Home » Viren, Trojaner & Malware Forum » Internet Explorer öffnet sich automatisch... » Themenansicht
Internet Explorer öffnet sich automatisch... |
||
|---|---|---|
| #0
| ||
|
05.08.2007, 09:17
...neu hier
Beiträge: 7 |
||
 
|
|
|
|
05.08.2007, 09:23
Moderator
Beiträge: 7805 |
||
|
|
|
|
|
05.08.2007, 09:35
...neu hier
Themenstarter Beiträge: 7 |
#3
Danke erstmal
 hier der Combofix Log:ComboFix 07-08-04.3 - "Marc" 2007-08-05 9:27:57.1 [GMT 2:00] - NTFS Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1031.18.Wahr * Created a new restore point ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\Programme\newdotnet C:\Programme\newdotnet\newdotnet7_48.dll C:\Programme\newdotnet\readme.html C:\Programme\newdotnet\uninstall6_38.exe C:\Programme\newdotnet\uninstall7_48.exe C:\WINDOWS\NDNuninstall6_38.exe C:\WINDOWS\NDNuninstall7_22.exe C:\WINDOWS\NDNuninstall7_48.exe ((((((((((((((((((((((((( Files Created from 2007-07-05 to 2007-08-05 ))))))))))))))))))))))))))))))) 2007-08-05 09:27 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-08-03 19:42 <DIR> d-------- C:\Programme\Octoshape Streaming Services 2007-08-03 16:40 <DIR> d-------- C:\DOKUME~1\ALLUSE~1.WIN\ANWEND~1\Site beep obj seek 2007-08-03 16:39 <DIR> d-------- C:\Programme\Fordbonemail 2007-08-03 16:39 <DIR> d-------- C:\DOKUME~1\ALLUSE~1.WIN\ANWEND~1\seek film amok web (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2064-10-29 19:00 974848 --a------ C:\WINDOWS\system32\mfc70.dll 2064-10-29 19:00 964608 --a------ C:\WINDOWS\system32\mfc70u.dll 2064-10-29 19:00 84992 --a------ C:\WINDOWS\system32\atl70.dll 2064-10-29 19:00 54784 --a------ C:\WINDOWS\system32\msvci70.dll 2064-10-29 19:00 487424 --a------ C:\WINDOWS\system32\msvcp70.dll 2052-07-05 10:46 83208 --a------ C:\WINDOWS\system32\S32EVNT1.DLL 2052-07-05 10:46 82136 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2007-08-05 09:09 --------- d-------- C:\Programme\PeerGuardian2 2007-08-05 09:08 --------- d-------- C:\Programme\Gemeinsame Dateien\Symantec Shared 2007-08-05 00:18 384 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000002-00000000-0000000C-00001102-00000004-10031102}.dat 2007-08-05 00:18 384 --a------ C:\WINDOWS\system32\DVCState-{00000002-00000000-0000000C-00001102-00000004-10031102}.dat 2007-08-05 00:17 --------- d-------- C:\Programme\Eraser 2007-08-05 00:02 --------- d-------- C:\DOKUME~1\MARC~1.PIC\ANWEND~1\Skype 2007-08-04 21:07 --------- d-------- C:\Programme\Trillian 2007-08-03 16:40 --------- d-------- C:\DOKUME~1\MARC~1.PIC\ANWEND~1\Fordbonemail 2007-08-02 17:18 --------- d-------- C:\DOKUME~1\MARC~1.PIC\ANWEND~1\Azureus 2007-07-19 18:03 10856 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys 2007-07-19 18:03 104 -r-hs---- C:\WINDOWS\system32\D1256F6A1D.sys 2007-07-18 20:58 --------- d-------- C:\Programme\Electronic Arts 2007-06-16 19:13 4989 --a------ C:\WINDOWS\mozver.dat 2007-06-16 19:13 --------- d-------- C:\Programme\DivX 2007-06-10 16:54 --------- d-------- C:\Programme\PFConfig 2007-06-09 20:47 --------- d-------- C:\Programme\GTA2 Game Hunter 2007-06-09 19:03 --------- d--h----- C:\Programme\InstallShield Installation Information 2007-06-09 18:03 --------- d-------- C:\Programme\Image-Line 2007-06-09 18:03 --------- d-------- C:\Programme\ASIO4ALL v2 2007-05-29 11:48 22807 --a------ C:\WINDOWS\system32\newdev32.dll 2007-05-13 11:37 108144 --a------ C:\WINDOWS\system32\CmdLineExt.dll 2006-07-08 01:49 61126 --a------ C:\Programme\ScummVMmonkey2.s00 2004-07-17 22:49 76 --ah----- C:\Programme\Desktop.ini 2004-03-01 09:00 1278 --a------ C:\Programme\INSTALL.LOG ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{82315A18-6CFB-44a7-BDFD-90E36537C252}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AFC7F3E6-976E-4131-A980-C361C05F395A}] 2007-05-29 11:48 22807 --a------ C:\WINDOWS\System32\newdev32.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTSysVol"="D:\Tools\Audigy2\Surround Mixer\CTSysVol.exe" [2002-09-11 11:04] "CTDVDDet"="D:\Tools\Audigy2\DVDAudio\CTDVDDet.EXE" [2002-09-30 01:00] "CTHelper"="CTHELPER.EXE" [2003-10-06 14:57 C:\WINDOWS\system32\CTHELPER.EXE] "Microsoft Update"="msconfg.exe" [] "Microsoft DirectX"="rasmngr.exe" [] "Windows Firewall"="firewal1.exe" [] "ccApp"="C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" [2064-10-29 19:00] "ccRegVfy"="C:\Programme\Gemeinsame Dateien\Symantec Shared\ccRegVfy.exe" [2003-12-02 16:11] "Advanced Tools Check"="D:\Tools\NORTON~1\AdvTools\ADVCHK.EXE" [2002-08-26 22:35] "SunJavaUpdateSched"="C:\Programme\Java\j2re1.4.2_05\bin\jusched.exe" [2004-06-03 22:05] "EPSON Stylus CX3600 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.exe" [2004-03-04 05:00] "UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00] "TkBellExe"="C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" [2006-01-22 23:17] "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2006-08-11 21:43] "nwiz"="nwiz.exe" [2006-08-11 21:43 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2006-08-11 21:43] "QuickTime Task"="C:\Programme\QuickTime\qttask.exe" [2007-04-27 09:41] "Zone Labs Client"="D:\Tools\ZONEAL~1\zlclient.exe" [2004-04-01 11:13] "Amok web bash obj"="C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\seek film amok web\Blah Iso.exe" [2007-08-05 09:12] "Drive ref aim obj"="C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Site beep obj seek\SEND MEDIA BOOK.exe" [2007-08-04 16:42] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "STYLEXP"="C:\Programme\TGTSoft\StyleXP\StyleXP.exe" [2004-06-16 23:19] "ctfmon.exe"="C:\WINDOWS\System32\ctfmon.exe" [2002-09-11 19:34] "Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2004-06-30 19:04] "Windows Firewall"="firewal1.exe" [] "Microsoft Update"="msconfg.exe" [] "Microsoft DirectX"="rasmngr.exe" [] "FAST BAT"="C:\DOKUME~1\MARC~1.PIC\ANWEND~1\FORDBO~1\dupesizeaxis.exe" [2007-08-03 16:39] "PeerGuardian"="C:\Programme\PeerGuardian2\pg2.exe" [2005-09-18 18:40] "MSMSGS"="C:\Programme\Messenger\msmsgs.exe" [2002-08-20 15:08] "Eraser"="C:\Programme\Eraser\eraser.exe" [2006-12-26 02:23] "Octoshape Streaming Services"="C:\Programme\Octoshape Streaming Services\Marc\OctoshapeClient.exe" [2006-02-13 18:33] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices] "Microsoft Update"=msconfg.exe "Microsoft DirectX"=rasmngr.exe "Windows Firewall"=firewal1.exe [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "Microsoft AUT Update"=MSlti32.exe "Microsoft Update"=msconfg.exe "Microsoft DirectX"=rasmngr.exe "Windows Firewall"=firewal1.exe "Symantec NetDriver Warning"=C:\PROGRA~1\SYMNET~1\SNDWarn.exe "ALUAlert"=C:\Programme\Symantec\LiveUpdate\ALUNotify.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] @= [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"=MsgPlusLoader.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BLASC] "D:\Games\World of Warcraft\BLASC\BLASC.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ] "C:\Programme\ICQ6\ICQ.exe" silent [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite] "C:\Programme\ICQLite\ICQLite.exe" -minimize [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3] "C:\Programme\MessengerPlus! 3\MsgPlus.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] "d:\tools\steam\steam.exe" -silent [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] "C:\Programme\Winamp\Winampa.exe" R0 prohlp02;StarForce Protection Helper Driver v2;C:\WINDOWS\System32\drivers\prohlp02.sys R0 prosync1;StarForce Protection Synchronization Driver v1;C:\WINDOWS\System32\drivers\prosync1.sys R0 sfhlp01;StarForce Protection Helper Driver;C:\WINDOWS\System32\drivers\sfhlp01.sys R0 sfvfs02;StarForce Protection VFS Driver (version 2.x);C:\WINDOWS\System32\drivers\sfvfs02.sys R1 ATITool;ATITool Overclocking Utility;C:\WINDOWS\System32\DRIVERS\ATITool.sys R1 prodrv06;StarForce Protection Environment Driver v6;C:\WINDOWS\System32\drivers\prodrv06.sys R1 SMTCPMON;secretmaker TCP monitoring driver;C:\WINDOWS\System32\Drivers\SMTCPMON.SYS R1 SSHDRV77;SSHDRV77;\??\C:\WINDOWS\System32\drivers\SSHDRV77.sys R1 StyleXPHelper;StyleXPHelper;\??\C:\Programme\TGTSoft\StyleXP\StyleXPHelper.exe R2 Hardlock;Hardlock;\??\C:\WINDOWS\system32\drivers\hardlock.sys R2 SVKP;SVKP;\??\C:\WINDOWS\System32\SVKP.sys R2 vcs;Vcs support;\??\C:\WINDOWS\System32\Drivers\Vcs.sys R3 NPDriver;Norton Unerase Protection Driver;\??\C:\WINDOWS\System32\Drivers\NPDRIVER.SYS S3 ati2mtaa;ati2mtaa;C:\WINDOWS\System32\DRIVERS\ati2mtaa.sys S3 Bridge;MAC-Brcke;C:\WINDOWS\System32\DRIVERS\bridge.sys S3 BridgeMP;MAC-Brckenminiport;C:\WINDOWS\System32\DRIVERS\bridge.sys S3 MSDV;Microsoft DV Camera and VCR;C:\WINDOWS\System32\DRIVERS\msdv.sys S3 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR;C:\Programme\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -sSONY_MEDIAMGR S3 nm;Netzwerkmonitortreiber;C:\WINDOWS\System32\DRIVERS\NMnt.sys S3 nsysaudm;nsysaudm;\??\C:\DOKUME~1\MARC~1.PIC\LOKALE~1\Temp\nsysaudm.sys S3 Point32;Microsoft IntelliPoint Filter Driver;C:\WINDOWS\System32\DRIVERS\point32.sys S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR;C:\Programme\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -i SONY_MEDIAMGR Contents of the 'Scheduled Tasks' folder 2007-08-04 19:14:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job 2007-08-04 22:00:02 C:\WINDOWS\Tasks\B1EEC980918578A0.job 2007-08-03 18:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job - D:\Tools\NORTON~1\NAVW32.exe 2007-08-05 07:08:23 C:\WINDOWS\Tasks\Symantec NetDetect.job - C:\Programme\Symantec\LiveUpdate\NDETECT.EXE ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-08-05 09:34:23 Windows 5.1.2600 Service Pack 1 NTFS scanning hidden processes ... scanning hidden registry entries ... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher] "TracesProcessed"=dword:00000539 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\\31 E] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{EA068A96-4745-9B6B-3D71-0BEE0D4F2BF5}] "bbgbcdbfoehgeiihkmempcihigofcbfdilnm"=hex:61,62,68,70,6f,65,65,65,6b,64,63,69,62,6f,67,63,6f,70,66,64,6f,.. "abgbcdbfoehgeiihkmnlajefpecbpfbppl"=hex:65,62,67,62,62,62,61,69,69,69,6a,70,61,6f,70,65,68,64,6c,63,6d,.. scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-08-05 9:35:10 C:\ComboFix-quarantined-files.txt ... 2007-08-05 09:34 --- E O F --- Datfind.bat Log: datfind.bat Log: 29.10.2064 19:00 54.784 msvci70.dll 29.10.2064 19:00 964.608 mfc70u.dll 29.10.2064 19:00 974.848 mfc70.dll 29.10.2064 19:00 487.424 msvcp70.dll 29.10.2064 19:00 84.992 atl70.dll 05.07.2052 10:46 83.208 S32EVNT1.DLL 05.08.2007 09:07 526 vsconfig.xml 05.08.2007 09:05 81.191 nvapps.xml 05.08.2007 00:18 384 DVCStateBkp-{00000002-00000000-0000000C-00001102-00000004-10031102}.dat 05.08.2007 00:18 384 DVCState-{00000002-00000000-0000000C-00001102-00000004-10031102}.dat 05.08.2007 00:18 1.080 settings.sfm 05.08.2007 00:18 1.080 settingsbkup.sfm 05.08.2007 00:18 32.040 BMXBkpCtrlState-{00000002-00000000-0000000C-00001102-00000004-10031102}.rfx 05.08.2007 00:18 32.040 BMXCtrlState-{00000002-00000000-0000000C-00001102-00000004-10031102}.rfx 05.08.2007 00:18 32.796 BMXStateBkp-{00000002-00000000-0000000C-00001102-00000004-10031102}.rfx 05.08.2007 00:18 32.796 BMXState-{00000002-00000000-0000000C-00001102-00000004-10031102}.rfx 29.07.2007 20:59 2.206 wpa.dbl 22.07.2007 18:39 279.552 swreg.exe 19.07.2007 18:03 104 D1256F6A1D.sys 19.07.2007 18:03 10.856 KGyGaAvL.sys 03.06.2007 20:39 3.209.056 FNTCACHE.DAT Spybot findet bei mir folgendes, stürzt aber ab, wenn ich sie entfernen will... eZula Hot Text EnterCasino MyWay MyBar NewDotNet Der IE öffnet sich in unregelmäßigen Abständen von alleine, mit irgendwelcher Werbung drin. Ich benutze nur den Mozilla Firefox. Und ja ich weiß das ich noch mit SP1 im Internet rumflitze, "Selber Schuld" müsste man da sagen, aber sobald ich SP2 aufsetzte erkennt mein Rechner meinen Firewire Anschluss nicht mehr, und da finde ich einfach keine Lösung die bei mir funktioniert. Also vielen Dank schonmal im Vorraus für jede Hilfe Dieser Beitrag wurde am 05.08.2007 um 09:57 Uhr von Restrost editiert.
|
|
|
|
|
|
|
05.08.2007, 09:53
Moderator
Beiträge: 7805 |
#4
Loesche bitte folgende Dateien/Ordner:
C:\DOKUME~1\ALLUSE~1.WIN\ANWEND~1\Site beep obj seek C:\DOKUME~1\ALLUSE~1.WIN\ANWEND~1\seek film amok web C:\DOKUME~1\MARC~1.PIC\ANWEND~1\FORDBO~1\dupesizeaxis.exe C:\WINDOWS\Tasks\B1EEC980918578A0.job Zusaetzlich hake folgende Dinge in Hijackthis an und druecke fix checked: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.xfbbokuwrkenofcg.com/ryK4lLBn4K_5M3MKcHJCp3HFf6ooolQcliAASJMYBaEJUAIeSniy4CUWF2P0N3JF.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jxqitdkixwvkzlsuclzoz.org/ryK4lLBn4K_K4nWDxzhSOwwSsZ_Zr6fXK7kghkxf2hk.jsp O2 - BHO: (no name) - {04079851-5845-4dea-848C-3ECD647AA554} - (no file) O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Programme\NewDotNet\newdotnet7_48.dll O2 - BHO: (no name) - {82315A18-6CFB-44a7-BDFD-90E36537C252} - (no file) O2 - BHO: IeHelper Class - {A491D208-B353-490F-B81A-A8A3DC97042D} - "C:\WINDOWS\System32\smiehlp.dll (file missing) O2 - BHO: (no name) - {AFC7F3E6-976E-4131-A980-C361C05F395A} - C:\WINDOWS\System32\newdev32.dll O4 - HKLM\..\Run: [Microsoft Update] msconfg.exe O4 - HKLM\..\Run: [Microsoft DirectX] rasmngr.exe O4 - HKLM\..\Run: [Windows Firewall] firewal1.exe O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,ClientStartup -s O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Amok web bash obj] C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\seek film amok web\Blah Iso.exe O4 - HKLM\..\Run: [Drive ref aim obj] C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Site beep obj seek\SEND MEDIA BOOK.exe O4 - HKLM\..\RunServices: [Microsoft Update] msconfg.exe O4 - HKLM\..\RunServices: [Microsoft DirectX] rasmngr.exe O4 - HKLM\..\RunServices: [Windows Firewall] firewal1.exe O4 - HKCU\..\Run: [Windows Firewall] firewal1.exe O4 - HKCU\..\Run: [Microsoft Update] msconfg.exe O4 - HKCU\..\Run: [Microsoft DirectX] rasmngr.exe O4 - HKCU\..\Run: [FAST BAT] C:\DOKUME~1\MARC~1.PIC\ANWEND~1\FORDBO~1\dupesizeaxis.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040428/qtinstall.info.apple.com/saba/de/win/QuickTimeInstaller.exe O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab Danach bitte neu starten und alle Reporte erneut erstellen und posten. __________ MfG Ralf SEO-Spam Hunter |
|
|
|
|
|
|
05.08.2007, 10:09
...neu hier
Themenstarter Beiträge: 7 |
#5
C:\DOKUME~1\ALLUSE~1.WIN\ANWEND~1\seek film amok web
Kann ich nicht löschen, weder normal, noch mit einem Erase Tool, da es in einem Prozess verwendet wird. Welcher genau kann ich nur vermuten, aber wenn ich den im Taskmanager beenden will sagt er "Der Taskmanager konnte diesen kritischen Systemprozess nicht beenden" |
|
|
|
|
|
|
05.08.2007, 10:12
Moderator
Beiträge: 7805 |
#6
Versuche das im abgesicherten Modus, bzw loesche in dem Ordner einfach das "web" und starte dann neu. Dann solltest du den Ordner auch loeschen koennen.
__________ MfG Ralf SEO-Spam Hunter |
|
|
|
|
|
|
05.08.2007, 10:24
...neu hier
Themenstarter Beiträge: 7 |
#7
Logfile of HijackThis v1.99.1
Scan saved at 10:25:25, on 05.08.2007 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\TGTSoft\StyleXP\StyleXPService.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.EXE D:\Tools\Audigy2\Surround Mixer\CTSysVol.exe D:\Tools\Audigy2\DVDAudio\CTDVDDet.EXE C:\WINDOWS\System32\CTHELPER.EXE C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE C:\Programme\Java\j2re1.4.2_05\bin\jusched.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE C:\WINDOWS\System32\CTsvcCDA.exe C:\Programme\TGTSoft\StyleXP\StyleXP.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\ctfmon.exe D:\Tools\Nortonantivirus\navapsvc.exe d:\tools\nortonutilities\NProtect.exe C:\WINDOWS\System32\nvsvc32.exe C:\Programme\Eraser\eraser.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe d:\tools\Speed Disk\nopdb.exe C:\WINDOWS\System32\svchost.exe D:\Tools\nortonutilities\SYSDOC32.EXE C:\Programme\OnlineControl\ocontrol.exe C:\Programme\secret\secretmaker.exe C:\Programme\DT\Sinus 1054 card\Wificard.exe C:\Programme\DT\Sinus 1054 data\Wifiusb.exe C:\WINDOWS\System32\MsPMSPSv.exe D:\Tools\DFusionslave\RenderSlave.exe C:\Programme\Mozilla Firefox\firefox.exe C:\WINDOWS\System32\wuauclt.exe C:\WINDOWS\System32\wuauclt.exe C:\Programme\Messenger\msmsgs.exe C:\WINDOWS\SoftwareDistribution\Download\d4b94057b0f6a5149bc37a114786e825\update\update.exe C:\Dokumente und Einstellungen\Marc.PICCOLO\Desktop\HijackThis.exe D:\Tools\DFusionslave\eyeonScript.exe O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Tools\Nortonantivirus\NavShExt.dll O2 - BHO: CoTGT_BHO Class - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Programme\TGTSoft\StyleXP\TGT_BHO.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Tools\Nortonantivirus\NavShExt.dll O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [CTSysVol] D:\Tools\Audigy2\Surround Mixer\CTSysVol.exe O4 - HKLM\..\Run: [CTDVDDet] D:\Tools\Audigy2\DVDAudio\CTDVDDet.EXE O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [Advanced Tools Check] D:\Tools\NORTON~1\AdvTools\ADVCHK.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_05\bin\jusched.exe O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Zone Labs Client] D:\Tools\ZONEAL~1\zlclient.exe O4 - HKCU\..\Run: [STYLEXP] C:\Programme\TGTSoft\StyleXP\StyleXP.exe -Hide O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKCU\..\Run: [PeerGuardian] C:\Programme\PeerGuardian2\pg2.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Eraser] C:\Programme\Eraser\eraser.exe -hide O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Programme\Octoshape Streaming Services\Marc\OctoshapeClient.exe" -inv:bootrun O4 - Startup: Client Default.lnk = D:\RECYCLER\NPROTECT\00113276.exe O4 - Startup: Fusion Render Slave.lnk = D:\Tools\DFusionslave\RenderSlave.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programme\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Programme\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O4 - Global Startup: dlbcserv.lnk = C:\Programme\Dell Photo Printer 720\dlbcserv.exe O4 - Global Startup: Norton System Doctor.lnk = D:\Tools\nortonutilities\SYSDOC32.EXE O4 - Global Startup: OnlineControl.lnk = C:\Programme\OnlineControl\ocontrol.exe O4 - Global Startup: SECRETMAKER.lnk = C:\Programme\secret\secretmaker.exe O4 - Global Startup: Sinus 1054 card.lnk = C:\Programme\DT\Sinus 1054 card\Wificard.exe O4 - Global Startup: Sinus 1054 data.lnk = C:\Programme\DT\Sinus 1054 data\Wifiusb.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe O10 - Broken Internet access because of LSP provider 'xfire_lsp_10650.dll' missing O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - AppInit_DLLs: MsgPlusLoader.dll O23 - Service: Adobe LM Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - D:\Tools\Nortonantivirus\navapsvc.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - d:\tools\nortonutilities\NProtect.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe O23 - Service: Speed Disk service - Symantec Corporation - d:\tools\Speed Disk\nopdb.exe O23 - Service: StyleXPService - Unknown owner - C:\Programme\TGTSoft\StyleXP\StyleXPService.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe |
|
|
|
|
|
|
05.08.2007, 10:38
Moderator
Beiträge: 7805 |
#8
Bitte auch noch ein Combofix report posten und mache einen Kontrollscan mit
Drweb Cureitbeta : http://freedrweb.com/ Ewido Micro: http://downloads.ewido.net/ewido_micro.exe __________ MfG Ralf SEO-Spam Hunter |
|
|
|
|
|
|
05.08.2007, 10:38
...neu hier
Themenstarter Beiträge: 7 |
#9
ComboFix 07-08-04.3 - "Marc" 2007-08-05 10:27:05.2 [GMT 2:00] - NTFS
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1031.18.Wahr ((((((((((((((((((((((((( Files Created from 2007-07-05 to 2007-08-05 ))))))))))))))))))))))))))))))) 2007-08-05 10:20 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe 2007-08-05 10:20 <DIR> d-------- C:\WINDOWS\system32\PreInstall 2007-08-05 10:20 <DIR> d-------- C:\WINDOWS\LastGood 2007-08-05 09:27 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-08-03 19:42 <DIR> d-------- C:\Programme\Octoshape Streaming Services 2007-08-03 16:39 <DIR> d-------- C:\Programme\Fordbonemail (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2064-10-29 19:00 974848 --a------ C:\WINDOWS\system32\mfc70.dll 2064-10-29 19:00 964608 --a------ C:\WINDOWS\system32\mfc70u.dll 2064-10-29 19:00 84992 --a------ C:\WINDOWS\system32\atl70.dll 2064-10-29 19:00 54784 --a------ C:\WINDOWS\system32\msvci70.dll 2064-10-29 19:00 487424 --a------ C:\WINDOWS\system32\msvcp70.dll 2052-07-05 10:46 83208 --a------ C:\WINDOWS\system32\S32EVNT1.DLL 2052-07-05 10:46 82136 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2007-08-05 10:17 82680 --a------ C:\WINDOWS\system32\perfc007.dat 2007-08-05 10:17 433300 --a------ C:\WINDOWS\system32\perfh007.dat 2007-08-05 10:16 --------- d-------- C:\Programme\Gemeinsame Dateien\Symantec Shared 2007-08-05 10:12 384 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000002-00000000-0000000C-00001102-00000004-10031102}.dat 2007-08-05 10:12 384 --a------ C:\WINDOWS\system32\DVCState-{00000002-00000000-0000000C-00001102-00000004-10031102}.dat 2007-08-05 10:11 --------- d-------- C:\Programme\Eraser 2007-08-05 10:03 --------- d-------- C:\DOKUME~1\MARC~1.PIC\ANWEND~1\Fordbonemail 2007-08-05 09:09 --------- d-------- C:\Programme\PeerGuardian2 2007-08-05 00:02 --------- d-------- C:\DOKUME~1\MARC~1.PIC\ANWEND~1\Skype 2007-08-04 21:07 --------- d-------- C:\Programme\Trillian 2007-08-02 17:18 --------- d-------- C:\DOKUME~1\MARC~1.PIC\ANWEND~1\Azureus 2007-07-19 18:03 10856 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys 2007-07-19 18:03 104 -r-hs---- C:\WINDOWS\system32\D1256F6A1D.sys 2007-07-18 20:58 --------- d-------- C:\Programme\Electronic Arts 2007-06-16 19:13 4989 --a------ C:\WINDOWS\mozver.dat 2007-06-16 19:13 --------- d-------- C:\Programme\DivX 2007-06-10 16:54 --------- d-------- C:\Programme\PFConfig 2007-06-09 20:47 --------- d-------- C:\Programme\GTA2 Game Hunter 2007-06-09 19:03 --------- d--h----- C:\Programme\InstallShield Installation Information 2007-06-09 18:03 --------- d-------- C:\Programme\Image-Line 2007-06-09 18:03 --------- d-------- C:\Programme\ASIO4ALL v2 2007-05-13 11:37 108144 --a------ C:\WINDOWS\system32\CmdLineExt.dll 2006-07-08 01:49 61126 --a------ C:\Programme\ScummVMmonkey2.s00 2004-07-17 22:49 76 --ah----- C:\Programme\Desktop.ini 2004-03-01 09:00 1278 --a------ C:\Programme\INSTALL.LOG ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTSysVol"="D:\Tools\Audigy2\Surround Mixer\CTSysVol.exe" [2002-09-11 11:04] "CTDVDDet"="D:\Tools\Audigy2\DVDAudio\CTDVDDet.EXE" [2002-09-30 01:00] "CTHelper"="CTHELPER.EXE" [2003-10-06 14:57 C:\WINDOWS\system32\CTHELPER.EXE] "ccApp"="C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" [2064-10-29 19:00] "ccRegVfy"="C:\Programme\Gemeinsame Dateien\Symantec Shared\ccRegVfy.exe" [2003-12-02 16:11] "Advanced Tools Check"="D:\Tools\NORTON~1\AdvTools\ADVCHK.EXE" [2002-08-26 22:35] "SunJavaUpdateSched"="C:\Programme\Java\j2re1.4.2_05\bin\jusched.exe" [2004-06-03 22:05] "EPSON Stylus CX3600 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.exe" [2004-03-04 05:00] "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2006-08-11 21:43] "nwiz"="nwiz.exe" [2006-08-11 21:43 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2006-08-11 21:43] "Zone Labs Client"="D:\Tools\ZONEAL~1\zlclient.exe" [2004-04-01 11:13] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "STYLEXP"="C:\Programme\TGTSoft\StyleXP\StyleXP.exe" [2004-06-16 23:19] "ctfmon.exe"="C:\WINDOWS\System32\ctfmon.exe" [2002-09-11 19:34] "Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2004-06-30 19:04] "PeerGuardian"="C:\Programme\PeerGuardian2\pg2.exe" [2005-09-18 18:40] "MSMSGS"="C:\Programme\Messenger\msmsgs.exe" [2002-08-20 15:08] "Eraser"="C:\Programme\Eraser\eraser.exe" [2006-12-26 02:23] "Octoshape Streaming Services"="C:\Programme\Octoshape Streaming Services\Marc\OctoshapeClient.exe" [2006-02-13 18:33] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "Microsoft AUT Update"=MSlti32.exe "Microsoft Update"=msconfg.exe "Microsoft DirectX"=rasmngr.exe "Windows Firewall"=firewal1.exe "Symantec NetDriver Warning"=C:\PROGRA~1\SYMNET~1\SNDWarn.exe "ALUAlert"=C:\Programme\Symantec\LiveUpdate\ALUNotify.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] @= [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"=MsgPlusLoader.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BLASC] "D:\Games\World of Warcraft\BLASC\BLASC.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ] "C:\Programme\ICQ6\ICQ.exe" silent [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite] "C:\Programme\ICQLite\ICQLite.exe" -minimize [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3] "C:\Programme\MessengerPlus! 3\MsgPlus.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] "d:\tools\steam\steam.exe" -silent [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] "C:\Programme\Winamp\Winampa.exe" R0 prohlp02;StarForce Protection Helper Driver v2;C:\WINDOWS\System32\drivers\prohlp02.sys R0 prosync1;StarForce Protection Synchronization Driver v1;C:\WINDOWS\System32\drivers\prosync1.sys R0 sfhlp01;StarForce Protection Helper Driver;C:\WINDOWS\System32\drivers\sfhlp01.sys R0 sfvfs02;StarForce Protection VFS Driver (version 2.x);C:\WINDOWS\System32\drivers\sfvfs02.sys R1 ATITool;ATITool Overclocking Utility;C:\WINDOWS\System32\DRIVERS\ATITool.sys R1 prodrv06;StarForce Protection Environment Driver v6;C:\WINDOWS\System32\drivers\prodrv06.sys R1 SMTCPMON;secretmaker TCP monitoring driver;C:\WINDOWS\System32\Drivers\SMTCPMON.SYS R1 SSHDRV77;SSHDRV77;\??\C:\WINDOWS\System32\drivers\SSHDRV77.sys R1 StyleXPHelper;StyleXPHelper;\??\C:\Programme\TGTSoft\StyleXP\StyleXPHelper.exe R2 Hardlock;Hardlock;\??\C:\WINDOWS\system32\drivers\hardlock.sys R2 SVKP;SVKP;\??\C:\WINDOWS\System32\SVKP.sys R2 vcs;Vcs support;\??\C:\WINDOWS\System32\Drivers\Vcs.sys R3 NPDriver;Norton Unerase Protection Driver;\??\C:\WINDOWS\System32\Drivers\NPDRIVER.SYS S3 ati2mtaa;ati2mtaa;C:\WINDOWS\System32\DRIVERS\ati2mtaa.sys S3 Bridge;MAC-Brcke;C:\WINDOWS\System32\DRIVERS\bridge.sys S3 BridgeMP;MAC-Brckenminiport;C:\WINDOWS\System32\DRIVERS\bridge.sys S3 MSDV;Microsoft DV Camera and VCR;C:\WINDOWS\System32\DRIVERS\msdv.sys S3 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR;C:\Programme\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -sSONY_MEDIAMGR S3 nm;Netzwerkmonitortreiber;C:\WINDOWS\System32\DRIVERS\NMnt.sys S3 nsysaudm;nsysaudm;\??\C:\DOKUME~1\MARC~1.PIC\LOKALE~1\Temp\nsysaudm.sys S3 Point32;Microsoft IntelliPoint Filter Driver;C:\WINDOWS\System32\DRIVERS\point32.sys S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR;C:\Programme\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -i SONY_MEDIAMGR Contents of the 'Scheduled Tasks' folder 2007-08-04 19:14:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job 2007-08-05 08:00:01 C:\WINDOWS\Tasks\B1EEC980918578A0.job 2007-08-03 18:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job - D:\Tools\NORTON~1\NAVW32.exe 2007-08-05 08:20:12 C:\WINDOWS\Tasks\Symantec NetDetect.job ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-08-05 10:38:14 Windows 5.1.2600 Service Pack 1 NTFS scanning hidden processes ... scanning hidden registry entries ... [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\\31 E] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{EA068A96-4745-9B6B-3D71-0BEE0D4F2BF5}] "bbgbcdbfoehgeiihkmempcihigofcbfdilnm"=hex:61,62,68,70,6f,65,65,65,6b,64,63,69,62,6f,67,63,6f,70,66,64,6f,.. "abgbcdbfoehgeiihkmnlajefpecbpfbppl"=hex:65,62,67,62,62,62,61,69,69,69,6a,70,61,6f,70,65,68,64,6c,63,6d,.. scanning hidden files ... ************************************************************************** Completion time: 2007-08-05 10:40:17 C:\ComboFix-quarantined-files.txt ... 2007-08-05 10:39 C:\ComboFix2.txt ... 2007-08-05 09:35 --- E O F --- |
|
|
|
|
|
|
05.08.2007, 12:21
Moderator
Beiträge: 7805 |
#10
Pruefe bitte C:\WINDOWS\system32\spupdsvc.exe bei Jotti oder Virustotal und sag, was gemeldet wird
__________ MfG Ralf SEO-Spam Hunter |
|
|
|
|
|
|
05.08.2007, 13:53
...neu hier
Themenstarter Beiträge: 7 |
||
|
|
|
|
|
05.08.2007, 14:37
Moderator
Beiträge: 7805 |
#12
Benenne die Datei um, starte neu und schicke sie bitte an virus@protecus.de
__________ MfG Ralf SEO-Spam Hunter |
|
|
|
|
|
|
06.08.2007, 17:15
...neu hier
Themenstarter Beiträge: 7 |
#13
Habe dir die Datei geschickt
|
|
|
|
|
|
|
06.08.2007, 19:06
Moderator
Beiträge: 7805 |
#14
Das ist eine Datei, die fuer den Windows Updater genutzt wird!
Dieser Eintrag sieht noch sehr ungewoehnlich aus, aber was sieht bei Norton nicht ungewoehnlich aus?  O4 - Startup: Client Default.lnk = D:\RECYCLER\NPROTECT\00113276.exe Aktualisiere bitte dein Windows ueber www.windowsupdate.com __________ MfG Ralf SEO-Spam Hunter |
|
|
|
|
|
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!
bitte erst » hier kostenlos registrieren!!
Folgende Themen könnten Dich auch interessieren:
Seite(n): 1
Copyright © 2024, Protecus.de - Protecus Team - Impressum / Mediadaten
Scan saved at 09:15:59, on 05.08.2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
D:\Tools\Audigy2\Surround Mixer\CTSysVol.exe
D:\Tools\Audigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\System32\CTHELPER.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\Java\j2re1.4.2_05\bin\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\rundll32.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Programme\TGTSoft\StyleXP\StyleXP.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Internet Explorer\iexplore.exe
D:\Tools\Nortonantivirus\navapsvc.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Eraser\eraser.exe
C:\Programme\Internet Explorer\iexplore.exe
d:\tools\nortonutilities\NProtect.exe
D:\Tools\nortonutilities\SYSDOC32.EXE
C:\Programme\OnlineControl\ocontrol.exe
C:\Programme\secret\secretmaker.exe
C:\Programme\DT\Sinus 1054 card\Wificard.exe
C:\Programme\DT\Sinus 1054 data\Wifiusb.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
d:\tools\Speed Disk\nopdb.exe
D:\Tools\DFusionslave\RenderSlave.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Programme\Octoshape Streaming Services\Marc\OctoshapeClient.exe
C:\Programme\Trillian\trillian.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Winamp\winamp.exe
C:\Programme\WinRAR\WinRAR.exe
C:\DOKUME~1\MARC~1.PIC\LOKALE~1\Temp\Rar$EX00.766\HijackThis.exe
D:\Tools\DFusionslave\eyeonScript.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.xfbbokuwrkenofcg.com/ryK4lLBn4K_5M3MKcHJCp3HFf6ooolQcliAASJMYBaEJUAIeSniy4CUWF2P0N3JF.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jxqitdkixwvkzlsuclzoz.org/ryK4lLBn4K_K4nWDxzhSOwwSsZ_Zr6fXK7kghkxf2hk.jsp
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: (no name) - {04079851-5845-4dea-848C-3ECD647AA554} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Programme\NewDotNet\newdotnet7_48.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Tools\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {82315A18-6CFB-44a7-BDFD-90E36537C252} - (no file)
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: IeHelper Class - {A491D208-B353-490F-B81A-A8A3DC97042D} - "C:\WINDOWS\System32\smiehlp.dll (file missing)
O2 - BHO: (no name) - {AFC7F3E6-976E-4131-A980-C361C05F395A} - C:\WINDOWS\System32\newdev32.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Tools\Nortonantivirus\NavShExt.dll
O2 - BHO: CoTGT_BHO Class - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Programme\TGTSoft\StyleXP\TGT_BHO.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Tools\Nortonantivirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [CTSysVol] D:\Tools\Audigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] D:\Tools\Audigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [Microsoft Update] msconfg.exe
O4 - HKLM\..\Run: [Microsoft DirectX] rasmngr.exe
O4 - HKLM\..\Run: [Windows Firewall] firewal1.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] D:\Tools\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,ClientStartup -s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] D:\Tools\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [Amok web bash obj] C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\seek film amok web\Blah Iso.exe
O4 - HKLM\..\Run: [Drive ref aim obj] C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Site beep obj seek\SEND MEDIA BOOK.exe
O4 - HKLM\..\RunServices: [Microsoft Update] msconfg.exe
O4 - HKLM\..\RunServices: [Microsoft DirectX] rasmngr.exe
O4 - HKLM\..\RunServices: [Windows Firewall] firewal1.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Programme\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [Windows Firewall] firewal1.exe
O4 - HKCU\..\Run: [Microsoft Update] msconfg.exe
O4 - HKCU\..\Run: [Microsoft DirectX] rasmngr.exe
O4 - HKCU\..\Run: [FAST BAT] C:\DOKUME~1\MARC~1.PIC\ANWEND~1\FORDBO~1\dupesizeaxis.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Programme\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Eraser] C:\Programme\Eraser\eraser.exe -hide
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Programme\Octoshape Streaming Services\Marc\OctoshapeClient.exe" -inv:bootrun
O4 - Startup: Client Default.lnk = D:\RECYCLER\NPROTECT\00113276.exe
O4 - Startup: Fusion Render Slave.lnk = D:\Tools\DFusionslave\RenderSlave.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programme\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Programme\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: dlbcserv.lnk = C:\Programme\Dell Photo Printer 720\dlbcserv.exe
O4 - Global Startup: Norton System Doctor.lnk = D:\Tools\nortonutilities\SYSDOC32.EXE
O4 - Global Startup: OnlineControl.lnk = C:\Programme\OnlineControl\ocontrol.exe
O4 - Global Startup: SECRETMAKER.lnk = C:\Programme\secret\secretmaker.exe
O4 - Global Startup: Sinus 1054 card.lnk = C:\Programme\DT\Sinus 1054 card\Wificard.exe
O4 - Global Startup: Sinus 1054 data.lnk = C:\Programme\DT\Sinus 1054 data\Wifiusb.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O10 - Broken Internet access because of LSP provider 'xfire_lsp_10650.dll' missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040428/qtinstall.info.apple.com/saba/de/win/QuickTimeInstaller.exe
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: MsgPlusLoader.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - D:\Tools\Nortonantivirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - d:\tools\nortonutilities\NProtect.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - d:\tools\Speed Disk\nopdb.exe
O23 - Service: StyleXPService - Unknown owner - C:\Programme\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe