Hijack this Liste |
||
---|---|---|
#0
| ||
02.04.2008, 23:04
...neu hier
Beiträge: 4 |
||
|
||
03.04.2008, 01:46
Ehrenmitglied
Beiträge: 6028 |
#2
Java
Dein Java software ist veraltet, Download jre-6u5-windows-i586-p.exe Scrolle runter nach ----> Java Runtime Environment (JRE) 6 Update 5 The Java SE Runtime Environment (JRE) allows end-users to run Java applications. Klicke auf Download Setze in haeckchen bei --->"Accept License Agreement". Klicke “Windows Offline Installation, Multi-language” um “jre-6u5-windows-i586-p.exe” zum Desktop zu installieren Schliesse alle Programme auch dein Webbrowser Ueber "Start -> Einstellungen -> Systemsteuerung -> Software Und entferne alle aeltere versionen von Java Runtime Environment (JRE of J2SE) Nachdem alles entfernt wurde --->Rechner neu starten Installiere jetzt vom Desktop aus ---> jre-6u5-windows-i586-p.exe ComboFix http://www.virus-protect.org/artikel/tools/combofix.html ComboFix und speichert es auf den Desktop! Alle Fenster schliessen Geh zum Start > Ausführen und kopiere rein "%userprofile%\desktop\ComboFix.exe" /KillAll klicke OK Jetzt wird ComboFix starten Folge den Instruktionen in das Fenster Waehrend Combofix lauft NICHT ins Fenster klicken sonst erfriert dein Rechner Wenn das Tool fertig ist,oeffnet sich ein logfile (C:\combofix.txt) nun das KOMPLETTE Log mit rechtem Mausklick abkopieren und ins Forum mit rechtem Mausklick "einfügen" Hintergrundwächtern inklusive der Firewall + Antivirusprogramme müssen deaktiviert sein Entferne Hijack This 1.99.1 und…….. Erstellen eines Hijackthis-Logfiles Als erstes mach ein neuen Ordner auf C:\ z.b. C:\HijackThis,download HijackThis.exe dahin Download: HijackThis202 Doppelklick HijackThis.exe und installiere das Tool in C:\Programme Am Ende steht auf dein Desktop eine verknüpfung Starte Hijack This und klicke “Do a system scan and safe a logfile” Save log --> hijackthis.log - Save - es öffnet sich der Editor nun das KOMPLETTE Log mit rechtem Mausklick abkopieren und ins Forum mit rechtem Mausklick "einfügen" __________ MfG Argus |
|
|
||
03.04.2008, 13:06
...neu hier
Themenstarter Beiträge: 4 |
#3
ComboFix 08-04-02.1 - Dilo 2008-04-03 12:47:10.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.257 [GMT 2:00] Running from: C:\Documents and Settings\Dilo\desktop\ComboFix.exe Command switches used :: /KillAll * Created a new restore point [color=red]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color] . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Desktop\webmediaplayer.lnk C:\Documents and Settings\All Users\Start Menu\Programs\WebMediaPlayer C:\Documents and Settings\All Users\Start Menu\Programs\WebMediaPlayer\Privacy Policy.url C:\Documents and Settings\All Users\Start Menu\Programs\WebMediaPlayer\Terms and Conditions.url C:\Documents and Settings\All Users\Start Menu\Programs\WebMediaPlayer\Uninstall.lnk C:\Documents and Settings\All Users\Start Menu\Programs\WebMediaPlayer\WebMediaPlayer.lnk C:\Documents and Settings\All Users\Start Menu\Programs\WebMediaPlayer\Website.url C:\Documents and Settings\Dilo\Application Data\WinAntiVirus Pro 2006 C:\Documents and Settings\Dilo\Application Data\WinAntiVirus Pro 2006\Logs\update.log C:\Documents and Settings\Dilo\Application Data\WinAntiVirus Pro 2006\Logs\wa6Support.log C:\Documents and Settings\Dilo\Application Data\WinAntiVirus Pro 2006\Logs\winav.log C:\Documents and Settings\Dilo\err.log c:\Documents and Settings\Dilo\Local Settings\Application Data\rxcpozbcr.dat c:\documents and settings\dilo\local settings\application data\rxcpozbcr.exe c:\Documents and Settings\Dilo\Local Settings\Application Data\rxcpozbcr_nav.dat C:\Documents and Settings\Dilo\Local Settings\Application Data\rxcpozbcr_navps.dat c:\Documents and Settings\Dilo\Local Settings\Application Data\tvhdoz.dat C:\Documents and Settings\Dilo\Local Settings\Application Data\tvhdoz_nav.dat c:\Documents and Settings\Dilo\Local Settings\Application Data\tvhdoz_navfx.dat c:\Documents and Settings\Dilo\Local Settings\Application Data\tvhdoz_navps.dat C:\Program Files\webmediaplayer C:\Program Files\webmediaplayer\resources\languages_v2.xml C:\Program Files\webmediaplayer\resources\webmedias C:\Program Files\webmediaplayer\skins\classic.skn C:\Program Files\webmediaplayer\sqlite3.dll C:\Program Files\webmediaplayer\uninst.exe C:\Program Files\webmediaplayer\WebMediaPlayer.exe C:\WA6P C:\WINDOWS\Downloaded Program Files\UWA6P_0001_N91M1807NetInstaller.exe C:\WINDOWS\system32\nvs2.inf C:\WINDOWS\system32\stera.job C:\WINDOWS\system32\stera.log . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_FOPN -------\Legacy_VSPF -------\Legacy_VSPF_HK -------\Service_FOPN -------\Service_vspf -------\Service_vspf_hk ((((((((((((((((((((((((( Files Created from 2008-03-03 to 2008-04-03 ))))))))))))))))))))))))))))))) . 2008-04-03 12:17 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-04-03 12:15 . 2008-04-03 12:15 <DIR> d-------- C:\Program Files\Common Files\Java 2008-04-03 11:47 . 2008-04-03 11:47 <DIR> d-------- C:\Program Files\Java neu 2008-04-03 11:19 . 2008-04-03 11:24 <DIR> d-------- C:\Documents and Settings\Dilo\.SunDownloadManager 2008-03-30 14:01 . 2008-03-30 14:01 <DIR> d-------- C:\Program Files\Avira 2008-03-30 14:01 . 2008-03-30 14:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-03-30 11:45 . 2008-03-30 11:46 17,788,920 --a------ C:\Program Files\antivir_workstation_win7u_en_h.exe 2008-03-30 11:08 . 2008-04-03 11:50 <DIR> d-------- C:\Program Files\Spyware Terminator 2008-03-30 11:08 . 2008-04-03 11:50 <DIR> d-------- C:\Documents and Settings\Dilo\Application Data\Spyware Terminator 2008-03-30 11:08 . 2008-03-30 13:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator 2008-03-30 11:08 . 2008-03-30 11:08 138,752 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys 2008-03-30 11:07 . 2008-03-30 11:07 9,823,864 --a------ C:\Program Files\SpywareTerminator_Setup.exe 2008-03-30 10:54 . 2008-03-30 10:54 15,070,104 --a------ C:\Program Files\spy sweeper.exe 2008-03-30 01:04 . 2008-03-30 01:04 <DIR> d-------- C:\Program Files\AskSBar 2008-03-30 00:58 . 2008-03-30 00:58 164 --a------ C:\install.dat 2008-03-30 00:57 . 2008-03-30 00:57 15,070,144 --a------ C:\Program Files\SpySweeperSNRSetup_EN.exe 2008-03-30 00:39 . 2008-03-30 13:50 <DIR> d-------- C:\Program Files\CleanMyPC Popup Blocker 2008-03-30 00:38 . 2008-03-30 00:39 155,592 --a------ C:\Program Files\popupblocker.exe 2008-03-29 00:44 . 2008-03-29 00:44 724,992 --a------ C:\WINDOWS\iun6002.exe 2008-03-29 00:39 . 2008-03-29 00:39 331,163 --a------ C:\Program Files\tool_en.zip 2008-03-28 15:48 . 2008-03-28 15:48 212,849 --a------ C:\Program Files\hijackthis.zip 2008-03-28 15:14 . 2008-03-28 15:14 342,656 --a------ C:\Program Files\G-data.exe 2008-03-09 20:00 . 2008-03-29 01:16 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy 2008-03-09 20:00 . 2008-03-30 00:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-03-09 18:32 . 2008-03-30 01:11 <DIR> d-------- C:\Documents and Settings\Dilo\Application Data\SlimBrowser 2008-03-09 14:08 . 2008-03-09 14:49 <DIR> d-------- C:\Program Files\Buyuk Sohbet Mirc 2008-03-08 14:54 . 2008-03-08 14:54 <DIR> d-------- C:\Program Files\Windows Defender . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-03 10:41 --------- d-----w C:\Program Files\Google 2008-04-03 10:17 --------- d-----w C:\Program Files\Java 2008-03-30 11:57 --------- d-----w C:\Program Files\Clean up 2008-03-28 23:10 1,918 ----a-w C:\Program Files\tool_en.log 2008-03-14 06:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-03-09 12:49 --------- d-----w C:\Program Files\DivX 2008-02-17 10:13 --------- d-----w C:\Program Files\Winamp 2008-02-17 09:57 --------- d-----w C:\Program Files\Common Files\NSV 2008-02-11 19:51 --------- d-----w C:\Program Files\Regfixer 2008-02-11 17:31 --------- d-----w C:\Documents and Settings\Dilo\Application Data\Ahead 2008-02-10 21:06 --------- d-----w C:\Program Files\Windows Media Connect 2 2007-07-29 18:04 92,064 ----a-w C:\Documents and Settings\Dilo\mqdmmdm.sys 2007-07-29 18:04 9,232 ----a-w C:\Documents and Settings\Dilo\mqdmmdfl.sys 2007-07-29 18:04 79,328 ----a-w C:\Documents and Settings\Dilo\mqdmserd.sys 2007-07-29 18:04 66,656 ----a-w C:\Documents and Settings\Dilo\mqdmbus.sys 2007-07-29 18:04 6,208 ----a-w C:\Documents and Settings\Dilo\mqdmcmnt.sys 2007-07-29 18:04 5,936 ----a-w C:\Documents and Settings\Dilo\mqdmwhnt.sys 2007-07-29 18:04 4,048 ----a-w C:\Documents and Settings\Dilo\mqdmcr.sys 2007-07-29 18:04 25,600 ----a-w C:\Documents and Settings\Dilo\usbsermptxp.sys 2007-07-29 18:04 22,768 ----a-w C:\Documents and Settings\Dilo\usbsermpt.sys 2007-07-29 13:52 1,949,384 ----a-w C:\Program Files\powerpoint German.exe 2006-01-26 18:39 1,775 ----a-w C:\Program Files\Adobe Reader 7.0.lnk 2006-01-26 18:38 20,921,040 ------w C:\Program Files\AdbeRdr705_enu_full.exe 2006-01-22 13:28 32 --sha-r C:\Documents and Settings\Dilo\Application Data\pexmodes.dat 2006-01-19 14:04 118,570 ------w C:\Program Files\2BNT4A3G.EXE 2006-01-19 13:46 8,628 ---ha-w C:\Program Files\RASDDUI.GID 2006-01-19 13:36 32 --sha-r C:\Documents and Settings\Dilo\Application Data\resmodes.dat 2006-01-19 13:08 192,032 ------w C:\Program Files\2bnt4a3e.exe 2006-01-08 13:20 4,490,968 ------w C:\Program Files\EZAntivirus.exe 2006-01-02 00:17 1,649 ----a-w C:\Program Files\iTunes.lnk 2006-01-02 00:15 34,412,848 ------w C:\Program Files\iTunesSetup.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}] 2008-03-30 01:04 66912 --a------ C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}] 2008-03-30 01:04 267592 --a------ C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= "C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL" [2008-03-30 01:04 267592] [HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:56 15360] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [ ] "tvhdoz"="c:\documents and settings\dilo\local settings\application data\tvhdoz.exe" [ ] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488] "Spyware Vanisher"="C:\spywarevanisher-full\SpywareVanisher.exe" [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2003-05-22 23:10 110592] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2003-05-23 00:06 610304] "NvCplDaemon"="RUNDLL32.exe" [2004-08-04 09:56 33280 C:\WINDOWS\system32\rundll32.exe] "nwiz"="nwiz.exe" [2003-06-25 11:32 323584 C:\WINDOWS\system32\nwiz.exe] "HostManager"="C:\Program Files\Common Files\AOL\1142115413\ee\AOLSoftware.exe" [2006-05-10 02:24 50760] "IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 18:59 124520] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 15:57 282624] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016] "SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 00:14 155648] "OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 13:19 69632] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 16:15 81920] "PDF3 Registry Controller"="C:\Program Files\ScanSoft\OmniPage15.0\PDFConverter3\\RegistryController.exe" [2005-04-26 02:58 106496] "UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [ ] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 20:20 866584] "aiepk"="C:\Documents and Settings\Dilo\Desktop\aiepk2.exe" [ ] "SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-03-30 11:08 2957824] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-03-30 14:03 249896] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 09:01 437160] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Limewire\\LimeWire.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "C:\\Program Files\\Common Files\\AOL\\1142115413\\ee\\aolsoftware.exe"= "C:\\Program Files\\Common Files\\AOL\\1142115413\\ee\\aim6.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "C:\\Program Files\\Aim\\aim.exe"= R0 wff;wff;C:\WINDOWS\system32\drivers\wff.sys [2005-04-25 13:32] R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-03-30 11:08] R2 ACEDRV09;ACEDRV09;C:\WINDOWS\system32\drivers\ACEDRV09.sys [2007-10-01 19:44] R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 23:38] S3 DrvFltIp;DrvFltIp;C:\Program Files\AdvancedPersonalFirewall\DrvFltIp.sys [] . Contents of the 'Scheduled Tasks' folder "2008-03-30 10:46:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-04-03 10:25:02 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job" - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE "2008-04-03 10:58:02 C:\WINDOWS\Tasks\MP Scheduled Scan.job" - C:\Program Files\Windows Defender\MpCmdRun.exe "2006-02-27 13:04:04 C:\WINDOWS\Tasks\WTR.job" - C:\Program Files\BulletProofSoft.com\WinTrace Remover\3A40684E . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-03 12:55:55 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Windows Defender\MsMpEng.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Spyware Terminator\sp_rsser.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe . ************************************************************************** . Completion time: 2008-04-03 13:00:15 - machine was rebooted [Dilo] ComboFix-quarantined-files.txt 2008-04-03 11:00:11 Pre-Run: 14,173,511,680 bytes free Post-Run: 14,085,570,560 bytes free . 2008-04-02 09:37:11 --- E O F --- _________________________________________________________________ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:14, on 2008-04-03 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Spyware Terminator\sp_rsser.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Common Files\AOL\1142115413\ee\AOLSoftware.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe c:\program files\common files\aol\1142115413\ee\aexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /installquiet O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1142115413\ee\AOLSoftware.exe" O4 - HKLM\..\Run: [IPHSend] "C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [PDF3 Registry Controller] "C:\Program Files\ScanSoft\OmniPage15.0\PDFConverter3\\RegistryController.exe" O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [aiepk] C:\Documents and Settings\Dilo\Desktop\aiepk2.exe O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [tvhdoz] c:\documents and settings\dilo\local settings\application data\tvhdoz.exe tvhdoz O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" O4 - HKCU\..\Run: [Spyware Vanisher] C:\spywarevanisher-full\SpywareVanisher.exe -FastScan O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=zuzed004YYDE_ZZzer000 O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Open with Scansoft PDF Converter 3.0 - res://C:\Program Files\ScanSoft\OmniPage15.0\PDFConverter3\IEShellExt.dll /100 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\Aim\aim.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/securelogin-devel.cab O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://www.tgrthaber.com.tr/CanliYayin/ampx2.6.1.11_en_dl.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697516} (NsvPlayX Control) - http://www.yayindayiz.biz/codec/nsvplayx_vp6_mp3.cab O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} (SAIX) - http://static.zangocash.com/cab/Seekmo/ie/bridge-c18.cab?21595a55bcee9e87edbc49d34614c0b550c9fbe34 1f06435b5679f367af25f7d532a4ca9c2ed59d9dc488aec24dcc5a5ba1e1fb10f8e34f82e ba6f77b8d60c7f73d695c54c:584e34bcf0567f47bece5b5b666353a7 O16 - DPF: {EB6D7E70-AAA9-40D9-BA05-F214089F2275} - http://www.turk-tv.com/englishtv/chat/vitalize.cab O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - http://lg.home.microsoft.com/search/lobby/searchsettings.cab O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O24 - Desktop Component 0: (no name) - http://pro.posty.com/feco/ChristmasCard-HomeForTheHolidays.jpg -- End of file - 11921 bytes Und nocheinmal Danke fuer deine Hilfe!!!! Ich hoffe das ich alles richtig gemacht habe!!!??? Dieser Beitrag wurde am 03.04.2008 um 13:18 Uhr von dila81 editiert.
|
|
|
||
03.04.2008, 15:27
Ehrenmitglied
Beiträge: 6028 |
||
|
||
03.04.2008, 15:43
...neu hier
Themenstarter Beiträge: 4 |
#5
Habe diese Datei garnicht unter C:\documents and settings\dilo\local settings\application data
|
|
|
||
03.04.2008, 16:22
Ehrenmitglied
Beiträge: 29434 |
#6
Hallo,
«« deaktiviere den Search & Destroy\TeaTimer.exe" «« mit dem HijackThis löschen ("fixen") Klicke: "Do a system scan only" Setze ein Häckchen in das Kästchen vor den genannten Eintrag und wähle fix checked. + starte den Rechner neu. Zitat R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL«« Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als cfscript.txt mit 'Speichern unter' auf dem Desktop. Gib an "Alle Dateien" - Speichern Zitat KILLALL::Man sollte jetzt auf dem Desktop diese Datei cfscript.txt finden. cfscript.txt und mit der rechten Maustaste auf das Symbol von Combofix ziehen danach: Combofix noch einmal anwenden PC neustarten ««««««««« poste das neue Log von Combofix __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
03.04.2008, 16:59
...neu hier
Themenstarter Beiträge: 4 |
#7
Sorry, aber kannst du mir sagen wie ich auf das Editor auf Englisch komme? bei mir ist alles auf Englisch bis zubehoer bin ich gekommen aber Editor finde ich nicht.
|
|
|
||
03.04.2008, 17:46
Ehrenmitglied
Beiträge: 29434 |
||
|
||
11.04.2008, 22:13
...neu hier
Beiträge: 2 |
#9
ich brauche eure hilfe seit gestern bin ich am suchen und machen und tun
dann hab ich euch gefunden gott sei dank Hier meine log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:28:55, on 11.04.1980 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Programme\Bonjour\mDNSResponder.exe C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe C:\WINDOWS\system32\slserv.exe C:\Programme\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\svchost.exe C:\ATI-CPanel\atiptaxx.exe C:\WINDOWS\system32\umonit.exe C:\Programme\Java\jre1.6.0_05\bin\jusched.exe C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\MSN Messenger\MsnMsgr.Exe C:\Programme\LevelOne MDU-0001USB\BTTray.exe C:\Programme\LevelOne MDU-0001USB\BTStackServer.exe C:\Dokumente und Einstellungen\gio\Desktop\HiJackThis\HijackThis.exe C:\Programme\Windows NT\Zubehör\wordpad.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WsftpBrowserHelper Class - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Programme\WS_FTP Pro\wsbho2K0.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: {a61545c0-ece8-381b-2414-454a495032c7} - {7c230594-a454-4142-b183-8ece0c54516a} - C:\WINDOWS\system32\odtxiloq.dll (file missing) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {A4D13F30-55A5-49BB-8B90-2A71EA9673A9} - C:\WINDOWS\system32\cbXNHaYO.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll O2 - BHO: (no name) - {CB9CB2F5-59EA-4DCF-A9E3-8844F2AE30A1} - C:\WINDOWS\system32\efcDTMGv.dll (file missing) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: LEC - {1DBAB667-A486-421e-AFE4-CF07DD0088E5} - C:\Programme\Power Translator\Applications\LEC IE Translation Extension.dll O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe O4 - HKLM\..\Run: [UMonit] C:\WINDOWS\system32\umonit.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [ac282b3d] rundll32.exe "C:\WINDOWS\system32\ylonjjwe.dll",b O4 - HKLM\..\Run: [BMaf1b18a1] Rundll32.exe "C:\WINDOWS\system32\rnutitdi.dll",s O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: BTTray.lnk = ? O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Programme\MP3 Player Utilities 4.00\AMVConverter\grab.html O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Programme\MP3 Player Utilities 4.00\MediaManager\grab.html O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programme\Yahoo!\Common\yinsthelper.dll O16 - DPF: {40BF816B-D862-41B9-9445-ECA36D5F67F9} (Flatcast Viewer 4.12) - http://www.flatcast.com/obj/NpFv412.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F554} (Flatcast Viewer 4.16) - http://controls.flatcast-data.com/data/objects/NpFv41629.dll O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{769FA425-FA16-4225-9A70-910E73BB75DF}: NameServer = 192.168.1.1 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O20 - Winlogon Notify: cbXNHaYO - C:\WINDOWS\SYSTEM32\cbXNHaYO.dll O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: LEC TranslateDotNet Server - Language Engineering Corporation, LLC - C:\Programme\Power Translator\LogoMedia TranslateDotNet Server.exe O23 - Service: NBService - Nero AG - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe O23 - Service: ServiceLayer - Nokia. - C:\Programme\PC Connectivity Solution\ServiceLayer.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe -- End of file - 9044 bytes bitte um schnelle antwort wenn es geht danke im vorraus gruß gloria |
|
|
||
11.04.2008, 22:44
Ehrenmitglied
Beiträge: 29434 |
#10
Hallo gloria
«' wende cclean er an , loesche die temp.Dateien http://www.ccleaner.de/?protecus.de ' scanne bitte mit combofix (warnmeldung wegklicken) + poste hier den report http://virus-protect.org/artikel/tools/combofix.html « wende windowsscan an + poste den report http://virus-protect.org/artikel/tools/windowsscan.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
11.04.2008, 22:58
...neu hier
Beiträge: 2 |
#11
danke dir, für die schnelle antwort, aber wenn ich sehe was ich da alles machn muss, weil ich muss ja alles von einem pc auf den anderen machen, weil ich ja nicht mehr ins internet kann, werde also den pc platt machen
danke nochmals gruß gloria ich könnte heulen hilfeeeeeeee, ich habe bei dem pc xp neuinstall. da ist der trojaner schon wieder da schniefffffff, nun habe ich nach dem gehandelt wie du gesagt hast hier die logs Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:45:55, on 12.04.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Programme\Windows Live\Messenger\msnmsgr.exe C:\Programme\Internet Explorer\iexplore.exe C:\Programme\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Programme\WS_FTP Pro\wsbho2K0.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - HKCU\..\RunOnce: [ypagerps] cmd.exe /C del "C:\Programme\Yahoo!\Messenger\ypagerps.dll" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{9ED7B415-7047-4852-AF82-03443FED77A7}: NameServer = 192.168.1.1 O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe -- End of file - 3155 bytes ComboFix 08-04-11.8 - gio 2008-04-12 15:55:18.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1031.18.219 [GMT 2:00] ausgeführt von:: C:\Dokumente und Einstellungen\gio.GIO-F7D5FC14ABF\Desktop\ComboFix.exe * Neuer Wiederherstellungspunkt wurde erstellt [color=red]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color] . ((((((((((((((((((((((( Dateien erstellt von 2008-03-12 bis 2008-04-12 )))))))))))))))))))))))))))))) . 2008-04-12 15:49 . 2008-04-12 15:49 <DIR> d-------- C:\Programme\CCleaner 2008-04-12 15:03 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys 2008-04-12 15:03 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys 2008-04-12 13:02 . 2008-04-12 13:02 <DIR> d-------- C:\Programme\Trend Micro 2008-04-12 12:40 . 2008-04-12 12:40 <DIR> d-------- C:\Dokumente und Einstellungen\gio.GIO-F7D5FC14ABF\Anwendungsdaten\Yahoo! 2008-04-12 12:40 . 2008-04-12 12:40 <DIR> d-------- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Yahoo! Companion 2008-04-12 12:31 . 2008-04-12 12:31 <DIR> d-------- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Yahoo! 2008-04-12 12:20 . 2008-04-12 12:20 <DIR> d---s---- C:\Dokumente und Einstellungen\gio.GIO-F7D5FC14ABF\UserData 2008-04-12 12:14 . 2008-04-12 12:36 <DIR> d-------- C:\Dokumente und Einstellungen\gio.GIO-F7D5FC14ABF\Contacts 2008-04-12 11:43 . 2008-04-12 11:43 <DIR> d-------- C:\Dokumente und Einstellungen\gio.GIO-F7D5FC14ABF\Anwendungsdaten\Ipswitch 2008-04-12 11:43 . 2008-04-12 11:43 <DIR> d-------- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Ipswitch 2008-04-12 11:43 . 2002-07-16 18:08 49,152 --a------ C:\WINDOWS\system32\FTPStubInstUtils.dll 2008-04-12 11:39 . 2008-04-12 11:40 <DIR> d-------- C:\Dokumente und Einstellungen\gio.GIO-F7D5FC14ABF\Anwendungsdaten\vlc 2008-04-12 11:37 . 2008-04-12 11:37 <DIR> d-------- C:\Dokumente und Einstellungen\GIO~1~GIO\LOKALE~1 2008-04-12 11:37 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\ISUninst.exe 2008-04-12 11:36 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys 2008-04-12 11:35 . 2008-04-12 11:35 <DIR> d-------- C:\Dokumente und Einstellungen\gio.GIO-F7D5FC14ABF\Anwendungsdaten\TeamViewer 2008-04-12 11:34 . 2008-04-12 11:34 <DIR> d-------- C:\Dokumente und Einstellungen\gio.GIO-F7D5FC14ABF\temp 2008-04-12 11:31 . 2008-04-12 11:31 <DIR> d-------- C:\WINDOWS\LastGood 2008-04-12 11:29 . 2008-04-12 11:29 <DIR> d-------- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Avira 2008-04-04 08:19 . 2008-04-04 08:19 <DIR> d-------- C:\Programme\Bonjour 2008-04-04 08:18 . 2008-04-04 08:18 <DIR> d-------- C:\Programme\Apple Software Update 2008-03-26 09:17 . 2008-03-26 09:17 292 --ah----- C:\sqmdata03.sqm 2008-03-26 09:17 . 2008-03-26 09:17 244 --ah----- C:\sqmnoopt03.sqm 2008-03-23 15:10 . 2008-04-09 13:51 <DIR> d-------- C:\Programme\ICQToolbar 2008-03-23 15:08 . 2008-03-23 15:20 <DIR> d-------- C:\Programme\ICQ6 2008-03-22 15:06 . 2008-03-25 09:16 <DIR> d-------- C:\Dokumente und Einstellungen\gio\Anwendungsdaten\WEB.DE 2008-03-16 19:47 . 2008-03-16 19:48 <DIR> d-------- C:\Programme\TuneUp Utilities 2008 2008-03-16 19:46 . 1980-04-11 15:08 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard 2008-03-15 12:04 . 2008-03-15 12:04 <DIR> dr------- C:\Dokumente und Einstellungen\gio\Kopie von Favoriten . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-12 09:43 --------- d-----w C:\Programme\WS_FTP Pro 2008-04-09 06:37 --------- d-----w C:\Programme\Google 2008-04-04 11:51 --------- d-----w C:\Programme\QuickTime 2008-03-27 13:19 --------- d-----w C:\Dokumente und Einstellungen\gio\Anwendungsdaten\LimeWire 2008-03-24 19:58 --------- d-----w C:\Programme\eMule.de 0.48a v18 2008-03-24 16:25 --------- d-----w C:\Dokumente und Einstellungen\gio\Anwendungsdaten\ICQ 2008-03-22 19:48 --------- d-----w C:\Dokumente und Einstellungen\gio\Anwendungsdaten\MSN6 2008-03-12 14:41 --------- d-----w C:\Programme\Weisse Bescheid 2008-03-10 11:54 --------- d-----w C:\Dokumente und Einstellungen\gio\Anwendungsdaten\TuneUp Software 2008-03-09 12:47 --------- d-----w C:\Programme\Two Worlds Pinball 2008-02-14 09:38 --------- d-----w C:\Programme\Tweak-XP Pro 4 2008-02-14 07:08 --------- d-----w C:\Programme\Gemeinsame Dateien\Adobe . (((((((((((((((((((((((((((( Autostart Punkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt. [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360] "MsnMsgr"="C:\Programme\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184] "Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-12-17 17:13 3810544] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avgnt"="C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [1980-04-11 17:21 249896] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Programme\\Windows Live\\Messenger\\livecall.exe"= "C:\\Programme\\VideoLAN\\VLC\\vlc.exe"= "C:\\Programme\\Yahoo!\\Messenger\\YahooMessenger.exe"= R3 AVMWAN;AVM NDIS WAN CAPI-Treiber;C:\WINDOWS\system32\DRIVERS\avmwan.sys [2001-08-17 13:13] R3 fpcibase;AVM ISDN-Controller FRITZ!Card PCI;C:\WINDOWS\system32\DRIVERS\fpcibase.sys [2001-08-17 13:14] *Newly Created Service* - ANTIVIRSCHEDULER *Newly Created Service* - ANTIVIRSERVICE *Newly Created Service* - AVGIO *Newly Created Service* - AVGNTFLT *Newly Created Service* - AVIPBB *Newly Created Service* - CATCHME *Newly Created Service* - WMIAPSRV . ************************************************************************** catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-12 15:57:22 Windows 5.1.2600 Service Pack 2 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostart Einträge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\WINDOWS\system32\tsd32.dll . Zeit der Fertigstellung: 2008-04-12 15:58:43 ComboFix-quarantined-files.txt 2008-04-12 13:58:32 13 Verzeichnis(se), 27,444,465,664 Bytes frei 16 Verzeichnis(se), 27,447,222,272 Bytes frei Die 30 neuesten Dateien im Ordner Windows: ***** ***** ***** ***** ***** ***** Scanning C:\WINDOWS ***** ***** ***** ***** ***** ***** 12.04.2008 system.ini 15 57:227 12.04.2008 WindowsUpdate.log 15 03:5.346 12.04.2008 win.ini 11 43:534 12.04.2008 wiadebug.log 11 13:159 12.04.2008 wiaservc.log 11 13:50 12.04.2008 bootstat.dat 11 13:2.048 12.04.2008 SchedLgU.Txt 11 12:452 05.08.2004 explorer.scf 14 00:80 05.08.2004 wmprfDEU.prx 14 00:34.818 05.08.2004 Feder.bmp 14 00:16.730 05.08.2004 F„cher.bmp 14 00:26.680 05.08.2004 Granit.bmp 14 00:26.582 05.08.2004 winnt256.bmp 14 00:48.680 05.08.2004 hh.exe 14 00:10.752 05.08.2004 winnt.bmp 14 00:48.680 05.08.2004 explorer.exe 14 00:1.035.264 05.08.2004 clock.avi 14 00:82.944 05.08.2004 winhlp32.exe 14 00:288.768 05.08.2004 NOTEPAD.EXE 14 00:70.144 05.08.2004 winhelp.exe 14 00:257.568 05.08.2004 Pr„riewind.bmp 14 00:65.954 05.08.2004 regedit.exe 14 00:153.600 05.08.2004 desktop.ini 14 00:2 05.08.2004 Rhododendron.bmp 14 00:17.362 Fe-Stuck.bmp 05.08.2004 Santa 14 00:65.832 05.08.2004 Kaffeetasse.bmp 14 00:17.062 Spitzen 05.08.2004 Blaue 14 00:1.272 Die 50 neuesten Dateien im Ordner Windows\system32: ***** ***** ***** ***** ***** ***** Scanning C:\WINDOWS\system32 ***** ***** ***** ***** ***** ***** 12.04.2008 wpa.dbl 11 13:2.206 18.10.2007 sirenacm.dll 11 31:51.224 05.08.2004 12520850.cpx 14 00:2.233 05.08.2004 6to4svc.dll 14 00:100.352 05.08.2004 aaaamon.dll 14 00:26.624 05.08.2004 access.cpl 14 00:70.656 05.08.2004 acctres.dll 14 00:70.144 05.08.2004 accwiz.exe 14 00:188.416 05.08.2004 acelpdec.ax 14 00:61.952 05.08.2004 acledit.dll 14 00:136.704 05.08.2004 aclui.dll 14 00:120.320 05.08.2004 activeds.dll 14 00:194.560 05.08.2004 activeds.tlb 14 00:111.104 05.08.2004 actmovie.exe 14 00:4.096 05.08.2004 actxprxy.dll 14 00:101.888 05.08.2004 admparse.dll 14 00:61.440 05.08.2004 adptif.dll 14 00:26.112 05.08.2004 adsldp.dll 14 00:175.616 05.08.2004 adsldpc.dll 14 00:143.360 05.08.2004 adsmsext.dll 14 00:68.096 05.08.2004 adsnds.dll 14 00:163.840 05.08.2004 adsnt.dll 14 00:263.680 05.08.2004 adsnw.dll 14 00:109.568 05.08.2004 advapi32.dll 14 00:677.888 05.08.2004 advpack.dll 14 00:102.400 05.08.2004 ahui.exe 14 00:98.304 05.08.2004 alg.exe 14 00:44.544 05.08.2004 alrsvc.dll 14 00:17.408 05.08.2004 xpsp2res.dll 14 00:2.981.888 05.08.2004 amstream.dll 14 00:70.656 05.08.2004 ansi.sys 14 00:9.032 05.08.2004 apcups.dll 14 00:102.912 05.08.2004 append.exe 14 00:12.610 05.08.2004 apphelp.dll 14 00:126.976 05.08.2004 appmgmts.dll 14 00:175.616 05.08.2004 appmgr.dll 14 00:301.568 05.08.2004 appwiz.cpl 14 00:555.008 05.08.2004 arp.exe 14 00:19.968 05.08.2004 asctrls.ocx 14 00:116.224 05.08.2004 asferror.dll 14 00:9.216 05.08.2004 asr_fmt.exe 14 00:30.208 05.08.2004 asr_ldm.exe 14 00:38.400 05.08.2004 asr_pfu.exe 14 00:32.768 05.08.2004 asycfilt.dll 14 00:65.024 05.08.2004 at.exe 14 00:25.600 05.08.2004 xpsp1res.dll 14 00:199.680 05.08.2004 xpob2res.dll 14 00:438.784 ***** ***** ***** ***** ***** ***** Scanning C:\WINDOWS\system32\drivers\etc\hosts ***** ***** ***** ***** ***** ***** # Copyright (c) 1993-1999 Microsoft Corp. # # Dies ist eine HOSTS-Beispieldatei, die von Microsoft TCP/IP # für Windows 2000 verwendet wird. # # Diese Datei enthält die Zuordnungen der IP-Adressen zu Hostnamen. # Jeder Eintrag muss in einer eigenen Zeile stehen. Die IP- # Adresse sollte in der ersten Spalte gefolgt vom zugehörigen # Hostnamen stehen. # Die IP-Adresse und der Hostname müssen durch mindestens ein # Leerzeichen getrennt sein. # # Zusätzliche Kommentare (so wie in dieser Datei) können in # einzelnen Zeilen oder hinter dem Computernamen eingefügt werden, # aber müssen mit dem Zeichen '#' eingegeben werden. # # Zum Beispiel: # # 102.54.94.97 rhino.acme.com # Quellserver # 38.25.63.10 x.acme.com # x-Clienthost 127.0.0.1 localhost ***** ***** ***** ***** ***** ***** Scanning Processe ***** ***** ***** ***** ***** ***** Abbildname PID Sitzungsname Sitz.-Nr. Speichernutzung ========================= ===== ================ ========== =============== System Idle Process 0 Console 0 16 K System 4 Console 0 212 K smss.exe 592 Console 0 372 K csrss.exe 656 Console 0 4.220 K winlogon.exe 680 Console 0 12.316 K services.exe 728 Console 0 5.616 K lsass.exe 740 Console 0 1.980 K svchost.exe 904 Console 0 4.676 K svchost.exe 1008 Console 0 3.956 K svchost.exe 1108 Console 0 22.480 K svchost.exe 1176 Console 0 3.132 K svchost.exe 1316 Console 0 4.236 K spoolsv.exe 1652 Console 0 4.172 K ctfmon.exe 1860 Console 0 3.172 K svchost.exe 1980 Console 0 4.404 K alg.exe 1384 Console 0 3.312 K wuauclt.exe 1004 Console 0 5.012 K sched.exe 1456 Console 0 2.280 K avguard.exe 612 Console 0 7.544 K avgnt.exe 1312 Console 0 988 K msnmsgr.exe 2428 Console 0 19.952 K explorer.exe 3572 Console 0 19.260 K iexplore.exe 5044 Console 0 8.440 K cmd.exe 5556 Console 0 1.568 K tasklist.exe 1768 Console 0 4.184 K wmiprvse.exe 3276 Console 0 5.320 K Microsoft Windows XP [Version 5.1.2600] http://www.paules-pc-forum.de ***** Malware Team ***** ***** Ende des Scans 12.04.2008 um 16:02:11,12 *** ich hoffe ihr könnt mir helfen, büüüüüüüüde büdddde. danke gruß gloria Dieser Beitrag wurde am 12.04.2008 um 16:07 Uhr von gloria editiert.
|
|
|
||
12.04.2008, 20:43
Ehrenmitglied
Beiträge: 29434 |
#12
Hallo gloria
woher hast du die Meldung ? Was erscheint ? Zitat da ist der trojaner schon wieder da schniefffffff-------------------------------------------------------------- Virustotal http://www.virustotal.com/flash/index_en.html C:\WINDOWS\system32\tsd32.dll Auf Durchsuchen klicken --> Datei aussuchen (oder gleich die Datei mit korrektem Pfad einkopieren mit Strg V) --> Klick auf die zu prüfende Datei und öffnen--> klick auf "Senden der Datei"... jetzt abwarten - dann mit der rechten Maustaste den Text markieren -> kopieren __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
hab 3 probleme auf meinem Laptop 1. lauter pop up trotz Blocker und 2. kriege immer pop up wo drinn steht: spyware is detected on your computer...
3. Laptop laeuft langsamer als sonst.
kann mir vielleicht jemand sagen was ich hier auf Hijack this Liste loeschen muss und die Fehler zu beheben? Danke im Vorraus.
Logfile of HijackThis v1.99.1
Scan saved at 2:58:15 PM, on 3/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\AOL\1142115413\ee\AOLSoftware.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\documents and settings\dilo\local settings\application data\tvhdoz.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\Program Files\Aim\aim.exe
c:\program files\common files\aol\1142115413\ee\aexplore.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\G-data.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Dilo\LOCALS~1\Temp\Rar$EX04.282\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
F2 - REG:system.ini: Shell=explorer.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1142115413\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ERS_check] "C:\Program Files\Common Files\WinAntiVirus Pro 2006\ers_startupmon.exe"
O4 - HKLM\..\Run: [DC6_check] "C:\Program Files\Common Files\WinAntiVirus Pro 2006\dc6_startupmon.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PDF3 Registry Controller] "C:\Program Files\ScanSoft\OmniPage15.0\PDFConverter3\\RegistryController.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [aiepk] C:\Documents and Settings\Dilo\Desktop\aiepk2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=zuzed004YYDE_ZZzer000
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open with Scansoft PDF Converter 3.0 - res://C:\Program Files\ScanSoft\OmniPage15.0\PDFConverter3\IEShellExt.dll /100
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\Aim\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/MyFunCardsFWBInitialSetup1.0.0.15-3.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/securelogin-devel.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://www.tgrthaber.com.tr/CanliYayin/ampx2.6.1.11_en_dl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697516} (NsvPlayX Control) - http://www.yayindayiz.biz/codec/nsvplayx_vp6_mp3.cab
O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} (SAIX) - http://static.zangocash.com/cab/Seekmo/ie/bridge-c18.cab?21595a55bcee9e87edbc49d34614c0b55
0c9fbe341f06435b5679f367af25f7d532a4ca9c2ed59d9dc488aec24dcc5a5ba1e1fb10f8e34f82eba6f77b8d
60c7f73d695c54c:584e34bcf0567f47bece5b5b666353a7
O16 - DPF: {EB6D7E70-AAA9-40D9-BA05-F214089F2275} - http://www.turk-tv.com/englishtv/chat/vitalize.cab
O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - http://lg.home.microsoft.com/search/lobby/searchsettings.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{26405783-6633-4E9F-B370-6782514909B0}: NameServer = 62.220.18.8 82.144.41.8
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe