Glaube bin etwas veseucht |
||
---|---|---|
#0
| ||
24.07.2007, 12:35
Member
Beiträge: 123 |
||
|
||
24.07.2007, 13:03
Ehrenmitglied
Beiträge: 6028 |
||
|
||
25.07.2007, 00:02
Member
Themenstarter Beiträge: 123 |
#3
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:58, on 2007-07-24 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programme\Silicon Integrated Systems\SiSRaidPackage\hot_plug.exe C:\Programme\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE C:\Programme\CyberLink\PowerDVD\PDVDServ.exe C:\Programme\Java\jre1.6.0_02\bin\jusched.exe C:\Programme\Gemeinsame Dateien\AOL\1179169693\ee\AOLSoftware.exe C:\Programme\iTunes\iTunesHelper.exe C:\Programme\Messenger\msmsgs.exe C:\Programme\GMX\GMX SMS-Manager\SMSMngr.exe C:\Programme\WEB.DE\WEB.DE SmartDrive Manager\DAVSRV.EXE C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\sistray.exe C:\Programme\AntiVir PersonalEdition Classic\sched.exe C:\Programme\AntiVir PersonalEdition Classic\avguard.exe C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\PAStiSvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\Programme\iPod\bin\iPodService.exe C:\Programme\MSN Messenger\usnsvc.exe C:\Programme\Mozilla Firefox\firefox.exe C:\WINDOWS\explorer.exe C:\Programme\WinRAR\WinRAR.exe C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\Rar$EX00.063\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: (no name) - {F51BB9BC-0E3F-469D-89FC-27123379DC4C} - C:\WINDOWS\system32\mmcshexu.dll O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Hotplug] C:\Programme\Silicon Integrated Systems\SiSRaidPackage\hot_plug.exe O4 - HKLM\..\Run: [SiSRaid] C:\Programme\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [ICQ Lite] "C:\Programme\ICQLite\ICQLite.exe" -minimize O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600" O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [HostManager] C:\Programme\Gemeinsame Dateien\AOL\1179169693\ee\AOLSoftware.exe O4 - HKLM\..\Run: [IPHSend] C:\Programme\Gemeinsame Dateien\AOL\IPHSend\IPHSend.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [GMX SMS-Manager] C:\Programme\GMX\GMX SMS-Manager\SMSMngr.exe O4 - HKCU\..\Run: [WEB.DE_WEB.DE SmartDrive Manager] "C:\Programme\WEB.DE\WEB.DE SmartDrive Manager\DAVSRV.EXE" /hide O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [GMX_GMX MultiMessenger] "C:\Programme\GMX\GMX MultiMessenger\MESSENGR.EXE" /hide O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: VP-EYE.lnk = C:\VP-EYE\control\vpeyev4.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Programme\MP3 Player Utilities 3.79\AMVConverter\grab.html O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Programme\MP3 Player Utilities 3.79\MediaManager\grab.html O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://thomas-jenal.spaces.live.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1142775826421 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe -- End of file - 7078 bytes |
|
|
||
25.07.2007, 00:05
Member
Themenstarter Beiträge: 123 |
#4
.
. Bitte nur die Eintraege der letzten 3 Monate pro Ordner posten . . Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: DCAC-9F8C Verzeichnis von C:\WINDOWS\system32 2007-07-24 12:38 2,206 wpa.dbl 2007-07-22 18:39 279,552 swreg.exe 2007-07-20 12:08 5,214 jupdate-1.6.0_02-b06.log 2007-07-12 02:22 139,264 javaws.exe 2007-07-12 02:22 69,632 javacpl.cpl 2007-07-12 01:22 135,168 javaw.exe 2007-07-12 01:22 135,168 java.exe 2007-07-09 04:32 127,704 FNTCACHE.DAT 2007-06-29 06:24 49,152 QuickTime.qts 2007-06-29 06:24 65,536 QuickTimeVR.qtx 2007-06-28 09:57 16,256,984 MRT.exe 2007-06-14 06:22 316,924 perfh007.dat 2007-06-14 06:22 40,128 perfc009.dat 2007-06-14 06:22 311,740 perfh009.dat 2007-06-14 06:22 48,354 perfc007.dat 2007-06-14 06:22 723,744 PerfStringBackup.INI 2007-06-06 19:30 13,840 wnaspi32.dll 2007-05-16 17:11 683,520 inetcomm.dll 2007-05-11 19:54 4,816 divxsm.tlb 2007-05-11 19:54 524,288 DivXsm.exe 2007-05-11 06:37 823,296 divx_xx07.dll 2007-05-11 06:37 823,296 divx_xx0c.dll 2007-05-11 06:37 802,816 divx_xx11.dll 2007-05-11 06:37 740,442 DivX.dll 2007-05-11 03:32 638,976 divxdec.ax 2007-05-04 14:27 3,079,680 mshtml.dll 2007-04-25 16:22 144,896 schannel.dll 2007-04-24 11:32 1,485,696 LegitCheckControl.dll 2007-04-23 02:15 10,152 dsm_de.qm 2007-04-23 02:15 3,596,288 qt-dx331.dll 2007-04-23 02:15 1,044,480 libdivx.dll 2007-04-23 02:15 200,704 ssldivx.dll 2007-04-23 02:02 73,728 dpl100.dll 2007-04-23 02:02 196,608 dtu100.dll 2007-04-23 02:02 53,248 dpuGUI10.dll 2007-04-23 02:02 593,920 dpuGUI11.dll 2007-04-23 02:02 344,064 dpus11.dll 2007-04-23 02:02 57,344 dpv11.dll 2007-04-23 02:02 294,912 dpu11.dll 2007-04-23 02:02 294,912 dpu10.dll 2007-04-23 02:02 352,401 DivXMedia.ax 2007-04-23 02:01 12,288 DivXWMPExtType.dll 2007-04-23 02:01 124,472 DivXCodecUpdateChecker.exe 2007-04-23 02:01 8,523 dpude.qm 2007-04-23 02:01 3,136 dtu_de.qm 2007-04-20 16:53 4,254 jupdate-1.6.0_01-b06.log 2007-04-18 18:13 2,854,400 msi.dll 2007-04-18 14:31 664,576 wininet.dll 2007-04-18 14:31 617,472 urlmon.dll 2007-04-18 14:31 474,624 shlwapi.dll 2007-04-18 14:31 1,494,528 shdocvw.dll 2007-04-18 14:31 532,480 mstime.dll 2007-04-18 14:31 146,432 msrating.dll 2007-04-18 14:31 449,024 mshtmled.dll 2007-04-18 14:31 39,424 pngfilt.dll 2007-04-18 14:31 96,768 inseng.dll 2007-04-18 14:31 251,392 iepeers.dll 2007-04-18 14:31 1,056,256 danim.dll 2007-04-18 14:31 152,064 cdfview.dll 2007-04-18 14:31 1,023,488 browseui.dll 2007-04-18 14:31 357,888 dxtmsft.dll 2007-04-18 14:31 205,312 dxtrans.dll 2007-04-18 14:31 16,384 jsproxy.dll 2007-04-18 14:31 55,808 extmgr.dll 2007-04-18 12:27 123,392 xpsp3res.dll 2007-04-16 22:47 33,624 wups.dll 2007-04-16 22:47 30,040 wuapi.dll.mui 2007-04-16 22:47 30,040 wuaucpl.cpl.mui 2007-04-16 22:45 1,710,936 wuaueng.dll 2007-04-16 22:45 549,720 wuapi.dll 2007-04-16 22:45 325,976 wucltui.dll 2007-04-16 22:45 216,408 wuaucpl.cpl 2007-04-16 22:45 203,096 wuweb.dll 2007-04-16 22:45 92,504 cdm.dll 2007-04-16 22:45 53,080 wuauclt.exe 2007-04-16 22:45 20,824 wuaueng.dll.mui 2007-04-16 22:45 43,352 wups2.dll 2007-04-16 22:44 34,136 wucltui.dll.mui 2007-04-16 22:44 271,224 mucltui.dll 2007-04-16 22:44 208,248 muweb.dll 2007-04-16 22:44 30,072 mucltui.dll.mui 2007-04-16 17:53 1,058,304 kernel32.dll 2007-04-12 15:35 335,872 HookMenu.ocx 2007-04-09 03:06 16,832 amcompat.tlb 2007-04-09 03:06 23,392 nscompat.tlb 2007-04-07 12:14 933 v1310Vex.loc 2007-04-06 17:04 108,144 CmdLineExt.dll 2007-03-29 04:42 29,704 uxtuneup.dll 2007-03-26 11:19 115 EPPICResdb 2007-03-26 11:19 4,682 EPPICResdb0000 2007-03-19 16:26 122,142 TZLog.log 2007-03-15 18:37 8,192 uiwbnp.dll 2007-03-08 17:36 281,600 gdi32.dll 2007-03-08 17:36 579,072 user32.dll 2007-03-08 17:36 40,960 mf3216.dll 2007-03-08 17:32 1,843,712 win32k.sys 2007-02-23 06:29 183,032 pxmas.dll 2007-02-23 06:29 72,440 pxhpinst.exe 2007-02-23 06:29 379,640 pxwave.dll 2007-02-23 06:29 502,520 pxdrv.dll 2007-02-23 06:29 1,329,912 pxsfs.dll 2007-02-23 06:29 116,472 pxcpyi64.exe 2007-02-23 06:29 118,520 pxinsi64.exe 2007-02-23 06:29 527,096 px.dll 2007-02-23 06:29 64,760 pxcpya64.exe 2007-02-23 06:29 64,760 pxinsa64.exe 2007-02-23 06:29 129,784 pxafs.dll 2007-02-23 06:29 39,672 vxblock.dll 2007-02-15 19:00 236,928 wgalogon.dll.old 2007-01-29 10:58 60,416 tzchange.exe 2007-01-24 15:27 255,848 xactengine2_6.dll 2007-01-23 21:30 546,304 hhctrl.ocx 2007-01-19 12:53 51,056 sirenacm.dll |
|
|
||
25.07.2007, 13:54
Ehrenmitglied
Beiträge: 6028 |
||
|
||
27.07.2007, 00:22
Member
Themenstarter Beiträge: 123 |
#6
combofix geht nicht
kann es nicht öffnen |
|
|
||
27.07.2007, 00:32
Ehrenmitglied
Beiträge: 6028 |
#7
Schliesse alle Fenster und starte Hijack This
Klicke: Do a Systemscan only Setze ein Häckchen in das Kästchen vor den genannten Eintrag bei O2 - BHO: (no name) - {F51BB9BC-0E3F-469D-89FC-27123379DC4C} - C:\WINDOWS\system32\mmcshexu.dll klicke: Fix checked Dein Internet Explorer muss geschlossen wenn Du Fix Checked klickst Verborgene Dateien sichtbar machen >Extras >Ordneroptionen >den Reiter "Ansicht" >Versteckte Dateien und Ordner >"alle Dateien und Ordner anzeigen" aktivieren und >Extras >Ordneroptionen >den Reiter "Ansicht" >Dateien und Ordner >"Geschützte Systemdateien ausblenden (empfohlen)" deaktivieren. Download KillAFile by Marckie,zum Desktop Packe die Datei aus,und speichere sie in einem Ordner auf deinem Desktop. Öffne den Ordner KillAFile mach einen Doppelklick auf die Datei kill.bat. Wähle die Option 2: "replace a file on reboot". Wenn du die Meldung bekommst "Insert full path and filename to delete and then press enter" schreibst/Kopierst du rein: C:\WINDOWS\system32\mmcshexu.dll Wenn die Datei anwesend ist kommt eine Meldung um alle offene Fenster zu schliessen, und dass der Rechner neu starten wird(reboot) Nod32 Onlinescanner Bèta www.eset.com/threat-center/cac.php Klicke Start Haacke an “accept the terms of Use” Klicke Start Installiere “OnlineScanner.cab Setze ein häckchen bei “Remove found threats” Starte __________ MfG Argus Dieser Beitrag wurde am 27.07.2007 um 00:35 Uhr von Arnold editiert.
|
|
|
||
habe keine geschwindigkeit mehr
rechner ist sau lahm
bitte um hilfe