Drive cleaner problem |
||
|---|---|---|
| #0
| ||
|
07.08.2007, 13:09
...neu hier
Beiträge: 1 |
||
 
|
|
|
|
07.08.2007, 14:13
Member
 Beiträge: 694 |
#2
Hi,
bitte das hier abarbeiten: http://board.protecus.de/t23188.htm - Erstellen eines Hijackthis-Logfiles - CleanUp (temporaeren Dateien loeschen) - Combofix - Logfiles mittels datfind.bat (alle Files, nur die letzten 3-6 Monate posten) Chris |
|
|
|
|
|
|
10.08.2007, 15:06
...neu hier
Beiträge: 2 |
#3
Hallo ich habe mir auch diesen Drive cleaner eingefangen. Vielleicht könnte mir jemand weiterhelfen. Vielen Dank im vorraus.
Daniel Logfile of HijackThis v1.99.1 Scan saved at 15:01:24, on 10.08.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\CTHELPER.EXE C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE C:\Programme\Java\jre1.6.0_02\bin\jusched.exe C:\Programme\iTunes\iTunesHelper.exe C:\WINDOWS\system32\kxmixer.exe C:\WINDOWS\syscaca.exe C:\WINDOWS\mgrs.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe C:\Programme\AntiVir PersonalEdition Classic\sched.exe C:\Programme\AntiVir PersonalEdition Classic\avguard.exe C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Programme\iPod\bin\iPodService.exe C:\WINDOWS\System32\svchost.exe C:\DOKUME~1\DANIEL~1\LOKALE~1\Temp\lookserver.exe C:\DOKUME~1\DANIEL~1\LOKALE~1\Temp\sv32.exe C:\Programme\Internet Explorer\iexplore.exe D:\Prg&Tools\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Editor plugin - {90548C33-F034-4150-BE0C-B2EAD10DC04E} - cortals.dll (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar3.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [Jet Detection] C:\Programme\Creative\SBLive\PROGRAM\ADGJDet.exe O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe" O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [LVCOMS] C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Programme\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [kX Mixer] C:\WINDOWS\system32\kxmixer.exe --startup O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [TrayServer] C:\MAGIX\VIDEO_~1\TrayServer.exe O4 - HKLM\..\Run: [avp] C:\WINDOWS\syscaca.exe O4 - HKLM\..\Run: [smgr] mgrs.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - Startup: PowerReg Scheduler.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Klicke hier um das Projekt xp-AntiSpy zu unterstützen - {0e921e80-267a-42aa-aee4-60b9a1222a44} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU) O9 - Extra 'Tools' menuitem: Unterstützung für xp-AntiSpy - {0e921e80-267a-42aa-aee4-60b9a1222a44} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU) O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://63.243.46.98:8081/activex/AxisCamControl.cab O18 - Protocol: bw+0 - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: offline-8876480 - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O20 - Winlogon Notify: xcttgs - xcttgs.dll (file missing) O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe (file missing) O23 - Service: Prime95 Service - Unknown owner - C:\Programme\Prime95\prime95.exe (file missing) |
|
|
|
|
|
|
10.08.2007, 15:32
Member
Beiträge: 694 |
#4
Hi,
es geht, glaube ich , nich tnur um Drivecleaner, sondern um weit bösartigere Sachen! Bitte folgende Files prüfen: Zitat C:\WINDOWS\syscaca.exehttp://www.virustotal.com/flash/index_en.html Oben auf der Seite --> auf Durchsuchen klicken --> Datei aussuchen (oder gleich die Datei mit korrektem Pfad einkopieren) --> Doppelklick auf die zu prüfende Datei --> klick auf "Send"... jetzt abwarten - dann mit der rechten Maustaste den Text markieren -> kopieren - einfügen Falls die Dateien C:\DOKUME~1\DANIEL~1\LOKALE~1\Temp\lookserver.exe C:\DOKUME~1\DANIEL~1\LOKALE~1\Temp\sv32.exe erkannt werden, bei "Files to delete" aufnehmen! Also: Avenger http://virus-protect.org/artikel/tools/avenger.html Input script manually (anhaken) kopiere in: View/edit script Zitat Klicke die gruene Ampel das Script wird nun ausgeführt, dann wird der PC automatisch neustarten Hijackthis, fixen: öffne das HijackThis -- Button "scan" -- vor diese Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten Beim fixen müssen alle Programme geschlossen sein! Zitat
Arbeite dann komplett das hier ab: http://board.protecus.de/t23188.htm - Erstellen eines Hijackthis-Logfiles - CleanUp (temporaeren Dateien loeschen) - Combofix - Logfiles mittels datfind.bat (alle Files, nur die letzten 3-6 Monate posten) Chris |
|
|
|
|
|
|
12.08.2007, 14:27
...neu hier
Beiträge: 2 |
#5
Hallo Chris,
erst mal vielen Dank für deine Antwort. Avenger Logfile Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\caktftha ******************* Script file located at: \??\C:\WINDOWS\system32\emevprpg.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: File C:\WINDOWS\syscaca.exe deleted successfully. File C:\WINDOWS\mgrs.exe deleted successfully. File C:\WINDOWS\xcttgs.dll not found! Deletion of file C:\WINDOWS\xcttgs.dll failed! Could not process line: C:\WINDOWS\xcttgs.dll Status: 0xc0000034 File C:\WINDOWS\system32\xcttgs.dll not found! Deletion of file C:\WINDOWS\system32\xcttgs.dll failed! Could not process line: C:\WINDOWS\system32\xcttgs.dll Status: 0xc0000034 File C:\DOKUME~1\DANIEL~1\LOKALE~1\Temp\lookserver.exe deleted successfully. File C:\DOKUME~1\DANIEL~1\LOKALE~1\Temp\sv32.exe deleted successfully. Registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|smgr deleted successfully. Registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|avp deleted successfully. Completed script processing. ******************* Finished! Terminate. 1. Temoräre Dateien beseitigt. 2. Combofix In der Datei ComboFix von http://download.bleepingcomputer.com/sUBs/ComboFix.exe findet mein AntiVir einen Trofaner TR/Drop.L.hx.20.E.1 3. HJT Logfile of HijackThis v1.99.1 Scan saved at 15:04:25, on 12.08.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\CTHELPER.EXE C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE C:\Programme\Java\jre1.6.0_02\bin\jusched.exe C:\Programme\iTunes\iTunesHelper.exe C:\WINDOWS\system32\kxmixer.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe C:\Programme\AntiVir PersonalEdition Classic\sched.exe C:\Programme\AntiVir PersonalEdition Classic\avguard.exe C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Programme\iPod\bin\iPodService.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Internet Explorer\iexplore.exe D:\Prg&Tools\boaed.protecus\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Editor plugin - {90548C33-F034-4150-BE0C-B2EAD10DC04E} - knifelot.dll (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar3.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [Jet Detection] C:\Programme\Creative\SBLive\PROGRAM\ADGJDet.exe O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe" O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [LVCOMS] C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Programme\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [kX Mixer] C:\WINDOWS\system32\kxmixer.exe --startup O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [TrayServer] C:\MAGIX\VIDEO_~1\TrayServer.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Klicke hier um das Projekt xp-AntiSpy zu unterstützen - {0e921e80-267a-42aa-aee4-60b9a1222a44} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU) O9 - Extra 'Tools' menuitem: Unterstützung für xp-AntiSpy - {0e921e80-267a-42aa-aee4-60b9a1222a44} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU) O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://63.243.46.98:8081/activex/AxisCamControl.cab O18 - Protocol: bw+0 - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: offline-8876480 - {9701C0E7-F9AC-45D3-93F3-B15406449F25} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe (file missing) O23 - Service: Prime95 Service - Unknown owner - C:\Programme\Prime95\prime95.exe (file missing) 4. Logfiles Verzeichnis von C:\WINDOWS\system32 12.08.2007 15:05 10.724 alog.txt 12.08.2007 14:53 45 commands.xml 12.08.2007 14:51 88.566 nvapps.xml 12.08.2007 14:24 10.240 hlpsrv.exe 12.08.2007 14:16 1 ps.dat 12.08.2007 14:16 1 cookie.dat 12.08.2007 14:16 33.969 help.txt 12.08.2007 14:16 51.200 knifelot.dll 12.08.2007 14:15 2.206 wpa.dbl 10.08.2007 14:46 51.200 cortals.dll 28.07.2007 16:02 103.736 PnkBstrB.exe 24.07.2007 17:11 5.156 jupdate-1.6.0_02-b06.log 12.07.2007 02:22 139.264 javaws.exe 12.07.2007 02:22 69.632 javacpl.cpl 12.07.2007 01:22 135.168 javaw.exe 12.07.2007 01:22 135.168 java.exe 01.07.2007 13:29 183.424 FNTCACHE.DAT 08.06.2007 14:38 24 DVCState-{00000000-00000000-0000000B-00001102-00000002-80611102}.dat 08.06.2007 14:38 24 DVCStateBkp-{00000000-00000000-0000000B-00001102-00000002-80611102}.dat 08.06.2007 14:38 30.276 BMXBkpCtrlState-{00000000-00000000-0000000B-00001102-00000002-80611102}.rfx 08.06.2007 14:38 30.276 BMXCtrlState-{00000000-00000000-0000000B-00001102-00000002-80611102}.rfx 08.06.2007 14:38 17.596 BMXStateBkp-{00000000-00000000-0000000B-00001102-00000002-80611102}.rfx 08.06.2007 14:38 17.596 BMXState-{00000000-00000000-0000000B-00001102-00000002-80611102}.rfx 08.06.2007 14:38 1.080 settingsbkup.sfm 08.06.2007 14:38 1.080 settings.sfm Verzeichnis von C:\DOKUME~1\DANIEL~1\LOKALE~1\Temp 12.08.2007 15:06 113.222 datfind.txt 12.08.2007 14:56 58.454 jusched.log 12.08.2007 14:52 32.768 ~DFD35B.tmp 12.08.2007 14:42 16.384 ~DFF172.tmp 12.08.2007 14:24 10.240 lookagent.exe 12.08.2007 14:24 10.240 server64.exe 12.08.2007 14:22 10.240 winwin.exe 12.08.2007 14:16 7.168 oagk_p4.bin 12.08.2007 14:16 8.192 oagk_p3.bin 12.08.2007 14:16 8.192 oagk_p2.bin 12.08.2007 14:16 8.192 oagk_p1.bin 12.08.2007 14:16 5 oagk_i_s.ini 12.08.2007 14:16 4 oagk_i_ps.ini 12.08.2007 14:16 1 oagk_i_p.ini 12.08.2007 14:16 10.240 powermon.exe 12.08.2007 14:15 16.384 ~DFC22.tmp 10.08.2007 14:45 16.384 ~DF2563.tmp 09.08.2007 18:51 16.384 ~DFE10E.tmp 09.08.2007 16:51 10.240 winsyn.exe 09.08.2007 16:50 16.384 ~DFE62E.tmp 07.08.2007 10:44 38.234 java_install_reg.log 07.08.2007 10:31 10.240 server32.exe 07.08.2007 10:30 16.384 ~DFCD21.tmp 04.08.2007 14:18 7.168 nmpf_p4.bin 04.08.2007 14:18 8.192 nmpf_p3.bin 04.08.2007 14:18 8.192 nmpf_p2.bin 04.08.2007 14:18 8.192 nmpf_p1.bin 04.08.2007 14:18 5 nmpf_i_s.ini 04.08.2007 14:18 4 nmpf_i_ps.ini 04.08.2007 14:18 1 nmpf_i_p.ini 04.08.2007 14:18 7.168 neld_p4.bin 04.08.2007 14:18 8.192 neld_p3.bin 04.08.2007 14:18 8.192 neld_p2.bin 04.08.2007 14:18 8.192 neld_p1.bin 04.08.2007 14:18 5 neld_i_s.ini 04.08.2007 14:18 4 neld_i_ps.ini 04.08.2007 14:18 1 neld_i_p.ini 04.08.2007 14:16 10.240 look16.exe 04.08.2007 14:16 10.240 win16.exe 04.08.2007 14:16 10.240 syswin.exe 04.08.2007 14:15 10.240 looksyn.exe 04.08.2007 14:04 1.751.241 jj22n2h7.rar 04.08.2007 13:41 3.184.863 z5rzajou.rar 04.08.2007 13:40 1.921.125 mrpyba19.rar 04.08.2007 13:05 16.384 ~DF4662.tmp 03.08.2007 17:37 16.384 ~DFF107.tmp 03.08.2007 13:08 165.557 vheaogt7.pdf 03.08.2007 12:51 16.384 ~DF7399.tmp 02.08.2007 22:13 1.101 TWAIN.LOG 02.08.2007 22:13 4 Twain001.Mtx 02.08.2007 22:13 156 Twunk001.MTX 02.08.2007 21:00 16.384 ~DF35A.tmp 02.08.2007 17:09 16.384 ~DFD897.tmp 02.08.2007 06:55 16.384 ~DFADD8.tmp 31.07.2007 17:22 16.384 ~DFDE64.tmp 30.07.2007 18:55 16.384 ~DFCF60.tmp 30.07.2007 06:54 16.384 ~DFEA27.tmp 28.07.2007 14:53 16.384 ~DFEC43.tmp 27.07.2007 15:10 16.384 ~DFFE4C.tmp 26.07.2007 17:01 16.384 ~DFFE2C.tmp 25.07.2007 09:05 16.384 ~DFD83C.tmp 24.07.2007 19:20 16.384 ~DFBAC1.tmp 24.07.2007 17:07 1.160 jinstall.cfg 24.07.2007 17:02 16.384 ~DFD5B2.tmp 23.07.2007 21:00 16.384 ~DFCBDD.tmp 22.07.2007 15:49 0 NBR7.tmp 22.07.2007 15:32 16.384 ~DFDA3A.tmp 22.07.2007 09:25 16.384 ~DFE001.tmp 21.07.2007 15:51 16.384 ~DFBA0F.tmp 19.07.2007 17:44 16.384 ~DFEB8.tmp 18.07.2007 16:26 16.384 ~DFE46F.tmp 18.07.2007 11:13 16.384 ~DFB72A.tmp 16.07.2007 16:39 16.384 ~DFDB0C.tmp 15.07.2007 16:45 16.384 ~DFEB5C.tmp 15.07.2007 12:06 16.384 ~DFC683.tmp 14.07.2007 16:09 16.384 ~DFD868.tmp 14.07.2007 12:48 16.384 ~DFD264.tmp 13.07.2007 17:27 16.384 ~DFE5BC.tmp 13.07.2007 12:39 16.384 ~DF1442.tmp 09.07.2007 09:30 16.384 ~DFF387.tmp 05.07.2007 19:38 16.384 ~DFC2C1.tmp 03.07.2007 20:51 16.384 ~DFE7B6.tmp 03.07.2007 18:29 16.384 ~DFD3BC.tmp 02.07.2007 19:43 0 SWV1D.tmp 02.07.2007 19:29 543.608 pf3524861415.tmp 02.07.2007 19:16 16.384 ~DFD518.tmp 01.07.2007 21:41 16.384 ~DFCCAD.tmp 01.07.2007 14:04 16.384 ~DFC9C7.tmp 01.07.2007 13:51 1.916.928 a005B.tmp 01.07.2007 13:31 3.932.214 mgxmbkgstd.bmp 01.07.2007 13:29 16.384 ~DFDEAB.tmp 01.07.2007 13:23 81.920 unwise.exe 01.07.2007 13:12 1.916.928 a00A1.tmp 01.07.2007 11:59 16.384 ~DFD7B3.tmp 01.07.2007 10:11 16.384 ~DF9AF.tmp 01.07.2007 10:11 16.384 ~DFF23F.tmp 01.07.2007 10:03 16.384 ~DFBD8F.tmp 30.06.2007 17:03 16.384 ~DFDAE4.tmp 30.06.2007 14:00 16.384 ~DFFDE1.tmp 30.06.2007 11:29 16.384 ~DFB7BC.tmp 29.06.2007 18:52 16.384 ~DFC19C.tmp 29.06.2007 16:46 16.384 ~DFC019.tmp 29.06.2007 16:45 16.384 ~DFEC91.tmp 29.06.2007 16:45 16.384 ~DFE339.tmp 29.06.2007 16:45 16.384 ~DFD9B2.tmp 29.06.2007 16:38 16.384 ~DFCA93.tmp 28.06.2007 17:42 12.547 mxfilerelatedcache.mxc2 28.06.2007 17:33 16.384 ~DFD125.tmp 27.06.2007 09:37 16.384 ~DFD9A2.tmp 26.06.2007 18:46 16.384 ~DFBCBC.tmp 25.06.2007 18:21 16.384 ~DFC3DA.tmp 25.06.2007 16:54 512 {AC76BA86-7AD7-1031-7B44-A81000000003}.ini 25.06.2007 16:53 579 RunTime.ini 25.06.2007 16:44 16.384 ~DFD0A1.tmp 25.06.2007 09:57 16.384 ~DFDA81.tmp 23.06.2007 16:14 59.964 ~e5.0001 23.06.2007 15:26 16.384 ~DFBC87.tmp 23.06.2007 13:51 16.384 ~DFBD8E.tmp 23.06.2007 09:57 16.384 ~DFCB17.tmp 22.06.2007 12:50 16.384 ~DFB30A.tmp 21.06.2007 20:32 16.384 ~DFCF76.tmp 20.06.2007 21:24 16.384 ~DFE9AF.tmp 20.06.2007 20:50 16.384 ~DFE451.tmp 19.06.2007 18:37 16.384 ~DFC10A.tmp 19.06.2007 16:47 16.384 ~DFB78E.tmp 18.06.2007 17:58 49.152 ~DFB9B8.tmp 14.06.2007 18:56 16.384 ~DFDECA.tmp 14.06.2007 16:00 16.384 ~DFC12C.tmp 13.06.2007 17:30 16.384 ~DFB007.tmp 12.06.2007 17:21 16.384 ~DFAAC5.tmp 11.06.2007 17:52 32.768 ~DFDF5A.tmp 11.06.2007 17:51 313 _isdelet.ini 09.06.2007 12:18 32.768 ~DF171F.tmp 08.06.2007 14:04 89.680 MSSSerif120.fon 06.06.2007 17:29 1.769.472 .Sony_PMBrowser2000_BrowserDiskCache 06.06.2007 17:29 592.128 .Sony_PMBrowser2000_BrowserDiskCache.idx 06.06.2007 17:21 0 mso19.tmp Verzeichnis von C:\WINDOWS 12.08.2007 14:52 0 0.log 12.08.2007 14:52 159 wiadebug.log 12.08.2007 14:52 50 wiaservc.log 12.08.2007 14:51 2.048 bootstat.dat 12.08.2007 14:51 32.618 SchedLgU.Txt 12.08.2007 14:51 50.470 WindowsUpdate.log 12.08.2007 14:24 2.238 Casino.ico 12.08.2007 14:24 1.150 Free Online Dating.ico 12.08.2007 14:24 4.846 Spyware Remover.ico 10.08.2007 14:46 1.409 QTFont.for 10.08.2007 14:46 54.156 QTFont.qfn 09.08.2007 17:45 69 NeroDigital.ini 04.08.2007 14:27 44 SpywareDoctor5Install.log 14.07.2007 16:28 52.142 DirectX.log 02.07.2007 19:19 243.668 wmsetup.log 02.07.2007 19:19 316.640 WMSysPr9.prx 02.07.2007 19:19 559.313 setupapi.log 01.07.2007 14:02 6.642 mgxoschk.ini 01.07.2007 12:31 0 Videodeluxe.INI 28.06.2007 17:42 16 mxfilerelatedcache.mxc2 08.06.2007 13:59 46 mxcdr.INI 08.06.2007 13:40 3.374.311 {00000000-00000000-0000000B-00001102-00000002-80611102}.CDF 08.06.2007 13:40 3.374.311 {00000000-00000000-0000000B-00001102-00000002-80611102}.BAK Verzeichnis von C:\WINDOWS\Downloaded Program Files 12.01.2007 21:30 65 desktop.ini Gruß Daniel Dieser Beitrag wurde am 12.08.2007 um 15:10 Uhr von danisun editiert.
|
|
|
|
|
|
|
13.08.2007, 09:49
Member
Beiträge: 694 |
#6
Hi,
unbedingt Online prüfen lasse, Bitte folgende Files prüfen: Zitat C:\WINDOWS\SYSTEM32\PnkBstrB.exezumindest das letzte ist noch ein Trojaner, der Rest in dem Temp-Verzeichnigs sieht auch nicht gut aus, komplett Löschen! http://www.virustotal.com/flash/index_en.html Oben auf der Seite --> auf Durchsuchen klicken --> Datei aussuchen (oder gleich die Datei mit korrektem Pfad einkopieren) --> Doppelklick auf die zu prüfende Datei --> klick auf "Send"... jetzt abwarten - dann mit der rechten Maustaste den Text markieren -> kopieren - einfügen Also: Avenger http://virus-protect.org/artikel/tools/avenger.html Input script manually (anhaken) kopiere in: View/edit script Zitat Klicke die gruene Ampel das Script wird nun ausgeführt, dann wird der PC automatisch neustarten chris |
|
|
|
|
|
|
13.08.2007, 19:25
...neu hier
Beiträge: 2 |
#7
Hallo,
ich habe leider auch das gleiche problem mit dem drive cleaner. Könnt ihr bitte helfen. Logfile of HijackThis v1.99.1 Scan saved at 19:14:09, on 13.08.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\FRITZ!DSL\IGDCTRL.EXE C:\Programme\CA\eTrust Antivirus\InoRpc.exe C:\Programme\CA\eTrust Antivirus\InoRT.exe C:\Programme\CA\eTrust Antivirus\InoTask.exe C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe C:\Programme\Microsoft LifeCam\MSCamS32.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\Explorer.EXE C:\Programme\Launch Manager\LaunchAp.exe C:\Programme\Launch Manager\HotkeyApp.exe C:\Programme\Launch Manager\OSD.exe C:\Programme\Launch Manager\Wbutton.exe C:\PROGRA~1\CA\ETRUST~1\realmon.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programme\Synaptics\SynTP\SynTPLpr.exe C:\Programme\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\PRISMSTA.EXE C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe C:\Programme\avmwlanstick\FRITZWLANMini.exe C:\Programme\Java\jre1.6.0_01\bin\jusched.exe C:\WINDOWS\vVX6000.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\MSN Messenger\MsnMsgr.Exe C:\Programme\Spybot - Search & Destroy\TeaTimer.exe C:\Programme\FRITZ!DSL\StCenter.exe C:\Programme\Internet Explorer\iexplore.exe C:\Dokumente und Einstellungen\Halil Tolga Nar\Lokale Einstellungen\Temporary Internet Files\Content.IE5\F636RB2O\HijackThis[1].exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [LaunchAp] C:\Programme\Launch Manager\LaunchAp.exe O4 - HKLM\..\Run: [HotkeyApp] C:\Programme\Launch Manager\HotkeyApp.exe O4 - HKLM\..\Run: [OSD] C:\Programme\Launch Manager\OSD.exe O4 - HKLM\..\Run: [Wbutton] "C:\Programme\Launch Manager\Wbutton.exe" O4 - HKLM\..\Run: [CtrlVol] C:\Programme\Launch Manager\CtrlVol.exe O4 - HKLM\..\Run: [VOBRegCheck] C:\WINDOWS\System32\VOBREGCheck.exe -CheckReg O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe O4 - HKLM\..\Run: [PRISMSTA.EXE] PRISMSTA.EXE START O4 - HKLM\..\Run: [HerculesCamService] C:\Programme\Hercules\Hercules DualPix HD Webcam\CamService.exe O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\FRITZWLANMini.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [VX6000] C:\WINDOWS\vVX6000.exe O4 - HKLM\..\Run: [LifeCam] "C:\Programme\Microsoft LifeCam\LifeExp.exe" O4 - HKLM\..\Run: [udc6cw] "C:\Programme\DriveCleaner Free\udc6cw.exe" -c O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [AOLMIcon] C:\Programme\Gemeinsame Dateien\aolshare\AOLMIcon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [udc6cw] "C:\Programme\DriveCleaner Free\udc6cw.exe" -c O4 - Startup: FRITZ!DSL Startcenter.lnk = C:\Programme\FRITZ!DSL\StCenter.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Programme\Windows Live Toolbar\msntb.dll/search.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra button: MedionShop - {A4E622F2-E8B8-4D8A-85BF-BEF80767C7C4} - http://www.medionshop.de/ (file missing) (HKCU) O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1177247928546 O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{B97733FE-2C44-4F24-B091-89E7543770A8}: NameServer = 192.168.122.252,192.168.122.253 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AVM IGD CTRL Service - AVM Berlin - C:\Programme\FRITZ!DSL\IGDCTRL.EXE O23 - Service: CA-Lizenz-Client (CA_LIC_CLNT) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe O23 - Service: CA-Lizenzserver (CA_LIC_SRVR) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoRpc.exe O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoRT.exe O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoTask.exe O23 - Service: Ereignisprotokoll-Überwachung (LogWatch) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe |
|
|
|
|
|
|
13.08.2007, 23:38
Ehrenmitglied
 Beiträge: 6028 |
#8
@bebis
Bitte den TeaTimer von Spybot S & D deaktivieren: C:\Programme\Spybot - Search & Destroy\TeaTimer.exe abstellen! Starte dazu Spybot S&D, deaktiviere den "Resident "TeaTimer". Klicke auf "Advanced mode" > "JA" > "Tools" -Menu > klicke auf "Resident" > das Häkchen entfernen aus der "Resident TeaTimer" (Schutz aller Systemeinstellungen) > "exit". (der TeaTimer be- bzw. verhindert alle weiteren Reinigungmaßnahmen!) Schliesse alle Fenster und starte Hijack This Klicke:Do a Systemscan only Setze ein Häckchen in das Kästchen vor den genannten Eintrag bei O4 - HKLM\..\Run: [udc6cw] "C:\Programme\DriveCleaner Free\udc6cw.exe" –c O4 - HKCU\..\Run: [udc6cw] "C:\Programme\DriveCleaner Free\udc6cw.exe" –c klicke:Fix checked Dein Internet Explorer muss geschlossen wenn Du Fix Checked klickst Download ComboFix zum Desktop Doppelklick combofix.exe Folge den Instruktionen in das Fenster Waehrend Combofix lauft NICHT ins Fenster klicken sonst erfriert dein Rechner Wenn das Tool fertig ist,oeffnet sich ein logfile(combofix.txt). Kopiere den Inhalt des Berichts C:/Combofix/combofix.txt in dein folgender Bericht zusammen mit ein log von HijackThis __________ MfG Argus |
|
|
|
|
|
|
14.08.2007, 17:40
...neu hier
Beiträge: 2 |
#9
Arnold
vielen Dank für deine Antwort. Hier mein Bericht von comboFix ComboFix 07-08-14.4 - "Halil Tolga Nar" 2007-08-14 17:24:19.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1031.18.266 [GMT 2:00] * Created a new restore point ((((((((((((((((((((((((( Files Created from 2007-07-14 to 2007-08-14 ))))))))))))))))))))))))))))))) 2007-08-14 17:22 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-08-13 06:41 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab 2007-08-12 17:01 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\Spybot - Search & Destroy 2007-08-12 16:04 89,088 --a------ C:\WINDOWS\system32\atl71.dll 2007-08-05 18:08 <DIR> d-------- C:\Programme\Avira 2007-07-31 06:35 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\Messenger Plus! 2007-07-31 06:31 <DIR> d-------- C:\Programme\Windows Live 2007-07-31 06:31 <DIR> d-------- C:\Programme\Messenger Plus! Live 2007-07-28 19:12 <DIR> d-------- C:\DOKUME~1\HALILT~1\ANWEND~1\Ahead 2007-07-14 22:39 97,440 --a--c--- C:\WINDOWS\system32\dllcache\b57xp32.sys 2007-07-14 22:39 97,440 --a------ C:\WINDOWS\system32\drivers\b57xp32.sys (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-08-14 16:26 --------- d-------- C:\Programme\AOL 8.0 2007-07-31 06:31 --------- d-------- C:\Programme\MSN Messenger 2007-07-30 21:08 --------- d-------- C:\Programme\Messenger 2007-07-27 23:17 --------- d-------- C:\DOKUME~1\HALILT~1\ANWEND~1\LimeWire 2007-07-02 16:42 --------- d-------- C:\Programme\Microsoft LifeCam 2007-05-16 17:12 85504 -----c--- C:\WINDOWS\system32\dllcache\wabimp.dll 2007-05-16 17:12 510976 -----c--- C:\WINDOWS\system32\dllcache\wab32.dll 2007-05-16 17:11 86528 -----c--- C:\WINDOWS\system32\dllcache\directdb.dll 2007-05-16 17:11 683520 --a------ C:\WINDOWS\system32\inetcomm.dll 2007-05-16 17:11 683520 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll 2007-05-16 17:11 1314816 -----c--- C:\WINDOWS\system32\dllcache\msoe.dll 2003-08-12 20:28 40960 --a------ C:\Programme\Uninstall_PCM.exe ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LaunchAp"="C:\Programme\Launch Manager\LaunchAp.exe" [2003-05-12 14:28] "HotkeyApp"="C:\Programme\Launch Manager\HotkeyApp.exe" [2003-06-30 09:22] "OSD"="C:\Programme\Launch Manager\OSD.exe" [2003-06-25 10:53] "Wbutton"="C:\Programme\Launch Manager\Wbutton.exe" [2003-06-18 15:39] "CtrlVol"="C:\Programme\Launch Manager\CtrlVol.exe" [2003-05-08 10:49] "VOBRegCheck"="C:\WINDOWS\System32\VOBREGCheck.exe" [2003-01-08 15:55] "Realtime Monitor"="C:\PROGRA~1\CA\ETRUST~1\realmon.exe" [2003-03-21 22:33] "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-08-12 09:12] "nwiz"="nwiz.exe" [2003-08-12 09:12 C:\WINDOWS\system32\nwiz.exe] "SoundMan"="SOUNDMAN.EXE" [2003-04-24 10:53 C:\WINDOWS\SOUNDMAN.EXE] "SynTPLpr"="C:\Programme\Synaptics\SynTP\SynTPLpr.exe" [2003-04-24 16:51] "SynTPEnh"="C:\Programme\Synaptics\SynTP\SynTPEnh.exe" [2003-04-24 16:44] "PinnacleDriverCheck"="C:\WINDOWS\System32\PSDrvCheck.exe" [2003-05-05 09:55] "PRISMSTA.EXE"="PRISMSTA.exe" [2003-08-04 15:54 C:\WINDOWS\system32\PRISMSTA.exe] "HerculesCamService"="C:\Programme\Hercules\Hercules DualPix HD Webcam\CamService.exe" [] "ISUSPM Startup"="C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-16 18:15] "ISUSScheduler"="C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" [2005-02-16 18:15] "AVMWlanClient"="C:\Programme\avmwlanstick\FRITZWLANMini.exe" [2006-06-23 11:24] "SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43] "VX6000"="C:\WINDOWS\vVX6000.exe" [2006-12-19 11:29] "LifeCam"="C:\Programme\Microsoft LifeCam\LifeExp.exe" [2007-01-12 17:48] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:57] "AOLMIcon"="C:\Programme\Gemeinsame Dateien\aolshare\AOLMIcon.exe" [2003-07-29 16:06] "MsnMsgr"="C:\Programme\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55] C:\Dokumente und Einstellungen\Halil Tolga Nar\Startmen\Programme\Autostart\ FRITZ!DSL Startcenter.lnk - C:\Programme\FRITZ!DSL\StCenter.exe [2007-04-22 12:33:26] R1 Hotkey;Hotkey;C:\WINDOWS\system32\drivers\Hotkey.sys R1 NETDSL;AVM PPP over Ethernet;C:\WINDOWS\system32\DRIVERS\netdsl.sys R1 Wbutton;Wbutton;C:\WINDOWS\system32\drivers\Wbutton.sys R2 LogWatch;Ereignisprotokoll-Überwachung;C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe R2 MSCamSvc;MSCamSvc;"C:\Programme\Microsoft LifeCam\MSCamS32.exe" R3 FWLANUSB;AVM FRITZ!WLAN;C:\WINDOWS\system32\DRIVERS\fwlanusb.sys R3 NETFWDSL;AVM FRITZ!web DSL PPP;C:\WINDOWS\system32\DRIVERS\NETFWDSL.SYS R3 PRISM_A00;PRISM 802.11g Driver;C:\WINDOWS\system32\DRIVERS\PRISMA00.sys R3 tifm;tifm;C:\WINDOWS\system32\drivers\tifm.sys S3 APL531;Hercules Dualpix HD Webcam;C:\WINDOWS\system32\Drivers\HDvid.sys S3 CA_LIC_CLNT;CA-Lizenz-Client;C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe S3 CA_LIC_SRVR;CA-Lizenzserver;C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe S3 camfilt;camfilt;C:\WINDOWS\system32\Drivers\camfilt.sys S3 VX6000;Microsoft LifeCam VX-6000;C:\WINDOWS\system32\DRIVERS\VX6000Xp.sys [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{beb0cada-093b-11dc-9df5-00040ecf2435}] AutoRun\command- G:\setupSNK.exe Contents of the 'Scheduled Tasks' folder 2007-08-14 15:05:00 C:\WINDOWS\Tasks\Auf Updates für Windows Live Toolbar prüfen.job ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-08-14 17:27:18 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run CtrlVol = C:\Programme\Launch Manager\CtrlVol.exe???????????@??n?w???????????w???w?n?w???????? ???0V?w|??????w????0???????y??w???????????????????? ???????0???????I??s???s@????????????a?wx??sx???????B-?s???????????????s???s?????n?w????Y??s?;??D??s??@??=@??;????????? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-08-14 17:28:01 --- E O F --- |
|
|
|
|
|
|
15.08.2007, 20:43
Ehrenmitglied
Beiträge: 6028 |
||
|
|
|
|
|
19.08.2007, 13:59
...neu hier
Beiträge: 1 |
#11
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\Programme\Gemeinsame Dateien\{183C4~1 C:\Programme\Gemeinsame Dateien\{383C4~1 C:\Programme\Gemeinsame Dateien\{383C4~1\toolbardll.lzma C:\Programme\Gemeinsame Dateien\{383C4~1\UnInstall.exe C:\Programme\Gemeinsame Dateien\{383C4~1\UnInstall.lzma C:\Programme\Gemeinsame Dateien\drivecleaner free C:\Programme\Gemeinsame Dateien\drivecleaner free\udcwap.exe ((((((((((((((((((((((((( Files Created from 2007-07-19 to 2007-08-19 ))))))))))))))))))))))))))))))) 2007-08-19 13:33 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-08-13 21:47 21,504 --a------ C:\WINDOWS\system32\drivers\motmodem.sys 2007-08-13 21:47 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll 2007-08-13 21:46 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Motorola Shared 2007-08-08 17:45 <DIR> d-------- C:\DOKUME~1\ALEXAN~1\ANWEND~1\Skype 2007-08-08 17:44 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Skype 2007-08-08 17:43 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\Skype 2007-08-08 17:42 <DIR> d-------- C:\Programme\Skype (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-08-19 12:17 17408 --a------ C:\WINDOWS\system32\drivers\USBCRFT.SYS 2007-08-13 21:49 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2007-08-13 21:49 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_motmodem_01005.Wdf 2007-08-13 21:49 --------- d-------- C:\Programme\Motorola Phone Tools 2007-08-13 21:45 --------- d-------- C:\Programme\Avanquest update 2007-07-07 01:24 --------- d-------- C:\Programme\Warcraft III 2007-07-06 03:18 --------- d-------- C:\Programme\Download 2007-07-06 03:17 --------- d-------- C:\Programme\Azureus 2007-07-05 14:55 --------- d-------- C:\Programme\ICQ6 2007-06-26 16:39 671232 --a--c--- C:\WINDOWS\system32\dllcache\wininet.dll 2007-06-26 15:55 851968 --a--c--- C:\WINDOWS\system32\dllcache\vgx.dll 2007-06-26 08:08 1104896 --a--c--- C:\WINDOWS\system32\dllcache\msxml3.dll 2007-06-26 08:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll 2007-06-23 17:25 --------- d-------- C:\DOKUME~1\ALEXAN~1\ANWEND~1\Bild.de Radio 2007-06-19 15:31 282112 --a--c--- C:\WINDOWS\system32\dllcache\gdi32.dll 2007-06-19 15:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll 2007-06-15 10:13 96768 --a--c--- C:\WINDOWS\system32\dllcache\inseng.dll 2007-06-15 10:13 619008 --a--c--- C:\WINDOWS\system32\dllcache\urlmon.dll 2007-06-15 10:13 55808 --a--c--- C:\WINDOWS\system32\dllcache\extmgr.dll 2007-06-15 10:13 532480 --a--c--- C:\WINDOWS\system32\dllcache\mstime.dll 2007-06-15 10:13 474624 --a--c--- C:\WINDOWS\system32\dllcache\shlwapi.dll 2007-06-15 10:13 449024 --a--c--- C:\WINDOWS\system32\dllcache\mshtmled.dll 2007-06-15 10:13 39424 --a--c--- C:\WINDOWS\system32\dllcache\pngfilt.dll 2007-06-15 10:13 357888 --a--c--- C:\WINDOWS\system32\dllcache\dxtmsft.dll 2007-06-15 10:13 3085312 --a--c--- C:\WINDOWS\system32\dllcache\mshtml.dll 2007-06-15 10:13 251904 --a--c--- C:\WINDOWS\system32\dllcache\iepeers.dll 2007-06-15 10:13 205824 --a--c--- C:\WINDOWS\system32\dllcache\dxtrans.dll 2007-06-15 10:13 16384 --a--c--- C:\WINDOWS\system32\dllcache\jsproxy.dll 2007-06-15 10:13 152064 --a--c--- C:\WINDOWS\system32\dllcache\cdfview.dll 2007-06-15 10:13 1498112 --a--c--- C:\WINDOWS\system32\dllcache\shdocvw.dll 2007-06-15 10:13 146432 --a--c--- C:\WINDOWS\system32\dllcache\msrating.dll 2007-06-15 10:13 1056256 --a--c--- C:\WINDOWS\system32\dllcache\danim.dll 2007-06-15 10:13 1022976 --a--c--- C:\WINDOWS\system32\dllcache\browseui.dll 2007-06-14 12:32 18432 --a--c--- C:\WINDOWS\system32\dllcache\iedw.exe 2007-06-13 15:21 1036288 --a--c--- C:\WINDOWS\system32\dllcache\explorer.exe 2007-06-13 15:21 1036288 --a------ C:\WINDOWS\explorer.exe 2007-03-17 22:12 8181432 --a------ C:\Programme\BearShareV6de.exe 2006-05-06 19:59 81 --a------ C:\Programme\WRKINFO.DAT 2006-05-01 23:09 11817800 --a------ C:\Programme\GoogleEarth.exe 2005-11-28 12:59 5 --a------ C:\Programme\drive.txt 2000-11-16 11:04 430080 --a------ C:\Programme\ski2001.exe 2000-11-16 11:04 118784 --a------ C:\Programme\optgraph.dll 2000-11-09 22:26 424341504 --a------ C:\Programme\packfile.pak 1999-03-11 19:22 99840 --a------ C:\Programme\Gemeinsame Dateien\IRAABOUT.DLL 1998-12-09 04:53 70144 --a------ C:\Programme\Gemeinsame Dateien\IRAMDMTR.DLL 1998-12-09 04:53 48640 --a------ C:\Programme\Gemeinsame Dateien\IRALPTTR.DLL 1998-12-09 04:53 31744 --a------ C:\Programme\Gemeinsame Dateien\IRAWEBTR.DLL 1998-12-09 04:53 186368 --a------ C:\Programme\Gemeinsame Dateien\IRAREG.DLL 1998-12-09 04:53 17920 --a------ C:\Programme\Gemeinsame Dateien\IRASRIAL.DLL 1998-03-06 10:06 105239 --a------ C:\Programme\fjvisit.exe 1997-04-22 13:49 804220 --a------ C:\Programme\CMBTLL.HLP 1997-04-14 16:14 238 --a------ C:\Programme\VORLAGEN.INI 1995-08-03 12:44 23872 --a------ C:\Programme\DBTTIP.VBX 1995-04-18 14:16 89248 --a------ C:\Programme\COMMDLG.DLL 1995-04-18 14:16 64432 --a------ C:\Programme\THREED.VBX 1995-04-18 14:16 18688 --a------ C:\Programme\CMDIALOG.VBX 1995-04-17 10:06 214 --a------ C:\Programme\CMBTLL.INI 1994-06-09 15:37 535456 --a------ C:\Programme\CMBTLL.DLL 1994-06-09 09:42 30848 --a------ C:\Programme\CMBTLLX.VBX 1994-06-09 09:39 49456 --a------ C:\Programme\CMBTLLUS.LNG 1994-06-09 09:38 50384 --a------ C:\Programme\CMBTLLGR.LNG 1994-05-06 11:33 170864 --a------ C:\Programme\CMBTCTL.DLL 1994-04-28 14:00 232208 --a------ C:\Programme\SSDATA2.VBX 1994-04-08 17:11 78464 --a------ C:\Programme\CMBTDWG.DLL 1994-04-06 00:00 994496 --a------ C:\Programme\MSAJT200.DLL 1994-04-06 00:00 306176 --a------ C:\Programme\MSABC200.DLL 1994-04-06 00:00 295712 --a------ C:\Programme\XBS200.DLL 1994-03-24 00:00 95200 --a------ C:\Programme\VBDB300.DLL 1994-03-24 00:00 17424 --a------ C:\Programme\MSAJT112.DLL 1994-02-22 09:35 42112 --a------ C:\Programme\CMBTUTIL.DLL 1993-06-30 12:02 398416 --a------ C:\Programme\VBRUN300.DLL ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CHotkey"="mHotkey.exe" [2002-07-23 11:09 C:\WINDOWS\mHotkey.exe] "Cmaudio"="cmicnfg.cpl" [2005-04-07 11:06 C:\WINDOWS\CMICNFG.CPL] "VTTimer"="VTTimer.exe" [2005-04-07 11:16 C:\WINDOWS\system32\VTTimer.exe] "VTTrayp"="VTtrayp.exe" [2005-04-07 11:16 C:\WINDOWS\system32\VTTrayp.exe] "Dit"="Dit.exe" [2004-07-20 18:18 C:\WINDOWS\Dit.exe] "RemoteControl"="C:\Programme\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 20:42] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50] "avgnt"="C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" [2007-04-19 17:14] "MessengerPlus3"="C:\Programme\MessengerPlus! 3\MsgPlus.exe" [] "iTunesHelper"="C:\Programme\iTunes\iTunesHelper.exe" [2006-02-23 15:45] "QuickTime Task"="C:\Programme\QuickTime\qttask.exe" [2006-04-18 17:37] "Ulead Photo Express 5 SE Calendar Checker"="C:\Programme\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe" [2004-01-12 21:40] "TkBellExe"="C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" [2007-06-16 19:12] "Adobe Photo Downloader"="C:\Programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-16 11:45] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="C:\Programme\MSN Messenger\MsnMsgr.exe" [2007-01-19 13:55] "ICQ"="C:\Programme\ICQ6\ICQ.exe" [2007-04-25 12:29] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "ALUAlert"=C:\Programme\Symantec\LiveUpdate\ALUNotify.exe C:\Dokumente und Einstellungen\All Users\Startmen\Programme\Autostart\ Adobe Reader - Schnellstart.lnk - C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 08:05:26] CAPIControl.lnk - C:\Programme\Telekom\Eumex 704PC DSL\Capictrl.exe [2005-06-09 15:35:46] HomeNet Control.lnk - C:\Programme\Telekom\Eumex 704PC DSL\HNetCtrl.exe [2005-06-09 15:35:48] Microsoft Office.lnk - C:\Programme\Microsoft Office\Office\OSA9.EXE [2000-01-21 10:15:54] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"= sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll MsgPlusLoader.dll ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-08-19 13:47:34 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-08-19 13:48:35 C:\ComboFix-quarantined-files.txt ... 2007-08-19 13:48 --- E O F --- |
|
|
|
|
|
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!
bitte erst » hier kostenlos registrieren!!
Folgende Themen könnten Dich auch interessieren:
Seite(n): 1
Copyright © 2024, Protecus.de - Protecus Team - Impressum / Mediadaten
vor ein paar tagen kam eine Meldung in der stand ,dass ich sexseiten besucht hätte (was aber nicht stimmt) und dann bin ich auf eine "Drive Cleaner" seite verbunden worden.Diese meldung kommt immer wieder.Ich würde mich freuen wenn ihr mir helfen könntet.Bitte!
Euer izzy.