2 mal IEXPLORER.exe ständig offen (i explorer poppt ständig auf) |
||
---|---|---|
#0
| ||
20.10.2007, 00:52
...neu hier
Beiträge: 8 |
||
|
||
20.10.2007, 16:11
Ehrenmitglied
Beiträge: 6028 |
||
|
||
20.10.2007, 20:23
...neu hier
Themenstarter Beiträge: 8 |
#3
--------------------------------------------------------
File(s) moved to C:\deljob A8A84DD2906BC982.job -------------------------------------------------------- Files remaining after cleaning AppleSoftwareUpdate.job -------------------------------------------------------- App data folders Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: C0A5-21A0 Verzeichnis von C:\Dokumente und Einstellungen\Patrick\Anwendungsdaten 23.09.2007 13:56 <DIR> . 23.09.2007 13:56 <DIR> .. 07.10.2007 22:49 <DIR> ADMINM~1 Admin meta 11.04.2007 21:25 <DIR> Adobe 23.07.2007 15:02 <DIR> Ahead 08.08.2007 16:04 <DIR> BEARSH~1 BearShare 13.04.2007 15:37 <DIR> BITTOR~1 BitTorrent 17.05.2007 22:55 <DIR> DivX 23.07.2007 17:01 <DIR> Google 06.04.2007 16:17 <DIR> ICQLite 06.04.2007 15:24 <DIR> IDENTI~1 Identities 17.06.2007 12:41 <DIR> INSTAL~1 InstallShield 06.04.2007 18:13 <DIR> MACROM~1 Macromedia 20.10.2007 01:56 <DIR> MICROS~1 Microsoft 06.04.2007 16:08 <DIR> Mozilla 17.06.2007 20:35 <DIR> MSN6 06.04.2007 23:16 <DIR> MusicIP 20.08.2007 14:59 <DIR> NETPUM~1 NetPumper 18.05.2007 11:32 <DIR> PUBLIS~1 Publish Providers 18.05.2007 15:20 <DIR> Sony 18.05.2007 11:19 <DIR> SONYSE~1 Sony Setup 21.05.2007 17:12 <DIR> Sun 20.10.2007 01:57 <DIR> TEAMSP~1 teamspeak2 18.05.2007 01:50 <DIR> ULEADS~1 Ulead Systems 06.04.2007 17:26 <DIR> Ventrilo 07.04.2007 16:20 <DIR> vlc 23.09.2007 13:58 <DIR> Xfire 0 Datei(en) 0 Bytes 27 Verzeichnis(se), 176.045.465.600 Bytes frei Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: C0A5-21A0 Verzeichnis von C:\Dokumente und Einstellungen\All Users -------------------------------------------------------- |
|
|
||
20.10.2007, 23:37
Ehrenmitglied
Beiträge: 6028 |
#4
Schliesse alle Fenster und starte Hijack This
Klicke: Do a Systemscan only Setze ein Häckchen in das Kästchen vor den genannten Eintrag bei O4 - HKCU\..\Run: [meal chin] C:\DOKUME~1\Patrick\ANWEND~1\ADMINM~1\managerdrvmath.exe klicke: Fix checked Dein Internet Explorer muss geschlossen wenn Du Fix Checked klickst Entferne auf C:\ Deljob C:\DOKUME~1\Patrick\ANWEND~1\ADMINM~1\managerdrvmath.exe Installiere AVG Anti Spyware 7.5 http://board.protecus.de/t29853.htm Entferne HijackThis v2.0.0 (BETA) Installiere Als erstes mach ein neuen Ordner auf C:\ z.b. C:\HijackThis,download HijackThis.exe dahin Download: HijackThis202 Doppelklick HijackThis.exe und installiere das Tool in C:\Programme Am Ende steht auf dein Desktop eine verknüpfung Starte Hijack This und klicke “Do a system scan and safe a logfile” Save log --> hijackthis.log - Save - es öffnet sich der Editor nun das KOMPLETTE Log mit rechtem Mausklick abkopieren und ins Forum mit rechtem Mausklick "einfügen" __________ MfG Argus |
|
|
||
21.10.2007, 03:00
...neu hier
Themenstarter Beiträge: 8 |
#5
Habe alles davor gemacht
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 02:58:38, on 21.10.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0013) Boot mode: Normal R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [Gainward] C:\Programme\XpertVision\TBPanel.exe /A O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [ICQ Lite] "C:\Programme\ICQLite\ICQLite.exe" -minimize O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [UVS11 Preload] C:\Programme\Ulead Systems\Ulead VideoStudio 11\uvPL.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [kav] "C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programme\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Steam] "c:\programme\steam\steam.exe" -silent O4 - HKCU\..\Run: [BitTorrent] "C:\Programme\BitTorrent\bittorrent.exe" --force_start_minimized O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Programme\Octoshape Streaming Services\Patrick\OctoshapeClient.exe" -inv:bootrun O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Programme\Alcohol Soft\Alcohol 120\axcmd.exe" /automount O4 - HKCU\..\Run: [AdobeUpdater] C:\Programme\Gemeinsame Dateien\Adobe\Updater5\AdobeUpdater.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Programme\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O8 - Extra context menu item: Download with NetPumper - C:\Programme\NetPumper\AddUrl.htm O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Web-Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O15 - ESC Trusted Zone: http://*.update.microsoft.com O17 - HKLM\System\CCS\Services\Tcpip\..\{71DB0425-6F0C-44C3-AA36-0D3786F8FFED}: NameServer = 195.50.140.114 195.50.140.252 O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe O23 - Service: Capture Device Service - InterVideo Inc. - C:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe O23 - Service: NBService - Nero AG - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\System32\nvsvc32.exe (file missing) O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\System32\PnkBstrA.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - C:\WINDOWS\System32\wdfmgr.exe (file missing) -- End of file - 6856 bytes |
|
|
||
21.10.2007, 16:39
Ehrenmitglied
Beiträge: 6028 |
#6
Bitte den TeaTimer von Spybot S & D deaktivieren:
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe abstellen! Starte dazu Spybot S&D, deaktiviere den "Resident "TeaTimer". Klicke auf "Advanced mode" > "JA" > "Tools" -Menu > klicke auf "Resident" > das Häkchen entfernen aus der "Resident TeaTimer" (Schutz aller Systemeinstellungen) > "exit". (der TeaTimer be- bzw. verhindert alle weiteren Reinigungmaßnahmen!) Download ResetTeaTimer.bat zum Desktop Doppelklik ResetTeaTimer.bat Wenn dein Rechner wieder sauber ist kannst du TeaTimer wieder einschalten! Download CounterSpyV2.0 zum Desktop und dopplelklick um das Program zu installieren CounterSpy wird geupdatet Klicke: " System scan " Nach dem Scan muss man sich entscheiden für: *Remove --> Status: Deleted Nur für Windows XP(32bit) - Windows Vista (32bit) - Windows 2000 (SP3+) Note CounterSpy hat den Nachteil --> es will sich stets updaten Wenn man CS startet: Would you like to enable Automatic Updates? Wähle --> No Would you like to enable Active Protection? Wähle --> No Would you like to join ThreatNet? Wähle --> Yes Häckchen entfernen bei --> Recommended __________ MfG Argus |
|
|
||
21.10.2007, 18:02
...neu hier
Themenstarter Beiträge: 8 |
#7
Der dl link zum resetteatimer.bat ist nur ein text
|
|
|
||
21.10.2007, 18:12
Ehrenmitglied
Beiträge: 6028 |
||
|
||
22.10.2007, 19:19
...neu hier
Themenstarter Beiträge: 8 |
#9
Danke viel mals Arnold
|
|
|
||
22.10.2007, 19:27
Ehrenmitglied
Beiträge: 6028 |
||
|
||
23.10.2007, 12:13
...neu hier
Themenstarter Beiträge: 8 |
#11
Zu früh gefreut nach rechner restart wieder das prob 8(
Edit: Ok C:\DOKUME~1\Patrick\ANWEND~1\ADMINM~1\managerdrvmath.exe ist nach hijack scan wieder da gewesen hab es fixed und iexplorer.exe ging nach prozess beenden nicht mehr auf Dieser Beitrag wurde am 23.10.2007 um 12:25 Uhr von Singum editiert.
|
|
|
||
23.10.2007, 12:45
Ehrenmitglied
Beiträge: 6028 |
#12
Download LopSD.zip zum Desktop
Doppelklick: LopSD Doppelklick: Lop S&D Doppelklick: Scan,die Dateien werden jetzt ausgepackt Doppelklick: Scan (bat) Wähle 2 und Enter Wähle S und Enter Am Ende bei " Scan completed succesfully” klick OK/Enter Editor öffnet sich und poste dessen inhalt hier im Thread __________ MfG Argus |
|
|
||
23.10.2007, 12:57
...neu hier
Themenstarter Beiträge: 8 |
#13
------------------------------[ Lop S&D 1.3 ]----------------------------
Version : Microsoft Windows XP [Version 5.1.2600] [ OS : Windows_NT ] Launched from : "C:\Dokumente und Einstellungen\Patrick\Desktop\LopSD\Lop S&D" Report created on 23.10.2007 at 12:54:05,29 PC : PATRICK-QVHZB8J ! Please have the report analysed by a Helper before fixing ! -----------------[ Listing folders in Application Data ]---------------- --------------[ Scheduled Tasks located in C:\WINDOWS\Tasks ]------------- C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\SA.DAT C:\WINDOWS\tasks\desktop.ini -------------------[ Listing Folders in Program Files ]----------------- C:\Program Files\BitTorrent C:\Program Files\ICQLite C:\Program Files\VentriloMIX C:\Program Files\WMV9_VCM ------------[ Listing Folders in Program Files\Common Files ]----------- ---------------------[ Searching within the Registry ]-------------------- [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] -------------------[ Searching for Lop Files - Folders ]------------------ No Lop folder found ! -----------------------[ Checking the Hosts file ]------------------------ Hosts file : MODIFIED # 102.54.94.97 rhino.acme.com # Quellserver # 38.25.63.10 x.acme.com # x-Clienthost 127.0.0.1 localhost 127.0.0.1 bin.errorprotector.com ## added by CiD 127.0.0.1 br.errorsafe.com ## added by CiD 127.0.0.1 br.winantivirus.com ## added by CiD 127.0.0.1 br.winfixer.com ## added by CiD 127.0.0.1 cdn.drivecleaner.com ## added by CiD 127.0.0.1 cdn.errorsafe.com ## added by CiD 127.0.0.1 cdn.winsoftware.com ## added by CiD 127.0.0.1 de.errorsafe.com ## added by CiD 127.0.0.1 de.winantivirus.com ## added by CiD 127.0.0.1 download.cdn.drivecleaner.com ## added by CiD 127.0.0.1 download.cdn.errorsafe.com ## added by CiD 127.0.0.1 download.cdn.winsoftware.com ## added by CiD 127.0.0.1 download.errorsafe.com ## added by CiD 127.0.0.1 download.systemdoctor.com ## added by CiD 127.0.0.1 download.winantispyware.com ## added by CiD 127.0.0.1 download.windrivecleaner.com ## added by CiD 127.0.0.1 download.winfixer.com ## added by CiD 127.0.0.1 drivecleaner.com ## added by CiD 127.0.0.1 dynamique.drivecleaner.com ## added by CiD 127.0.0.1 errorprotector.com ## added by CiD 127.0.0.1 errorsafe.com ## added by CiD 127.0.0.1 es.winantivirus.com ## added by CiD 127.0.0.1 fr.winantivirus.com ## added by CiD 127.0.0.1 fr.winfixer.com ## added by CiD 127.0.0.1 go.drivecleaner.com ## added by CiD 127.0.0.1 go.errorsafe.com ## added by CiD 127.0.0.1 go.winantispyware.com ## added by CiD 127.0.0.1 go.winantivirus.com ## added by CiD 127.0.0.1 hk.winantivirus.com ## added by CiD 127.0.0.1 instlog.errorsafe.com ## added by CiD 127.0.0.1 instlog.winantivirus.com ## added by CiD 127.0.0.1 instlog.winfixer.com ## added by CiD 127.0.0.1 jsp.drivecleaner.com ## added by CiD 127.0.0.1 kb.errorsafe.com ## added by CiD 127.0.0.1 kb.winantivirus.com ## added by CiD 127.0.0.1 nl.errorsafe.com ## added by CiD 127.0.0.1 se.errorsafe.com ## added by CiD 127.0.0.1 secure.drivecleaner.com ## added by CiD 127.0.0.1 secure.errorsafe.com ## added by CiD 127.0.0.1 secure.winantispam.com ## added by CiD 127.0.0.1 secure.winantispy.com ## added by CiD 127.0.0.1 secure.winantivirus.com ## added by CiD 127.0.0.1 support.winantivirus.com ## added by CiD 127.0.0.1 trial.updates.winsoftware.com ## added by CiD 127.0.0.1 ulog.winantivirus.com ## added by CiD 127.0.0.1 utils.errorsafe.com ## added by CiD 127.0.0.1 utils.winantivirus.com ## added by CiD 127.0.0.1 utils.winfixer.com ## added by CiD 127.0.0.1 winantispyware.com ## added by CiD 127.0.0.1 winantivirus.com ## added by CiD 127.0.0.1 winfixer.com ## added by CiD 127.0.0.1 winfixer2006.com ## added by CiD 127.0.0.1 winsoftware.com ## added by CiD 127.0.0.1 www.drivecleaner.com ## added by CiD 127.0.0.1 www.errorprotector.com ## added by CiD 127.0.0.1 www.errorsafe.com ## added by CiD 127.0.0.1 www.systemdoctor.com ## added by CiD 127.0.0.1 www.utils.winfixer.com ## added by CiD 127.0.0.1 www.win-anti-virus-pro.com ## added by CiD 127.0.0.1 www.win-virus-pro.com ## added by CiD 127.0.0.1 www.winantispam.com ## added by CiD 127.0.0.1 www.winantispy.com ## added by CiD 127.0.0.1 www.winantispyware.com ## added by CiD 127.0.0.1 www.winantivirus.com ## added by CiD 127.0.0.1 www.winantiviruspro.com ## added by CiD 127.0.0.1 www.windrivecleaner.com ## added by CiD 127.0.0.1 www.windrivesafe.com ## added by CiD 127.0.0.1 www.winfixer.com ## added by CiD 127.0.0.1 www.winfixer2006.com ## added by CiD 127.0.0.1 www.winsoftware.com ## added by CiD ---------------[ Searching for hidden files with Catchme ]---------------- catchme 0.3.1066 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-23 12:54:11 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg] "s1"=dword:2df9c43f "s2"=dword:110480d0 "h0"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04] "p0"="C:\Programme\Alcohol Soft\Alcohol 120\" "h0"=dword:00000000 "ujdew"=hex:53,70,79,32,6b,05,89,02,ba,f1,ea,9d,e1,92,d0,e2,ff,03,b3,56,42,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04] "p0"="C:\Programme\Alcohol Soft\Alcohol 120\" "h0"=dword:00000000 "ujdew"=hex:53,70,79,32,6b,05,89,02,ba,f1,ea,9d,e1,92,d0,e2,ff,03,b3,56,42,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04] "p0"="C:\Programme\Alcohol Soft\Alcohol 120\" "h0"=dword:00000000 "ujdew"=hex:53,70,79,32,6b,05,89,02,ba,f1,ea,9d,e1,92,d0,e2,ff,03,b3,56,42,.. scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden files: 0 --------------------[ Searching for other infections ]-------------------- No other infections found ! --------------------[ Scan completed at 12:56:55,82 ]--------------------- |
|
|
||
23.10.2007, 13:00
Ehrenmitglied
Beiträge: 6028 |
#14
Download HostsXpert 4 http://www.funkytoad.com/download/HostsXpert.zip
Mach mit eine verknuepfung zum Desktop Klicke nur! “Restore MSHosts file” __________ MfG Argus |
|
|
||
23.10.2007, 13:06
...neu hier
Themenstarter Beiträge: 8 |
#15
das problem sieht soweit gelöst aus, danke sehr
|
|
|
||
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 00:51:23, on 20.10.2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
Boot mode: Normal
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Gainward] C:\Programme\XpertVision\TBPanel.exe /A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ICQ Lite] "C:\Programme\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [UVS11 Preload] C:\Programme\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [kav] "C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\programme\steam\steam.exe" -silent
O4 - HKCU\..\Run: [BitTorrent] "C:\Programme\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Programme\Octoshape Streaming Services\Patrick\OctoshapeClient.exe" -inv:bootrun
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Programme\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [AdobeUpdater] C:\Programme\Gemeinsame Dateien\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [meal chin] C:\DOKUME~1\Patrick\ANWEND~1\ADMINM~1\managerdrvmath.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Programme\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: Download with NetPumper - C:\Programme\NetPumper\AddUrl.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Web-Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{71DB0425-6F0C-44C3-AA36-0D3786F8FFED}: NameServer = 195.50.140.114 195.50.140.252
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe
O23 - Service: NBService - Nero AG - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\System32\nvsvc32.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\System32\PnkBstrA.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - C:\WINDOWS\System32\wdfmgr.exe (file missing)
--
End of file - 6575 bytes
Combofix logfile:
ComboFix 07-10-17.8@ - Patrick 2007-10-20 0:33:53.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.1.1252.1.1031.18.951 [GMT 2:00]
ausgeführt von:: C:\Dokumente und Einstellungen\Patrick\Desktop\ComboFix.exe
* Neuer Wiederherstellungspunkt wurde erstellt
.
((((((((((((((((((((((( Dateien erstellt von 2007-09-19 bis 2007-10-19 ))))))))))))))))))))))))))))))
.
2007-10-20 00:33 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-19 09:44 <DIR> d-------- C:\Programme\Flagship Studios
2007-10-19 09:41 <DIR> d-------- C:\Programme\Hellgate
2007-10-19 09:40 <DIR> d-------- C:\Neuer Ordner
2007-10-07 22:48 <DIR> d-------- C:\Programme\Admin meta
2007-10-07 17:54 266,088 --a------ C:\WINDOWS\system32\xactengine2_8.dll
2007-10-07 17:54 18,280 --a------ C:\WINDOWS\system32\x3daudio1_2.dll
2007-10-07 17:53 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
2007-10-07 17:53 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2007-10-07 17:53 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll
2007-10-07 17:53 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll
2007-10-07 17:53 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll
2007-10-07 17:53 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll
2007-10-07 17:53 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll
2007-10-07 17:53 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll
2007-10-07 17:53 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll
2007-10-07 17:40 <DIR> d-------- C:\Programme\Mumble
2007-09-28 13:46 <DIR> d-------- C:\Programme\VirtualKeyboard
2007-09-28 13:44 <DIR> d-------- C:\Programme\Lavasoft
2007-09-28 13:44 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lavasoft
2007-09-26 23:46 63,912 --ah----- C:\WINDOWS\system32\mlfcache.dat
2007-09-25 21:10 <DIR> d-------- C:\WUTemp
2007-09-25 21:10 182,880 --a------ C:\WINDOWS\system32\iuengine.dll
2007-09-25 21:10 182,880 --a--c--- C:\WINDOWS\system32\dllcache\iuengine.dll
2007-09-23 13:56 <DIR> d---s---- C:\Programme\Xfire
2007-09-23 13:56 <DIR> d-------- C:\Dokumente und Einstellungen\Patrick\Anwendungsdaten\Xfire
2007-09-23 13:54 271,360 --a------ C:\WINDOWS\system32\drivers\atksgt.sys
2007-09-23 13:54 18,048 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys
2007-09-23 13:49 <DIR> d-------- C:\Programme\Gothic III
2007-09-23 13:42 <DIR> d-------- C:\IMG's
2007-09-23 13:41 <DIR> d-------- C:\Programme\Alcohol Soft
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-19 22:35 659,744 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2007-10-19 22:35 12,621,088 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2007-10-19 22:08 --------- d-----w C:\Programme\HLSW
2007-10-19 18:59 --------- d-----w C:\Programme\Steam
2007-10-19 09:57 62,468 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2007-10-19 09:57 168,740 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2007-10-19 07:41 --------- d-----w C:\Programme\ftp-uploader
2007-10-18 20:30 --------- d-----w C:\Dokumente und Einstellungen\Patrick\Anwendungsdaten\teamspeak2
2007-10-16 17:45 --------- d-----w C:\Programme\World of Warcraft
2007-10-15 16:47 --------- d-----w C:\Programme\PartyGaming
2007-10-08 20:20 --------- d-----w C:\Programme\Gamers.IRC
2007-10-07 20:49 --------- d-----w C:\Dokumente und Einstellungen\Patrick\Anwendungsdaten\Admin meta
2007-10-07 20:48 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Audio 4 part browse
2007-09-28 11:44 --------- d-----w C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2007-09-26 22:55 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-09-26 22:55 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2007-09-23 12:58 --------- d--h--w C:\Programme\InstallShield Installation Information
2007-09-14 19:56 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2007-09-13 20:43 22,328 ----a-w C:\Dokumente und Einstellungen\Patrick\Anwendungsdaten\PnkBstrK.sys
2007-09-10 13:29 --------- d-----w C:\Programme\WowEquip
2007-08-25 10:22 --------- d-----w C:\Programme\QuickTime
2007-08-25 10:21 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple Computer
2007-08-25 10:19 --------- d-----w C:\Programme\Apple Software Update
2007-08-25 10:19 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple
2007-08-20 12:59 --------- d-----w C:\Dokumente und Einstellungen\Patrick\Anwendungsdaten\NetPumper
2007-05-25 23:02 14 ----a-w C:\Dokumente und Einstellungen\Patrick\getfile.dat
.
(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-11 11:50 C:\WINDOWS\LOGI_MWX.EXE]
"Gainward"="C:\Programme\XpertVision\TBPanel.exe" [2007-02-01 18:49]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2007-03-01 07:22]
"nwiz"="nwiz.exe" [2007-03-01 07:22 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [2007-03-01 07:22 C:\WINDOWS\system32\nvmctray.dll]
"ICQ Lite"="C:\Programme\ICQLite\ICQLite.exe" [2007-04-14 23:12]
"WinampAgent"="C:\Programme\Winamp\winampa.exe" [2007-04-25 17:44]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 05:42 C:\WINDOWS\soundman.exe]
"UVS11 Preload"="C:\Programme\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2007-03-03 14:12]
"SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"kav"="C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" [2006-03-24 19:09]
"NeroCheck"="C:\WINDOWS\System32\NeroCheck.exe" [2001-07-09 11:50]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2002-08-28 21:38]
"MSPY2002"="C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe" [2002-08-28 21:39]
"PHIME2002ASync"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [2002-08-28 21:39]
"PHIME2002A"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [2002-08-28 21:39]
"NeroFilterCheck"="C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57]
"QuickTime Task"="C:\Programme\QuickTime\QTTask.exe" [2007-06-29 06:24]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2002-08-29 03:43]
"Steam"="c:\programme\steam\steam.exe" [2007-10-05 15:54]
"BitTorrent"="C:\Programme\BitTorrent\bittorrent.exe" [2007-03-02 01:11]
"SpybotSD TeaTimer"="C:\Programme\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04]
"MsnMsgr"="C:\Programme\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 19:03]
"Octoshape Streaming Services"="C:\Programme\Octoshape Streaming Services\Patrick\OctoshapeClient.exe" [2006-02-13 18:33]
"AlcoholAutomount"="C:\Programme\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-07-02 12:27]
"AdobeUpdater"="C:\Programme\Gemeinsame Dateien\Adobe\Updater5\AdobeUpdater.exe" [2007-08-21 23:30]
"meal chin"="C:\DOKUME~1\Patrick\ANWEND~1\ADMINM~1\managerdrvmath.exe" [2007-10-07 22:48]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"ICQ Lite"=C:\Programme\ICQLite\ICQLite.exe -trayboot
*Newly Created Service* - CATCHME
.
Inhalt des "geplante Tasks" Ordners
"2007-10-19 22:00:01 C:\WINDOWS\Tasks\A8A84DD2906BC982.job"
"2007-10-13 13:17:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
.
**************************************************************************
catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-20 00:35:52
Windows 5.1.2600 Service Pack 1 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostart Einträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
.
Zeit der Fertigstellung: 2007-10-20 0:36:21
.
--- E O F ---