyCrush 3.1
    |   |   |       ignored.lst.vir
    |   |   |       sd.ini.vir
    |   |   |       SpyCrush 3.1.exe.vir
    |   |   |       
    |   |   +---SpyLocked 3.6
    |   |   |       ignored.lst.vir
    |   |   |       sd.ini.vir
    |   |   |       SpyLocked 3.6.exe.vir
    |   |   |       
    |   |   +---Video ActiveX Access
    |   |   |       iesbpl.dll.vir
    |   |   |       iesbunst.exe.vir
    |   |   |       imsmn.exe.vir
    |   |   |       imsunst.exe.vir
    |   |   |       ot.ico.vir
    |   |   |       ts.ico.vir
    |   |   |       uninst.exe.vir
    |   |   |       
    |   |   \---Video AX Object
    |   |           ot.ico.vir
    |   |           ts.ico.vir
    |   |           
    |   \---WINDOWS
    |       |   aapfr.exe.vir
    |       |   mywinsys.ini.vir
    |       |   
    |       \---system32
    |           |   boa.dat.vir
    |           |   ckimzeb.dll.vir
    |           |   codif123.dll.vir
    |           |   cookie.dat.vir
    |           |   cr3m.dll.vir
    |           |   dmphvvrt.dll.vir
    |           |   info.txt.vir
    |           |   ipv6monk.dll.vir
    |           |   ipv6monl.dll.vir
    |           |   ksl48.bin.vir
    |           |   lpmhbgiu.dll.vir
    |           |   ltwudrqw.dll.vir
    |           |   nvs2.inf.vir
    |           |   oedjnokp.dll.vir
    |           |   onscjekl.dll.vir
    |           |   pkonjdeo.ini.vir
    |           |   rtwwf.exe.vir
    |           |   sgtomjp.dat.vir
    |           |   sgtomjp.exe.vir
    |           |   sgtomjp_nav.dat.vir
    |           |   sgtomjp_navps.dat.vir
    |           |   svehost.exe.vir
    |           |   uyulmhjf.dll.vir
    |           |   
    |           \---drivers
    |                   asc3550u.sys.vir
    |                   
    \---Registry_backups
            LEGACY_FWDRV.SYS.reg.cf
            services_asc3550u.reg.cf
            services_fwdrv.reg.cf
            services_vspf.reg.cf
            
Seitenanfang Seitenende
11.07.2007, 02:45
Argus
Ehrenmitglied
Avatar Argus

Beiträge: 6028
#6 @Dennis
Wie kann man eigenlich ohne Virenscanner im Netz rundhüpfen ;)
__________
MfG Argus
Seitenanfang Seitenende
11.07.2007, 03:56
moopzero
...neu hier

Themenstarter

Beiträge: 5
#7 ich have zone alarm mehr aber auch nich und wie bekomm ich jez den verlorenen speicher wieder her?? also was soll ich jetz tun und woher kannst du das eig ? ^^
Seitenanfang Seitenende
11.07.2007, 10:19
Argus
Ehrenmitglied
Avatar Argus

Beiträge: 6028
#8 Entferne auf C:\Qoobox Papierkorb leeren
Entferne ComboFix

Schliesse alle Fenster und starte Hijack This
Klicke: Do a Systemscan only
Setze ein Häckchen in das Kästchen vor den genannten Eintrag bei

O2 - BHO: (no name) - {1FC80E00-41B0-4F74-BC16-2C83ED49CAC9} - (no file)
O2 - BHO: (no name) - {733FD72F-103E-4B9E-BCB9-A76064AF3C72} - C:\WINDOWS\System32\jkkkhif.dll (file missing)
O2 - BHO: H - {AC1266E4-D472-4557-9A5C-F43E5C485453} - ferma12.dll (file missing)
O2 - BHO: (no name) - {B8C5186E-EC37-4889-9C2E-F73649FFB7BB} - C:\Programme\Video ActiveX Access\iesplg.dll (file missing)
O2 - BHO: (no name) - {F64FA245-A97D-40B8-A38A-AAAA2EBBAAD0} - C:\WINDOWS\System32\khhih.dll (file missing)
O3 - Toolbar: Protection Bar - {DF4E7A0C-E233-4906-B4C1-A404356541FF} - C:\Programme\Video ActiveX Access\iesbpl.dll (file missing)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/CursorManiaFWBInitialSetup1.0.0.15-3.cab
O20 - Winlogon Notify: jkkkhif - jkkkhif.dll (file missing)
O20 - Winlogon Notify: khhih - C:\WINDOWS\System32\khhih.dll (file missing)
O20 - Winlogon Notify: rlx51dom - rlx51dom.dll (file missing)
O22 - SharedTaskScheduler: depreciable - {716002db-288c-4bf0-80cd-a467e78d8b55} - (no file)
O22 - SharedTaskScheduler: admissibility - {da3b49f6-8c54-4429-a275-21a86dcca413} - C:\WINDOWS\System32\xuoce.dll (file missing)
O23 - Service: AFSEGTGF Windows Service - Unknown owner - C:\WINDOWS\System32\dsykz.exe (file missing)

klicke:Fix checked

Dein Internet Explorer muss geschlossen wenn Du Fix Checked klickst

Scanne mit AVG Anti Spyware 7.5 http://board.protecus.de/t29853.htm
Scanne mit Ewido Micro
Scanne mit DrWeb http://board.protecus.de/t29350.htm

Installiere Antivir
Stelle Antivir so ein wie hier beschrieben http://board.protecus.de/t23979.htm

Download ComboFix zum Desktop
Doppelklick combofix.exe
Folge den Instruktionen in das Fenster
Waehrend Combofix lauft NICHT ins Fenster klicken sonst erfriert dein Rechner
Wenn das Tool fertig ist,oeffnet sich ein logfile(combofix.txt).
Kopiere den Inhalt des Berichts C:/Combofix/combofix.txt in dein folgender Bericht
zuzammen mit ein log von HijackThis
__________
MfG Argus
Seitenanfang Seitenende
13.07.2007, 01:49
moopzero
...neu hier

Themenstarter

Beiträge: 5
#9 also sry aber pc sprache kapier ich net alles nitte langsam und schritt für schritt ^^ thx
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:
Seite(n): 1