Home » Spyware & Browser Hijacker Support Forum » Fehlermeldung beim Boot + Hijack Logfile Auswertung » Themenansicht

Fehlermeldung beim Boot + Hijack Logfile Auswertung
#0
18.08.2007, 01:25
icY44
...neu hier

Beiträge: 7
#1 Moin, wenn ich boote , bekomme ich immer folgende Fehlermeldung :#



ich hab hijack laufen lassen + online auswertung und hab das "böse" gefixt, aber das hat nicht geholfen ich kopier euch mal meine aktuelle Logfile und hoffe auf Hilfe

Tyvm


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:10:13, on 12.08.2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Premium\avguard.exe
C:\Programme\AntiVir PersonalEdition Premium\sched.exe
C:\Programme\AntiVir PersonalEdition Premium\avesvc.exe
C:\WINDOWS\System32\bgsvcgen.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Programme\Firebird\Firebird_1_5\bin\fbguard.exe
C:\WINDOWS\System32\NMSSvc.exe
C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Programme\AntiVir PersonalEdition Premium\avmailc.exe
C:\Programme\Firebird\Firebird_1_5\bin\fbserver.exe
C:\WINDOWS\System32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\PTBSync\PTBSync.exe
C:\Programme\Logitech\iTouch\iTouch.exe
C:\Programme\AntiVir PersonalEdition Premium\avgnt.exe
C:\Programme\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Programme\MSN Messenger\usnsvc.exe
C:\Programme\ICQ6\ICQ.exe
C:\WINDOWS\System32\svchost.exe
C:\DOKUME~1\Phil\LOKALE~1\Temp\Rar$EX00.907\HijackThis.exe
C:\Programme\Opera\Opera.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.live.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hao8.cc
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,rundll32.exe C:\WINDOWS\System32\winsys16_070307.dll start
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Programme\BitComet\tools\BitCometBHO_1.1.3.28.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Programme\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Alcohol Toolbar Helper - {8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489} - C:\Programme\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: XBTP01621 - {9EBBE90B-282E-4c39-8A7E-120749169F0F} - C:\PROGRA~1\BEARSH~2\MediaBar.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll
O2 - BHO: WMHlprObj Class - {F5824EFB-728A-4726-A5A5-85A68B20EDC3} - C:\PROGRA~2\CNNIC\Cdn\wmhlpr.dll (file missing)
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: BearShare MediaBar - {B7D3E479-CC68-42B5-A338-938ECE35F419} - C:\Programme\BearShare MediaBar\MediaBar.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Alcohol Toolbar - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - C:\Programme\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [PTBSync] C:\Programme\PTBSync\PTBSync.exe /Start
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programme\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Premium\avgnt.exe" /min
O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Programme\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Windows Live Search - res://C:\Programme\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Download all links using BitComet - res://C:\Programme\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Programme\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Programme\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Download with NetPumper - C:\Programme\NetPumper\AddUrl.htm
O8 - Extra context menu item: Easy-WebPrint - Drucken - res://C:\Programme\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - res://C:\Programme\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint - Vorschau - res://C:\Programme\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - res://C:\Programme\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Dokumente und Einstellungen\Phil\Startmenü\Programme\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Dokumente und Einstellungen\Phil\Startmenü\Programme\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra button: Chinese Navigation - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~2\CNNIC\Cdn\cdnuc.exe (file missing)
O9 - Extra 'Tools' menuitem: Chinese Navigation - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~2\CNNIC\Cdn\cdnuc.exe (file missing)
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Programme\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Programme\UltimateBet\UltimateBet.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O9 - Extra button: Klicke hier um das Projekt xp-AntiSpy zu unterstützen - {0e921e80-267a-42aa-aee4-60b9a1222a44} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O9 - Extra 'Tools' menuitem: Unterstützung für xp-AntiSpy - {0e921e80-267a-42aa-aee4-60b9a1222a44} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1161564966625
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1178141481031
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Premium\avmailc.exe
O23 - Service: AntiVir PersonalEdition Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Premium\sched.exe
O23 - Service: AntiVir PersonalEdition Premium Guard (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Premium\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AntiVir PersonalEdition Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Premium\avesvc.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\System32\bgsvcgen.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Programme\Firebird\Firebird_1_5\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Programme\Firebird\Firebird_1_5\bin\fbserver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 12454 bytes
Seitenanfang Seitenende
18.08.2007, 07:13
felixx
Member
Avatar felixx

Beiträge: 62
#2 Hallo

Zitat

Platform: Windows XP SP1 (WinNT 5.01.2600)
Ohne SP2 zu surfen ist ein bisschen leichtsinnig. ;-)

Beschädigte Systemdateien kannst du so reparieren.

Start/Ausführen/cmd/ Kommandozeile sfc /scannow eingeben und Windows Original CD bereithalten.

Gruss
__________
*virustotal*
*escan*
Seitenanfang Seitenende
18.08.2007, 13:13
icY44
...neu hier

Themenstarter

Beiträge: 7
#3 ja, aber lt. google hab ich ein größeres Problem .

http://www.google.de/search?hl=de&q=winsys16_070307.dll&btnG=Google-Suche&meta=
Seitenanfang Seitenende
18.08.2007, 20:08
felixx
Member
Avatar felixx

Beiträge: 62
#4 Hallo,

ja, du hast ein größeres Problem. Bitte escan laufen lassen (Link in meiner Signatur) und poste hier das logfile. Dann sehen wir weiter.

Gruss Felixx
__________
*virustotal*
*escan*
Seitenanfang Seitenende
20.08.2007, 14:02
icY44
...neu hier

Themenstarter

Beiträge: 7
#5 starting as "C:\bases\findmwav.bat"

---------- C:\RESULTS.TXT

Mon Aug 20 00:59:27 2007 => File C:\Dokumente und Einstellungen\Phil\Desktop\NetPumper-1.50-setup-0165.exe//data0079 infected by "Trojan.Win32.Obfuscated.en" Virus! Action Taken: No Action Taken.
Mon Aug 20 01:37:02 2007 => File C:\Dokumente und Einstellungen\Phil\Desktop\NetPumper-1.50-setup-0165.exe//data0079 infected by "Trojan.Win32.Obfuscated.en" Virus! Action Taken: No Action Taken.
Mon Aug 20 02:26:09 2007 => File C:\Programme\Creative\SBAudigy2ZS\Surround Mixer\eizmvbsm.dll//UPX infected by "Trojan-PSW.Win32.Agent.jy" Virus! Action Taken: No Action Taken.
Mon Aug 20 02:26:09 2007 => File C:\Programme\Creative\SBAudigy2ZS\Surround Mixer\fflgplxc.dll//UPX infected by "Trojan-PSW.Win32.Agent.jy" Virus! Action Taken: No Action Taken.
Mon Aug 20 02:26:12 2007 => File C:\Programme\Creative\SBAudigy2ZS\Surround Mixer\rigbhgwn.dll//UPX infected by "Trojan-PSW.Win32.Agent.jy" Virus! Action Taken: No Action Taken.
Mon Aug 20 02:26:14 2007 => File C:\Programme\Creative\SBAudigy2ZS\Surround Mixer\uljoayog.dll//UPX infected by "Trojan-PSW.Win32.Agent.jy" Virus! Action Taken: No Action Taken.
Mon Aug 20 04:40:43 2007 => File E:\Tools , Programme\norton\NAV\External\NORTON\NAVAPW32.exe infected by "Exe.Corrupted" Virus! Action Taken: No Action Taken.
Mon Aug 20 04:41:53 2007 => File E:\Tools , Programme\norton\Norton.Antivirus.2004.PRO\NAV\EXTERNAL\NORTON\NAVAPW32.EXE infected by "Exe.Corrupted" Virus! Action Taken: No Action Taken.
Mon Aug 20 06:21:07 2007 => File Z:\Programme\mIRC\logs\QuakeNet\De_Ja_VU.log infected by "IRC-Worm.Win32.Small.g" Virus! Action Taken: No Action Taken.

Mon Aug 20 00:43:08 2007 => File C:\PROGRA~1\BEARSH~2\MediaBar.dll tagged as "not-a-virus:AdWare.Win32.Mostofate.aa". Action Taken: No Action Taken.
Mon Aug 20 00:43:10 2007 => File C:\PROGRA~1\BEARSH~2\MediaBar.dll tagged as "not-a-virus:AdWare.Win32.Mostofate.aa". Action Taken: No Action Taken.
Mon Aug 20 01:45:08 2007 => File C:\Dokumente und Einstellungen\Phil\Eigene Dateien\ICQ\XXX-XXX-XXX\yoyo_XXX-XXX-XXX\mspass.zip/mspass.exe tagged as "not-a-virus:pSWTool.Win32.Messen.106". No Action Taken.
Mon Aug 20 01:45:10 2007 => File C:\Dokumente und Einstellungen\Phil\Eigene Dateien\ICQ\XXX-XXX-XXX\yoyo_XXX-XXX-XXX\SetupRevelationV2.exe//WISE0012.BIN tagged as "not-a-virus:pSWTool.Win32.SnadBoy.2011". No Action Taken.
Mon Aug 20 01:46:50 2007 => File C:\Dokumente und Einstellungen\Phil\Eigene Dateien\ICQ Lite\XXX-XXX-XXX\yoyo_XXX-XXX-XXX\mspass.zip/mspass.exe tagged as "not-a-virus:pSWTool.Win32.Messen.106". No Action Taken.
Mon Aug 20 01:46:51 2007 => File C:\Dokumente und Einstellungen\Phil\Eigene Dateien\ICQ Lite\XXX-XXX-XXX\yoyo_XXX-XXX-XXX\SetupRevelationV2.exe//WISE0012.BIN tagged as "not-a-virus:pSWTool.Win32.SnadBoy.2011". No Action Taken.
Mon Aug 20 01:54:09 2007 => File C:\Program Files\mIRC\mirc.exe tagged as "not-a-virus:Client-IRC.Win32.mIRC.617". No Action Taken.
Mon Aug 20 02:15:04 2007 => File C:\Programme\BearShare MediaBar\MediaBar.dll tagged as "not-a-virus:AdWare.Win32.Mostofate.aa". Action Taken: No Action Taken.
Mon Aug 20 02:55:46 2007 => File C:\Programme\SnadBoy's Revelation v2\Revelation.exe tagged as "not-a-virus:pSWTool.Win32.SnadBoy.2011". No Action Taken.
Mon Aug 20 02:55:46 2007 => File C:\Programme\SnadBoy's Revelation v2\RevelationHelper.dll tagged as "not-a-virus:pSWTool.Win32.SnadBoy.2011". No Action Taken.
Mon Aug 20 04:18:04 2007 => File E:\Eigene Dateien\Installer\girc421_430.exe//stream//data0008 tagged as "not-a-virus:Client-IRC.Win32.mIRC.614". No Action Taken.
Mon Aug 20 04:18:08 2007 => File E:\Eigene Dateien\Installer\girc432.exe//stream//data0009 tagged as "not-a-virus:Client-IRC.Win32.mIRC.616". No Action Taken.
Mon Aug 20 04:18:27 2007 => File E:\Eigene Dateien\Installer\mirc616.exe//data0001.bin tagged as "not-a-virus:Client-IRC.Win32.mIRC.616". No Action Taken.
Mon Aug 20 04:18:54 2007 => File E:\Eigene Dateien\Installer\netpumper-1.20.1-setup.exe//data0081/Sync.exe tagged as "not-a-virus:AdWare.Win32.SaveNow.v". Action Taken: No Action Taken.
Mon Aug 20 04:24:34 2007 => File E:\Eigene Dateien\Krims Krams\girc430.exe//stream//data0009 tagged as "not-a-virus:Client-IRC.Win32.mIRC.614". No Action Taken.
Mon Aug 20 04:24:52 2007 => File E:\Eigene Dateien\Krims Krams\netpumper-1[1].20.1-setup.exe//data0081/Sync.exe tagged as "not-a-virus:AdWare.Win32.SaveNow.v". Action Taken: No Action Taken.
Mon Aug 20 04:34:01 2007 => File E:\System Volume Information\_restore{C65102B4-1CCA-48FD-86F8-DDF5638EC7F2}\RP699\A0761994.exe//stream//data0008 tagged as "not-a-virus:Client-IRC.Win32.mIRC.614". No Action Taken.
Mon Aug 20 04:34:06 2007 => File E:\System Volume Information\_restore{C65102B4-1CCA-48FD-86F8-DDF5638EC7F2}\RP699\A0761995.exe//stream//data0009 tagged as "not-a-virus:Client-IRC.Win32.mIRC.616". No Action Taken.
Mon Aug 20 04:34:22 2007 => File E:\System Volume Information\_restore{C65102B4-1CCA-48FD-86F8-DDF5638EC7F2}\RP699\A0762000.exe//data0001.bin tagged as "not-a-virus:Client-IRC.Win32.mIRC.616". No Action Taken.
Mon Aug 20 04:34:49 2007 => File E:\System Volume Information\_restore{C65102B4-1CCA-48FD-86F8-DDF5638EC7F2}\RP699\A0762002.exe//data0081/Sync.exe tagged as "not-a-virus:AdWare.Win32.SaveNow.v". Action Taken: No Action Taken.
Mon Aug 20 04:38:39 2007 => File E:\System Volume Information\_restore{C65102B4-1CCA-48FD-86F8-DDF5638EC7F2}\RP699\A0762255.exe//stream//data0009 tagged as "not-a-virus:Client-IRC.Win32.mIRC.614". No Action Taken.
Mon Aug 20 04:38:44 2007 => File E:\System Volume Information\_restore{C65102B4-1CCA-48FD-86F8-DDF5638EC7F2}\RP699\A0762256.exe//data0081/Sync.exe tagged as "not-a-virus:AdWare.Win32.SaveNow.v". Action Taken: No Action Taken.
Mon Aug 20 04:49:41 2007 => File Z:\Eigene Dateien\Installer\girc421_430.exe//stream//data0008 tagged as "not-a-virus:Client-IRC.Win32.mIRC.614". No Action Taken.
Mon Aug 20 04:49:46 2007 => File Z:\Eigene Dateien\Installer\girc432.exe//stream//data0009 tagged as "not-a-virus:Client-IRC.Win32.mIRC.616". No Action Taken.
Mon Aug 20 04:49:55 2007 => File Z:\Eigene Dateien\Installer\mirc616.exe//data0001.bin tagged as "not-a-virus:Client-IRC.Win32.mIRC.616". No Action Taken.
Mon Aug 20 04:50:22 2007 => File Z:\Eigene Dateien\Installer\netpumper-1.20.1-setup.exe//data0081/Sync.exe tagged as "not-a-virus:AdWare.Win32.SaveNow.v". Action Taken: No Action Taken.
Mon Aug 20 04:55:21 2007 => File Z:\Eigene Dateien\Krims Krams\girc430.exe//stream//data0009 tagged as "not-a-virus:Client-IRC.Win32.mIRC.614". No Action Taken.
Mon Aug 20 04:55:31 2007 => File Z:\Eigene Dateien\Krims Krams\netpumper-1[1].20.1-setup.exe//data0081/Sync.exe tagged as "not-a-virus:AdWare.Win32.SaveNow.v". Action Taken: No Action Taken.
Mon Aug 20 05:59:07 2007 => File Z:\mIRC6.178\mirc.exe tagged as "not-a-virus:Client-IRC.Win32.mIRC.617". No Action Taken.
Mon Aug 20 06:21:23 2007 => File Z:\Programme\mIRC\mirc.exe tagged as "not-a-virus:Client-IRC.Win32.mIRC.617". No Action Taken.
Mon Aug 20 06:23:36 2007 => File Z:\System Volume Information\_restore{C65102B4-1CCA-48FD-86F8-DDF5638EC7F2}\RP699\A0757201.exe//stream//data0009 tagged as "not-a-virus:Client-IRC.Win32.mIRC.616". No Action Taken.
Mon Aug 20 06:23:38 2007 => File Z:\System Volume Information\_restore{C65102B4-1CCA-48FD-86F8-DDF5638EC7F2}\RP699\A0757208.exe//stream//data0008 tagged as "not-a-virus:Client-IRC.Win32.mIRC.614". No Action Taken.

Mon Aug 20 01:05:58 2007 => System found infected with video activex access Trojan ({7e853d72-626a-48ec-a868-ba8d5e23e045})! Action taken: No Action Taken.
Mon Aug 20 01:05:59 2007 => System found infected with whenu.savenow Spyware/Adware ({c285d18d-43a2-4aef-83fb-bf280e660a97})! Action taken: No Action Taken.
Mon Aug 20 01:06:35 2007 => System found infected with spypal Spyware/Adware (C:\WINDOWS\system32\gdiplus.dll)! Action taken: No Action Taken.
Mon Aug 20 01:06:35 2007 => System found infected with savenow Adware (C:\WINDOWS\system32\unrar.dll)! Action taken: No Action Taken.
Mon Aug 20 01:06:01 2007 => Offending Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\netpumper_is1 !!!
Mon Aug 20 01:06:02 2007 => Offending Key found: HKLM\Software\magnet !!!
Mon Aug 20 01:06:02 2007 => Offending Key found: HKLM\Software\ptech !!!
Mon Aug 20 01:06:02 2007 => Offending Key found: HKCU\Software\netpumper !!!
Mon Aug 20 01:06:02 2007 => Offending Key found: HKCU\software\microsoft\internet explorer\menuext\download with netpumper !!!
Mon Aug 20 01:06:02 2007 => Offending Key found: HKCU\software\microsoft\windows\currentversion\explorer\menuorder\start menu2\programs\netpumper !!!
Mon Aug 20 01:06:03 2007 => Offending Key found: HKCU\\magnet !!!
Mon Aug 20 01:06:07 2007 => Offending Folder found: C:\Dokumente und Einstellungen\Phil\Anwendungsdaten\icq\bart\1024
Mon Aug 20 01:06:09 2007 => Offending Folder found: C:\Dokumente und Einstellungen\Phil\Anwendungsdaten\netpumper
Mon Aug 20 01:06:24 2007 => Offending Folder found: C:\Dokumente und Einstellungen\Phil\Anwendungsdaten\sopcast\adv
Mon Aug 20 01:06:27 2007 => Offending Folder found: C:\Dokumente und Einstellungen\Phil\Eigene Dateien\icq\XXX-XXX-XXX\böcki_104686182\autos
Mon Aug 20 01:06:28 2007 => Offending Folder found: C:\Dokumente und Einstellungen\Phil\Eigene Dateien\icq lite\XXX-XXX-XXX\böcki_104686182\autos
Mon Aug 20 01:06:32 2007 => Offending Folder found: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\cyberlink\powerdvd\ipower\images\hd
Mon Aug 20 01:06:33 2007 => Offending Folder found: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\netpumper
Mon Aug 20 01:06:33 2007 => Offending Folder found: C:\Dokumente und Einstellungen\All Users\Startmenü\programme\netpumper
Mon Aug 20 01:06:34 2007 => Offending Folder found: C:\Dokumente und Einstellungen\Phil\Eigene Dateien\icq\XXX-XXX-XXX\böcki_104686182\autos
Mon Aug 20 01:06:34 2007 => Offending Folder found: C:\Dokumente und Einstellungen\Phil\Eigene Dateien\icq lite\XXX-XXX-XXX\böcki_104686182\autos
Mon Aug 20 01:06:35 2007 => Offending file found: C:\WINDOWS\system32\gdiplus.dll
Mon Aug 20 01:06:35 2007 => Offending file found: C:\WINDOWS\system32\unrar.dll

Mon Aug 20 01:06:01 2007 => Object "netpumper Spyware/Adware" found in File System! Action Taken: No Action Taken.
Mon Aug 20 01:06:02 2007 => Object "grokster Spyware/Adware" found in File System! Action Taken: No Action Taken.
Mon Aug 20 01:06:02 2007 => Object "prutect Spyware/Adware" found in File System! Action Taken: No Action Taken.
Mon Aug 20 01:06:02 2007 => Object "netpumper Spyware/Adware" found in File System! Action Taken: No Action Taken.
Mon Aug 20 01:06:02 2007 => Object "netpumper Spyware/Adware" found in File System! Action Taken: No Action Taken.
Mon Aug 20 01:06:02 2007 => Object "netpumper Spyware/Adware" found in File System! Action Taken: No Action Taken.
Mon Aug 20 01:06:03 2007 => Object "grokster Spyware/Adware" found in File System! Action Taken: No Action Taken.
Mon Aug 20 01:06:07 2007 => Object "smitfraud Browser Hijacker" found in File System! Action Taken: No Action Taken.
Mon Aug 20 01:06:09 2007 => Object "netpumper Spyware/Adware" found in File System! Action Taken: No Action Taken.
Mon Aug 20 01:06:24 2007 => Object "titanshield antispyware Corrupted Adware/Spyware" found in File System! Action Taken: No Action Taken.
Mon Aug 20 01:06:27 2007 => Object "gohip Spyware/Adware" found in File System! Action Taken: No Action Taken.
Mon Aug 20 01:06:28 2007 => Object "gohip Spyware/Adware" found in File System! Action Taken: No Action Taken.
Mon Aug 20 01:06:32 2007 => Object "wareout Adware" found in File System! Action Taken: No Action Taken.
Mon Aug 20 01:06:33 2007 => Object "netpumper Spyware/Adware" found in File System! Action Taken: No Action Taken.
Mon Aug 20 01:06:33 2007 => Object "netpumper Spyware/Adware" found in File System! Action Taken: No Action Taken.
Mon Aug 20 01:06:34 2007 => Object "gohip Spyware/Adware" found in File System! Action Taken: No Action Taken.
Mon Aug 20 01:06:34 2007 => Object "gohip Spyware/Adware" found in File System! Action Taken: No Action Taken.

Mon Aug 20 06:58:42 2007 => Total Objects Scanned: 170393
Mon Aug 20 06:58:42 2007 => Total Critical Objects: 62
Mon Aug 20 06:58:42 2007 => Total Disinfected Objects: 0
Mon Aug 20 06:58:43 2007 => Total Objects Renamed: 0
Mon Aug 20 06:58:43 2007 => Total Deleted Objects: 0

Mon Aug 20 00:34:39 2007 => Virus Database Date: 8/18/2007
Mon Aug 20 00:34:39 2007 => Virus Database Count: 384790
Mon Aug 20 00:35:10 2007 => Virus Database Date: 8/20/2007
Mon Aug 20 00:35:10 2007 => Virus Database Count: 385258
Mon Aug 20 00:41:31 2007 => Virus Database Date: 8/20/2007
Mon Aug 20 00:41:31 2007 => Virus Database Count: 385258
Mon Aug 20 06:58:43 2007 => Virus Database Date: 8/20/2007
Mon Aug 20 06:58:43 2007 => Virus Database Count: 385258
Mon Aug 20 13:50:13 2007 => Virus Database Date: 8/20/2007
Mon Aug 20 13:50:13 2007 => Virus Database Count: 385258
Seitenanfang Seitenende
20.08.2007, 14:39
Chris4You
Member
Avatar Chris4You

Beiträge: 694
#6 Hi,

gibt nicht viel was Du ausgelassen hast...

Bitte das hier abarbeiten:
http://board.protecus.de/t23188.htm
- Erstellen eines Hijackthis-Logfiles (kannst Du weglassen, haben ja schon eins)
- CleanUp (temporaeren Dateien loeschen)
- Combofix

Counterspy
scanne und poste den scanreport (stelle vorher alles auf "remove")
http://virus-protect.org/counterspy.html

Danach noch mal bitte ein HJ-Log...

chris
Seitenanfang Seitenende
20.08.2007, 20:22
icY44
...neu hier

Themenstarter

Beiträge: 7
#7 hm von counterspy kp hab da keinen report gesehen nur sone ellen lange logfile , aber die war zu lang ich poste dann jez nochma den neuen HJ :


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:20:38, on 20.08.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Premium\avguard.exe
C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\AntiVir PersonalEdition Premium\sched.exe
C:\Programme\AntiVir PersonalEdition Premium\avesvc.exe
C:\WINDOWS\System32\bgsvcgen.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Programme\Firebird\Firebird_1_5\bin\fbguard.exe
C:\WINDOWS\System32\NMSSvc.exe
C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Programme\AntiVir PersonalEdition Premium\avmailc.exe
C:\Programme\Firebird\Firebird_1_5\bin\fbserver.exe
C:\Programme\PTBSync\PTBSync.exe
C:\Programme\Logitech\iTouch\iTouch.exe
C:\Programme\AntiVir PersonalEdition Premium\avgnt.exe
C:\Programme\MSN Messenger\msnmsgr.exe
C:\Programme\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\MSN Messenger\usnsvc.exe
C:\Programme\ICQ6\ICQ.exe
C:\Programme\Sunbelt Software\CounterSpy\SBCSSvc.exe
C:\Programme\Sunbelt Software\CounterSpy\SBCSTray.exe
Z:\Programme\mIRC\mirc.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\Sunbelt Software\CounterSpy\CounterSpy.exe
c:\progra~1\window~2\wmplayer.exe
C:\Programme\WinRAR\WinRAR.exe
C:\DOKUME~1\Phil\LOKALE~1\Temp\Rar$EX00.906\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.live.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Programme\BitComet\tools\BitCometBHO_1.1.3.28.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Programme\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Alcohol Toolbar Helper - {8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489} - C:\Programme\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: XBTP01621 - {9EBBE90B-282E-4c39-8A7E-120749169F0F} - C:\PROGRA~1\BEARSH~2\MediaBar.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Alcohol Toolbar - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - C:\Programme\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [PTBSync] C:\Programme\PTBSync\PTBSync.exe /Start
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programme\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Premium\avgnt.exe" /min
O4 - HKLM\..\Run: [SBCSTray] C:\Programme\Sunbelt Software\CounterSpy\SBCSTray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Programme\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Windows Live Search - res://C:\Programme\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Download all links using BitComet - res://C:\Programme\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Programme\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Programme\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Easy-WebPrint - Drucken - res://C:\Programme\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - res://C:\Programme\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint - Vorschau - res://C:\Programme\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - res://C:\Programme\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Dokumente und Einstellungen\Phil\Startmenü\Programme\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Dokumente und Einstellungen\Phil\Startmenü\Programme\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Programme\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Programme\UltimateBet\UltimateBet.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra button: Klicke hier um das Projekt xp-AntiSpy zu unterstützen - {0e921e80-267a-42aa-aee4-60b9a1222a44} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O9 - Extra 'Tools' menuitem: Unterstützung für xp-AntiSpy - {0e921e80-267a-42aa-aee4-60b9a1222a44} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1161564966625
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1178141481031
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Premium\avmailc.exe
O23 - Service: AntiVir PersonalEdition Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Premium\sched.exe
O23 - Service: AntiVir PersonalEdition Premium Guard (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Premium\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AntiVir PersonalEdition Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Premium\avesvc.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\System32\bgsvcgen.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Programme\Firebird\Firebird_1_5\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Programme\Firebird\Firebird_1_5\bin\fbserver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Programme\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 11978 bytes
Seitenanfang Seitenende
21.08.2007, 07:37
Chris4You
Member
Avatar Chris4You

Beiträge: 694
#8 Hi,

Du solltest Bearshare und Partypoker entfernen, beide
bringen Adware mit...
O2 - BHO: XBTP01621 - {9EBBE90B-282E-4c39-8A7E-120749169F0F} - C:\PROGRA~1\BEARSH~2\MediaBar.dll
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyGaming.Net\PartyPokerNet\RunPF.exe
...

Dann sollten wir die Systemwiederherstellung noch säubern:
Wenn der Rechner einwandfrei läuft abschließend alle Systemwiederherstellungspunkte löschen (das sind die: C:\System Volume Information\_restore - Dateien die gefunden wurden, d.h. der Trojaner wurde mit gesichert und wenn Du auf einen Restorepunkt zurück gehen solltest, dann ist er wieder da).

Arbeitsplatz ->rechte Maus -> Eigenschaften -> Systemwiederherstellung ->
anhaken: "Systemwiederherstellung auf allen Laufwerken deaktivieren" -> Übernehmen -> Sicherheitsabfrage OK -> Fenster mit OK schliessen -> neu Booten;

Dann das gleiche nochmal nur das Häkchen entfernen (dann läuft sie wieder).

Einen ersten Restorepunkt setzten:
Start->Programme->Zubehör->Systemprogramme->Systemwiederherstellung->einen Wiederherstellungspunkt erstellen->weiter, Beschreibung ausdenken->Erstellen

Chris
Seitenanfang Seitenende
21.08.2007, 13:55
icY44
...neu hier

Themenstarter

Beiträge: 7
#9 Alles klar fettes danke ;)
Seitenanfang Seitenende
21.08.2007, 14:09
Chris4You
Member
Avatar Chris4You

Beiträge: 694
#10 Hi,

dadurch dass das Log von Counterspy fehlt, ist unklar was alles gelöscht wurde und was noch da ist....

Lass ihn noch mal laufen und hänge das log als Attachment an...

Chris
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:
Seite(n): 1