Hijack this Liste

#0
02.04.2008, 23:04
...neu hier

Beiträge: 4
#1 Hallo, ich brauche euere Hilfe!!!
hab 3 probleme auf meinem Laptop 1. lauter pop up trotz Blocker und 2. kriege immer pop up wo drinn steht: spyware is detected on your computer...
3. Laptop laeuft langsamer als sonst.
kann mir vielleicht jemand sagen was ich hier auf Hijack this Liste loeschen muss und die Fehler zu beheben? Danke im Vorraus.

Logfile of HijackThis v1.99.1
Scan saved at 2:58:15 PM, on 3/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\AOL\1142115413\ee\AOLSoftware.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\documents and settings\dilo\local settings\application data\tvhdoz.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\Program Files\Aim\aim.exe
c:\program files\common files\aol\1142115413\ee\aexplore.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\G-data.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Dilo\LOCALS~1\Temp\Rar$EX04.282\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
F2 - REG:system.ini: Shell=explorer.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1142115413\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ERS_check] "C:\Program Files\Common Files\WinAntiVirus Pro 2006\ers_startupmon.exe"
O4 - HKLM\..\Run: [DC6_check] "C:\Program Files\Common Files\WinAntiVirus Pro 2006\dc6_startupmon.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PDF3 Registry Controller] "C:\Program Files\ScanSoft\OmniPage15.0\PDFConverter3\\RegistryController.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [aiepk] C:\Documents and Settings\Dilo\Desktop\aiepk2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=zuzed004YYDE_ZZzer000
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open with Scansoft PDF Converter 3.0 - res://C:\Program Files\ScanSoft\OmniPage15.0\PDFConverter3\IEShellExt.dll /100
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\Aim\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/MyFunCardsFWBInitialSetup1.0.0.15-3.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/securelogin-devel.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://www.tgrthaber.com.tr/CanliYayin/ampx2.6.1.11_en_dl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697516} (NsvPlayX Control) - http://www.yayindayiz.biz/codec/nsvplayx_vp6_mp3.cab
O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} (SAIX) - http://static.zangocash.com/cab/Seekmo/ie/bridge-c18.cab?21595a55bcee9e87edbc49d34614c0b55
0c9fbe341f06435b5679f367af25f7d532a4ca9c2ed59d9dc488aec24dcc5a5ba1e1fb10f8e34f82eba6f77b8d
60c7f73d695c54c:584e34bcf0567f47bece5b5b666353a7
O16 - DPF: {EB6D7E70-AAA9-40D9-BA05-F214089F2275} - http://www.turk-tv.com/englishtv/chat/vitalize.cab
O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - http://lg.home.microsoft.com/search/lobby/searchsettings.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{26405783-6633-4E9F-B370-6782514909B0}: NameServer = 62.220.18.8 82.144.41.8
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
Seitenanfang Seitenende
03.04.2008, 01:46
Ehrenmitglied
Avatar Argus

Beiträge: 6028
#2 Java
Dein Java software ist veraltet,
Download jre-6u5-windows-i586-p.exe
Scrolle runter nach ----> Java Runtime Environment (JRE) 6 Update 5
The Java SE Runtime Environment (JRE) allows end-users to run Java applications.
Klicke auf Download
Setze in haeckchen bei --->"Accept License Agreement".
Klicke “Windows Offline Installation, Multi-language” um
“jre-6u5-windows-i586-p.exe” zum Desktop zu installieren
Schliesse alle Programme auch dein Webbrowser
Ueber "Start -> Einstellungen -> Systemsteuerung -> Software
Und entferne alle aeltere versionen von Java Runtime Environment (JRE of J2SE)
Nachdem alles entfernt wurde --->Rechner neu starten
Installiere jetzt vom Desktop aus ---> jre-6u5-windows-i586-p.exe

ComboFix
http://www.virus-protect.org/artikel/tools/combofix.html

ComboFix und speichert es auf den Desktop!

Alle Fenster schliessen

Geh zum Start > Ausführen und kopiere rein
"%userprofile%\desktop\ComboFix.exe" /KillAll klicke OK



Jetzt wird ComboFix starten
Folge den Instruktionen in das Fenster
Waehrend Combofix lauft NICHT ins Fenster klicken sonst erfriert dein Rechner
Wenn das Tool fertig ist,oeffnet sich ein logfile (C:\combofix.txt)
nun das KOMPLETTE Log mit rechtem Mausklick abkopieren und ins Forum mit rechtem Mausklick "einfügen"
Hintergrundwächtern inklusive der Firewall + Antivirusprogramme müssen deaktiviert sein

Entferne Hijack This 1.99.1 und……..

Erstellen eines Hijackthis-Logfiles
Als erstes mach ein neuen Ordner auf C:\ z.b. C:\HijackThis,download HijackThis.exe dahin
Download: HijackThis202
Doppelklick HijackThis.exe und installiere das Tool in C:\Programme
Am Ende steht auf dein Desktop eine verknüpfung

Starte Hijack This und klicke “Do a system scan and safe a logfile”
Save log --> hijackthis.log - Save - es öffnet sich der Editor
nun das KOMPLETTE Log mit rechtem Mausklick abkopieren und ins Forum mit rechtem Mausklick "einfügen"
__________
MfG Argus
Seitenanfang Seitenende
03.04.2008, 13:06
...neu hier

Themenstarter

Beiträge: 4
#3 ComboFix 08-04-02.1 - Dilo 2008-04-03 12:47:10.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.257 [GMT 2:00]
Running from: C:\Documents and Settings\Dilo\desktop\ComboFix.exe
Command switches used :: /KillAll
* Created a new restore point

[color=red]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Desktop\webmediaplayer.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\WebMediaPlayer
C:\Documents and Settings\All Users\Start Menu\Programs\WebMediaPlayer\Privacy Policy.url
C:\Documents and Settings\All Users\Start Menu\Programs\WebMediaPlayer\Terms and Conditions.url
C:\Documents and Settings\All Users\Start Menu\Programs\WebMediaPlayer\Uninstall.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\WebMediaPlayer\WebMediaPlayer.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\WebMediaPlayer\Website.url
C:\Documents and Settings\Dilo\Application Data\WinAntiVirus Pro 2006
C:\Documents and Settings\Dilo\Application Data\WinAntiVirus Pro 2006\Logs\update.log
C:\Documents and Settings\Dilo\Application Data\WinAntiVirus Pro 2006\Logs\wa6Support.log
C:\Documents and Settings\Dilo\Application Data\WinAntiVirus Pro 2006\Logs\winav.log
C:\Documents and Settings\Dilo\err.log
c:\Documents and Settings\Dilo\Local Settings\Application Data\rxcpozbcr.dat
c:\documents and settings\dilo\local settings\application data\rxcpozbcr.exe
c:\Documents and Settings\Dilo\Local Settings\Application Data\rxcpozbcr_nav.dat
C:\Documents and Settings\Dilo\Local Settings\Application Data\rxcpozbcr_navps.dat
c:\Documents and Settings\Dilo\Local Settings\Application Data\tvhdoz.dat
C:\Documents and Settings\Dilo\Local Settings\Application Data\tvhdoz_nav.dat
c:\Documents and Settings\Dilo\Local Settings\Application Data\tvhdoz_navfx.dat
c:\Documents and Settings\Dilo\Local Settings\Application Data\tvhdoz_navps.dat
C:\Program Files\webmediaplayer
C:\Program Files\webmediaplayer\resources\languages_v2.xml
C:\Program Files\webmediaplayer\resources\webmedias
C:\Program Files\webmediaplayer\skins\classic.skn
C:\Program Files\webmediaplayer\sqlite3.dll
C:\Program Files\webmediaplayer\uninst.exe
C:\Program Files\webmediaplayer\WebMediaPlayer.exe
C:\WA6P
C:\WINDOWS\Downloaded Program Files\UWA6P_0001_N91M1807NetInstaller.exe
C:\WINDOWS\system32\nvs2.inf
C:\WINDOWS\system32\stera.job
C:\WINDOWS\system32\stera.log

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_FOPN
-------\Legacy_VSPF
-------\Legacy_VSPF_HK
-------\Service_FOPN
-------\Service_vspf
-------\Service_vspf_hk


((((((((((((((((((((((((( Files Created from 2008-03-03 to 2008-04-03 )))))))))))))))))))))))))))))))
.

2008-04-03 12:17 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-04-03 12:15 . 2008-04-03 12:15 <DIR> d-------- C:\Program Files\Common Files\Java
2008-04-03 11:47 . 2008-04-03 11:47 <DIR> d-------- C:\Program Files\Java neu
2008-04-03 11:19 . 2008-04-03 11:24 <DIR> d-------- C:\Documents and Settings\Dilo\.SunDownloadManager
2008-03-30 14:01 . 2008-03-30 14:01 <DIR> d-------- C:\Program Files\Avira
2008-03-30 14:01 . 2008-03-30 14:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-03-30 11:45 . 2008-03-30 11:46 17,788,920 --a------ C:\Program Files\antivir_workstation_win7u_en_h.exe
2008-03-30 11:08 . 2008-04-03 11:50 <DIR> d-------- C:\Program Files\Spyware Terminator
2008-03-30 11:08 . 2008-04-03 11:50 <DIR> d-------- C:\Documents and Settings\Dilo\Application Data\Spyware Terminator
2008-03-30 11:08 . 2008-03-30 13:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-03-30 11:08 . 2008-03-30 11:08 138,752 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-03-30 11:07 . 2008-03-30 11:07 9,823,864 --a------ C:\Program Files\SpywareTerminator_Setup.exe
2008-03-30 10:54 . 2008-03-30 10:54 15,070,104 --a------ C:\Program Files\spy sweeper.exe
2008-03-30 01:04 . 2008-03-30 01:04 <DIR> d-------- C:\Program Files\AskSBar
2008-03-30 00:58 . 2008-03-30 00:58 164 --a------ C:\install.dat
2008-03-30 00:57 . 2008-03-30 00:57 15,070,144 --a------ C:\Program Files\SpySweeperSNRSetup_EN.exe
2008-03-30 00:39 . 2008-03-30 13:50 <DIR> d-------- C:\Program Files\CleanMyPC Popup Blocker
2008-03-30 00:38 . 2008-03-30 00:39 155,592 --a------ C:\Program Files\popupblocker.exe
2008-03-29 00:44 . 2008-03-29 00:44 724,992 --a------ C:\WINDOWS\iun6002.exe
2008-03-29 00:39 . 2008-03-29 00:39 331,163 --a------ C:\Program Files\tool_en.zip
2008-03-28 15:48 . 2008-03-28 15:48 212,849 --a------ C:\Program Files\hijackthis.zip
2008-03-28 15:14 . 2008-03-28 15:14 342,656 --a------ C:\Program Files\G-data.exe
2008-03-09 20:00 . 2008-03-29 01:16 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-03-09 20:00 . 2008-03-30 00:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-09 18:32 . 2008-03-30 01:11 <DIR> d-------- C:\Documents and Settings\Dilo\Application Data\SlimBrowser
2008-03-09 14:08 . 2008-03-09 14:49 <DIR> d-------- C:\Program Files\Buyuk Sohbet Mirc
2008-03-08 14:54 . 2008-03-08 14:54 <DIR> d-------- C:\Program Files\Windows Defender

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-03 10:41 --------- d-----w C:\Program Files\Google
2008-04-03 10:17 --------- d-----w C:\Program Files\Java
2008-03-30 11:57 --------- d-----w C:\Program Files\Clean up
2008-03-28 23:10 1,918 ----a-w C:\Program Files\tool_en.log
2008-03-14 06:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-09 12:49 --------- d-----w C:\Program Files\DivX
2008-02-17 10:13 --------- d-----w C:\Program Files\Winamp
2008-02-17 09:57 --------- d-----w C:\Program Files\Common Files\NSV
2008-02-11 19:51 --------- d-----w C:\Program Files\Regfixer
2008-02-11 17:31 --------- d-----w C:\Documents and Settings\Dilo\Application Data\Ahead
2008-02-10 21:06 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-07-29 18:04 92,064 ----a-w C:\Documents and Settings\Dilo\mqdmmdm.sys
2007-07-29 18:04 9,232 ----a-w C:\Documents and Settings\Dilo\mqdmmdfl.sys
2007-07-29 18:04 79,328 ----a-w C:\Documents and Settings\Dilo\mqdmserd.sys
2007-07-29 18:04 66,656 ----a-w C:\Documents and Settings\Dilo\mqdmbus.sys
2007-07-29 18:04 6,208 ----a-w C:\Documents and Settings\Dilo\mqdmcmnt.sys
2007-07-29 18:04 5,936 ----a-w C:\Documents and Settings\Dilo\mqdmwhnt.sys
2007-07-29 18:04 4,048 ----a-w C:\Documents and Settings\Dilo\mqdmcr.sys
2007-07-29 18:04 25,600 ----a-w C:\Documents and Settings\Dilo\usbsermptxp.sys
2007-07-29 18:04 22,768 ----a-w C:\Documents and Settings\Dilo\usbsermpt.sys
2007-07-29 13:52 1,949,384 ----a-w C:\Program Files\powerpoint German.exe
2006-01-26 18:39 1,775 ----a-w C:\Program Files\Adobe Reader 7.0.lnk
2006-01-26 18:38 20,921,040 ------w C:\Program Files\AdbeRdr705_enu_full.exe
2006-01-22 13:28 32 --sha-r C:\Documents and Settings\Dilo\Application Data\pexmodes.dat
2006-01-19 14:04 118,570 ------w C:\Program Files\2BNT4A3G.EXE
2006-01-19 13:46 8,628 ---ha-w C:\Program Files\RASDDUI.GID
2006-01-19 13:36 32 --sha-r C:\Documents and Settings\Dilo\Application Data\resmodes.dat
2006-01-19 13:08 192,032 ------w C:\Program Files\2bnt4a3e.exe
2006-01-08 13:20 4,490,968 ------w C:\Program Files\EZAntivirus.exe
2006-01-02 00:17 1,649 ----a-w C:\Program Files\iTunes.lnk
2006-01-02 00:15 34,412,848 ------w C:\Program Files\iTunesSetup.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2008-03-30 01:04 66912 --a------ C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
2008-03-30 01:04 267592 --a------ C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= "C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL" [2008-03-30 01:04 267592]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:56 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [ ]
"tvhdoz"="c:\documents and settings\dilo\local settings\application data\tvhdoz.exe" [ ]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488]
"Spyware Vanisher"="C:\spywarevanisher-full\SpywareVanisher.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2003-05-22 23:10 110592]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2003-05-23 00:06 610304]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 09:56 33280 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2003-06-25 11:32 323584 C:\WINDOWS\system32\nwiz.exe]
"HostManager"="C:\Program Files\Common Files\AOL\1142115413\ee\AOLSoftware.exe" [2006-05-10 02:24 50760]
"IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 18:59 124520]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 15:57 282624]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 00:14 155648]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 13:19 69632]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 16:15 81920]
"PDF3 Registry Controller"="C:\Program Files\ScanSoft\OmniPage15.0\PDFConverter3\\RegistryController.exe" [2005-04-26 02:58 106496]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [ ]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 20:20 866584]
"aiepk"="C:\Documents and Settings\Dilo\Desktop\aiepk2.exe" [ ]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-03-30 11:08 2957824]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-03-30 14:03 249896]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 09:01 437160]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Limewire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\1142115413\\ee\\aolsoftware.exe"=
"C:\\Program Files\\Common Files\\AOL\\1142115413\\ee\\aim6.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Aim\\aim.exe"=

R0 wff;wff;C:\WINDOWS\system32\drivers\wff.sys [2005-04-25 13:32]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-03-30 11:08]
R2 ACEDRV09;ACEDRV09;C:\WINDOWS\system32\drivers\ACEDRV09.sys [2007-10-01 19:44]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 23:38]
S3 DrvFltIp;DrvFltIp;C:\Program Files\AdvancedPersonalFirewall\DrvFltIp.sys []

.
Contents of the 'Scheduled Tasks' folder
"2008-03-30 10:46:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-03 10:25:02 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-04-03 10:58:02 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2006-02-27 13:04:04 C:\WINDOWS\Tasks\WTR.job"
- C:\Program Files\BulletProofSoft.com\WinTrace Remover\3A40684E
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-03 12:55:55
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
.
**************************************************************************
.
Completion time: 2008-04-03 13:00:15 - machine was rebooted [Dilo]
ComboFix-quarantined-files.txt 2008-04-03 11:00:11
Pre-Run: 14,173,511,680 bytes free
Post-Run: 14,085,570,560 bytes free
.
2008-04-02 09:37:11 --- E O F ---

_________________________________________________________________



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:14, on 2008-04-03
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\AOL\1142115413\ee\AOLSoftware.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
c:\program files\common files\aol\1142115413\ee\aexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /installquiet
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1142115413\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [IPHSend] "C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PDF3 Registry Controller] "C:\Program Files\ScanSoft\OmniPage15.0\PDFConverter3\\RegistryController.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [aiepk] C:\Documents and Settings\Dilo\Desktop\aiepk2.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [tvhdoz] c:\documents and settings\dilo\local settings\application data\tvhdoz.exe tvhdoz
O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
O4 - HKCU\..\Run: [Spyware Vanisher] C:\spywarevanisher-full\SpywareVanisher.exe -FastScan
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=zuzed004YYDE_ZZzer000
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open with Scansoft PDF Converter 3.0 - res://C:\Program Files\ScanSoft\OmniPage15.0\PDFConverter3\IEShellExt.dll /100
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\Aim\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/securelogin-devel.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://www.tgrthaber.com.tr/CanliYayin/ampx2.6.1.11_en_dl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab

O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697516} (NsvPlayX Control) - http://www.yayindayiz.biz/codec/nsvplayx_vp6_mp3.cab

O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} (SAIX) - http://static.zangocash.com/cab/Seekmo/ie/bridge-c18.cab?21595a55bcee9e87edbc49d34614c0b550c9fbe34
1f06435b5679f367af25f7d532a4ca9c2ed59d9dc488aec24dcc5a5ba1e1fb10f8e34f82e
ba6f77b8d60c7f73d695c54c:584e34bcf0567f47bece5b5b666353a7

O16 - DPF: {EB6D7E70-AAA9-40D9-BA05-F214089F2275} - http://www.turk-tv.com/englishtv/chat/vitalize.cab
O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - http://lg.home.microsoft.com/search/lobby/searchsettings.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: (no name) - http://pro.posty.com/feco/ChristmasCard-HomeForTheHolidays.jpg

--
End of file - 11921 bytes


Und nocheinmal Danke fuer deine Hilfe!!!! Ich hoffe das ich alles richtig gemacht habe!!!???
Dieser Beitrag wurde am 03.04.2008 um 13:18 Uhr von dila81 editiert.
Seitenanfang Seitenende
03.04.2008, 15:27
Ehrenmitglied
Avatar Argus

Beiträge: 6028
#4 Prüfe mal diese Datei(en) bei Jotti

c:\documents and settings\dilo\local settings\application data\tvhdoz.exe

Oder Kaspersky
__________
MfG Argus
Seitenanfang Seitenende
03.04.2008, 15:43
...neu hier

Themenstarter

Beiträge: 4
#5 Habe diese Datei garnicht unter C:\documents and settings\dilo\local settings\application data
Seitenanfang Seitenende
03.04.2008, 16:22
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#6 Hallo,

««
deaktiviere den Search & Destroy\TeaTimer.exe"

««
mit dem HijackThis löschen ("fixen")

Klicke: "Do a system scan only"
Setze ein Häckchen in das Kästchen vor den genannten Eintrag
und wähle fix checked. + starte den Rechner neu.

Zitat

R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL

O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL

O4 - HKLM\..\Run: [aiepk] C:\Documents and Settings\Dilo\Desktop\aiepk2.exe

O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"

O4 - HKCU\..\Run: [tvhdoz] c:\documents and settings\dilo\local settings\application data\tvhdoz.exe tvhdoz

O4 - HKCU\..\Run: [Spyware Vanisher] C:\spywarevanisher-full\SpywareVanisher.exe -FastScan

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=zuzed004YYDE_ZZzer000

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/MyFunCardsFWBInitialSetup1.0.0.15-3.cab

O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/securelogin-devel.cab

O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://www.tgrthaber.com.tr/CanliYayin/ampx2.6.1.11_en_dl.cab

O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697516} (NsvPlayX Control) - http://www.yayindayiz.biz/codec/nsvplayx_vp6_mp3.cab

O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} (SAIX) - http://static.zangocash.com/cab/Seekmo/ie/bridge-c18.cab?21595a55bcee9e87edbc49d34614c0b55
0c9fbe341f06435b5679f367af25f7d532a4ca9c2ed59d9dc488aec24dcc5a5ba1e1fb10f8e34f82eba6f77b8d
60c7f73d695c54c:584e34bcf0567f47bece5b5b666353a7



««
Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als cfscript.txt mit 'Speichern unter' auf dem Desktop. Gib an "Alle Dateien" - Speichern



Zitat

KILLALL::

Driver::
sp_rsdrv2

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"tvhdoz"=-
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"=-
[-HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spyware Vanisher"=-
"aiepk"=-
"SpywareTerminator"=-

Folder::
C:\Program Files\Common Files\WinAntiVirus Pro 2006
C:\Program Files\CleanMyPC Popup Blocker
C:\spywarevanisher-full
C:\Program Files\Spyware Terminator
C:\Documents and Settings\Dilo\Application Data\Spyware Terminator
C:\Documents and Settings\All Users\Application Data\Spyware Terminator
C:\Program Files\AskSBar

File::
C:\Program Files\popupblocker.exe
C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
C:\Program Files\SpywareTerminator_Setup.exe
c:\documents and settings\dilo\local settings\application data\tvhdoz.exe
C:\Documents and Settings\Dilo\Desktop\aiepk2.exe


Man sollte jetzt auf dem Desktop diese Datei cfscript.txt finden.

cfscript.txt und mit der rechten Maustaste auf das Symbol von Combofix ziehen



danach: Combofix noch einmal anwenden

PC neustarten

«««««««««

poste das neue Log von Combofix
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
03.04.2008, 16:59
...neu hier

Themenstarter

Beiträge: 4
#7 Sorry, aber kannst du mir sagen wie ich auf das Editor auf Englisch komme? bei mir ist alles auf Englisch bis zubehoer bin ich gekommen aber Editor finde ich nicht.
Seitenanfang Seitenende
03.04.2008, 17:46
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#8 schau mal bei : notepad ;)
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
11.04.2008, 22:13
...neu hier

Beiträge: 2
#9 ich brauche eure hilfe seit gestern bin ich am suchen und machen und tun
dann hab ich euch gefunden gott sei dank

Hier meine log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:28:55, on 11.04.1980
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\slserv.exe
C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\ATI-CPanel\atiptaxx.exe
C:\WINDOWS\system32\umonit.exe
C:\Programme\Java\jre1.6.0_05\bin\jusched.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\MSN Messenger\MsnMsgr.Exe
C:\Programme\LevelOne MDU-0001USB\BTTray.exe
C:\Programme\LevelOne MDU-0001USB\BTStackServer.exe
C:\Dokumente und Einstellungen\gio\Desktop\HiJackThis\HijackThis.exe
C:\Programme\Windows NT\Zubehör\wordpad.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WsftpBrowserHelper Class - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Programme\WS_FTP Pro\wsbho2K0.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: {a61545c0-ece8-381b-2414-454a495032c7} - {7c230594-a454-4142-b183-8ece0c54516a} - C:\WINDOWS\system32\odtxiloq.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {A4D13F30-55A5-49BB-8B90-2A71EA9673A9} - C:\WINDOWS\system32\cbXNHaYO.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: (no name) - {CB9CB2F5-59EA-4DCF-A9E3-8844F2AE30A1} - C:\WINDOWS\system32\efcDTMGv.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: LEC - {1DBAB667-A486-421e-AFE4-CF07DD0088E5} - C:\Programme\Power Translator\Applications\LEC IE Translation Extension.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe
O4 - HKLM\..\Run: [UMonit] C:\WINDOWS\system32\umonit.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ac282b3d] rundll32.exe "C:\WINDOWS\system32\ylonjjwe.dll",b
O4 - HKLM\..\Run: [BMaf1b18a1] Rundll32.exe "C:\WINDOWS\system32\rnutitdi.dll",s

O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Programme\MP3 Player Utilities 4.00\AMVConverter\grab.html
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Programme\MP3 Player Utilities 4.00\MediaManager\grab.html
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programme\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {40BF816B-D862-41B9-9445-ECA36D5F67F9} (Flatcast Viewer 4.12) - http://www.flatcast.com/obj/NpFv412.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F554} (Flatcast Viewer 4.16) - http://controls.flatcast-data.com/data/objects/NpFv41629.dll
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{769FA425-FA16-4225-9A70-910E73BB75DF}: NameServer = 192.168.1.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: cbXNHaYO - C:\WINDOWS\SYSTEM32\cbXNHaYO.dll
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LEC TranslateDotNet Server - Language Engineering Corporation, LLC - C:\Programme\Power Translator\LogoMedia TranslateDotNet Server.exe
O23 - Service: NBService - Nero AG - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programme\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 9044 bytes



bitte um schnelle antwort wenn es geht


danke im vorraus gruß gloria
Seitenanfang Seitenende
11.04.2008, 22:44
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#10 Hallo gloria

«'
wende cclean er an , loesche die temp.Dateien
http://www.ccleaner.de/?protecus.de

'
scanne bitte mit combofix (warnmeldung wegklicken) + poste hier den report
http://virus-protect.org/artikel/tools/combofix.html

«
wende windowsscan an + poste den report
http://virus-protect.org/artikel/tools/windowsscan.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
11.04.2008, 22:58
...neu hier

Beiträge: 2
#11 danke dir, für die schnelle antwort, aber wenn ich sehe was ich da alles machn muss, weil ich muss ja alles von einem pc auf den anderen machen, weil ich ja nicht mehr ins internet kann, werde also den pc platt machen

danke nochmals


gruß gloria





ich könnte heulen hilfeeeeeeee, ich habe bei dem pc xp neuinstall.

da ist der trojaner schon wieder da schniefffffff, nun habe ich nach dem gehandelt wie du gesagt hast


hier die logs

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:45:55, on 12.04.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Windows Live\Messenger\msnmsgr.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Programme\WS_FTP Pro\wsbho2K0.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\RunOnce: [ypagerps] cmd.exe /C del "C:\Programme\Yahoo!\Messenger\ypagerps.dll"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{9ED7B415-7047-4852-AF82-03443FED77A7}: NameServer = 192.168.1.1
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe

--
End of file - 3155 bytes


ComboFix 08-04-11.8 - gio 2008-04-12 15:55:18.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1031.18.219 [GMT 2:00]
ausgeführt von:: C:\Dokumente und Einstellungen\gio.GIO-F7D5FC14ABF\Desktop\ComboFix.exe
* Neuer Wiederherstellungspunkt wurde erstellt

[color=red]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.

((((((((((((((((((((((( Dateien erstellt von 2008-03-12 bis 2008-04-12 ))))))))))))))))))))))))))))))
.

2008-04-12 15:49 . 2008-04-12 15:49 <DIR> d-------- C:\Programme\CCleaner
2008-04-12 15:03 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-04-12 15:03 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-04-12 13:02 . 2008-04-12 13:02 <DIR> d-------- C:\Programme\Trend Micro
2008-04-12 12:40 . 2008-04-12 12:40 <DIR> d-------- C:\Dokumente und Einstellungen\gio.GIO-F7D5FC14ABF\Anwendungsdaten\Yahoo!
2008-04-12 12:40 . 2008-04-12 12:40 <DIR> d-------- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Yahoo! Companion
2008-04-12 12:31 . 2008-04-12 12:31 <DIR> d-------- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Yahoo!
2008-04-12 12:20 . 2008-04-12 12:20 <DIR> d---s---- C:\Dokumente und Einstellungen\gio.GIO-F7D5FC14ABF\UserData
2008-04-12 12:14 . 2008-04-12 12:36 <DIR> d-------- C:\Dokumente und Einstellungen\gio.GIO-F7D5FC14ABF\Contacts
2008-04-12 11:43 . 2008-04-12 11:43 <DIR> d-------- C:\Dokumente und Einstellungen\gio.GIO-F7D5FC14ABF\Anwendungsdaten\Ipswitch
2008-04-12 11:43 . 2008-04-12 11:43 <DIR> d-------- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Ipswitch
2008-04-12 11:43 . 2002-07-16 18:08 49,152 --a------ C:\WINDOWS\system32\FTPStubInstUtils.dll
2008-04-12 11:39 . 2008-04-12 11:40 <DIR> d-------- C:\Dokumente und Einstellungen\gio.GIO-F7D5FC14ABF\Anwendungsdaten\vlc
2008-04-12 11:37 . 2008-04-12 11:37 <DIR> d-------- C:\Dokumente und Einstellungen\GIO~1~GIO\LOKALE~1
2008-04-12 11:37 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\ISUninst.exe
2008-04-12 11:36 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-04-12 11:35 . 2008-04-12 11:35 <DIR> d-------- C:\Dokumente und Einstellungen\gio.GIO-F7D5FC14ABF\Anwendungsdaten\TeamViewer
2008-04-12 11:34 . 2008-04-12 11:34 <DIR> d-------- C:\Dokumente und Einstellungen\gio.GIO-F7D5FC14ABF\temp
2008-04-12 11:31 . 2008-04-12 11:31 <DIR> d-------- C:\WINDOWS\LastGood
2008-04-12 11:29 . 2008-04-12 11:29 <DIR> d-------- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Avira
2008-04-04 08:19 . 2008-04-04 08:19 <DIR> d-------- C:\Programme\Bonjour
2008-04-04 08:18 . 2008-04-04 08:18 <DIR> d-------- C:\Programme\Apple Software Update
2008-03-26 09:17 . 2008-03-26 09:17 292 --ah----- C:\sqmdata03.sqm
2008-03-26 09:17 . 2008-03-26 09:17 244 --ah----- C:\sqmnoopt03.sqm
2008-03-23 15:10 . 2008-04-09 13:51 <DIR> d-------- C:\Programme\ICQToolbar
2008-03-23 15:08 . 2008-03-23 15:20 <DIR> d-------- C:\Programme\ICQ6
2008-03-22 15:06 . 2008-03-25 09:16 <DIR> d-------- C:\Dokumente und Einstellungen\gio\Anwendungsdaten\WEB.DE
2008-03-16 19:47 . 2008-03-16 19:48 <DIR> d-------- C:\Programme\TuneUp Utilities 2008
2008-03-16 19:46 . 1980-04-11 15:08 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2008-03-15 12:04 . 2008-03-15 12:04 <DIR> dr------- C:\Dokumente und Einstellungen\gio\Kopie von Favoriten

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-12 09:43 --------- d-----w C:\Programme\WS_FTP Pro
2008-04-09 06:37 --------- d-----w C:\Programme\Google
2008-04-04 11:51 --------- d-----w C:\Programme\QuickTime
2008-03-27 13:19 --------- d-----w C:\Dokumente und Einstellungen\gio\Anwendungsdaten\LimeWire
2008-03-24 19:58 --------- d-----w C:\Programme\eMule.de 0.48a v18
2008-03-24 16:25 --------- d-----w C:\Dokumente und Einstellungen\gio\Anwendungsdaten\ICQ
2008-03-22 19:48 --------- d-----w C:\Dokumente und Einstellungen\gio\Anwendungsdaten\MSN6
2008-03-12 14:41 --------- d-----w C:\Programme\Weisse Bescheid
2008-03-10 11:54 --------- d-----w C:\Dokumente und Einstellungen\gio\Anwendungsdaten\TuneUp Software
2008-03-09 12:47 --------- d-----w C:\Programme\Two Worlds Pinball
2008-02-14 09:38 --------- d-----w C:\Programme\Tweak-XP Pro 4
2008-02-14 07:08 --------- d-----w C:\Programme\Gemeinsame Dateien\Adobe
.

(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
"MsnMsgr"="C:\Programme\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-12-17 17:13 3810544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [1980-04-11 17:21 249896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programme\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programme\\VideoLAN\\VLC\\vlc.exe"=
"C:\\Programme\\Yahoo!\\Messenger\\YahooMessenger.exe"=

R3 AVMWAN;AVM NDIS WAN CAPI-Treiber;C:\WINDOWS\system32\DRIVERS\avmwan.sys [2001-08-17 13:13]
R3 fpcibase;AVM ISDN-Controller FRITZ!Card PCI;C:\WINDOWS\system32\DRIVERS\fpcibase.sys [2001-08-17 13:14]

*Newly Created Service* - ANTIVIRSCHEDULER
*Newly Created Service* - ANTIVIRSERVICE
*Newly Created Service* - AVGIO
*Newly Created Service* - AVGNTFLT
*Newly Created Service* - AVIPBB
*Newly Created Service* - CATCHME
*Newly Created Service* - WMIAPSRV
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-12 15:57:22
Windows 5.1.2600 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostart Einträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\tsd32.dll
.
Zeit der Fertigstellung: 2008-04-12 15:58:43
ComboFix-quarantined-files.txt 2008-04-12 13:58:32
13 Verzeichnis(se), 27,444,465,664 Bytes frei
16 Verzeichnis(se), 27,447,222,272 Bytes frei




Die 30 neuesten Dateien im Ordner Windows:

***** ***** ***** ***** *****
***** Scanning C:\WINDOWS *****
***** ***** ***** ***** *****

12.04.2008 system.ini 15 57:227
12.04.2008 WindowsUpdate.log 15 03:5.346
12.04.2008 win.ini 11 43:534
12.04.2008 wiadebug.log 11 13:159
12.04.2008 wiaservc.log 11 13:50
12.04.2008 bootstat.dat 11 13:2.048
12.04.2008 SchedLgU.Txt 11 12:452
05.08.2004 explorer.scf 14 00:80
05.08.2004 wmprfDEU.prx 14 00:34.818
05.08.2004 Feder.bmp 14 00:16.730
05.08.2004 F„cher.bmp 14 00:26.680
05.08.2004 Granit.bmp 14 00:26.582
05.08.2004 winnt256.bmp 14 00:48.680
05.08.2004 hh.exe 14 00:10.752
05.08.2004 winnt.bmp 14 00:48.680
05.08.2004 explorer.exe 14 00:1.035.264
05.08.2004 clock.avi 14 00:82.944
05.08.2004 winhlp32.exe 14 00:288.768
05.08.2004 NOTEPAD.EXE 14 00:70.144
05.08.2004 winhelp.exe 14 00:257.568
05.08.2004 Pr„riewind.bmp 14 00:65.954
05.08.2004 regedit.exe 14 00:153.600
05.08.2004 desktop.ini 14 00:2
05.08.2004 Rhododendron.bmp 14 00:17.362
Fe-Stuck.bmp 05.08.2004 Santa 14 00:65.832
05.08.2004 Kaffeetasse.bmp 14 00:17.062
Spitzen 05.08.2004 Blaue 14 00:1.272


Die 50 neuesten Dateien im Ordner Windows\system32:

***** ***** ***** ***** *****
***** Scanning C:\WINDOWS\system32 *****
***** ***** ***** ***** *****

12.04.2008 wpa.dbl 11 13:2.206
18.10.2007 sirenacm.dll 11 31:51.224
05.08.2004 12520850.cpx 14 00:2.233
05.08.2004 6to4svc.dll 14 00:100.352
05.08.2004 aaaamon.dll 14 00:26.624
05.08.2004 access.cpl 14 00:70.656
05.08.2004 acctres.dll 14 00:70.144
05.08.2004 accwiz.exe 14 00:188.416
05.08.2004 acelpdec.ax 14 00:61.952
05.08.2004 acledit.dll 14 00:136.704
05.08.2004 aclui.dll 14 00:120.320
05.08.2004 activeds.dll 14 00:194.560
05.08.2004 activeds.tlb 14 00:111.104
05.08.2004 actmovie.exe 14 00:4.096
05.08.2004 actxprxy.dll 14 00:101.888
05.08.2004 admparse.dll 14 00:61.440
05.08.2004 adptif.dll 14 00:26.112
05.08.2004 adsldp.dll 14 00:175.616
05.08.2004 adsldpc.dll 14 00:143.360
05.08.2004 adsmsext.dll 14 00:68.096
05.08.2004 adsnds.dll 14 00:163.840
05.08.2004 adsnt.dll 14 00:263.680
05.08.2004 adsnw.dll 14 00:109.568
05.08.2004 advapi32.dll 14 00:677.888
05.08.2004 advpack.dll 14 00:102.400
05.08.2004 ahui.exe 14 00:98.304
05.08.2004 alg.exe 14 00:44.544
05.08.2004 alrsvc.dll 14 00:17.408
05.08.2004 xpsp2res.dll 14 00:2.981.888
05.08.2004 amstream.dll 14 00:70.656
05.08.2004 ansi.sys 14 00:9.032
05.08.2004 apcups.dll 14 00:102.912
05.08.2004 append.exe 14 00:12.610
05.08.2004 apphelp.dll 14 00:126.976
05.08.2004 appmgmts.dll 14 00:175.616
05.08.2004 appmgr.dll 14 00:301.568
05.08.2004 appwiz.cpl 14 00:555.008
05.08.2004 arp.exe 14 00:19.968
05.08.2004 asctrls.ocx 14 00:116.224
05.08.2004 asferror.dll 14 00:9.216
05.08.2004 asr_fmt.exe 14 00:30.208
05.08.2004 asr_ldm.exe 14 00:38.400
05.08.2004 asr_pfu.exe 14 00:32.768
05.08.2004 asycfilt.dll 14 00:65.024
05.08.2004 at.exe 14 00:25.600
05.08.2004 xpsp1res.dll 14 00:199.680
05.08.2004 xpob2res.dll 14 00:438.784


***** ***** ***** ***** *****
***** Scanning C:\WINDOWS\system32\drivers\etc\hosts *****
***** ***** ***** ***** *****

# Copyright (c) 1993-1999 Microsoft Corp.
#
# Dies ist eine HOSTS-Beispieldatei, die von Microsoft TCP/IP
# für Windows 2000 verwendet wird.
#
# Diese Datei enthält die Zuordnungen der IP-Adressen zu Hostnamen.
# Jeder Eintrag muss in einer eigenen Zeile stehen. Die IP-
# Adresse sollte in der ersten Spalte gefolgt vom zugehörigen
# Hostnamen stehen.
# Die IP-Adresse und der Hostname müssen durch mindestens ein
# Leerzeichen getrennt sein.
#
# Zusätzliche Kommentare (so wie in dieser Datei) können in
# einzelnen Zeilen oder hinter dem Computernamen eingefügt werden,
# aber müssen mit dem Zeichen '#' eingegeben werden.
#
# Zum Beispiel:
#
# 102.54.94.97 rhino.acme.com # Quellserver
# 38.25.63.10 x.acme.com # x-Clienthost

127.0.0.1 localhost



***** ***** ***** ***** *****
***** Scanning Processe *****
***** ***** ***** ***** *****


Abbildname PID Sitzungsname Sitz.-Nr. Speichernutzung
========================= ===== ================ ========== ===============
System Idle Process 0 Console 0 16 K
System 4 Console 0 212 K
smss.exe 592 Console 0 372 K
csrss.exe 656 Console 0 4.220 K
winlogon.exe 680 Console 0 12.316 K
services.exe 728 Console 0 5.616 K
lsass.exe 740 Console 0 1.980 K
svchost.exe 904 Console 0 4.676 K
svchost.exe 1008 Console 0 3.956 K
svchost.exe 1108 Console 0 22.480 K
svchost.exe 1176 Console 0 3.132 K
svchost.exe 1316 Console 0 4.236 K
spoolsv.exe 1652 Console 0 4.172 K
ctfmon.exe 1860 Console 0 3.172 K
svchost.exe 1980 Console 0 4.404 K
alg.exe 1384 Console 0 3.312 K
wuauclt.exe 1004 Console 0 5.012 K
sched.exe 1456 Console 0 2.280 K
avguard.exe 612 Console 0 7.544 K
avgnt.exe 1312 Console 0 988 K
msnmsgr.exe 2428 Console 0 19.952 K
explorer.exe 3572 Console 0 19.260 K
iexplore.exe 5044 Console 0 8.440 K
cmd.exe 5556 Console 0 1.568 K
tasklist.exe 1768 Console 0 4.184 K
wmiprvse.exe 3276 Console 0 5.320 K



Microsoft Windows XP [Version 5.1.2600]


http://www.paules-pc-forum.de
***** Malware Team *****


***** Ende des Scans 12.04.2008 um 16:02:11,12 ***


ich hoffe ihr könnt mir helfen, büüüüüüüüde büdddde.


danke gruß gloria
Dieser Beitrag wurde am 12.04.2008 um 16:07 Uhr von gloria editiert.
Seitenanfang Seitenende
12.04.2008, 20:43
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#12 Hallo gloria

woher hast du die Meldung ? Was erscheint ?

Zitat

da ist der trojaner schon wieder da schniefffffff
--------------------------------------------------------------

Virustotal http://www.virustotal.com/flash/index_en.html

C:\WINDOWS\system32\tsd32.dll

Auf Durchsuchen klicken --> Datei aussuchen (oder gleich die Datei mit korrektem Pfad einkopieren mit Strg V) --> Klick auf die zu prüfende Datei und öffnen--> klick auf "Senden der Datei"... jetzt abwarten - dann mit der rechten Maustaste den Text markieren -> kopieren
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren: