Weiterleitung auf xxx-Seiten bei Google+System Error

#0
19.01.2008, 08:33
...neu hier

Beiträge: 5
#1 Hallo Zusammen,

seit einigen Tagen werde ich im Netz bei Google stänidg auf Pornoseiten weitergeleitet, wenn ich etwas suche, ausserdem erscheint,wenn ich ins Netz gehe ständig ein Fenster : system Error, your Computer was infectet by an uknown Trojan....

Darufhin habe ich mir das Programm Kapinsky 7.0 gekauft,welches angeblich alle Viren und Trojaner entfernt hat, aber das selbe Problem ist immer noch da....

Kann mir jemand helfen?

LG
Seitenanfang Seitenende
19.01.2008, 08:48
Ehrenmitglied
Avatar Argus

Beiträge: 6028
#2 ComboFix
Download ComboFix und speichert es auf den Desktop!
Alle Fenster schliessen und combofix.exe starten
Folge den Instruktionen in das Fenster
Waehrend Combofix lauft NICHT ins Fenster klicken sonst erfriert dein Rechner
Wenn das Tool fertig ist,oeffnet sich ein logfile (C:\combofix.txt)
nun das KOMPLETTE Log mit rechtem Mausklick abkopieren und ins Forum mit rechtem Mausklick "einfügen"
Wenn dein Virenscanner meckert,ignorieren !

Erstellen eines Hijackthis-Logfiles
Als erstes mach ein neuen Ordner auf C:\ z.b. C:\HijackThis,download HijackThis.exe dahin
Download: HijackThis202
Doppelklick HijackThis.exe und installiere das Tool in C:\Programme
Am Ende steht auf dein Desktop eine verknüpfung
Starte Hijack This und klicke “Do a system scan and safe a logfile”
Save log --> hijackthis.log - Save - es öffnet sich der Editor
nun das KOMPLETTE Log mit rechtem Mausklick abkopieren und ins Forum mit rechtem Mausklick "einfügen"
__________
MfG Argus
Seitenanfang Seitenende
19.01.2008, 09:29
...neu hier

Themenstarter

Beiträge: 5
#3 ComboFix 08-01-18.5 - Vanny u Basti 2008-01-19 9:12:01.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1031.18.810 [GMT 1:00]
ausgeführt von:: C:\Users\Vanny u Basti\Downloads\ComboFix.exe
* Neuer Wiederherstellungspunkt wurde erstellt

[color=red]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.
[color=purple]The following files were disabled during the run:[/color]
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll


((((((((((((((((((((((( Dateien erstellt von 2007-12-19 bis 2008-01-19 ))))))))))))))))))))))))))))))
.

2008-01-19 09:09 . 2000-08-31 08:00 51,200 --a------ C:\Windows\NirCmd.exe
2008-01-19 07:23 . 2008-01-19 07:23 802,816 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-01-19 07:23 . 2008-01-19 07:23 216,760 --a------ C:\Windows\System32\drivers\netio.sys
2008-01-19 07:23 . 2008-01-19 07:23 167,424 --a------ C:\Windows\System32\tcpipcfg.dll
2008-01-19 07:23 . 2008-01-19 07:23 24,064 --a------ C:\Windows\System32\netcfg.exe
2008-01-19 07:23 . 2008-01-19 07:23 22,016 --a------ C:\Windows\System32\netiougc.exe
2008-01-19 07:20 . 2008-01-19 07:20 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-01-19 07:20 . 2008-01-19 07:20 1,686,016 --a------ C:\Windows\System32\gameux.dll
2008-01-19 07:20 . 2008-01-19 07:20 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys
2008-01-19 07:20 . 2008-01-19 07:20 211,000 --a------ C:\Windows\System32\drivers\volsnap.sys
2008-01-19 07:20 . 2008-01-19 07:20 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-01-19 07:20 . 2008-01-19 07:20 109,624 --a------ C:\Windows\System32\drivers\ataport.sys
2008-01-19 07:20 . 2008-01-19 07:20 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys
2008-01-19 07:20 . 2008-01-19 07:20 21,560 --a------ C:\Windows\System32\drivers\atapi.sys
2008-01-19 07:20 . 2008-01-19 07:20 17,464 --a------ C:\Windows\System32\drivers\intelide.sys
2008-01-19 07:19 . 2008-01-19 07:19 11,776 --a------ C:\Windows\System32\sbunattend.exe
2008-01-18 20:33 . 2008-01-18 20:39 <DIR> d-------- C:\Program Files\a-squared Free
2008-01-18 20:10 . 2008-01-18 20:10 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-01-18 16:49 . 2008-01-18 17:10 91,492 --a------ C:\Windows\System32\drivers\klin.dat
2008-01-18 16:49 . 2008-01-18 17:10 85,860 --a------ C:\Windows\System32\drivers\klick.dat
2008-01-18 16:48 . 2008-01-19 08:59 <DIR> d-------- C:\Users\All Users\Kaspersky Lab
2008-01-18 16:48 . 2008-01-19 08:59 <DIR> d-------- C:\ProgramData\Kaspersky Lab
2008-01-18 16:48 . 2008-01-18 16:48 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-01-18 16:48 . 2008-01-19 09:17 3,811,616 --ahs---- C:\Windows\System32\drivers\fidbox.dat
2008-01-18 16:48 . 2008-01-19 08:57 53,000 --ahs---- C:\Windows\System32\drivers\fidbox.idx
2008-01-18 16:46 . 2008-01-18 16:46 <DIR> d-------- C:\Users\All Users\Kaspersky Lab Setup Files
2008-01-18 16:46 . 2008-01-18 16:46 <DIR> d-------- C:\ProgramData\Kaspersky Lab Setup Files
2008-01-17 20:40 . 2008-01-17 20:40 <DIR> d-------- C:\Users\Vanny u Basti\AppData\Roaming\Application Data
2008-01-17 20:40 . 2008-01-17 20:50 <DIR> d-------- C:\Users\All Users\Spyware Terminator
2008-01-17 20:40 . 2008-01-17 20:50 <DIR> d-------- C:\ProgramData\Spyware Terminator
2008-01-17 20:39 . 2008-01-17 20:55 <DIR> d-------- C:\Program Files\Spyware Terminator
2008-01-17 20:14 . 2008-01-18 20:10 <DIR> d-------- C:\Program Files\BrowsingAdvisor
2008-01-17 18:33 . 2008-01-18 18:43 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-01-17 18:33 . 2008-01-18 18:43 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-01-17 18:21 . 2008-01-17 18:21 <DIR> d-------- C:\Users\Vanny u Basti\AppData\Roaming\PC Tools
2008-01-17 18:21 . 2008-01-19 08:59 <DIR> d-a------ C:\Users\All Users\TEMP
2008-01-17 18:21 . 2008-01-19 08:59 <DIR> d-a------ C:\ProgramData\TEMP
2008-01-17 18:21 . 2008-01-18 18:03 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-01-17 18:21 . 2007-12-10 14:53 81,288 --a------ C:\Windows\System32\drivers\iksyssec.sys
2008-01-17 18:21 . 2007-12-10 14:53 66,952 --a------ C:\Windows\System32\drivers\iksysflt.sys
2008-01-17 18:21 . 2007-12-10 14:53 41,864 --a------ C:\Windows\System32\drivers\ikfilesec.sys
2008-01-17 18:21 . 2007-12-10 14:53 29,576 --a------ C:\Windows\System32\drivers\kcom.sys
2008-01-17 17:35 . 2008-01-17 17:35 225,792 --a------ C:\Windows\sysosa.dll
2008-01-17 17:35 . 2008-01-17 17:35 53 --a------ C:\tmp.bat

2008-01-16 20:21 . 2008-01-16 20:33 <DIR> d-------- C:\Users\All Users\WinZip
2008-01-16 20:21 . 2008-01-16 20:33 <DIR> d-------- C:\ProgramData\WinZip
2008-01-16 19:52 . 2008-01-18 20:40 <DIR> d-------- C:\Program Files\ICQToolbar
2008-01-16 19:51 . 2008-01-16 19:57 <DIR> d-------- C:\Users\Vanny u Basti\AppData\Roaming\ICQ
2008-01-16 19:50 . 2008-01-16 19:57 <DIR> d-------- C:\Program Files\ICQ6
2007-12-27 18:50 . 2008-01-18 17:35 <DIR> d-------- C:\Users\All Users\Avira
2007-12-27 18:50 . 2008-01-18 17:35 <DIR> d-------- C:\ProgramData\Avira

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-19 06:30 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-19 06:30 --------- d-----w C:\Program Files\Windows Mail
2008-01-19 06:20 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-01-19 06:20 449,024 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-01-19 06:20 2,143,744 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-01-19 06:20 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-01-18 17:46 --------- d-----w C:\Program Files\Google
2008-01-17 18:18 --------- d-----w C:\Users\Vanny u Basti\AppData\Roaming\FrostWire
2008-01-16 18:52 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-13 07:24 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2007-12-13 07:24 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2007-12-13 07:24 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2007-12-13 07:23 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2007-12-13 07:23 824,832 ----a-w C:\Windows\System32\wininet.dll
2007-12-13 07:23 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
2007-12-13 07:23 56,320 ----a-w C:\Windows\System32\iesetup.dll
2007-12-13 07:23 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2007-12-13 07:23 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2007-12-13 07:23 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
2007-12-13 07:23 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
2007-12-13 07:22 3,504,824 ----a-w C:\Windows\System32\ntkrnlpa.exe
2007-12-13 07:22 3,470,520 ----a-w C:\Windows\System32\ntoskrnl.exe
2007-12-01 07:59 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-11-18 09:31 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2007-11-18 09:31 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2007-11-18 09:31 542,720 ----a-w C:\Windows\System32\sysmain.dll
2007-11-18 09:31 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2007-11-18 09:31 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2007-11-18 09:31 299,008 ----a-w C:\Windows\System32\wlansec.dll
2007-11-18 09:31 289,280 ----a-w C:\Windows\System32\wlanmsm.dll
2007-11-18 09:31 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2007-11-18 09:31 2,923,520 ----a-w C:\Windows\explorer.exe
2007-11-18 09:31 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2007-11-18 09:29 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2007-08-30 05:29 174 --sha-w C:\Program Files\desktop.ini
.

(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BC660FC4-4B54-4CC7-AC65-23B0CA1FBBB0}]
2008-01-17 17:35 225792 --a------ C:\Windows\sysosa.dll


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F1E96EDC-E0C8-BE98-1F15-C29DBED83B53}]
2007-12-30 21:49 1019904 --a------ C:\Program Files\BrowsingAdvisor\BrowsingAdvisor-2.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 07:19 1232896]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2006-11-13 09:29 413696]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55 5674352]
"ICQ"="C:\Program Files\ICQ6\ICQ.exe" [2007-11-21 01:47 172280]
"dmvkq.tmp"="C:\Windows\system32\dmvkq.tmp" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-07-19 05:49 1006264]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-24 09:04 4423680 C:\Windows\RtHDVCpl.exe]
"TPwrMain"="C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE" [2006-12-19 22:16 411768]
"HSON"="C:\Program Files\TOSHIBA\TBS\HSON.exe" [2006-12-07 15:49 55416]
"SmoothView"="C:\Program Files\Toshiba\SmoothView\SmoothView.exe" [2007-04-03 15:52 509496]
"00TCrdMain"="C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-03-23 13:41 538744]
"KeNotify"="C:\Program Files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-06 16:14 34352]
"HWSetup"="C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" [2006-11-01 07:06 413696]
"SVPWUTIL"="C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-03-22 20:42 438272]
"topi"="C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-04-02 11:48 577536]
"Desktop SMS"="C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe" [2007-01-19 12:25 1507328]
"Skytel"="Skytel.exe" [2007-03-17 05:06 1822720 C:\Windows\SkyTel.exe]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-04-03 08:37 138008]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-04-03 08:37 154392]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2007-04-03 08:37 133912]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2006-09-11 15:21 180224]
"Toshiba Registration"="C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe" [2007-02-19 15:00 571024]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 13:37 174872]
"Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2007-04-26 11:03 74672]
"lxbkbmgr.exe"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2007-04-26 11:03 74672]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-11 06:28 1838592]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2007-12-10 14:53 1103752]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-26 16:53 218376]
"SpyHunter Security Suite"="C:\Program Files\Enigma Software Group\SpyHunter\SHStartup.exe" [2007-12-13 09:21 344064]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,C:\PROGRA~1\KASPER~1\
KASPER~1.0\r3hook.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

R0 CplIR;Embedded IR Driver;C:\Windows\system32\DRIVERS\CplIR.SYS [2007-03-06 14:01]
R0 LPCFilter;LPC Lower Filter Driver;C:\Windows\system32\DRIVERS\LPCFilter.sys [2006-07-28 15:25]
R0 tos_sps32;TOSHIBA tos_sps32 Service;C:\Windows\system32\DRIVERS\tos_sps32.sys [2007-03-29 16:50]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys [2007-04-04 14:59]
R2 lxbk_device;lxbk_device;C:\Windows\system32\lxbkcoms.exe [2007-04-26 11:01]
R2 SpyHunter3 Service;SpyHunter3 Service;"C:\Program Files\Enigma Software Group\SpyHunter\SHService.exe" [2007-12-13 09:21]
R2 TNaviSrv;TOSHIBA Navi Support Service;C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe [2007-03-29 16:52]
R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service;c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2007-02-25 20:55]
R3 AVMUNET;AVM FRITZ!Box;C:\Windows\system32\DRIVERS\avmunet.sys [2005-05-22 01:00]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-03-06 11:24]
R3 NETw4v32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows Vista 32 Bit;C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-02-25 05:14]
R3 RTL8169;Realtek 8169 NT Driver;C:\Windows\system32\DRIVERS\Rtlh86.sys [2006-12-25 17:35]
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver;C:\Windows\system32\DRIVERS\tdcmdpst.sys [2006-10-18 11:50]
S3 athr;Atheros Extensible Drahtlos-LAN-Gerätetreiber;C:\Windows\system32\DRIVERS\athr.sys [2006-11-02 08:30]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 13:18]
S3 tosrfec;Bluetooth ACPI;C:\Windows\system32\DRIVERS\tosrfec.sys [2006-10-23 15:32]
S4 KR10I;KR10I;C:\Windows\system32\drivers\kr10i.sys [2007-01-18 15:40]
S4 KR10N;KR10N;C:\Windows\system32\drivers\kr10n.sys [2007-01-18 15:47]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted REG_MULTI_SZ hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\
{d1fba317-348b-11dc-a9f8-806e6f6e6963}]
\shell\AutoRun\command - F:\KIS7.EXE

*Newly Created Service* - PROCEXP90
.
Inhalt des "geplante Tasks" Ordners
"2008-01-19 08:04:01 C:\Windows\Tasks\Auf Updates für Windows Live Toolbar prüfen.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-01-19 06:13:46 C:\Windows\Tasks\User_Feed_Synchronization-{B8C39919-5E2A-436C-A737-922AE7BF1F56}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-19 09:17:23
Windows 6.0.6000 NTFS

detected NTDLL code modification:
ZwClose

Scanne versteckte Prozesse...

Scanne versteckte Autostart Einträge...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i????????F????8???`????????????

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\Windows\system32\winlogon.exe [6.00.6000.16386]
-> C:\Program Files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll

PROCESS: C:\Windows\system32\lsass.exe [6.00.6000.16386]
-> C:\Program Files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll

PROCESS: C:\Windows\Explorer.exe [6.00.6000.16549]
-> C:\Program Files\IDM\Desktop SMS\oehook.dll
.
Zeit der Fertigstellung: 2008-01-19 9:19:45
.
2008-01-19 06:23:37 --- E O F ---


So und bei Hijack This komme ich nicht weiter,ich kann die Log nicht kopieren, sobald sich der Editor öffnet, steht da immer die Datei C:\Programmfiles\hijackthis....usw kann nicht gefunden werden....
Dieser Beitrag wurde am 19.01.2008 um 10:03 Uhr von nessa1405 editiert.
Seitenanfang Seitenende
19.01.2008, 10:22
Ehrenmitglied
Avatar Pinguin

Beiträge: 1441
#4 «
mal sehen, welcher virenscanner das erkennt , lade die dll hoch (einfach einkopieren) - poste den report
http://www.virustotal.com/

C:\Windows\sysosa.dll

C:\Windows\System32\sbunattend.exe

«
wende bitte comboscan an - poste das log
http://virus-protect.org/artikel/tools/comboscan.html
__________
Gruss
Pinguin

bin dabei, meine Seite + Proggies zu aktualisieren: http://www.virus-protect.org/
Seitenanfang Seitenende
19.01.2008, 10:42
...neu hier

Themenstarter

Beiträge: 5
#5 Antivirus Version letzte aktualisierung Ergebnis
AhnLab-V3 2008.1.19.10 2008.01.18 -
AntiVir 7.6.0.48 2008.01.18 -
Authentium 4.93.8 2008.01.19 -
Avast 4.7.1098.0 2008.01.18 -
AVG 7.5.0.516 2008.01.18 Delf.DQE
BitDefender 7.2 2008.01.19 -
CAT-QuickHeal 9.00 2008.01.18 -
ClamAV 0.91.2 2008.01.18 -
DrWeb 4.44.0.09170 2008.01.18 -
eSafe 7.0.15.0 2008.01.16 -
eTrust-Vet 31.3.5470 2008.01.18 -
Ewido 4.0 2008.01.18 -
FileAdvisor 1 2008.01.19 -
Fortinet 3.14.0.0 2008.01.19 -
F-Prot 4.4.2.54 2008.01.19 -
F-Secure 6.70.13260.0 2008.01.18 -
Ikarus T3.1.1.20 2008.01.19 Win32.SuspectCrc
Kaspersky 7.0.0.125 2008.01.19 -
McAfee 5211 2008.01.18 Generic ProcKill.d
Microsoft 1.3109 2008.01.18 Trojan:Win32/Delflob.I
NOD32v2 2807 2008.01.19 -
Norman 5.80.02 2008.01.18 -
Panda 9.0.0.4 2008.01.18 -
Prevx1 V2 2008.01.19 -
Rising 20.27.42.00 2008.01.18 -
Sophos 4.24.0 2008.01.19 -
Sunbelt 2.2.907.0 2008.01.17 -
Symantec 10 2008.01.19 -
TheHacker 6.2.9.191 2008.01.18 -
VBA32 3.12.2.5 2008.01.15 -
VirusBuster 4.3.26:9 2008.01.18 -
Webwasher-Gateway 6.6.2 2008.01.18 -
weitere Informationen
File size: 225792 bytes
MD5: aa31796d9c6db579e490008266d28667
SHA1: 2f4a348eab703fe0e8f5d3fb6a58f1a1a63e66aa
PEiD: ASPack v2.12 -> Alexey Solodovnikov
packers: Aspack
packers: ASPack


Deckard's System Scanner v20071014.68
Run by Vanny u Basti on 2008-01-19 10:32:43
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --
19: 2008-01-19 08:10:12 UTC - RP167 - ComboFix created restore point
18: 2008-01-19 06:18:02 UTC - RP166 - Windows Update
17: 2008-01-18 17:52:05 UTC - RP165 - Configured Emdedded IR Driver
16: 2008-01-18 17:42:35 UTC - RP163 - Norton Security Scan wird entfernt
15: 2008-01-18 17:40:26 UTC - RP162 - Removed Google Toolbar for Internet Explorer


-- First Restore Point --
1: 2007-12-13 07:21:22 UTC - RP144 - Windows Update


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Vanny u Basti.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:36:53, on 19.01.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\lxbkcoms.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Enigma Software Group\SpyHunter\SHService.exe
C:\Windows\system32\svchost.exe
C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Lexmark X1100 Series\LXBKbmgr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\ICQ6\ICQ.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Users\Vanny u Basti\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YGWF78AR\dss[1].exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Vanny u Basti.exe
C:\Windows\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O1 - Hosts: ::1 localhost
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Office toolbar - {BC660FC4-4B54-4CC7-AC65-23B0CA1FBBB0} - C:\Windows\sysosa.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: BrowsingAdvisor - {F1E96EDC-E0C8-BE98-1F15-C29DBED83B53} - C:\Program Files\BrowsingAdvisor\BrowsingAdvisor-2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
O4 - HKLM\..\Run: [Desktop SMS] C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe /auto
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [lxbkbmgr.exe] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SHStartup.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent
O4 - HKCU\..\Run: [dmvkq.tmp] C:\Windows\system32\dmvkq.tmp
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Statistik für Web-Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: (no name) - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - (no file)
O9 - Extra button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url_de.pl?http://www.ebay.de/ (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.122 85.255.112.83
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.122 85.255.112.83
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.113.122 85.255.112.83
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: NameServer = 85.255.113.122 85.255.112.83
O17 - HKLM\System\CS5\Services\Tcpip\Parameters: NameServer = 85.255.113.122 85.255.112.83
O17 - HKLM\System\CS6\Services\Tcpip\Parameters: NameServer = 85.255.113.122 85.255.112.83
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.122 85.255.112.83
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: lxbk_device - - C:\Windows\system32\lxbkcoms.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SpyHunter3 Service - Enigma Software Group, Inc. - C:\Program Files\Enigma Software Group\SpyHunter\SHService.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 12463 bytes

-- File Associations -----------------------------------------------------------

[COLOR=red].cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*[/COLOR]


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 CplIR (Embedded IR Driver) - c:\windows\system32\drivers\cplir.sys <Not Verified; COMPAL ELECTRONIC INC.; >


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 CFSvcs (ConfigFree Service) - c:\program files\toshiba\configfree\cfsvcs.exe <Not Verified; TOSHIBA CORPORATION; ConfigFree(TM)>
R2 SpyHunter3 Service - "c:\program files\enigma software group\spyhunter\shservice.exe" <Not Verified; Enigma Software Group, Inc.; SpyHunter3>
R2 TNaviSrv (TOSHIBA Navi Support Service) - c:\program files\toshiba\toshiba dvd player\tnavisrv.exe <Not Verified; TOSHIBA Corporation; TOSHIBA DVD Player>
R2 TODDSrv (TOSHIBA Optical Disc Drive Service) - c:\windows\system32\toddsrv.exe <Not Verified; TOSHIBA Corporation; TDCSrv Application>

S3 FirebirdServerMAGIXInstance (Firebird Server - MAGIX Instance) - c:\program files\magix\common\database\bin\fbserver.exe <Not Verified; MAGIX®; Firebird SQL Server - MAGIX Edition>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-01-19 10:04:04 256 --a------ C:\Windows\Tasks\Auf Updates für Windows Live Toolbar prüfen.job
2008-01-19 07:13:46 434 --ah----- C:\Windows\Tasks\User_Feed_Synchronization-{B8C39919-5E2A-436C-A737-922AE7BF1F56}.job


-- Files created between 2007-12-19 and 2008-01-19 -----------------------------

2008-01-19 10:36:19 0 d-------- C:\Program Files\Trend Micro
2008-01-19 10:14:06 0 d-------- C:\Program Files\Hijack This
2008-01-19 09:38:13 0 d-------- C:\C hijack this.exe
2008-01-18 20:33:20 0 d-------- C:\Program Files\a-squared Free
2008-01-18 20:10:36 0 d-------- C:\Program Files\Enigma Software Group
2008-01-18 16:49:50 91492 --a------ C:\Windows\system32\drivers\klin.dat
2008-01-18 16:49:49 85860 --a------ C:\Windows\system32\drivers\klick.dat
2008-01-18 16:48:27 0 d-------- C:\Users\All Users\Kaspersky Lab
2008-01-18 16:48:27 0 d-------- C:\Program Files\Kaspersky Lab
2008-01-18 16:48:13 3865376 --ahs---- C:\Windows\system32\drivers\fidbox.dat
2008-01-18 16:46:25 0 d-------- C:\Users\All Users\Kaspersky Lab Setup Files
2008-01-17 20:40:02 0 d-------- C:\Users\All Users\Spyware Terminator
2008-01-17 20:39:59 0 d-------- C:\Program Files\Spyware Terminator
2008-01-17 20:14:27 0 d-------- C:\Program Files\BrowsingAdvisor
2008-01-17 18:33:13 0 d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-01-17 18:21:18 0 d-a------ C:\Users\All Users\TEMP
2008-01-17 18:21:03 0 d-------- C:\Program Files\Spyware Doctor
2008-01-17 17:35:15 225792 --a------ C:\Windows\sysosa.dll <Not Verified; Intel; >
2008-01-17 17:35:15 53 --a------ C:\tmp.bat
2008-01-16 20:21:34 0 d-------- C:\Users\All Users\WinZip
2008-01-16 19:52:08 0 d-------- C:\Program Files\ICQToolbar
2008-01-16 19:50:42 0 d-------- C:\Program Files\ICQ6
2007-12-27 18:50:58 0 d-------- C:\Users\All Users\Avira


-- Find3M Report ---------------------------------------------------------------

2008-01-19 07:30:41 0 d-------- C:\Program Files\Windows Mail
2008-01-19 07:30:38 0 d-------- C:\Program Files\Windows Sidebar
2008-01-18 18:46:13 0 d-------- C:\Program Files\Google
2008-01-18 18:38:05 0 d-------- C:\Program Files\Common Files
2008-01-18 17:04:33 641344 --a------ C:\Windows\system32\perfh007.dat
2008-01-18 17:04:33 116706 --a------ C:\Windows\system32\perfc007.dat
2008-01-17 20:40:02 0 d-------- C:\Users\Vanny u Basti\AppData\Roaming\Application Data
2008-01-17 19:18:12 0 d-------- C:\Users\Vanny u Basti\AppData\Roaming\FrostWire
2008-01-17 18:21:03 0 d-------- C:\Users\Vanny u Basti\AppData\Roaming\PC Tools
2008-01-16 19:57:27 0 d-------- C:\Users\Vanny u Basti\AppData\Roaming\ICQ
2008-01-16 19:52:58 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-12-01 08:59:46 0 d-------- C:\Program Files\Windows Live Toolbar


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BC660FC4-4B54-4CC7-AC65-23B0CA1FBBB0}]
17.01.2008 17:35 225792 --a------ C:\Windows\sysosa.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F1E96EDC-E0C8-BE98-1F15-C29DBED83B53}]
30.12.2007 21:49 1019904 --a------ C:\Program Files\BrowsingAdvisor\BrowsingAdvisor-2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [19.07.2007 05:49]
"RtHDVCpl"="RtHDVCpl.exe" [24.03.2007 09:04 C:\Windows\RtHDVCpl.exe]
"TPwrMain"="C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE" [19.12.2006 22:16]
"HSON"="C:\Program Files\TOSHIBA\TBS\HSON.exe" [07.12.2006 15:49]
"SmoothView"="C:\Program Files\Toshiba\SmoothView\SmoothView.exe" [03.04.2007 15:52]
"00TCrdMain"="C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe" [23.03.2007 13:41]
"KeNotify"="C:\Program Files\TOSHIBA\Utilities\KeNotify.exe" [06.11.2006 16:14]
"HWSetup"="C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" [01.11.2006 07:06]
"SVPWUTIL"="C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe" [22.03.2006 20:42]
"topi"="C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe" [02.04.2007 11:48]
"Desktop SMS"="C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe" [19.01.2007 12:25]
"Skytel"="Skytel.exe" [17.03.2007 05:06 C:\Windows\SkyTel.exe]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [03.04.2007 08:37]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [03.04.2007 08:37]
"Persistence"="C:\Windows\system32\igfxpers.exe" [03.04.2007 08:37]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [11.09.2006 15:21]
"Toshiba Registration"="C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe" [19.02.2007 15:00]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [12.02.2007 13:37]
"Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [26.04.2007 11:03]
"lxbkbmgr.exe"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [26.04.2007 11:03]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [11.08.2007 06:28]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [10.12.2007 14:53]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [26.06.2007 16:53]
"SpyHunter Security Suite"="C:\Program Files\Enigma Software Group\SpyHunter\SHStartup.exe" [13.12.2007 09:21]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [19.01.2008 07:19]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [13.11.2006 09:29]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [02.11.2006 13:35]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [19.01.2007 11:55]
"ICQ"="C:\Program Files\ICQ6\ICQ.exe" [21.11.2007 01:47]
"dmvkq.tmp"="C:\Windows\system32\dmvkq.tmp" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d1fba317-348b-11dc-a9f8-806e6f6e6963}]
AutoRun\command- F:\KIS7.EXE


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-01-19 10:41:08 ------------


So,jetzt habe ich es,denk ich mal
Seitenanfang Seitenende
19.01.2008, 15:59
Ehrenmitglied
Avatar Pinguin

Beiträge: 1441
#6 nessa1405

1.
lade fixwareout - noch nicht anwenden
http://www.virus-protect.org/artikel/tools/fixwareout.html

2.
Schliesse alle Fenster und starte Hijack This
Klicke: Do a Systemscan only
Setze ein Häckchen in das Kästchen vor den genannten Eintrag
und wähle fix checked

Zitat

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Office toolbar - {BC660FC4-4B54-4CC7-AC65-23B0CA1FBBB0} - C:\Windows\sysosa.dll

O4 - HKCU\..\Run: [dmvkq.tmp] C:\Windows\system32\dmvkq.tmp

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.122 85.255.112.83
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.122 85.255.112.83
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.113.122 85.255.112.83
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: NameServer = 85.255.113.122 85.255.112.83
O17 - HKLM\System\CS5\Services\Tcpip\Parameters: NameServer = 85.255.113.122 85.255.112.83
O17 - HKLM\System\CS6\Services\Tcpip\Parameters: NameServer = 85.255.113.122 85.255.112.83
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.122 85.255.112.83


4.
Combofix
Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als cfscript.txt mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden.

Zitat

KILLALL::

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dmvkq.tmp"=-
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BC660FC4-4B54-4CC7-AC65-23B0CA1FBBB0}]

File::
C:\Windows\sysosa.dll
C:\tmp.bat
CFScript.txt und mit der rechten Maustaste auf das Symbol von Combofix ziehen


Wende combofix noch mal an - tippe 1

4.
fixwareout anwenden - Rechner wird neustarten - poste den report

5.
poste das neue Log vom HijackThis

----------

6.
mache einen Onlinescan mit
McAfee FreeScan (Online)
http://board.protecus.de/t8642.htm
poste hier den report
__________
Gruss
Pinguin

bin dabei, meine Seite + Proggies zu aktualisieren: http://www.virus-protect.org/
Seitenanfang Seitenende
19.01.2008, 23:56
...neu hier

Themenstarter

Beiträge: 5
#7 Hallo Pinguin,

danke erstmal für deine Hilfe, ich bewundere ja immer wieder die Menschen, die sich mit solchen Dingen auskennen....
Leider funktioniert fixwareout bei mir nicht mit vista....

Hier erstmal der zweite Report von Combofix



ComboFix 08-01-18.5 - Vanny u Basti 2008-01-19 23:38:08.3 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1031.18.1074 [GMT 1:00]
ausgeführt von:: C:\Users\Vanny u Basti\Downloads\ComboFix.exe
Command switches used :: C:\Users\Vanny u Basti\Desktop\cfscript.txt
* Neuer Wiederherstellungspunkt wurde erstellt

[color=red]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.
[color=purple]The following files were disabled during the run:[/color]
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll


((((((((((((((((((((((( Dateien erstellt von 2007-12-19 bis 2008-01-19 ))))))))))))))))))))))))))))))
.

2008-01-19 22:46 . 2008-01-19 22:46 486,449 --a------ C:\Users\Vanny u Basti\Fixwareout.exe
2008-01-19 10:36 . 2008-01-19 10:36 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-19 10:32 . 2008-01-19 10:32 <DIR> d-------- C:\Deckard
2008-01-19 10:14 . 2008-01-19 23:21 <DIR> d-------- C:\Program Files\Hijack This
2008-01-19 10:13 . 2008-01-19 10:13 598,816 --a------ C:\Users\Vanny u Basti\hijackthissetupv2.0.2.exe
2008-01-19 09:38 . 2008-01-19 09:38 <DIR> d-------- C:\C hijack this.exe
2008-01-19 09:09 . 2000-08-31 08:00 51,200 --a------ C:\Windows\NirCmd.exe
2008-01-19 07:23 . 2008-01-19 07:23 802,816 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-01-19 07:23 . 2008-01-19 07:23 216,760 --a------ C:\Windows\System32\drivers\netio.sys
2008-01-19 07:23 . 2008-01-19 07:23 167,424 --a------ C:\Windows\System32\tcpipcfg.dll
2008-01-19 07:23 . 2008-01-19 07:23 24,064 --a------ C:\Windows\System32\netcfg.exe
2008-01-19 07:23 . 2008-01-19 07:23 22,016 --a------ C:\Windows\System32\netiougc.exe
2008-01-19 07:20 . 2008-01-19 07:20 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-01-19 07:20 . 2008-01-19 07:20 1,686,016 --a------ C:\Windows\System32\gameux.dll
2008-01-19 07:20 . 2008-01-19 07:20 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys
2008-01-19 07:20 . 2008-01-19 07:20 211,000 --a------ C:\Windows\System32\drivers\volsnap.sys
2008-01-19 07:20 . 2008-01-19 07:20 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-01-19 07:20 . 2008-01-19 07:20 109,624 --a------ C:\Windows\System32\drivers\ataport.sys
2008-01-19 07:20 . 2008-01-19 07:20 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys
2008-01-19 07:20 . 2008-01-19 07:20 21,560 --a------ C:\Windows\System32\drivers\atapi.sys
2008-01-19 07:20 . 2008-01-19 07:20 17,464 --a------ C:\Windows\System32\drivers\intelide.sys
2008-01-19 07:19 . 2008-01-19 07:19 11,776 --a------ C:\Windows\System32\sbunattend.exe
2008-01-18 20:33 . 2008-01-19 12:31 <DIR> d-------- C:\Program Files\a-squared Free
2008-01-18 20:10 . 2008-01-18 20:10 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-01-18 16:49 . 2008-01-18 17:10 91,492 --a------ C:\Windows\System32\drivers\klin.dat
2008-01-18 16:49 . 2008-01-18 17:10 85,860 --a------ C:\Windows\System32\drivers\klick.dat
2008-01-18 16:48 . 2008-01-19 22:40 <DIR> d-------- C:\Users\All Users\Kaspersky Lab
2008-01-18 16:48 . 2008-01-19 22:40 <DIR> d-------- C:\ProgramData\Kaspersky Lab
2008-01-18 16:48 . 2008-01-18 16:48 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-01-18 16:48 . 2008-01-19 23:40 4,032,032 --ahs---- C:\Windows\System32\drivers\fidbox.dat
2008-01-18 16:48 . 2008-01-19 15:36 56,180 --ahs---- C:\Windows\System32\drivers\fidbox.idx
2008-01-18 16:46 . 2008-01-18 16:46 <DIR> d-------- C:\Users\All Users\Kaspersky Lab Setup Files
2008-01-18 16:46 . 2008-01-18 16:46 <DIR> d-------- C:\ProgramData\Kaspersky Lab Setup Files
2008-01-17 20:40 . 2008-01-19 12:36 <DIR> d-------- C:\Users\Vanny u Basti\AppData\Roaming\Application Data
2008-01-17 20:39 . 2008-01-19 12:38 <DIR> d-------- C:\Program Files\Spyware Terminator
2008-01-17 20:14 . 2008-01-19 12:30 <DIR> d-------- C:\Program Files\BrowsingAdvisor
2008-01-17 18:33 . 2008-01-18 18:43 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-01-17 18:33 . 2008-01-18 18:43 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-01-17 18:21 . 2008-01-17 18:21 <DIR> d-------- C:\Users\Vanny u Basti\AppData\Roaming\PC Tools
2008-01-17 18:21 . 2008-01-19 22:56 <DIR> d-a------ C:\Users\All Users\TEMP
2008-01-17 18:21 . 2008-01-19 22:56 <DIR> d-a------ C:\ProgramData\TEMP
2008-01-17 18:21 . 2008-01-18 18:03 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-01-17 18:21 . 2007-12-10 14:53 81,288 --a------ C:\Windows\System32\drivers\iksyssec.sys
2008-01-17 18:21 . 2007-12-10 14:53 66,952 --a------ C:\Windows\System32\drivers\iksysflt.sys
2008-01-17 18:21 . 2007-12-10 14:53 41,864 --a------ C:\Windows\System32\drivers\ikfilesec.sys
2008-01-17 18:21 . 2007-12-10 14:53 29,576 --a------ C:\Windows\System32\drivers\kcom.sys
2008-01-17 17:35 . 2008-01-17 17:35 53 --a------ C:\tmp.bat
2008-01-16 20:21 . 2008-01-16 20:33 <DIR> d-------- C:\Users\All Users\WinZip
2008-01-16 20:21 . 2008-01-16 20:33 <DIR> d-------- C:\ProgramData\WinZip
2008-01-16 19:52 . 2008-01-18 20:40 <DIR> d-------- C:\Program Files\ICQToolbar
2008-01-16 19:51 . 2008-01-16 19:57 <DIR> d-------- C:\Users\Vanny u Basti\AppData\Roaming\ICQ
2008-01-16 19:50 . 2008-01-16 19:57 <DIR> d-------- C:\Program Files\ICQ6
2007-12-27 18:50 . 2008-01-18 17:35 <DIR> d-------- C:\Users\All Users\Avira
2007-12-27 18:50 . 2008-01-18 17:35 <DIR> d-------- C:\ProgramData\Avira

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-19 11:31 --------- d-----w C:\Program Files\Google
2008-01-19 06:30 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-19 06:30 --------- d-----w C:\Program Files\Windows Mail
2008-01-19 06:20 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-01-19 06:20 449,024 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-01-19 06:20 2,143,744 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-01-19 06:20 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-01-17 18:18 --------- d-----w C:\Users\Vanny u Basti\AppData\Roaming\FrostWire
2008-01-16 18:52 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-13 07:24 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2007-12-13 07:24 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2007-12-13 07:24 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2007-12-13 07:23 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2007-12-13 07:23 824,832 ----a-w C:\Windows\System32\wininet.dll
2007-12-13 07:23 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
2007-12-13 07:23 56,320 ----a-w C:\Windows\System32\iesetup.dll
2007-12-13 07:23 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2007-12-13 07:23 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2007-12-13 07:23 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
2007-12-13 07:23 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
2007-12-13 07:22 3,504,824 ----a-w C:\Windows\System32\ntkrnlpa.exe
2007-12-13 07:22 3,470,520 ----a-w C:\Windows\System32\ntoskrnl.exe
2007-12-01 07:59 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-11-18 09:31 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2007-11-18 09:31 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2007-11-18 09:31 542,720 ----a-w C:\Windows\System32\sysmain.dll
2007-11-18 09:31 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2007-11-18 09:31 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2007-11-18 09:31 299,008 ----a-w C:\Windows\System32\wlansec.dll
2007-11-18 09:31 289,280 ----a-w C:\Windows\System32\wlanmsm.dll
2007-11-18 09:31 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2007-11-18 09:31 2,923,520 ----a-w C:\Windows\explorer.exe
2007-11-18 09:31 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2007-11-18 09:29 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2007-08-30 05:29 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((( snapshot@2008-01-19_ 9.18.07,87 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-19 07:58:46 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-01-19 21:39:17 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-01-19 08:10:43 151,552 ----a-w C:\Windows\erdnt\Hiv-backup\Users\00000001\ntuser.dat
+ 2008-01-19 22:37:53 151,552 ----a-w C:\Windows\erdnt\Hiv-backup\Users\00000001\ntuser.dat
- 2008-01-19 08:10:44 155,648 ----a-w C:\Windows\erdnt\Hiv-backup\Users\00000002\ntuser.dat
+ 2008-01-19 22:37:53 155,648 ----a-w C:\Windows\erdnt\Hiv-backup\Users\00000002\ntuser.dat
- 2008-01-19 08:10:45 2,527,232 ----a-w C:\Windows\erdnt\Hiv-backup\Users\00000003\ntuser.dat
+ 2008-01-19 22:37:54 2,535,424 ----a-w C:\Windows\erdnt\Hiv-backup\Users\00000003\ntuser.dat
- 2008-01-19 08:10:45 2,187,264 ----a-w C:\Windows\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-19 22:37:54 2,187,264 ----a-w C:\Windows\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-19 07:57:02 616,624 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2008-01-19 14:36:21 616,624 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2008-01-19 08:02:12 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\UsrClass.dat
+ 2008-01-19 22:05:45 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\UsrClass.dat
- 2008-01-19 07:59:26 40,960 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\rtdrvmon.exe
+ 2008-01-19 21:40:10 40,960 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\rtdrvmon.exe
- 2008-01-19 08:00:31 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
+ 2008-01-19 21:42:01 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
- 2008-01-19 08:02:56 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\UsrClass.dat
+ 2008-01-19 22:22:15 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\UsrClass.dat
- 2008-01-19 08:00:37 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2008-01-19 21:42:08 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
- 2008-01-19 07:59:26 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-01-19 21:40:39 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-01-19 07:59:26 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-19 21:40:39 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-01-19 07:59:26 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-01-19 21:40:39 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-01-19 08:01:15 9,308 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3960360878-4086731189-2281556047-1000_UserData.bin
+ 2008-01-19 21:42:32 9,432 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3960360878-4086731189-2281556047-1000_UserData.bin
- 2008-01-19 08:01:14 76,360 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-01-19 21:42:30 76,488 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-01-19 08:01:07 47,362 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-01-19 21:41:57 47,730 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
-- Snapshot reset to current date --
.
(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F1E96EDC-E0C8-BE98-1F15-C29DBED83B53}]
2007-12-30 21:49 1019904 --a------ C:\Program Files\BrowsingAdvisor\BrowsingAdvisor-2.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 07:19 1232896]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2006-11-13 09:29 413696]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55 5674352]
"ICQ"="C:\Program Files\ICQ6\ICQ.exe" [2007-11-21 01:47 172280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-07-19 05:49 1006264]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-24 09:04 4423680 C:\Windows\RtHDVCpl.exe]
"TPwrMain"="C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE" [2006-12-19 22:16 411768]
"HSON"="C:\Program Files\TOSHIBA\TBS\HSON.exe" [2006-12-07 15:49 55416]
"SmoothView"="C:\Program Files\Toshiba\SmoothView\SmoothView.exe" [2007-04-03 15:52 509496]
"00TCrdMain"="C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-03-23 13:41 538744]
"KeNotify"="C:\Program Files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-06 16:14 34352]
"HWSetup"="C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" [2006-11-01 07:06 413696]
"SVPWUTIL"="C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-03-22 20:42 438272]
"topi"="C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-04-02 11:48 577536]
"Desktop SMS"="C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe" [2007-01-19 12:25 1507328]
"Skytel"="Skytel.exe" [2007-03-17 05:06 1822720 C:\Windows\SkyTel.exe]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-04-03 08:37 138008]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-04-03 08:37 154392]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2007-04-03 08:37 133912]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2006-09-11 15:21 180224]
"Toshiba Registration"="C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe" [2007-02-19 15:00 571024]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 13:37 174872]
"Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2007-04-26 11:03 74672]
"lxbkbmgr.exe"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2007-04-26 11:03 74672]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-26 16:53 218376]
"SpyHunter Security Suite"="C:\Program Files\Enigma Software Group\SpyHunter\SHStartup.exe" [2007-12-13 09:21 344064]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

R0 CplIR;Embedded IR Driver;C:\Windows\system32\DRIVERS\CplIR.SYS [2007-03-06 14:01]
R0 LPCFilter;LPC Lower Filter Driver;C:\Windows\system32\DRIVERS\LPCFilter.sys [2006-07-28 15:25]
R0 tos_sps32;TOSHIBA tos_sps32 Service;C:\Windows\system32\DRIVERS\tos_sps32.sys [2007-03-29 16:50]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys [2007-04-04 14:59]
R2 lxbk_device;lxbk_device;C:\Windows\system32\lxbkcoms.exe [2007-04-26 11:01]
R2 SpyHunter3 Service;SpyHunter3 Service;"C:\Program Files\Enigma Software Group\SpyHunter\SHService.exe" [2007-12-13 09:21]
R2 TNaviSrv;TOSHIBA Navi Support Service;C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe [2007-03-29 16:52]
R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service;c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2007-02-25 20:55]
R3 AVMUNET;AVM FRITZ!Box;C:\Windows\system32\DRIVERS\avmunet.sys [2005-05-22 01:00]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-03-06 11:24]
R3 NETw4v32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows Vista 32 Bit;C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-02-25 05:14]
R3 RTL8169;Realtek 8169 NT Driver;C:\Windows\system32\DRIVERS\Rtlh86.sys [2006-12-25 17:35]
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver;C:\Windows\system32\DRIVERS\tdcmdpst.sys [2006-10-18 11:50]
S3 athr;Atheros Extensible Drahtlos-LAN-Gerätetreiber;C:\Windows\system32\DRIVERS\athr.sys [2006-11-02 08:30]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 13:18]
S3 tosrfec;Bluetooth ACPI;C:\Windows\system32\DRIVERS\tosrfec.sys [2006-10-23 15:32]
S4 KR10I;KR10I;C:\Windows\system32\drivers\kr10i.sys [2007-01-18 15:40]
S4 KR10N;KR10N;C:\Windows\system32\drivers\kr10n.sys [2007-01-18 15:47]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted REG_MULTI_SZ hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum

.
Inhalt des "geplante Tasks" Ordners
"2008-01-19 22:04:00 C:\Windows\Tasks\Auf Updates für Windows Live Toolbar prüfen.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-01-19 06:13:46 C:\Windows\Tasks\User_Feed_Synchronization-{B8C39919-5E2A-436C-A737-922AE7BF1F56}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-19 23:40:39
Windows 6.0.6000 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostart Einträge...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i????????F????8???`????????????

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\Windows\system32\winlogon.exe [6.00.6000.16386]
-> C:\Program Files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll

PROCESS: C:\Windows\system32\lsass.exe [6.00.6000.16386]
-> C:\Program Files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll
.
Zeit der Fertigstellung: 2008-01-19 23:42:09
ComboFix2.txt 2008-01-19 22:30:21
ComboFix3.txt 2008-01-19 08:19:47
.
2008-01-19 06:23:37 --- E O F ---
Seitenanfang Seitenende
20.01.2008, 00:11
Ehrenmitglied
Avatar Pinguin

Beiträge: 1441
#8 «
poste bitte das neue Log vom HijackThis

«
mache einen Onlinescan mit
McAfee FreeScan (Online)
http://board.protecus.de/t8642.htm
poste hier den report
__________
__________
Gruss
Pinguin

bin dabei, meine Seite + Proggies zu aktualisieren: http://www.virus-protect.org/
Seitenanfang Seitenende
20.01.2008, 10:07
Ehrenmitglied
Avatar Argus

Beiträge: 6028
#9 Fixe noch mit HJ O2 - BHO: BrowsingAdvisor - {F1E96EDC-E0C8-BE98-1F15-C29DBED83B53} - C:\Program Files\BrowsingAdvisor\BrowsingAdvisor-2.dll

Entferne auf C:\Program Files\BrowsingAdvisor

http://www.castlecops.com/tk41048-BrowsingAdvisor.html
__________
MfG Argus
Seitenanfang Seitenende
21.01.2008, 19:11
...neu hier

Themenstarter

Beiträge: 5
#10 Hallo Zusammen,

vielen Dank erstmal für Eure Hilfe, nachdem am WE auch noch mein Internet ausgefallen ist, hatte ich die Nase voll und hab alles runtergeschmissen und Vista komplett neu draufgespielt...Und jetzt, siehe da, keine Fehlermeldung und keine Probleme mehr mit dem Internet :-)

Ich hoffe,es bleibt so....

LG Nessa
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren: