Ich hab ein problem mit meinem Internet Explorer, auf meinem Vista System. |
||
---|---|---|
#0
| ||
06.04.2008, 20:59
Member
Beiträge: 66 |
||
|
||
06.04.2008, 23:22
Ehrenmitglied
Beiträge: 29434 |
#2
Hallo,
http://www.virustotal.com/de/ C:\Users\Birgit-Achim\AppData\Local\cxtpdso.exe Auf Durchsuchen klicken --> Datei aussuchen (oder gleich die Datei mit korrektem Pfad einkopieren mit Strg V) --> Klick auf die zu prüfende Datei und öffnen--> klick auf "Senden der Datei"... jetzt abwarten - dann mit der rechten Maustaste den Text markieren -> hier kopieren «« __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
06.04.2008, 23:50
Member
Themenstarter Beiträge: 66 |
#3
Antivirus Version letzte aktualisierung Ergebnis
AhnLab-V3 2008.4.4.1 2008.04.04 - AntiVir 7.6.0.81 2008.04.05 - Authentium 4.93.8 2008.04.05 - Avast 4.7.1098.0 2008.04.06 - AVG 7.5.0.516 2008.04.06 - BitDefender 7.2 2008.04.06 - CAT-QuickHeal 9.50 2008.04.05 (Suspicious) - DNAScan ClamAV 0.92.1 2008.04.06 - DrWeb 4.44.0.09170 2008.04.06 - eSafe 7.0.15.0 2008.04.01 - eTrust-Vet 31.3.5672 2008.04.04 - Ewido 4.0 2008.04.06 - F-Prot 4.4.2.54 2008.04.06 - F-Secure 6.70.13260.0 2008.04.06 - FileAdvisor 1 2008.04.06 - Fortinet 3.14.0.0 2008.04.06 - Ikarus T3.1.1.20 2008.04.06 - Kaspersky 7.0.0.125 2008.04.06 - McAfee 5267 2008.04.04 - Microsoft 1.3408 2008.04.06 - NOD32v2 3005 2008.04.06 - Norman 5.80.02 2008.04.04 - Panda 9.0.0.4 2008.04.06 - Prevx1 V2 2008.04.06 Heuristic: Suspicious Self Modifying EXE Rising 20.38.60.00 2008.04.03 - Sophos 4.28.0 2008.04.06 - Sunbelt 3.0.1032.0 2008.04.05 - Symantec 10 2008.04.06 - TheHacker 6.2.92.266 2008.04.05 - VBA32 3.12.6.4 2008.04.06 - VirusBuster 4.3.26:9 2008.04.06 - Webwasher-Gateway 6.6.2 2008.04.05 Trojan.Keylogger.Win32.Malware.gen!46 (suspicious) |
|
|
||
07.04.2008, 00:52
Ehrenmitglied
Beiträge: 29434 |
#4
Hallo,
«« mit dem HijackThis löschen ("fixen") Klicke: "Do a system scan only" Setze ein Häckchen in das Kästchen vor den genannten Eintrag und wähle fix checked. + starte den Rechner neu. Zitat O4 - HKCU\..\Run: [cxtpdso] c:\users\birgit-achim\appdata\local\cxtpdso.exe cxtpdso«« scanne mit Combofix « poste den report http://virus-protect.org/artikel/tools/combofix.html «« deaktivere die cxtpdso.exe im Taskmanager, dann scanne mit Prevx Computer Security Investigator (CSI) http://virus-protect.org/onlinescan.html +poste den report hier __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
07.04.2008, 10:17
Member
Themenstarter Beiträge: 66 |
#5
Hi
Hab das gemacht aber die eingegebene zitat kann ich leider nicht finden. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:15:09, on 07.04.2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16609) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Panda Security\Panda Antivirus 2008\ApVxdWin.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\Panda Security\Panda Antivirus 2008\WebProxy.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Windows\system32\DllHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.netcologne.de R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netcologne.de R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer bereitgestellt von NetCologne O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O4 - HKLM\..\Run: [MSConfig] "C:\Windows\System32\msconfig.exe" /auto O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE" /s O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-37276-17534-14/4 (file missing) O9 - Extra 'Tools' menuitem: eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-37276-17534-14/4 (file missing) O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe O9 - Extra button: (no name) - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - (no file) O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-1170-17534-28/4 (file missing) (HKCU) O9 - Extra 'Tools' menuitem: eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-1170-17534-28/4 (file missing) (HKCU) O13 - Gopher Prefix: O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/german/partner/de/kavwebscan_unicode.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.johannrain-softwareentwicklung.de/EN/scan8/oscan8.cab O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{A060266E-DBD9-44B1-BF3F-C0D4EBC0045A}: NameServer = 81.173.194.68 213.168.112.60 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL O23 - Service: AAV UpdateService - Unknown owner - C:\Program Files\Common Files\AAV\aavus.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrvx86.exe O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe O23 - Service: Panda PSK service (PskSvcRetail) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PskSvc.exe O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe -- End of file - 5764 bytes |
|
|
||
07.04.2008, 10:27
Ehrenmitglied
Beiträge: 29434 |
#6
Hallo,
«« fixe mit dem hijackTHis: (muss nicht im Systemstart sein) Zitat O4 - HKLM\..\Run: [MSConfig] "C:\Windows\System32\msconfig.exe" /auto«««« wende Combofix an + poste den report..also hier einkopieren... http://virus-protect.org/artikel/tools/combofix.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
07.04.2008, 10:35
Member
Themenstarter Beiträge: 66 |
#7
Also
Muss ich erst dn Combofix Downloaden???? Ne frage noch MitCombofix bring ich Pc nicht zum absturz????????? |
|
|
||
07.04.2008, 10:41
Ehrenmitglied
Beiträge: 29434 |
#8
es kommt eine Warnmeldung, aber das Proggie ist sicher..kein Absturz
__________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
07.04.2008, 10:48
Member
Themenstarter Beiträge: 66 |
#9
da kommt meldung Rechner kommt nicht heil durch den desinfizierungsprozess kann ich trotz auf ja klicken?????
|
|
|
||
07.04.2008, 13:01
Ehrenmitglied
Beiträge: 29434 |
||
|
||
07.04.2008, 22:57
Member
Themenstarter Beiträge: 66 |
#11
Hab combofix rntergeladen aber der startet nich kommt blaue fenster und ist der wieder weg.Nach paar sekunten passiert immer nicht.
|
|
|
||
07.04.2008, 23:23
Ehrenmitglied
Beiträge: 29434 |
#12
Hallo
1. versuche Combofix im abgesicherten Modus anzuwenden 2. dann lade Comboscan + poste die 2 Logs, die erstellt werden http://virus-protect.org/artikel/tools/comboscan.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
07.04.2008, 23:36
Member
Themenstarter Beiträge: 66 |
#13
--------------------------------------------------------------------------------
-- First Restore Point -- 1: 2008-03-15 09:35:45 UTC - RP386 - Geplanter Prüfpunkt Backed up registry hives. Performed disk cleanup. [color=red]Total Physical Memory: 1015 MiB (1024 MiB recommended).[/color] -- HijackThis (run as Birgit-Achim.exe) ---------------------------------------- Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Panda Security\Panda Antivirus 2008\ApVxdWin.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Users\Birgit-Achim\AppData\Local\cxtpdso.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\Panda Security\Panda Antivirus 2008\WebProxy.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Windows\system32\conime.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Birgit-Achim\Desktop\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\Birgit-Achim.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.netcologne.de R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netcologne.de R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer bereitgestellt von NetCologne O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O4 - HKLM\..\Run: [MSConfig] "C:\Windows\System32\msconfig.exe" /auto O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE" /s O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [cxtpdso] c:\users\birgit-achim\appdata\local\cxtpdso.exe cxtpdso O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-37276-17534-14/4 (file missing) O9 - Extra 'Tools' menuitem: eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-37276-17534-14/4 (file missing) O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe O9 - Extra button: (no name) - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - (no file) O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-1170-17534-28/4 (file missing) (HKCU) O9 - Extra 'Tools' menuitem: eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-1170-17534-28/4 (file missing) (HKCU) O13 - Gopher Prefix: O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/german/partner/de/kavwebscan_unicode.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.johannrain-softwareentwicklung.de/EN/scan8/oscan8.cab O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{A060266E-DBD9-44B1-BF3F-C0D4EBC0045A}: NameServer = 81.173.194.68 213.168.112.60 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL O23 - Service: AAV UpdateService - Unknown owner - C:\Program Files\Common Files\AAV\aavus.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrvx86.exe O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe O23 - Service: Panda PSK service (PskSvcRetail) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PskSvc.exe O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe -- End of file - 6279 bytes -- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) ----------- backup-20080406-120128-651 O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe backup-20080406-120200-314 O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe backup-20080406-120200-395 O23 - Service: Panda PSK service (PskSvcRetail) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PskSvc.exe backup-20080406-120200-534 O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe backup-20080406-120200-573 O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe backup-20080406-120200-709 O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrvx86.exe -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- All drivers whitelisted. -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 AAV UpdateService - c:\program files\common files\aav\aavus.exe <Not Verified; ; AAV - Online Update Dienst> R3 NMIndexingService - "c:\program files\common files\ahead\lib\nmindexingservice.exe" <Not Verified; Nero AG; Nero Home> S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe S4 FirebirdServerMAGIXInstance (Firebird Server - MAGIX Instance) - c:\program files\aldi sued foto service\common\database\bin\fbserver.exe <Not Verified; MAGIX®; Firebird SQL Server - MAGIX Edition> S4 x10nets (X10 Device Network Service) - c:\progra~1\common~1\x10\common\x10nets.exe <Not Verified; X10; x10 Module> -- Device Manager: Disabled ---------------------------------------------------- Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Microsoft-6zu4-Adapter Device ID: ROOT\*6TO4MP\0002 Manufacturer: Microsoft Name: 6TO4 Adapter PNP Device ID: ROOT\*6TO4MP\0002 Service: tunnel Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Microsoft-6zu4-Adapter Device ID: ROOT\*6TO4MP\0013 Manufacturer: Microsoft Name: 6TO4 Adapter PNP Device ID: ROOT\*6TO4MP\0013 Service: tunnel Class GUID: Description: Device ID: ROOT\PRINTER\0000 Manufacturer: Name: PNP Device ID: ROOT\PRINTER\0000 Service: Class GUID: Description: Device ID: ROOT\PRINTER\0001 Manufacturer: Name: PNP Device ID: ROOT\PRINTER\0001 Service: Class GUID: Description: Device ID: ROOT\PRINTER\0002 Manufacturer: Name: PNP Device ID: ROOT\PRINTER\0002 Service: -- Scheduled Tasks ------------------------------------------------------------- 2008-04-07 23:00:00 514 --a------ C:\Windows\Tasks\1-Klick-Wartung.job -- Files created between 2008-03-07 and 2008-04-07 ----------------------------- 2008-04-06 19:49:16 164 --a------ C:\install.dat 2008-04-06 11:55:04 0 d-------- C:\Program Files\Trend Micro 2008-04-05 23:41:58 0 d-------- C:\Windows\system32\Kaspersky Lab 2008-04-05 23:01:56 0 d-a------ C:\Users\All Users\TEMP 2008-04-05 22:33:43 0 d-------- C:\Users\All Users\Grisoft 2008-04-05 20:06:12 0 d-------- C:\Users\All Users\sentinel 2008-04-05 20:05:30 248 --a------ C:\Windows\system32\PavCPL.dat 2008-04-05 20:05:26 0 d-------- C:\Windows\system32\PAV 2008-04-05 20:05:11 0 d-------- C:\Program Files\Panda Security 2008-04-05 19:55:13 0 d-------- C:\Program Files\Common Files\Panda Software 2008-03-28 21:48:21 0 d-------- C:\Users\All Users\TVU networks 2008-03-08 18:03:49 0 d-------- C:\Users\All Users\RapidSolution 2008-03-08 18:03:07 0 d-------- C:\Program Files\PixiePack Codec Pack 2008-03-07 18:51:21 0 d-------- C:\Program Files\TuneUp Utilities 2008 -- Find3M Report --------------------------------------------------------------- 2008-04-07 22:57:14 641106 --a------ C:\Windows\system32\perfh007.dat 2008-04-07 22:57:14 116500 --a------ C:\Windows\system32\perfc007.dat 2008-04-06 19:02:35 0 d-------- C:\Program Files\Microsoft Silverlight 2008-04-05 20:05:11 0 d--h----- C:\Program Files\InstallShield Installation Information 2008-04-05 19:55:13 0 d-------- C:\Program Files\Common Files 2008-03-27 19:30:54 0 d-------- C:\Program Files\MSN Messenger 2008-03-26 20:46:11 0 d-------- C:\Program Files\Common Files\Buhl Data Service 2008-03-13 10:47:05 0 d-------- C:\Program Files\Windows Mail 2008-03-10 11:46:58 0 d-------- C:\Program Files\ICQ6 2008-03-08 18:16:05 0 d-------- C:\Users\Birgit-Achim\AppData\Roaming\Tunebite 2008-03-07 18:50:26 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-02-21 21:02:03 0 d-------- C:\Program Files\Common Files\AAV 2008-02-21 21:00:54 0 d-------- C:\Program Files\Akademische Arbeitsgemeinschaft 2008-02-16 20:06:58 0 d-------- C:\Users\Birgit-Achim\AppData\Roaming\TVcentral-Core 2008-02-11 13:20:13 0 d-------- C:\Program Files\Common Files\Adobe -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSConfig"="C:\Windows\System32\msconfig.exe" [02.11.2006 11:45] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [12.01.2006 16:40] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11.01.2008 23:16] "APVXDWIN"="C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.exe" [04.10.2007 15:15] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [23.12.2006 19:05] "cxtpdso"="c:\users\birgit-achim\appdata\local\cxtpdso.exe" [01.04.2008 17:49] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"=2 (0x2) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "disableregistrytools"=0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr] avldr.dll 15.02.2007 19:02 50736 C:\Windows\System32\avldr.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] @="IEEE 1394 Bus host controllers" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] @="SBP2 IEEE 1394 Devices" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] @="SecurityDevices" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Birgit-Achim^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk] path=C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk backup=C:\Windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup backupExtension=.Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe] C:\Windows\ehome\ehTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] C:\Windows\system32\hkcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] C:\Windows\system32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl] RtHDVCpl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVBroadcast] C:\Program Files\Sceneo\AbsolutTV\SERVICES\ODSBC\ODSBCApp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "ehTray.exe"=C:\Windows\ehome\ehTray.exe "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Persistence"=C:\Windows\system32\igfxpers.exe "NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] C:\Windows\system32\unregmp2.exe /ShowWMP [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{582610B8-E496-4813-993C-4B027173FE38}] C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI -- End of Deckard's System Scanner: finished at 2008-04-07 23:33:19 ------------ |
|
|
||
08.04.2008, 00:09
Ehrenmitglied
Beiträge: 29434 |
#14
Hallo,
1. mit dem HijackThis löschen ("fixen") Klicke: "Do a system scan only" Setze ein Häckchen in das Kästchen vor den genannten Eintrag und wähle fix checked. + starte den Rechner neu. Zitat O4 - HKLM\..\Run: [MSConfig] "C:\Windows\System32\msconfig.exe" /auto2. ««« http://virus-protect.org/artikel/tools/otmoveIt.html öffne: OTMoveIt.exe Kopiere rein: im linken Fenster ,wo steht: Paste Standard List of Files/Folders to be Move Zitat C:\Users\Birgit-Achim\AppData\Local\cxtpdso.exeKlicke auf den Roten MoveIt! es wird ein Backup angelegt...falls was schiefgehen sollte.... ---------- ansonsten: Panda Security, Kaspersky, Trendmircro, Grisoft ...usw... das kann nicht gut gehen, verbleibe nur mit einem Scanner... __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
08.04.2008, 00:46
Member
Themenstarter Beiträge: 66 |
#15
Die datei
O4 - HKCU\..\Run: [cxtpdso] c:\users\birgit-achim\appdata\local\cxtpdso.exe cxtpdso bei hijack war nicht vorhanden hab alles andere gemacht wie geschrieben. Die werbung fenster und das mein pc nicht geschützt ist kommen immer wieder. Hab nur ein scanner die andere sind online-scanner. |
|
|
||
Ich habe mal ein HiJack erstellt, vieleicht kann mir ja einer von euch helfen.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:55:33, on 06.04.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Panda Security\Panda Antivirus 2008\ApVxdWin.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Users\Birgit-Achim\AppData\Local\cxtpdso.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\WebProxy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9d.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.netcologne.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netcologne.de
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer bereitgestellt von NetCologne
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\System32\msconfig.exe" /auto
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE" /s
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [cxtpdso] c:\users\birgit-achim\appdata\local\cxtpdso.exe cxtpdso
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-37276-17534-14/4 (file missing)
O9 - Extra 'Tools' menuitem: eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-37276-17534-14/4 (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-1170-17534-28/4 (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-1170-17534-28/4 (file missing) (HKCU)
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/german/partner/de/kavwebscan_unicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.johannrain-softwareentwicklung.de/EN/scan8/oscan8.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A060266E-DBD9-44B1-BF3F-C0D4EBC0045A}: NameServer = 81.173.194.68 213.168.112.60
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: AAV UpdateService - Unknown owner - C:\Program Files\Common Files\AAV\aavus.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrvx86.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe
O23 - Service: Panda PSK service (PskSvcRetail) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PskSvc.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
--
End of file - 6669 bytes