Home » Spyware & Browser Hijacker Support Forum » Spyware bei mir gefunden. Blinkendes Gelbes zeichen » Themenansicht
Spyware bei mir gefunden. Blinkendes Gelbes zeichen |
||
|---|---|---|
| #0
| ||
|
19.10.2007, 18:32
...neu hier
Beiträge: 4 |
||
 
|
|
|
|
19.10.2007, 19:36
Moderator
Beiträge: 7805 |
#2
Teste diese Dateien bitte bei Jotti oder Virustotal Poste bitte die Ergebnisse...
C:\WINDOWS\svc.exe C:\WINDOWS\sv.exe C:\WINDOWS\svzip.exe C:\WINDOWS\svhoster.exe C:\WINDOWS\runsql.exe __________ MfG Ralf SEO-Spam Hunter |
|
|
|
|
|
|
19.10.2007, 20:04
...neu hier
Themenstarter Beiträge: 4 |
#3
Hier die ergebnisse
ScaFile: svc.exe Status: INFECTED/MALWARE MD5: 2ae4973723babb19963fa0c40d02ce02 Packers detected: PE_PATCH.UPX, UPX Bit9 reports: File not found n taken on 19 Oct 2007 17:42:34 (GMT) A-Squared Found nothing AntiVir Found nothing ArcaVir Found nothing Avast Found nothing AVG Antivirus Found SHeur.TMX BitDefender Found nothing ClamAV Found nothing CPsecure Found nothing Dr.Web Found nothing F-Prot Antivirus Found nothing F-Secure Anti-Virus Found Trojan-Clicker.Win32.Agent.mj Fortinet Found Adware/Agent Kaspersky Anti-Virus Found Trojan-Clicker.Win32.Agent.mj NOD32 Found nothing Norman Virus Control Found nothing File: sv.exe Status: INFECTED/MALWARE MD5: 67f6dd271951b2f927006a49b8fa4de4 Packers detected: - Bit9 reports: File not found Panda Antivirus Found Trj/Clicker.AGM Rising Antivirus Found nothing Sophos Antivirus Found nothing VirusBuster Found nothing VBA32 Found Trojan-Clicker.Win32.Agent.mj Scan taken on 19 Oct 2007 17:46:57 (GMT) A-Squared Found nothing AntiVir Found nothing ArcaVir Found Heur.W32 Avast Found nothing AVG Antivirus Found nothing BitDefender Found nothing ClamAV Found nothing CPsecure Found nothing Dr.Web Found nothing F-Prot Antivirus Found nothing F-Secure Anti-Virus Found Trojan-Downloader.Win32.Delf.cnu Fortinet Found nothing Kaspersky Anti-Virus Found Trojan-Downloader.Win32.Delf.cnu NOD32 Found nothing Norman Virus Control Found nothing Panda Antivirus Found nothing Rising Antivirus Found nothing Sophos Antivirus Found nothing VirusBuster Found nothing VBA32 Found nothing File: svzip.exe Status: INFECTED/MALWARE MD5: 6f03b95aae0a9b700403fa729842a6e4 Packers detected: - Bit9 reports: File not found Scan taken on 19 Oct 2007 17:51:44 (GMT) A-Squared Found nothing AntiVir Found nothing ArcaVir Found Heur.W32 Avast Found nothing AVG Antivirus Found nothing BitDefender Found nothing ClamAV Found nothing CPsecure Found nothing Dr.Web Found nothing F-Prot Antivirus Found nothing F-Secure Anti-Virus Found Trojan-Downloader.Win32.Delf.cnu Fortinet Found nothing Kaspersky Anti-Virus Found Trojan-Downloader.Win32.Delf.cnu NOD32 Found nothing Norman Virus Control Found nothing Panda Antivirus Found nothing Rising Antivirus Found nothing Sophos Antivirus Found nothing VirusBuster Found nothing VBA32 Found nothing File: svhoster.exe Status: INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database) MD5: f2f0fdf2250bc421d87cccb5227974ce Packers detected: - Bit9 reports: File not found Scan taken on 19 Oct 2007 17:56:23 (GMT) A-Squared Found nothing AntiVir Found nothing ArcaVir Found Heur.W32 Avast Found nothing AVG Antivirus Found Obfustat.TIL BitDefender Found nothing ClamAV Found nothing CPsecure Found nothing Dr.Web Found nothing F-Prot Antivirus Found nothing F-Secure Anti-Virus Found Trojan-Downloader.Win32.Delf.cnu Fortinet Found W32/Delf.CNU!tr.dldr Kaspersky Anti-Virus Found Trojan-Downloader.Win32.Delf.cnu NOD32 Found nothing Norman Virus Control Found nothing Panda Antivirus Found nothing Rising Antivirus Found nothing Sophos Antivirus Found nothing VirusBuster Found nothing VBA32 Found nothing File: runsql.exe Status: INFECTED/MALWARE MD5: 4e4d219382032b6931ec9cd503b97890 Packers detected: - Bit9 reports: File not found Scan taken on 19 Oct 2007 18:00:32 (GMT) A-Squared Found nothing AntiVir Found nothing ArcaVir Found Heur.W32 Avast Found nothing AVG Antivirus Found nothing BitDefender Found nothing ClamAV Found nothing CPsecure Found nothing Dr.Web Found nothing F-Prot Antivirus Found nothing F-Secure Anti-Virus Found Trojan-Downloader.Win32.Delf.cnu Fortinet Found nothing Kaspersky Anti-Virus Found Trojan-Downloader.Win32.Delf.cnu NOD32 Found nothing Norman Virus Control Found nothing Panda Antivirus Found nothing Rising Antivirus Found nothing Sophos Antivirus Found nothing VirusBuster Found nothing VBA32 Found nothing |
|
|
|
|
|
|
19.10.2007, 20:09
Moderator
Beiträge: 7805 |
#4
Es waere nett, wenn du noch diese Dateien pruefen koenntest:
C:\WINDOWS\system32\ansij.exe C:\WINDOWS\system32\1037s.exe und je nachdem, was dabei herauskommt, wuerde ich den Rechner neu aufsetzen, denn er ist doch schon arg verseucht!  __________ MfG Ralf SEO-Spam Hunter |
|
|
|
|
|
|
19.10.2007, 20:18
...neu hier
Themenstarter Beiträge: 4 |
#5
Danke,
gibt es dort keine andere möglichkeit????????? :-( Hier die Ergebnisse: File: ansij.exe Status: INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database) MD5: bc7eabbe362e61c1479a845b93d37d64 Packers detected: - Bit9 reports: File not found Scan taken on 19 Oct 2007 18:10:27 (GMT) A-Squared Found nothing AntiVir Found nothing ArcaVir Found Heur.W32 Avast Found nothing AVG Antivirus Found nothing BitDefender Found nothing ClamAV Found nothing CPsecure Found nothing Dr.Web Found nothing F-Prot Antivirus Found nothing F-Secure Anti-Virus Found nothing Fortinet Found nothing Kaspersky Anti-Virus Found nothing NOD32 Found nothing Norman Virus Control Found nothing Panda Antivirus Found nothing Rising Antivirus Found nothing Sophos Antivirus Found Mal/Dropper-T VirusBuster Found nothing VBA32 Found nothing File: 1037s.exe Status: POSSIBLY INFECTED/MALWARE (Note: this file was only flagged as malware by heuristic detection(s). This might be a false positive. Therefore, results of this scan will not be stored in the database) MD5: 370fba8cbcabf7548900ca3d87d0c9f1 Packers detected: - Bit9 reports: File not found Scan taken on 19 Oct 2007 18:15:12 (GMT) A-Squared Found nothing AntiVir Found nothing ArcaVir Found nothing Avast Found nothing AVG Antivirus Found nothing BitDefender Found nothing ClamAV Found nothing CPsecure Found nothing Dr.Web Found BACKDOOR.Trojan (probable variant) F-Prot Antivirus Found nothing F-Secure Anti-Virus Found nothing Fortinet Found nothing Kaspersky Anti-Virus Found nothing NOD32 Found nothing Norman Virus Control Found nothing Panda Antivirus Found nothing Rising Antivirus Found nothing Sophos Antivirus Found nothing VirusBuster Found nothing VBA32 Found nothing |
|
|
|
|
|
|
19.10.2007, 20:30
Moderator
Beiträge: 7805 |
#6
Naja, wir koennen es versuchen.
Packe alle die Dateien, die du geprueft hast bitte in ein Zip Archiv. Am liebsten mit Passwort infected versehen und schicke das an virus@protecus.de und an heuristik2 at avira.com Danach loesche diese Dateien im abgesicherten Modus und hake dort auch folgende Eintraeg in Hijackthis an und druecke fix checked: O4 - HKLM\..\Run: [netc] C:\WINDOWS\svc.exe O4 - HKLM\..\Run: [netzip] C:\WINDOWS\svzip.exe O4 - HKLM\..\Run: [netsv32] C:\WINDOWS\sv.exe O4 - HKLM\..\Run: [net64] C:\WINDOWS\svhoster.exe O4 - HKLM\..\Run: [runsql] C:\WINDOWS\runsql.exe O23 - Service: Sitzungs-Manager für Remotedesktophilfe RDSessMgrRasAuto (RDSessMgrRasAuto) - Unknown owner - C:\WINDOWS\system32\ansij.exe O23 - Service: Remote-Registrierung RemoteRegistryTermService (RemoteRegistryTermService) - Unknown owner - C:\WINDOWS\system32\1037s.exe Dann starte neu und erstelle die Report 1-3 aus diesem Thread: http://board.protecus.de/t23187.htm Hast du eine Ahnung, wo es dich erwischt hat? __________ MfG Ralf SEO-Spam Hunter |
|
|
|
|
|
|
19.10.2007, 20:32
...neu hier
Themenstarter Beiträge: 4 |
#7
Ok ich versuche es. Hab nicht soviel ahnung vom pc!
Nein habe wirklich keinen plan!! ComboFix 07-10-19.1 - Melli & Christoph 2007-10-19 20:54:11.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1031.18.79 [GMT 2:00] ausgeführt von:: C:\Dokumente und Einstellungen\Melli & Christoph\Desktop\ComboFix.exe * Neuer Wiederherstellungspunkt wurde erstellt . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) C:\Dokumente und Einstellungen\Melli & Christoph\~tmp1174.exe C:\WINDOWS\regedit.com C:\WINDOWS\system32\components C:\WINDOWS\system32\taskmgr.com . ((((((((((((((((((((((( Dateien erstellt von 2007-09-19 bis 2007-10-19 )))))))))))))))))))))))))))))) . 2007-10-19 20:53 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-10-19 20:50 <DIR> d-------- C:\Programme\backups 2007-10-19 20:39 937,704 --a------ C:\WINDOWS\WINDOWS.zip 2007-10-19 18:07 <DIR> dr------- C:\Dokumente und Einstellungen\LocalService\Favoriten 2007-10-19 17:52 144 --ahs---- C:\WINDOWS\system32\1693446092.dat 2007-10-19 17:51 60,416 -r-hs---- C:\WINDOWS\system32\ansij.exe 2007-10-19 17:51 49,664 -r-hs---- C:\WINDOWS\system32\1037s.exe 2007-10-19 17:48 7,168 --a------ C:\WINDOWS\cpu.exe 2007-10-17 19:54 202,752 --a------ C:\WINDOWS\svzip.exe 2007-10-17 19:54 202,752 --a------ C:\WINDOWS\sv.exe 2007-10-17 19:54 202,240 --a------ C:\WINDOWS\runsql.exe 2007-10-17 19:54 201,728 --a------ C:\WINDOWS\svhoster.exe 2007-10-17 19:53 177,152 --a------ C:\WINDOWS\svc.exe 2007-10-14 09:33 <DIR> d--h----- C:\WINDOWS\$hf_mig$ 2007-09-25 18:08 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll 2007-09-25 18:07 <DIR> d-------- C:\Programme\Microsoft Works 2007-09-25 18:06 <DIR> d-------- C:\Programme\Microsoft.NET 2007-09-25 18:06 <DIR> d-------- C:\Programme\Gemeinsame Dateien\ODBC 2007-09-25 18:04 <DIR> d-------- C:\WINDOWS\SHELLNEW 2007-09-25 18:03 <DIR> dr-h----- C:\MSOCache 2007-09-25 18:03 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft Help . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-19 18:49 5,446 ----a-w C:\Programme\hijackthis.log 2007-10-19 16:09 --------- d-----w C:\Programme\SmitfraudFix 2007-09-13 18:20 --------- d-----w C:\Programme\BearShare 2007-09-02 07:13 --------- d-----w C:\Programme\Gemeinsame Dateien\Ahead 2007-09-02 07:13 --------- d-----w C:\Programme\Ahead 2007-08-25 08:45 --------- d-----w C:\Dokumente und Einstellungen\Melli & Christoph\Anwendungsdaten\InfraRecorder 2007-08-22 17:59 --------- d-----w C:\Programme\BearShare Applications 2007-08-22 16:31 --------- d-----w C:\Programme\Gemeinsame Dateien\Real 2007-08-21 16:05 --------- d-----w C:\Programme\Gemeinsame Dateien\Alice 2007-08-21 16:05 --------- d-----w C:\Programme\Alice 2007-07-30 17:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll 2007-07-30 17:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll 2007-07-30 17:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe 2007-07-30 17:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll 2007-07-30 17:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll 2007-07-30 17:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll 2007-07-30 17:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll 2007-07-30 17:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll 2006-12-21 17:48 731,028 -c--a-w C:\Programme\SmitfraudFix.exe 2006-12-09 12:51 8,496,348 -c--a-w C:\Programme\NeroNET-1.2.0.2.exe 2006-12-06 21:03 2,599,088 -c--a-w C:\Programme\Shockwave_Installer_Slim.exe 2006-12-06 20:08 1,057,401 -c--a-w C:\Programme\wrar361d.exe 2006-12-06 19:29 13,409,832 -c--a-w C:\Programme\antivir_workstation_win702u_de_h.exe 2006-05-07 17:56 231,936 -c--a-w C:\Programme\regsearch.exe 2005-02-16 10:06 218,112 -c--a-w C:\Programme\HijackThis.exe . (((((((((((((((((((((((((((( Autostart Punkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{18668683-731c-48fa-b1b9-ad013748fb00}"= C:\Programme\Safety Bar\SafetyBar.dll [ ] [HKEY_CLASSES_ROOT\CLSID\{18668683-731c-48fa-b1b9-ad013748fb00}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{FBEA0445-4C4A-4136-864A-C72A4A182A84}"= C:\Programme\Safety Bar\SafetyBar.dll [ ] "{18668683-731C-48FA-B1B9-AD013748FB00}"= C:\Programme\Safety Bar\SafetyBar.dll [ ] [HKEY_CLASSES_ROOT\CLSID\{FBEA0445-4C4A-4136-864A-C72A4A182A84}] [HKEY_CLASSES_ROOT\CLSID\{18668683-731C-48FA-B1B9-AD013748FB00}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2004-07-13 02:50] "BearShare"="C:\Programme\BearShare\BearShare.exe" [2006-07-26 13:48] "QuickTime Task"="C:\Programme\QuickTime\qttask.exe" [2007-04-16 20:43] "iTunesHelper"="C:\Programme\iTunes\iTunesHelper.exe" [2005-12-20 20:54] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:57] R0 avgntmgr;avgntmgr;C:\WINDOWS\system32\drivers\avgntmgr.sys R1 avgntdd;avgntdd;C:\WINDOWS\system32\DRIVERS\avgntdd.sys R2 RemoteRegistryTermService;Remote-Registrierung RemoteRegistryTermService;C:\WINDOWS\system32\1037s.exe srv S2 RDSessMgrRasAuto;Sitzungs-Manager für Remotedesktophilfe RDSessMgrRasAuto;C:\WINDOWS\system32\ansij.exe srv S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\MAGIX\Common\Database\bin\fbserver.exe S3 HRService;Haufe iDesk-Service in C:\Programme\Haufe\iDesk\iDeskService\Zope;"C:\Programme\Haufe\iDesk\iDeskService\iDeskService.exe" S3 PDNMp50;PDNMp50 NDIS Protocol Driver;\??\C:\WINDOWS\system32\drivers\PDNMp50.sys S3 PDNSp50;PDNSp50 NDIS Protocol Driver;\??\C:\WINDOWS\system32\drivers\PDNSp50.sys S3 UPnPService;UPnPService;C:\Programme\Gemeinsame Dateien\MAGIX Shared\UPnPService\UPnPService.exe *Newly Created Service* - CATCHME . ************************************************************************** catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-19 20:55:49 Windows 5.1.2600 Service Pack 2 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostart Einträge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** . Zeit der Fertigstellung: 2007-10-19 20:56:19 . --- E O F --- Jetzt das logfile Logfile of HijackThis v1.99.1 Scan saved at 20:49:02, on 19.10.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Programme\AntiVir PersonalEdition Classic\sched.exe C:\Programme\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\system32\1037s.exe C:\Programme\BearShare\BearShare.exe C:\Programme\QuickTime\qttask.exe C:\Programme\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\sv.exe C:\WINDOWS\svzip.exe C:\WINDOWS\svhoster.exe C:\WINDOWS\runsql.exe C:\Programme\iPod\bin\iPodService.exe C:\WINDOWS\system32\wscntfy.exe C:\Programme\Alice\Signup\AliceCnn.exe C:\PROGRA~1\INTERN~1\iexplore.exe C:\WINDOWS\svc.exe C:\Programme\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\system32\spywarewarning.mht R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://alice.aol.de R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://alice.aol.de R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer O3 - Toolbar: Safety Bar - {18668683-731c-48fa-b1b9-ad013748fb00} - C:\Programme\Safety Bar\SafetyBar.dll (file missing) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [BearShare] "C:\Programme\BearShare\BearShare.exe" /pause O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [netc] C:\WINDOWS\svc.exe O4 - HKLM\..\Run: [netzip] C:\WINDOWS\svzip.exe O4 - HKLM\..\Run: [netsv32] C:\WINDOWS\sv.exe O4 - HKLM\..\Run: [net64] C:\WINDOWS\svhoster.exe O4 - HKLM\..\Run: [runsql] C:\WINDOWS\runsql.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://static.ak.studivz.net/photouploader/ImageUploader4.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{483DE4DF-F9E6-42FE-A705-A4D6D909D1AE}: NameServer = 213.191.74.19 62.109.123.197 O17 - HKLM\System\CS1\Services\Tcpip\..\{483DE4DF-F9E6-42FE-A705-A4D6D909D1AE}: NameServer = 213.191.74.19 62.109.123.197 O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - The Firebird Project - C:\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: Haufe iDesk-Service in C:\Programme\Haufe\iDesk\iDeskService\Zope (HRService) - Unknown owner - C:\Programme\Haufe\iDesk\iDeskService\iDeskService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Sitzungs-Manager für Remotedesktophilfe RDSessMgrRasAuto (RDSessMgrRasAuto) - Unknown owner - C:\WINDOWS\system32\ansij.exe O23 - Service: Remote-Registrierung RemoteRegistryTermService (RemoteRegistryTermService) - Unknown owner - C:\WINDOWS\system32\1037s.exe O23 - Service: UPnPService - Unknown owner - C:\Programme\Gemeinsame Dateien\MAGIX Shared\UPnPService\UPnPService.exe Dieser Beitrag wurde am 19.10.2007 um 21:05 Uhr von jojo3 editiert.
|
|
|
|
|
|
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!
bitte erst » hier kostenlos registrieren!!
Folgende Themen könnten Dich auch interessieren:
Seite(n): 1
Copyright © 2024, Protecus.de - Protecus Team - Impressum / Mediadaten
Danke
Logfile of HijackThis v1.99.1
Scan saved at 18:32:29, on 19.10.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programme\BearShare\BearShare.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\WINDOWS\svc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\sv.exe
C:\WINDOWS\svzip.exe
C:\WINDOWS\svhoster.exe
C:\WINDOWS\runsql.exe
C:\WINDOWS\system32\1037s.exe
C:\Programme\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Alice\Signup\AliceCnn.exe
C:\PROGRA~1\INTERN~1\iexplore.exe
C:\Programme\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\system32\spywarewarning.mht
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://alice.aol.de
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://alice.aol.de
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O3 - Toolbar: Safety Bar - {18668683-731c-48fa-b1b9-ad013748fb00} - C:\Programme\Safety Bar\SafetyBar.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BearShare] "C:\Programme\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [netc] C:\WINDOWS\svc.exe
O4 - HKLM\..\Run: [netzip] C:\WINDOWS\svzip.exe
O4 - HKLM\..\Run: [netsv32] C:\WINDOWS\sv.exe
O4 - HKLM\..\Run: [net64] C:\WINDOWS\svhoster.exe
O4 - HKLM\..\Run: [runsql] C:\WINDOWS\runsql.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://static.ak.studivz.net/photouploader/ImageUploader4.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{483DE4DF-F9E6-42FE-A705-A4D6D909D1AE}: NameServer = 213.191.74.11 213.191.92.82
O17 - HKLM\System\CS1\Services\Tcpip\..\{483DE4DF-F9E6-42FE-A705-A4D6D909D1AE}: NameServer = 213.191.74.11 213.191.92.82
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - The Firebird Project - C:\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Haufe iDesk-Service in C:\Programme\Haufe\iDesk\iDeskService\Zope (HRService) - Unknown owner - C:\Programme\Haufe\iDesk\iDeskService\iDeskService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sitzungs-Manager für Remotedesktophilfe RDSessMgrRasAuto (RDSessMgrRasAuto) - Unknown owner - C:\WINDOWS\system32\ansij.exe
O23 - Service: Remote-Registrierung RemoteRegistryTermService (RemoteRegistryTermService) - Unknown owner - C:\WINDOWS\system32\1037s.exe
O23 - Service: UPnPService - Unknown owner - C:\Programme\Gemeinsame Dateien\MAGIX Shared\UPnPService\UPnPService.exe