Weiterleitung auf xxx-Seiten bei Google+System Error |
||
---|---|---|
#0
| ||
19.01.2008, 08:33
...neu hier
Beiträge: 5 |
||
|
||
19.01.2008, 08:48
Ehrenmitglied
Beiträge: 6028 |
#2
ComboFix
Download ComboFix und speichert es auf den Desktop! Alle Fenster schliessen und combofix.exe starten Folge den Instruktionen in das Fenster Waehrend Combofix lauft NICHT ins Fenster klicken sonst erfriert dein Rechner Wenn das Tool fertig ist,oeffnet sich ein logfile (C:\combofix.txt) nun das KOMPLETTE Log mit rechtem Mausklick abkopieren und ins Forum mit rechtem Mausklick "einfügen" Wenn dein Virenscanner meckert,ignorieren ! Erstellen eines Hijackthis-Logfiles Als erstes mach ein neuen Ordner auf C:\ z.b. C:\HijackThis,download HijackThis.exe dahin Download: HijackThis202 Doppelklick HijackThis.exe und installiere das Tool in C:\Programme Am Ende steht auf dein Desktop eine verknüpfung Starte Hijack This und klicke “Do a system scan and safe a logfile” Save log --> hijackthis.log - Save - es öffnet sich der Editor nun das KOMPLETTE Log mit rechtem Mausklick abkopieren und ins Forum mit rechtem Mausklick "einfügen" __________ MfG Argus |
|
|
||
19.01.2008, 09:29
...neu hier
Themenstarter Beiträge: 5 |
#3
ComboFix 08-01-18.5 - Vanny u Basti 2008-01-19 9:12:01.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1031.18.810 [GMT 1:00] ausgeführt von:: C:\Users\Vanny u Basti\Downloads\ComboFix.exe * Neuer Wiederherstellungspunkt wurde erstellt [color=red]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color] . [color=purple]The following files were disabled during the run:[/color] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll ((((((((((((((((((((((( Dateien erstellt von 2007-12-19 bis 2008-01-19 )))))))))))))))))))))))))))))) . 2008-01-19 09:09 . 2000-08-31 08:00 51,200 --a------ C:\Windows\NirCmd.exe 2008-01-19 07:23 . 2008-01-19 07:23 802,816 --a------ C:\Windows\System32\drivers\tcpip.sys 2008-01-19 07:23 . 2008-01-19 07:23 216,760 --a------ C:\Windows\System32\drivers\netio.sys 2008-01-19 07:23 . 2008-01-19 07:23 167,424 --a------ C:\Windows\System32\tcpipcfg.dll 2008-01-19 07:23 . 2008-01-19 07:23 24,064 --a------ C:\Windows\System32\netcfg.exe 2008-01-19 07:23 . 2008-01-19 07:23 22,016 --a------ C:\Windows\System32\netiougc.exe 2008-01-19 07:20 . 2008-01-19 07:20 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll 2008-01-19 07:20 . 2008-01-19 07:20 1,686,016 --a------ C:\Windows\System32\gameux.dll 2008-01-19 07:20 . 2008-01-19 07:20 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys 2008-01-19 07:20 . 2008-01-19 07:20 211,000 --a------ C:\Windows\System32\drivers\volsnap.sys 2008-01-19 07:20 . 2008-01-19 07:20 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys 2008-01-19 07:20 . 2008-01-19 07:20 109,624 --a------ C:\Windows\System32\drivers\ataport.sys 2008-01-19 07:20 . 2008-01-19 07:20 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys 2008-01-19 07:20 . 2008-01-19 07:20 21,560 --a------ C:\Windows\System32\drivers\atapi.sys 2008-01-19 07:20 . 2008-01-19 07:20 17,464 --a------ C:\Windows\System32\drivers\intelide.sys 2008-01-19 07:19 . 2008-01-19 07:19 11,776 --a------ C:\Windows\System32\sbunattend.exe 2008-01-18 20:33 . 2008-01-18 20:39 <DIR> d-------- C:\Program Files\a-squared Free 2008-01-18 20:10 . 2008-01-18 20:10 <DIR> d-------- C:\Program Files\Enigma Software Group 2008-01-18 16:49 . 2008-01-18 17:10 91,492 --a------ C:\Windows\System32\drivers\klin.dat 2008-01-18 16:49 . 2008-01-18 17:10 85,860 --a------ C:\Windows\System32\drivers\klick.dat 2008-01-18 16:48 . 2008-01-19 08:59 <DIR> d-------- C:\Users\All Users\Kaspersky Lab 2008-01-18 16:48 . 2008-01-19 08:59 <DIR> d-------- C:\ProgramData\Kaspersky Lab 2008-01-18 16:48 . 2008-01-18 16:48 <DIR> d-------- C:\Program Files\Kaspersky Lab 2008-01-18 16:48 . 2008-01-19 09:17 3,811,616 --ahs---- C:\Windows\System32\drivers\fidbox.dat 2008-01-18 16:48 . 2008-01-19 08:57 53,000 --ahs---- C:\Windows\System32\drivers\fidbox.idx 2008-01-18 16:46 . 2008-01-18 16:46 <DIR> d-------- C:\Users\All Users\Kaspersky Lab Setup Files 2008-01-18 16:46 . 2008-01-18 16:46 <DIR> d-------- C:\ProgramData\Kaspersky Lab Setup Files 2008-01-17 20:40 . 2008-01-17 20:40 <DIR> d-------- C:\Users\Vanny u Basti\AppData\Roaming\Application Data 2008-01-17 20:40 . 2008-01-17 20:50 <DIR> d-------- C:\Users\All Users\Spyware Terminator 2008-01-17 20:40 . 2008-01-17 20:50 <DIR> d-------- C:\ProgramData\Spyware Terminator 2008-01-17 20:39 . 2008-01-17 20:55 <DIR> d-------- C:\Program Files\Spyware Terminator 2008-01-17 20:14 . 2008-01-18 20:10 <DIR> d-------- C:\Program Files\BrowsingAdvisor 2008-01-17 18:33 . 2008-01-18 18:43 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy 2008-01-17 18:33 . 2008-01-18 18:43 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy 2008-01-17 18:21 . 2008-01-17 18:21 <DIR> d-------- C:\Users\Vanny u Basti\AppData\Roaming\PC Tools 2008-01-17 18:21 . 2008-01-19 08:59 <DIR> d-a------ C:\Users\All Users\TEMP 2008-01-17 18:21 . 2008-01-19 08:59 <DIR> d-a------ C:\ProgramData\TEMP 2008-01-17 18:21 . 2008-01-18 18:03 <DIR> d-------- C:\Program Files\Spyware Doctor 2008-01-17 18:21 . 2007-12-10 14:53 81,288 --a------ C:\Windows\System32\drivers\iksyssec.sys 2008-01-17 18:21 . 2007-12-10 14:53 66,952 --a------ C:\Windows\System32\drivers\iksysflt.sys 2008-01-17 18:21 . 2007-12-10 14:53 41,864 --a------ C:\Windows\System32\drivers\ikfilesec.sys 2008-01-17 18:21 . 2007-12-10 14:53 29,576 --a------ C:\Windows\System32\drivers\kcom.sys 2008-01-17 17:35 . 2008-01-17 17:35 225,792 --a------ C:\Windows\sysosa.dll 2008-01-17 17:35 . 2008-01-17 17:35 53 --a------ C:\tmp.bat 2008-01-16 20:21 . 2008-01-16 20:33 <DIR> d-------- C:\Users\All Users\WinZip 2008-01-16 20:21 . 2008-01-16 20:33 <DIR> d-------- C:\ProgramData\WinZip 2008-01-16 19:52 . 2008-01-18 20:40 <DIR> d-------- C:\Program Files\ICQToolbar 2008-01-16 19:51 . 2008-01-16 19:57 <DIR> d-------- C:\Users\Vanny u Basti\AppData\Roaming\ICQ 2008-01-16 19:50 . 2008-01-16 19:57 <DIR> d-------- C:\Program Files\ICQ6 2007-12-27 18:50 . 2008-01-18 17:35 <DIR> d-------- C:\Users\All Users\Avira 2007-12-27 18:50 . 2008-01-18 17:35 <DIR> d-------- C:\ProgramData\Avira . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-19 06:30 --------- d-----w C:\Program Files\Windows Sidebar 2008-01-19 06:30 --------- d-----w C:\Program Files\Windows Mail 2008-01-19 06:20 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll 2008-01-19 06:20 449,024 ----a-w C:\Windows\AppPatch\AcSpecfc.dll 2008-01-19 06:20 2,143,744 ----a-w C:\Windows\AppPatch\AcGenral.dll 2008-01-19 06:20 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll 2008-01-18 17:46 --------- d-----w C:\Program Files\Google 2008-01-17 18:18 --------- d-----w C:\Users\Vanny u Basti\AppData\Roaming\FrostWire 2008-01-16 18:52 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-12-13 07:24 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL 2007-12-13 07:24 223,232 ----a-w C:\Windows\System32\WMASF.DLL 2007-12-13 07:24 1,327,104 ----a-w C:\Windows\System32\quartz.dll 2007-12-13 07:23 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys 2007-12-13 07:23 824,832 ----a-w C:\Windows\System32\wininet.dll 2007-12-13 07:23 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys 2007-12-13 07:23 56,320 ----a-w C:\Windows\System32\iesetup.dll 2007-12-13 07:23 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll 2007-12-13 07:23 26,624 ----a-w C:\Windows\System32\ieUnatt.exe 2007-12-13 07:23 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys 2007-12-13 07:23 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys 2007-12-13 07:22 3,504,824 ----a-w C:\Windows\System32\ntkrnlpa.exe 2007-12-13 07:22 3,470,520 ----a-w C:\Windows\System32\ntoskrnl.exe 2007-12-01 07:59 --------- d-----w C:\Program Files\Windows Live Toolbar 2007-11-18 09:31 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr 2007-11-18 09:31 67,584 ----a-w C:\Windows\System32\wlanhlp.dll 2007-11-18 09:31 542,720 ----a-w C:\Windows\System32\sysmain.dll 2007-11-18 09:31 502,784 ----a-w C:\Windows\System32\wlansvc.dll 2007-11-18 09:31 47,104 ----a-w C:\Windows\System32\wlanapi.dll 2007-11-18 09:31 299,008 ----a-w C:\Windows\System32\wlansec.dll 2007-11-18 09:31 289,280 ----a-w C:\Windows\System32\wlanmsm.dll 2007-11-18 09:31 24,064 ----a-w C:\Windows\System32\wtsapi32.dll 2007-11-18 09:31 2,923,520 ----a-w C:\Windows\explorer.exe 2007-11-18 09:31 2,027,008 ----a-w C:\Windows\System32\win32k.sys 2007-11-18 09:29 1,244,672 ----a-w C:\Windows\System32\mcmde.dll 2007-08-30 05:29 174 --sha-w C:\Program Files\desktop.ini . (((((((((((((((((((((((((((( Autostart Punkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt. [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BC660FC4-4B54-4CC7-AC65-23B0CA1FBBB0}] 2008-01-17 17:35 225792 --a------ C:\Windows\sysosa.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F1E96EDC-E0C8-BE98-1F15-C29DBED83B53}] 2007-12-30 21:49 1019904 --a------ C:\Program Files\BrowsingAdvisor\BrowsingAdvisor-2.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 07:19 1232896] "TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2006-11-13 09:29 413696] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55 5674352] "ICQ"="C:\Program Files\ICQ6\ICQ.exe" [2007-11-21 01:47 172280] "dmvkq.tmp"="C:\Windows\system32\dmvkq.tmp" [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-07-19 05:49 1006264] "RtHDVCpl"="RtHDVCpl.exe" [2007-03-24 09:04 4423680 C:\Windows\RtHDVCpl.exe] "TPwrMain"="C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE" [2006-12-19 22:16 411768] "HSON"="C:\Program Files\TOSHIBA\TBS\HSON.exe" [2006-12-07 15:49 55416] "SmoothView"="C:\Program Files\Toshiba\SmoothView\SmoothView.exe" [2007-04-03 15:52 509496] "00TCrdMain"="C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-03-23 13:41 538744] "KeNotify"="C:\Program Files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-06 16:14 34352] "HWSetup"="C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" [2006-11-01 07:06 413696] "SVPWUTIL"="C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-03-22 20:42 438272] "topi"="C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-04-02 11:48 577536] "Desktop SMS"="C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe" [2007-01-19 12:25 1507328] "Skytel"="Skytel.exe" [2007-03-17 05:06 1822720 C:\Windows\SkyTel.exe] "IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-04-03 08:37 138008] "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-04-03 08:37 154392] "Persistence"="C:\Windows\system32\igfxpers.exe" [2007-04-03 08:37 133912] "Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2006-09-11 15:21 180224] "Toshiba Registration"="C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe" [2007-02-19 15:00 571024] "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 13:37 174872] "Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2007-04-26 11:03 74672] "lxbkbmgr.exe"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2007-04-26 11:03 74672] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-11 06:28 1838592] "ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2007-12-10 14:53 1103752] "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-26 16:53 218376] "SpyHunter Security Suite"="C:\Program Files\Enigma Software Group\SpyHunter\SHStartup.exe" [2007-12-13 09:21 344064] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,C:\PROGRA~1\KASPER~1\ KASPER~1.0\r3hook.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll R0 CplIR;Embedded IR Driver;C:\Windows\system32\DRIVERS\CplIR.SYS [2007-03-06 14:01] R0 LPCFilter;LPC Lower Filter Driver;C:\Windows\system32\DRIVERS\LPCFilter.sys [2006-07-28 15:25] R0 tos_sps32;TOSHIBA tos_sps32 Service;C:\Windows\system32\DRIVERS\tos_sps32.sys [2007-03-29 16:50] R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys [2007-04-04 14:59] R2 lxbk_device;lxbk_device;C:\Windows\system32\lxbkcoms.exe [2007-04-26 11:01] R2 SpyHunter3 Service;SpyHunter3 Service;"C:\Program Files\Enigma Software Group\SpyHunter\SHService.exe" [2007-12-13 09:21] R2 TNaviSrv;TOSHIBA Navi Support Service;C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe [2007-03-29 16:52] R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service;c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2007-02-25 20:55] R3 AVMUNET;AVM FRITZ!Box;C:\Windows\system32\DRIVERS\avmunet.sys [2005-05-22 01:00] R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-03-06 11:24] R3 NETw4v32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows Vista 32 Bit;C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-02-25 05:14] R3 RTL8169;Realtek 8169 NT Driver;C:\Windows\system32\DRIVERS\Rtlh86.sys [2006-12-25 17:35] R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver;C:\Windows\system32\DRIVERS\tdcmdpst.sys [2006-10-18 11:50] S3 athr;Atheros Extensible Drahtlos-LAN-Gerätetreiber;C:\Windows\system32\DRIVERS\athr.sys [2006-11-02 08:30] S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 13:18] S3 tosrfec;Bluetooth ACPI;C:\Windows\system32\DRIVERS\tosrfec.sys [2006-10-23 15:32] S4 KR10I;KR10I;C:\Windows\system32\drivers\kr10i.sys [2007-01-18 15:40] S4 KR10N;KR10N;C:\Windows\system32\drivers\kr10n.sys [2007-01-18 15:47] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalSystemNetworkRestricted REG_MULTI_SZ hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\ {d1fba317-348b-11dc-a9f8-806e6f6e6963}] \shell\AutoRun\command - F:\KIS7.EXE *Newly Created Service* - PROCEXP90 . Inhalt des "geplante Tasks" Ordners "2008-01-19 08:04:01 C:\Windows\Tasks\Auf Updates für Windows Live Toolbar prüfen.job" - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE "2008-01-19 06:13:46 C:\Windows\Tasks\User_Feed_Synchronization-{B8C39919-5E2A-436C-A737-922AE7BF1F56}.job" - C:\Windows\system32\msfeedssync.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-19 09:17:23 Windows 6.0.6000 NTFS detected NTDLL code modification: ZwClose Scanne versteckte Prozesse... Scanne versteckte Autostart Einträge... HKCU\Software\Microsoft\Windows\CurrentVersion\Run TOSCDSPD = C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i????????F????8???`???????????? Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\Windows\system32\winlogon.exe [6.00.6000.16386] -> C:\Program Files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll PROCESS: C:\Windows\system32\lsass.exe [6.00.6000.16386] -> C:\Program Files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll PROCESS: C:\Windows\Explorer.exe [6.00.6000.16549] -> C:\Program Files\IDM\Desktop SMS\oehook.dll . Zeit der Fertigstellung: 2008-01-19 9:19:45 . 2008-01-19 06:23:37 --- E O F --- So und bei Hijack This komme ich nicht weiter,ich kann die Log nicht kopieren, sobald sich der Editor öffnet, steht da immer die Datei C:\Programmfiles\hijackthis....usw kann nicht gefunden werden.... Dieser Beitrag wurde am 19.01.2008 um 10:03 Uhr von nessa1405 editiert.
|
|
|
||
19.01.2008, 10:22
Ehrenmitglied
Beiträge: 1441 |
#4
«
mal sehen, welcher virenscanner das erkennt , lade die dll hoch (einfach einkopieren) - poste den report http://www.virustotal.com/ C:\Windows\sysosa.dll C:\Windows\System32\sbunattend.exe « wende bitte comboscan an - poste das log http://virus-protect.org/artikel/tools/comboscan.html __________ Gruss Pinguin bin dabei, meine Seite + Proggies zu aktualisieren: http://www.virus-protect.org/ |
|
|
||
19.01.2008, 10:42
...neu hier
Themenstarter Beiträge: 5 |
#5
Antivirus Version letzte aktualisierung Ergebnis
AhnLab-V3 2008.1.19.10 2008.01.18 - AntiVir 7.6.0.48 2008.01.18 - Authentium 4.93.8 2008.01.19 - Avast 4.7.1098.0 2008.01.18 - AVG 7.5.0.516 2008.01.18 Delf.DQE BitDefender 7.2 2008.01.19 - CAT-QuickHeal 9.00 2008.01.18 - ClamAV 0.91.2 2008.01.18 - DrWeb 4.44.0.09170 2008.01.18 - eSafe 7.0.15.0 2008.01.16 - eTrust-Vet 31.3.5470 2008.01.18 - Ewido 4.0 2008.01.18 - FileAdvisor 1 2008.01.19 - Fortinet 3.14.0.0 2008.01.19 - F-Prot 4.4.2.54 2008.01.19 - F-Secure 6.70.13260.0 2008.01.18 - Ikarus T3.1.1.20 2008.01.19 Win32.SuspectCrc Kaspersky 7.0.0.125 2008.01.19 - McAfee 5211 2008.01.18 Generic ProcKill.d Microsoft 1.3109 2008.01.18 Trojan:Win32/Delflob.I NOD32v2 2807 2008.01.19 - Norman 5.80.02 2008.01.18 - Panda 9.0.0.4 2008.01.18 - Prevx1 V2 2008.01.19 - Rising 20.27.42.00 2008.01.18 - Sophos 4.24.0 2008.01.19 - Sunbelt 2.2.907.0 2008.01.17 - Symantec 10 2008.01.19 - TheHacker 6.2.9.191 2008.01.18 - VBA32 3.12.2.5 2008.01.15 - VirusBuster 4.3.26:9 2008.01.18 - Webwasher-Gateway 6.6.2 2008.01.18 - weitere Informationen File size: 225792 bytes MD5: aa31796d9c6db579e490008266d28667 SHA1: 2f4a348eab703fe0e8f5d3fb6a58f1a1a63e66aa PEiD: ASPack v2.12 -> Alexey Solodovnikov packers: Aspack packers: ASPack Deckard's System Scanner v20071014.68 Run by Vanny u Basti on 2008-01-19 10:32:43 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- Last 5 Restore Point(s) -- 19: 2008-01-19 08:10:12 UTC - RP167 - ComboFix created restore point 18: 2008-01-19 06:18:02 UTC - RP166 - Windows Update 17: 2008-01-18 17:52:05 UTC - RP165 - Configured Emdedded IR Driver 16: 2008-01-18 17:42:35 UTC - RP163 - Norton Security Scan wird entfernt 15: 2008-01-18 17:40:26 UTC - RP162 - Removed Google Toolbar for Internet Explorer -- First Restore Point -- 1: 2007-12-13 07:21:22 UTC - RP144 - Windows Update Backed up registry hives. Performed disk cleanup. -- HijackThis (run as Vanny u Basti.exe) --------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:36:53, on 19.01.2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16575) Boot mode: Normal Running processes: C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\svchost.exe C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe C:\Program Files\a-squared Free\a2service.exe C:\Windows\system32\agrsmsvc.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\Windows\system32\lxbkcoms.exe C:\Windows\system32\svchost.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\Program Files\Enigma Software Group\SpyHunter\SHService.exe C:\Windows\system32\svchost.exe C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe C:\Windows\system32\TODDSrv.exe C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\Windows\System32\svchost.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\taskeng.exe C:\Program Files\TOSHIBA\Utilities\KeNotify.exe C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Lexmark X1100 Series\LXBKbmgr.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe C:\Windows\ehome\ehtray.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\ICQ6\ICQ.exe C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Apoint2K\ApMsgFwd.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\Windows Mail\WinMail.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Windows\servicing\TrustedInstaller.exe C:\Users\Vanny u Basti\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YGWF78AR\dss[1].exe C:\Windows\System32\svchost.exe C:\Windows\system32\conime.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\Vanny u Basti.exe C:\Windows\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll O1 - Hosts: ::1 localhost O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Office toolbar - {BC660FC4-4B54-4CC7-AC65-23B0CA1FBBB0} - C:\Windows\sysosa.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: BrowsingAdvisor - {F1E96EDC-E0C8-BE98-1F15-C29DBED83B53} - C:\Program Files\BrowsingAdvisor\BrowsingAdvisor-2.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup O4 - HKLM\..\Run: [Desktop SMS] C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe /auto O4 - HKLM\..\Run: [Skytel] Skytel.exe O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" O4 - HKLM\..\Run: [lxbkbmgr.exe] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SHStartup.exe O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent O4 - HKCU\..\Run: [dmvkq.tmp] C:\Windows\system32\dmvkq.tmp O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll O9 - Extra button: Statistik für Web-Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll O9 - Extra button: (no name) - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - (no file) O9 - Extra button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url_de.pl?http://www.ebay.de/ (file missing) O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O13 - Gopher Prefix: O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.122 85.255.112.83 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.122 85.255.112.83 O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.113.122 85.255.112.83 O17 - HKLM\System\CS4\Services\Tcpip\Parameters: NameServer = 85.255.113.122 85.255.112.83 O17 - HKLM\System\CS5\Services\Tcpip\Parameters: NameServer = 85.255.113.122 85.255.112.83 O17 - HKLM\System\CS6\Services\Tcpip\Parameters: NameServer = 85.255.113.122 85.255.112.83 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.122 85.255.112.83 O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: lxbk_device - - C:\Windows\system32\lxbkcoms.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: SpyHunter3 Service - Enigma Software Group, Inc. - C:\Program Files\Enigma Software Group\SpyHunter\SHService.exe O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 12463 bytes -- File Associations ----------------------------------------------------------- [COLOR=red].cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*[/COLOR] -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R0 CplIR (Embedded IR Driver) - c:\windows\system32\drivers\cplir.sys <Not Verified; COMPAL ELECTRONIC INC.; > -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 CFSvcs (ConfigFree Service) - c:\program files\toshiba\configfree\cfsvcs.exe <Not Verified; TOSHIBA CORPORATION; ConfigFree(TM)> R2 SpyHunter3 Service - "c:\program files\enigma software group\spyhunter\shservice.exe" <Not Verified; Enigma Software Group, Inc.; SpyHunter3> R2 TNaviSrv (TOSHIBA Navi Support Service) - c:\program files\toshiba\toshiba dvd player\tnavisrv.exe <Not Verified; TOSHIBA Corporation; TOSHIBA DVD Player> R2 TODDSrv (TOSHIBA Optical Disc Drive Service) - c:\windows\system32\toddsrv.exe <Not Verified; TOSHIBA Corporation; TDCSrv Application> S3 FirebirdServerMAGIXInstance (Firebird Server - MAGIX Instance) - c:\program files\magix\common\database\bin\fbserver.exe <Not Verified; MAGIX®; Firebird SQL Server - MAGIX Edition> -- Device Manager: Disabled ---------------------------------------------------- No disabled devices found. -- Scheduled Tasks ------------------------------------------------------------- 2008-01-19 10:04:04 256 --a------ C:\Windows\Tasks\Auf Updates für Windows Live Toolbar prüfen.job 2008-01-19 07:13:46 434 --ah----- C:\Windows\Tasks\User_Feed_Synchronization-{B8C39919-5E2A-436C-A737-922AE7BF1F56}.job -- Files created between 2007-12-19 and 2008-01-19 ----------------------------- 2008-01-19 10:36:19 0 d-------- C:\Program Files\Trend Micro 2008-01-19 10:14:06 0 d-------- C:\Program Files\Hijack This 2008-01-19 09:38:13 0 d-------- C:\C hijack this.exe 2008-01-18 20:33:20 0 d-------- C:\Program Files\a-squared Free 2008-01-18 20:10:36 0 d-------- C:\Program Files\Enigma Software Group 2008-01-18 16:49:50 91492 --a------ C:\Windows\system32\drivers\klin.dat 2008-01-18 16:49:49 85860 --a------ C:\Windows\system32\drivers\klick.dat 2008-01-18 16:48:27 0 d-------- C:\Users\All Users\Kaspersky Lab 2008-01-18 16:48:27 0 d-------- C:\Program Files\Kaspersky Lab 2008-01-18 16:48:13 3865376 --ahs---- C:\Windows\system32\drivers\fidbox.dat 2008-01-18 16:46:25 0 d-------- C:\Users\All Users\Kaspersky Lab Setup Files 2008-01-17 20:40:02 0 d-------- C:\Users\All Users\Spyware Terminator 2008-01-17 20:39:59 0 d-------- C:\Program Files\Spyware Terminator 2008-01-17 20:14:27 0 d-------- C:\Program Files\BrowsingAdvisor 2008-01-17 18:33:13 0 d-------- C:\Users\All Users\Spybot - Search & Destroy 2008-01-17 18:21:18 0 d-a------ C:\Users\All Users\TEMP 2008-01-17 18:21:03 0 d-------- C:\Program Files\Spyware Doctor 2008-01-17 17:35:15 225792 --a------ C:\Windows\sysosa.dll <Not Verified; Intel; > 2008-01-17 17:35:15 53 --a------ C:\tmp.bat 2008-01-16 20:21:34 0 d-------- C:\Users\All Users\WinZip 2008-01-16 19:52:08 0 d-------- C:\Program Files\ICQToolbar 2008-01-16 19:50:42 0 d-------- C:\Program Files\ICQ6 2007-12-27 18:50:58 0 d-------- C:\Users\All Users\Avira -- Find3M Report --------------------------------------------------------------- 2008-01-19 07:30:41 0 d-------- C:\Program Files\Windows Mail 2008-01-19 07:30:38 0 d-------- C:\Program Files\Windows Sidebar 2008-01-18 18:46:13 0 d-------- C:\Program Files\Google 2008-01-18 18:38:05 0 d-------- C:\Program Files\Common Files 2008-01-18 17:04:33 641344 --a------ C:\Windows\system32\perfh007.dat 2008-01-18 17:04:33 116706 --a------ C:\Windows\system32\perfc007.dat 2008-01-17 20:40:02 0 d-------- C:\Users\Vanny u Basti\AppData\Roaming\Application Data 2008-01-17 19:18:12 0 d-------- C:\Users\Vanny u Basti\AppData\Roaming\FrostWire 2008-01-17 18:21:03 0 d-------- C:\Users\Vanny u Basti\AppData\Roaming\PC Tools 2008-01-16 19:57:27 0 d-------- C:\Users\Vanny u Basti\AppData\Roaming\ICQ 2008-01-16 19:52:58 0 d--h----- C:\Program Files\InstallShield Installation Information 2007-12-01 08:59:46 0 d-------- C:\Program Files\Windows Live Toolbar -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BC660FC4-4B54-4CC7-AC65-23B0CA1FBBB0}] 17.01.2008 17:35 225792 --a------ C:\Windows\sysosa.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F1E96EDC-E0C8-BE98-1F15-C29DBED83B53}] 30.12.2007 21:49 1019904 --a------ C:\Program Files\BrowsingAdvisor\BrowsingAdvisor-2.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [19.07.2007 05:49] "RtHDVCpl"="RtHDVCpl.exe" [24.03.2007 09:04 C:\Windows\RtHDVCpl.exe] "TPwrMain"="C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE" [19.12.2006 22:16] "HSON"="C:\Program Files\TOSHIBA\TBS\HSON.exe" [07.12.2006 15:49] "SmoothView"="C:\Program Files\Toshiba\SmoothView\SmoothView.exe" [03.04.2007 15:52] "00TCrdMain"="C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe" [23.03.2007 13:41] "KeNotify"="C:\Program Files\TOSHIBA\Utilities\KeNotify.exe" [06.11.2006 16:14] "HWSetup"="C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" [01.11.2006 07:06] "SVPWUTIL"="C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe" [22.03.2006 20:42] "topi"="C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe" [02.04.2007 11:48] "Desktop SMS"="C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe" [19.01.2007 12:25] "Skytel"="Skytel.exe" [17.03.2007 05:06 C:\Windows\SkyTel.exe] "IgfxTray"="C:\Windows\system32\igfxtray.exe" [03.04.2007 08:37] "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [03.04.2007 08:37] "Persistence"="C:\Windows\system32\igfxpers.exe" [03.04.2007 08:37] "Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [11.09.2006 15:21] "Toshiba Registration"="C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe" [19.02.2007 15:00] "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [12.02.2007 13:37] "Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [26.04.2007 11:03] "lxbkbmgr.exe"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [26.04.2007 11:03] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [11.08.2007 06:28] "ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [10.12.2007 14:53] "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [26.06.2007 16:53] "SpyHunter Security Suite"="C:\Program Files\Enigma Software Group\SpyHunter\SHStartup.exe" [13.12.2007 09:21] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [19.01.2008 07:19] "TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [13.11.2006 09:29] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [02.11.2006 13:35] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [19.01.2007 11:55] "ICQ"="C:\Program Files\ICQ6\ICQ.exe" [21.11.2007 01:47] "dmvkq.tmp"="C:\Windows\system32\dmvkq.tmp" [] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] @="IEEE 1394 Bus host controllers" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] @="SBP2 IEEE 1394 Devices" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] @="SecurityDevices" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d1fba317-348b-11dc-a9f8-806e6f6e6963}] AutoRun\command- F:\KIS7.EXE [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] C:\Windows\system32\unregmp2.exe /ShowWMP [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI -- End of Deckard's System Scanner: finished at 2008-01-19 10:41:08 ------------ So,jetzt habe ich es,denk ich mal |
|
|
||
19.01.2008, 15:59
Ehrenmitglied
Beiträge: 1441 |
#6
nessa1405
1. lade fixwareout - noch nicht anwenden http://www.virus-protect.org/artikel/tools/fixwareout.html 2. Schliesse alle Fenster und starte Hijack This Klicke: Do a Systemscan only Setze ein Häckchen in das Kästchen vor den genannten Eintrag und wähle fix checked Zitat O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)4. Combofix Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als cfscript.txt mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden. Zitat KILLALL::CFScript.txt und mit der rechten Maustaste auf das Symbol von Combofix ziehen Wende combofix noch mal an - tippe 1 4. fixwareout anwenden - Rechner wird neustarten - poste den report 5. poste das neue Log vom HijackThis ---------- 6. mache einen Onlinescan mit McAfee FreeScan (Online) http://board.protecus.de/t8642.htm poste hier den report __________ Gruss Pinguin bin dabei, meine Seite + Proggies zu aktualisieren: http://www.virus-protect.org/ |
|
|
||
19.01.2008, 23:56
...neu hier
Themenstarter Beiträge: 5 |
#7
Hallo Pinguin,
danke erstmal für deine Hilfe, ich bewundere ja immer wieder die Menschen, die sich mit solchen Dingen auskennen.... Leider funktioniert fixwareout bei mir nicht mit vista.... Hier erstmal der zweite Report von Combofix ComboFix 08-01-18.5 - Vanny u Basti 2008-01-19 23:38:08.3 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1031.18.1074 [GMT 1:00] ausgeführt von:: C:\Users\Vanny u Basti\Downloads\ComboFix.exe Command switches used :: C:\Users\Vanny u Basti\Desktop\cfscript.txt * Neuer Wiederherstellungspunkt wurde erstellt [color=red]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color] . [color=purple]The following files were disabled during the run:[/color] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll ((((((((((((((((((((((( Dateien erstellt von 2007-12-19 bis 2008-01-19 )))))))))))))))))))))))))))))) . 2008-01-19 22:46 . 2008-01-19 22:46 486,449 --a------ C:\Users\Vanny u Basti\Fixwareout.exe 2008-01-19 10:36 . 2008-01-19 10:36 <DIR> d-------- C:\Program Files\Trend Micro 2008-01-19 10:32 . 2008-01-19 10:32 <DIR> d-------- C:\Deckard 2008-01-19 10:14 . 2008-01-19 23:21 <DIR> d-------- C:\Program Files\Hijack This 2008-01-19 10:13 . 2008-01-19 10:13 598,816 --a------ C:\Users\Vanny u Basti\hijackthissetupv2.0.2.exe 2008-01-19 09:38 . 2008-01-19 09:38 <DIR> d-------- C:\C hijack this.exe 2008-01-19 09:09 . 2000-08-31 08:00 51,200 --a------ C:\Windows\NirCmd.exe 2008-01-19 07:23 . 2008-01-19 07:23 802,816 --a------ C:\Windows\System32\drivers\tcpip.sys 2008-01-19 07:23 . 2008-01-19 07:23 216,760 --a------ C:\Windows\System32\drivers\netio.sys 2008-01-19 07:23 . 2008-01-19 07:23 167,424 --a------ C:\Windows\System32\tcpipcfg.dll 2008-01-19 07:23 . 2008-01-19 07:23 24,064 --a------ C:\Windows\System32\netcfg.exe 2008-01-19 07:23 . 2008-01-19 07:23 22,016 --a------ C:\Windows\System32\netiougc.exe 2008-01-19 07:20 . 2008-01-19 07:20 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll 2008-01-19 07:20 . 2008-01-19 07:20 1,686,016 --a------ C:\Windows\System32\gameux.dll 2008-01-19 07:20 . 2008-01-19 07:20 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys 2008-01-19 07:20 . 2008-01-19 07:20 211,000 --a------ C:\Windows\System32\drivers\volsnap.sys 2008-01-19 07:20 . 2008-01-19 07:20 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys 2008-01-19 07:20 . 2008-01-19 07:20 109,624 --a------ C:\Windows\System32\drivers\ataport.sys 2008-01-19 07:20 . 2008-01-19 07:20 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys 2008-01-19 07:20 . 2008-01-19 07:20 21,560 --a------ C:\Windows\System32\drivers\atapi.sys 2008-01-19 07:20 . 2008-01-19 07:20 17,464 --a------ C:\Windows\System32\drivers\intelide.sys 2008-01-19 07:19 . 2008-01-19 07:19 11,776 --a------ C:\Windows\System32\sbunattend.exe 2008-01-18 20:33 . 2008-01-19 12:31 <DIR> d-------- C:\Program Files\a-squared Free 2008-01-18 20:10 . 2008-01-18 20:10 <DIR> d-------- C:\Program Files\Enigma Software Group 2008-01-18 16:49 . 2008-01-18 17:10 91,492 --a------ C:\Windows\System32\drivers\klin.dat 2008-01-18 16:49 . 2008-01-18 17:10 85,860 --a------ C:\Windows\System32\drivers\klick.dat 2008-01-18 16:48 . 2008-01-19 22:40 <DIR> d-------- C:\Users\All Users\Kaspersky Lab 2008-01-18 16:48 . 2008-01-19 22:40 <DIR> d-------- C:\ProgramData\Kaspersky Lab 2008-01-18 16:48 . 2008-01-18 16:48 <DIR> d-------- C:\Program Files\Kaspersky Lab 2008-01-18 16:48 . 2008-01-19 23:40 4,032,032 --ahs---- C:\Windows\System32\drivers\fidbox.dat 2008-01-18 16:48 . 2008-01-19 15:36 56,180 --ahs---- C:\Windows\System32\drivers\fidbox.idx 2008-01-18 16:46 . 2008-01-18 16:46 <DIR> d-------- C:\Users\All Users\Kaspersky Lab Setup Files 2008-01-18 16:46 . 2008-01-18 16:46 <DIR> d-------- C:\ProgramData\Kaspersky Lab Setup Files 2008-01-17 20:40 . 2008-01-19 12:36 <DIR> d-------- C:\Users\Vanny u Basti\AppData\Roaming\Application Data 2008-01-17 20:39 . 2008-01-19 12:38 <DIR> d-------- C:\Program Files\Spyware Terminator 2008-01-17 20:14 . 2008-01-19 12:30 <DIR> d-------- C:\Program Files\BrowsingAdvisor 2008-01-17 18:33 . 2008-01-18 18:43 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy 2008-01-17 18:33 . 2008-01-18 18:43 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy 2008-01-17 18:21 . 2008-01-17 18:21 <DIR> d-------- C:\Users\Vanny u Basti\AppData\Roaming\PC Tools 2008-01-17 18:21 . 2008-01-19 22:56 <DIR> d-a------ C:\Users\All Users\TEMP 2008-01-17 18:21 . 2008-01-19 22:56 <DIR> d-a------ C:\ProgramData\TEMP 2008-01-17 18:21 . 2008-01-18 18:03 <DIR> d-------- C:\Program Files\Spyware Doctor 2008-01-17 18:21 . 2007-12-10 14:53 81,288 --a------ C:\Windows\System32\drivers\iksyssec.sys 2008-01-17 18:21 . 2007-12-10 14:53 66,952 --a------ C:\Windows\System32\drivers\iksysflt.sys 2008-01-17 18:21 . 2007-12-10 14:53 41,864 --a------ C:\Windows\System32\drivers\ikfilesec.sys 2008-01-17 18:21 . 2007-12-10 14:53 29,576 --a------ C:\Windows\System32\drivers\kcom.sys 2008-01-17 17:35 . 2008-01-17 17:35 53 --a------ C:\tmp.bat 2008-01-16 20:21 . 2008-01-16 20:33 <DIR> d-------- C:\Users\All Users\WinZip 2008-01-16 20:21 . 2008-01-16 20:33 <DIR> d-------- C:\ProgramData\WinZip 2008-01-16 19:52 . 2008-01-18 20:40 <DIR> d-------- C:\Program Files\ICQToolbar 2008-01-16 19:51 . 2008-01-16 19:57 <DIR> d-------- C:\Users\Vanny u Basti\AppData\Roaming\ICQ 2008-01-16 19:50 . 2008-01-16 19:57 <DIR> d-------- C:\Program Files\ICQ6 2007-12-27 18:50 . 2008-01-18 17:35 <DIR> d-------- C:\Users\All Users\Avira 2007-12-27 18:50 . 2008-01-18 17:35 <DIR> d-------- C:\ProgramData\Avira . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-19 11:31 --------- d-----w C:\Program Files\Google 2008-01-19 06:30 --------- d-----w C:\Program Files\Windows Sidebar 2008-01-19 06:30 --------- d-----w C:\Program Files\Windows Mail 2008-01-19 06:20 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll 2008-01-19 06:20 449,024 ----a-w C:\Windows\AppPatch\AcSpecfc.dll 2008-01-19 06:20 2,143,744 ----a-w C:\Windows\AppPatch\AcGenral.dll 2008-01-19 06:20 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll 2008-01-17 18:18 --------- d-----w C:\Users\Vanny u Basti\AppData\Roaming\FrostWire 2008-01-16 18:52 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-12-13 07:24 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL 2007-12-13 07:24 223,232 ----a-w C:\Windows\System32\WMASF.DLL 2007-12-13 07:24 1,327,104 ----a-w C:\Windows\System32\quartz.dll 2007-12-13 07:23 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys 2007-12-13 07:23 824,832 ----a-w C:\Windows\System32\wininet.dll 2007-12-13 07:23 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys 2007-12-13 07:23 56,320 ----a-w C:\Windows\System32\iesetup.dll 2007-12-13 07:23 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll 2007-12-13 07:23 26,624 ----a-w C:\Windows\System32\ieUnatt.exe 2007-12-13 07:23 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys 2007-12-13 07:23 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys 2007-12-13 07:22 3,504,824 ----a-w C:\Windows\System32\ntkrnlpa.exe 2007-12-13 07:22 3,470,520 ----a-w C:\Windows\System32\ntoskrnl.exe 2007-12-01 07:59 --------- d-----w C:\Program Files\Windows Live Toolbar 2007-11-18 09:31 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr 2007-11-18 09:31 67,584 ----a-w C:\Windows\System32\wlanhlp.dll 2007-11-18 09:31 542,720 ----a-w C:\Windows\System32\sysmain.dll 2007-11-18 09:31 502,784 ----a-w C:\Windows\System32\wlansvc.dll 2007-11-18 09:31 47,104 ----a-w C:\Windows\System32\wlanapi.dll 2007-11-18 09:31 299,008 ----a-w C:\Windows\System32\wlansec.dll 2007-11-18 09:31 289,280 ----a-w C:\Windows\System32\wlanmsm.dll 2007-11-18 09:31 24,064 ----a-w C:\Windows\System32\wtsapi32.dll 2007-11-18 09:31 2,923,520 ----a-w C:\Windows\explorer.exe 2007-11-18 09:31 2,027,008 ----a-w C:\Windows\System32\win32k.sys 2007-11-18 09:29 1,244,672 ----a-w C:\Windows\System32\mcmde.dll 2007-08-30 05:29 174 --sha-w C:\Program Files\desktop.ini . ((((((((((((((((((((((((((((( snapshot@2008-01-19_ 9.18.07,87 ))))))))))))))))))))))))))))))))))))))))) . - 2008-01-19 07:58:46 67,584 --s-a-w C:\Windows\bootstat.dat + 2008-01-19 21:39:17 67,584 --s-a-w C:\Windows\bootstat.dat - 2008-01-19 08:10:43 151,552 ----a-w C:\Windows\erdnt\Hiv-backup\Users\00000001\ntuser.dat + 2008-01-19 22:37:53 151,552 ----a-w C:\Windows\erdnt\Hiv-backup\Users\00000001\ntuser.dat - 2008-01-19 08:10:44 155,648 ----a-w C:\Windows\erdnt\Hiv-backup\Users\00000002\ntuser.dat + 2008-01-19 22:37:53 155,648 ----a-w C:\Windows\erdnt\Hiv-backup\Users\00000002\ntuser.dat - 2008-01-19 08:10:45 2,527,232 ----a-w C:\Windows\erdnt\Hiv-backup\Users\00000003\ntuser.dat + 2008-01-19 22:37:54 2,535,424 ----a-w C:\Windows\erdnt\Hiv-backup\Users\00000003\ntuser.dat - 2008-01-19 08:10:45 2,187,264 ----a-w C:\Windows\erdnt\Hiv-backup\Users\00000004\UsrClass.dat + 2008-01-19 22:37:54 2,187,264 ----a-w C:\Windows\erdnt\Hiv-backup\Users\00000004\UsrClass.dat - 2008-01-19 07:57:02 616,624 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat + 2008-01-19 14:36:21 616,624 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat - 2008-01-19 08:02:12 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\UsrClass.dat + 2008-01-19 22:05:45 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\UsrClass.dat - 2008-01-19 07:59:26 40,960 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\rtdrvmon.exe + 2008-01-19 21:40:10 40,960 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\rtdrvmon.exe - 2008-01-19 08:00:31 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat + 2008-01-19 21:42:01 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat - 2008-01-19 08:02:56 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\UsrClass.dat + 2008-01-19 22:22:15 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\UsrClass.dat - 2008-01-19 08:00:37 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat + 2008-01-19 21:42:08 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat - 2008-01-19 07:59:26 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2008-01-19 21:40:39 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2008-01-19 07:59:26 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2008-01-19 21:40:39 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2008-01-19 07:59:26 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2008-01-19 21:40:39 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2008-01-19 08:01:15 9,308 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3960360878-4086731189-2281556047-1000_UserData.bin + 2008-01-19 21:42:32 9,432 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3960360878-4086731189-2281556047-1000_UserData.bin - 2008-01-19 08:01:14 76,360 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin + 2008-01-19 21:42:30 76,488 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin - 2008-01-19 08:01:07 47,362 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin + 2008-01-19 21:41:57 47,730 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin . -- Snapshot reset to current date -- . (((((((((((((((((((((((((((( Autostart Punkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt. [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F1E96EDC-E0C8-BE98-1F15-C29DBED83B53}] 2007-12-30 21:49 1019904 --a------ C:\Program Files\BrowsingAdvisor\BrowsingAdvisor-2.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 07:19 1232896] "TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2006-11-13 09:29 413696] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55 5674352] "ICQ"="C:\Program Files\ICQ6\ICQ.exe" [2007-11-21 01:47 172280] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-07-19 05:49 1006264] "RtHDVCpl"="RtHDVCpl.exe" [2007-03-24 09:04 4423680 C:\Windows\RtHDVCpl.exe] "TPwrMain"="C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE" [2006-12-19 22:16 411768] "HSON"="C:\Program Files\TOSHIBA\TBS\HSON.exe" [2006-12-07 15:49 55416] "SmoothView"="C:\Program Files\Toshiba\SmoothView\SmoothView.exe" [2007-04-03 15:52 509496] "00TCrdMain"="C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-03-23 13:41 538744] "KeNotify"="C:\Program Files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-06 16:14 34352] "HWSetup"="C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" [2006-11-01 07:06 413696] "SVPWUTIL"="C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-03-22 20:42 438272] "topi"="C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-04-02 11:48 577536] "Desktop SMS"="C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe" [2007-01-19 12:25 1507328] "Skytel"="Skytel.exe" [2007-03-17 05:06 1822720 C:\Windows\SkyTel.exe] "IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-04-03 08:37 138008] "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-04-03 08:37 154392] "Persistence"="C:\Windows\system32\igfxpers.exe" [2007-04-03 08:37 133912] "Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2006-09-11 15:21 180224] "Toshiba Registration"="C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe" [2007-02-19 15:00 571024] "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 13:37 174872] "Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2007-04-26 11:03 74672] "lxbkbmgr.exe"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2007-04-26 11:03 74672] "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-26 16:53 218376] "SpyHunter Security Suite"="C:\Program Files\Enigma Software Group\SpyHunter\SHStartup.exe" [2007-12-13 09:21 344064] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll R0 CplIR;Embedded IR Driver;C:\Windows\system32\DRIVERS\CplIR.SYS [2007-03-06 14:01] R0 LPCFilter;LPC Lower Filter Driver;C:\Windows\system32\DRIVERS\LPCFilter.sys [2006-07-28 15:25] R0 tos_sps32;TOSHIBA tos_sps32 Service;C:\Windows\system32\DRIVERS\tos_sps32.sys [2007-03-29 16:50] R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys [2007-04-04 14:59] R2 lxbk_device;lxbk_device;C:\Windows\system32\lxbkcoms.exe [2007-04-26 11:01] R2 SpyHunter3 Service;SpyHunter3 Service;"C:\Program Files\Enigma Software Group\SpyHunter\SHService.exe" [2007-12-13 09:21] R2 TNaviSrv;TOSHIBA Navi Support Service;C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe [2007-03-29 16:52] R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service;c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2007-02-25 20:55] R3 AVMUNET;AVM FRITZ!Box;C:\Windows\system32\DRIVERS\avmunet.sys [2005-05-22 01:00] R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-03-06 11:24] R3 NETw4v32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows Vista 32 Bit;C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-02-25 05:14] R3 RTL8169;Realtek 8169 NT Driver;C:\Windows\system32\DRIVERS\Rtlh86.sys [2006-12-25 17:35] R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver;C:\Windows\system32\DRIVERS\tdcmdpst.sys [2006-10-18 11:50] S3 athr;Atheros Extensible Drahtlos-LAN-Gerätetreiber;C:\Windows\system32\DRIVERS\athr.sys [2006-11-02 08:30] S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 13:18] S3 tosrfec;Bluetooth ACPI;C:\Windows\system32\DRIVERS\tosrfec.sys [2006-10-23 15:32] S4 KR10I;KR10I;C:\Windows\system32\drivers\kr10i.sys [2007-01-18 15:40] S4 KR10N;KR10N;C:\Windows\system32\drivers\kr10n.sys [2007-01-18 15:47] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalSystemNetworkRestricted REG_MULTI_SZ hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum . Inhalt des "geplante Tasks" Ordners "2008-01-19 22:04:00 C:\Windows\Tasks\Auf Updates für Windows Live Toolbar prüfen.job" - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE "2008-01-19 06:13:46 C:\Windows\Tasks\User_Feed_Synchronization-{B8C39919-5E2A-436C-A737-922AE7BF1F56}.job" - C:\Windows\system32\msfeedssync.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-19 23:40:39 Windows 6.0.6000 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostart Einträge... HKCU\Software\Microsoft\Windows\CurrentVersion\Run TOSCDSPD = C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i????????F????8???`???????????? Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\Windows\system32\winlogon.exe [6.00.6000.16386] -> C:\Program Files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll PROCESS: C:\Windows\system32\lsass.exe [6.00.6000.16386] -> C:\Program Files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll . Zeit der Fertigstellung: 2008-01-19 23:42:09 ComboFix2.txt 2008-01-19 22:30:21 ComboFix3.txt 2008-01-19 08:19:47 . 2008-01-19 06:23:37 --- E O F --- |
|
|
||
20.01.2008, 00:11
Ehrenmitglied
Beiträge: 1441 |
#8
«
poste bitte das neue Log vom HijackThis « mache einen Onlinescan mit McAfee FreeScan (Online) http://board.protecus.de/t8642.htm poste hier den report __________ __________ Gruss Pinguin bin dabei, meine Seite + Proggies zu aktualisieren: http://www.virus-protect.org/ |
|
|
||
20.01.2008, 10:07
Ehrenmitglied
Beiträge: 6028 |
#9
Fixe noch mit HJ O2 - BHO: BrowsingAdvisor - {F1E96EDC-E0C8-BE98-1F15-C29DBED83B53} - C:\Program Files\BrowsingAdvisor\BrowsingAdvisor-2.dll
Entferne auf C:\Program Files\BrowsingAdvisor http://www.castlecops.com/tk41048-BrowsingAdvisor.html __________ MfG Argus |
|
|
||
21.01.2008, 19:11
...neu hier
Themenstarter Beiträge: 5 |
#10
Hallo Zusammen,
vielen Dank erstmal für Eure Hilfe, nachdem am WE auch noch mein Internet ausgefallen ist, hatte ich die Nase voll und hab alles runtergeschmissen und Vista komplett neu draufgespielt...Und jetzt, siehe da, keine Fehlermeldung und keine Probleme mehr mit dem Internet :-) Ich hoffe,es bleibt so.... LG Nessa |
|
|
||
seit einigen Tagen werde ich im Netz bei Google stänidg auf Pornoseiten weitergeleitet, wenn ich etwas suche, ausserdem erscheint,wenn ich ins Netz gehe ständig ein Fenster : system Error, your Computer was infectet by an uknown Trojan....
Darufhin habe ich mir das Programm Kapinsky 7.0 gekauft,welches angeblich alle Viren und Trojaner entfernt hat, aber das selbe Problem ist immer noch da....
Kann mir jemand helfen?
LG